Problème pub intenpestive [Résolu]

Salut,

--> Désactive l'UAC le temps de la désinfection.

--> Télécharge Lop S&D (par Eric_71 & Angeldark) sur ton Bureau.

--> Double-clique dessus pour lancer l'installation.

--> Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
(Sous Vista, il faut cliquer droit sur le raccourci de Lop S&D et choisir Exécuter en tant qu'administrateur)

--> Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche).

--> Patiente jusqu'à la fin du scan.

--> Poste le rapport généré (C:\lopR.txt).

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz )
BIOS : Ver 1.00PARTTBL
USER : Elodie ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Not Activated)
Firewall : Norton Internet Security 2007 (Not Activated)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:37 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:59 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 13/04/2009|14:25 )

[ UAC => 0 ]

--------------------\\ Listing des dossiers dans Local

[29/11/2008|18:11] C:\Users\Elodie\AppData\Local\{7326CE9D-C0D2-433A-8A57-B7934EA13EC8}
[30/08/2008|19:52] C:\Users\Elodie\AppData\Local\Acer Arcade Deluxe
[30/08/2008|19:39] C:\Users\Elodie\AppData\Local\acer eNM
[06/10/2008|12:07] C:\Users\Elodie\AppData\Local\Adobe
[14/09/2008|14:01] C:\Users\Elodie\AppData\Local\Apple
[11/10/2008|17:12] C:\Users\Elodie\AppData\Local\Apple Computer
[30/08/2008|19:38] C:\Users\Elodie\AppData\Local\Application Data
[30/08/2008|18:16] C:\Users\Elodie\AppData\Local\CyberLink
[29/03/2009|02:26] C:\Users\Elodie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[23/11/2008|14:34] C:\Users\Elodie\AppData\Local\DVDivine
[16/02/2009|11:52] C:\Users\Elodie\AppData\Local\ebaxvmr.bat
[18/02/2009|21:19] C:\Users\Elodie\AppData\Local\eMule
[30/08/2008|19:38] C:\Users\Elodie\AppData\Local\GDIPFONTCACHEV1.DAT
[30/08/2008|21:50] C:\Users\Elodie\AppData\Local\Google
[30/08/2008|19:38] C:\Users\Elodie\AppData\Local\Historique
[30/08/2008|18:16] C:\Users\Elodie\AppData\Local\HomeMedia
[13/04/2009|14:21] C:\Users\Elodie\AppData\Local\IconCache.db
[06/01/2009|01:10] C:\Users\Elodie\AppData\Local\live-player
[09/03/2009|22:31] C:\Users\Elodie\AppData\Local\Microsoft
[21/12/2008|12:00] C:\Users\Elodie\AppData\Local\Microsoft Games
[01/02/2009|02:27] C:\Users\Elodie\AppData\Local\Mozilla
[05/01/2009|16:39] C:\Users\Elodie\AppData\Local\Pando
[03/09/2008|20:51] C:\Users\Elodie\AppData\Local\PlayMovie
[30/08/2008|19:52] C:\Users\Elodie\AppData\Local\PowerCinema
[13/04/2009|14:24] C:\Users\Elodie\AppData\Local\Temp
[30/08/2008|19:38] C:\Users\Elodie\AppData\Local\Temporary Internet Files
[19/10/2008|16:27] C:\Users\Elodie\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[13/04/2009 14:22][--ah-----] C:\Windows\tasks\SA.DAT
[13/04/2009 14:21][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[16/10/2007|12:25] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[16/10/2007|12:01] C:\ProgramData\Adobe
[14/09/2008|13:59] C:\ProgramData\Apple
[09/03/2009|16:48] C:\ProgramData\Apple Computer
[02/11/2006|15:02] C:\ProgramData\Application Data
[26/11/2008|00:02] C:\ProgramData\Avira
[30/08/2008|19:34] C:\ProgramData\Bureau
[26/11/2008|17:38] C:\ProgramData\CheckPoint
[31/08/2008|13:10] C:\ProgramData\CyberLink
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[18/02/2009|21:19] C:\ProgramData\eMule
[18/12/2008|19:08] C:\ProgramData\EncCopyCopy.066kpi
[17/12/2008|21:39] C:\ProgramData\EncCopyCopy.0azof
[18/12/2008|11:51] C:\ProgramData\EncCopyCopy.0crrzg
[18/12/2008|13:19] C:\ProgramData\EncCopyCopy.0f6f3
[17/12/2008|19:27] C:\ProgramData\EncCopyCopy.17gjqs
[18/12/2008|01:39] C:\ProgramData\EncCopyCopy.183cnh
[18/12/2008|15:08] C:\ProgramData\EncCopyCopy.1g56qf
[18/12/2008|14:24] C:\ProgramData\EncCopyCopy.1j39x21
[17/12/2008|16:33] C:\ProgramData\EncCopyCopy.29tuqf0
[17/12/2008|22:01] C:\ProgramData\EncCopyCopy.2r1uo0
[18/12/2008|00:34] C:\ProgramData\EncCopyCopy.31uel
[17/12/2008|12:32] C:\ProgramData\EncCopyCopy.3k0pblk
[17/12/2008|22:44] C:\ProgramData\EncCopyCopy.3ocpj
[18/12/2008|16:57] C:\ProgramData\EncCopyCopy.3s6ch6e
[17/12/2008|13:16] C:\ProgramData\EncCopyCopy.4gqb4
[18/12/2008|06:23] C:\ProgramData\EncCopyCopy.4pv2g
[18/12/2008|19:30] C:\ProgramData\EncCopyCopy.53rvz
[18/12/2008|17:19] C:\ProgramData\EncCopyCopy.55mli
[18/12/2008|16:14] C:\ProgramData\EncCopyCopy.5gzees
[17/12/2008|11:26] C:\ProgramData\EncCopyCopy.5oacb1m
[18/12/2008|11:29] C:\ProgramData\EncCopyCopy.62kws6z
[18/12/2008|15:52] C:\ProgramData\EncCopyCopy.6hzlg
[17/12/2008|17:38] C:\ProgramData\EncCopyCopy.82xc7
[18/12/2008|09:40] C:\ProgramData\EncCopyCopy.85cze
[17/12/2008|00:14] C:\ProgramData\EncCopyCopy.8us8f6z
[18/12/2008|19:52] C:\ProgramData\EncCopyCopy.9ad70da
[17/12/2008|11:48] C:\ProgramData\EncCopyCopy.9qtasq5
[17/12/2008|18:44] C:\ProgramData\EncCopyCopy.atmy1
[18/12/2008|08:56] C:\ProgramData\EncCopyCopy.c8hefj
[18/12/2008|15:30] C:\ProgramData\EncCopyCopy.cnwmv6
[18/12/2008|04:34] C:\ProgramData\EncCopyCopy.ct75t1
[18/12/2008|03:50] C:\ProgramData\EncCopyCopy.dypbj1w
[17/12/2008|20:55] C:\ProgramData\EncCopyCopy.ebtsw9p
[17/12/2008|14:43] C:\ProgramData\EncCopyCopy.f67v4
[17/12/2008|15:49] C:\ProgramData\EncCopyCopy.fn25xl
[18/12/2008|00:12] C:\ProgramData\EncCopyCopy.fvao8
[17/12/2008|10:20] C:\ProgramData\EncCopyCopy.g29xe
[17/12/2008|17:16] C:\ProgramData\EncCopyCopy.g88gpr
[17/12/2008|15:05] C:\ProgramData\EncCopyCopy.g8t720w
[17/12/2008|12:54] C:\ProgramData\EncCopyCopy.gehef15
[17/12/2008|09:59] C:\ProgramData\EncCopyCopy.ggvsb
[17/12/2008|22:23] C:\ProgramData\EncCopyCopy.gj9hwqw
[18/12/2008|13:40] C:\ProgramData\EncCopyCopy.gm5sse
[18/12/2008|04:56] C:\ProgramData\EncCopyCopy.hgoena
[18/12/2008|07:07] C:\ProgramData\EncCopyCopy.him24fg
[18/12/2008|14:02] C:\ProgramData\EncCopyCopy.i4ms4
[18/12/2008|08:13] C:\ProgramData\EncCopyCopy.iuizq
[17/12/2008|20:11] C:\ProgramData\EncCopyCopy.iwy1y
[18/12/2008|03:29] C:\ProgramData\EncCopyCopy.iz94po
[17/12/2008|18:00] C:\ProgramData\EncCopyCopy.j4hi16
[17/12/2008|21:17] C:\ProgramData\EncCopyCopy.jeqbfe
[17/12/2008|16:11] C:\ProgramData\EncCopyCopy.jgi5iqr
[17/12/2008|19:06] C:\ProgramData\EncCopyCopy.k115d
[18/12/2008|16:35] C:\ProgramData\EncCopyCopy.k4sj0z
[18/12/2008|06:02] C:\ProgramData\EncCopyCopy.k6cgpf8
[16/12/2008|19:15] C:\ProgramData\EncCopyCopy.kg1rxbc
[17/12/2008|23:50] C:\ProgramData\EncCopyCopy.ks4d5wy
[18/12/2008|11:07] C:\ProgramData\EncCopyCopy.l8ier
[18/12/2008|18:03] C:\ProgramData\EncCopyCopy.moldi5
[17/12/2008|18:22] C:\ProgramData\EncCopyCopy.mv8di5
[17/12/2008|23:28] C:\ProgramData\EncCopyCopy.mv99x
[17/12/2008|23:06] C:\ProgramData\EncCopyCopy.mzq8dk
[18/12/2008|12:57] C:\ProgramData\EncCopyCopy.n75rp
[18/12/2008|07:29] C:\ProgramData\EncCopyCopy.nlhkoc
[18/12/2008|02:45] C:\ProgramData\EncCopyCopy.nx2xan
[18/12/2008|02:23] C:\ProgramData\EncCopyCopy.o52ib
[18/12/2008|03:07] C:\ProgramData\EncCopyCopy.o6qo39
[17/12/2008|14:00] C:\ProgramData\EncCopyCopy.odpbq
[17/12/2008|09:37] C:\ProgramData\EncCopyCopy.oihk8j
[18/12/2008|14:46] C:\ProgramData\EncCopyCopy.osovn85
[16/12/2008|19:15] C:\ProgramData\EncCopyCopy.psfhm
[18/12/2008|18:47] C:\ProgramData\EncCopyCopy.qublut
[17/12/2008|13:38] C:\ProgramData\EncCopyCopy.qv8r9v
[18/12/2008|10:02] C:\ProgramData\EncCopyCopy.r2hadd
[18/12/2008|05:18] C:\ProgramData\EncCopyCopy.rjaz0o
[17/12/2008|16:54] C:\ProgramData\EncCopyCopy.rz8vpa9
[18/12/2008|08:35] C:\ProgramData\EncCopyCopy.sncsmpn
[18/12/2008|00:56] C:\ProgramData\EncCopyCopy.sr0ue
[18/12/2008|10:24] C:\ProgramData\EncCopyCopy.te8fd
[18/12/2008|10:46] C:\ProgramData\EncCopyCopy.tm8zev7
[18/12/2008|12:35] C:\ProgramData\EncCopyCopy.ttepez
[18/12/2008|07:51] C:\ProgramData\EncCopyCopy.uhbup
[18/12/2008|01:17] C:\ProgramData\EncCopyCopy.ui92y
[18/12/2008|02:01] C:\ProgramData\EncCopyCopy.v1m54
[17/12/2008|11:04] C:\ProgramData\EncCopyCopy.vco3i
[18/12/2008|09:18] C:\ProgramData\EncCopyCopy.veib4
[18/12/2008|05:40] C:\ProgramData\EncCopyCopy.vov8v
[18/12/2008|17:41] C:\ProgramData\EncCopyCopy.vuazw
[18/12/2008|04:12] C:\ProgramData\EncCopyCopy.vxqidyx
[17/12/2008|19:49] C:\ProgramData\EncCopyCopy.w9bz57
[17/12/2008|15:27] C:\ProgramData\EncCopyCopy.wa6k09u
[18/12/2008|12:13] C:\ProgramData\EncCopyCopy.wa84a50
[18/12/2008|06:45] C:\ProgramData\EncCopyCopy.wrd4c
[18/12/2008|18:25] C:\ProgramData\EncCopyCopy.xqpnf
[17/12/2008|10:42] C:\ProgramData\EncCopyCopy.xzm8l
[17/12/2008|20:33] C:\ProgramData\EncCopyCopy.xztme07
[17/12/2008|14:21] C:\ProgramData\EncCopyCopy.yotmy
[17/12/2008|12:10] C:\ProgramData\EncCopyCopy.zecn2a
[31/08/2008|00:17] C:\ProgramData\ezsidmv.dat
[30/08/2008|19:34] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[31/08/2008|00:12] C:\ProgramData\Forge of Games
[26/11/2008|00:21] C:\ProgramData\F-Secure
[30/08/2008|12:33] C:\ProgramData\fssg
[30/08/2008|15:01] C:\ProgramData\Google
[05/02/2009|00:52] C:\ProgramData\InstallShield
[27/03/2009|01:29] C:\ProgramData\LauncherAccess.dt
[27/11/2008|12:02] C:\ProgramData\Malwarebytes
[30/08/2008|19:34] C:\ProgramData\Menu D‚marrer
[17/03/2009|18:41] C:\ProgramData\Messenger Plus!
[17/03/2009|16:41] C:\ProgramData\Microsoft
[12/12/2008|18:53] C:\ProgramData\Microsoft Help
[30/08/2008|19:34] C:\ProgramData\ModŠles
[06/10/2008|12:00] C:\ProgramData\Office Genuine Advantage
[28/01/2009|19:44] C:\ProgramData\oncereal
[16/12/2008|19:16] C:\ProgramData\Poke admin tons bike
[31/08/2008|00:16] C:\ProgramData\Skype
[02/11/2006|15:02] C:\ProgramData\Start Menu
[16/12/2008|19:16] C:\ProgramData\Surf Pure Bore.nm51iy
[30/08/2008|21:15] C:\ProgramData\Symantec
[06/09/2008|14:38] C:\ProgramData\TEMP
[02/11/2006|15:02] C:\ProgramData\Templates
[16/12/2008|19:05] C:\ProgramData\WLInstaller

--------------------\\ Listing des dossiers dans C:\Program Files

[16/02/2008|22:59] C:\Program Files\Acer Arcade Deluxe
[06/09/2008|14:54] C:\Program Files\Acer GameZone
[16/02/2008|23:23] C:\Program Files\Acer Inc
[16/10/2007|12:25] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[16/10/2007|12:01] C:\Program Files\Adobe
[26/11/2008|00:02] C:\Program Files\Avira
[14/09/2008|14:03] C:\Program Files\Bonjour
[02/10/2007|06:06] C:\Program Files\Broadcom
[09/03/2009|16:50] C:\Program Files\Common Files
[09/03/2009|16:46] C:\Program Files\CyberLink
[04/01/2009|04:15] C:\Program Files\DivX
[18/02/2009|21:19] C:\Program Files\eMule
[30/08/2008|19:34] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[30/08/2008|16:49] C:\Program Files\Google
[09/03/2009|16:46] C:\Program Files\InstallShield Installation Information
[02/10/2007|05:46] C:\Program Files\Intel
[01/10/2008|22:26] C:\Program Files\Internet Explorer
[08/11/2008|01:54] C:\Program Files\Java
[16/02/2008|23:26] C:\Program Files\Launch Manager
[06/01/2009|16:08] C:\Program Files\Live-Player
[27/11/2008|12:02] C:\Program Files\Malwarebytes' Anti-Malware
[17/03/2009|17:39] C:\Program Files\Messenger Plus! Live
[16/12/2008|14:11] C:\Program Files\Microsoft
[30/08/2008|22:39] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[16/10/2007|12:24] C:\Program Files\Microsoft Office
[28/02/2009|20:53] C:\Program Files\Microsoft Silverlight
[17/03/2009|14:42] C:\Program Files\Microsoft Works
[16/10/2007|12:22] C:\Program Files\Microsoft.NET
[01/10/2008|22:26] C:\Program Files\Movie Maker
[13/04/2009|14:23] C:\Program Files\Mozilla Firefox
[02/11/2006|14:37] C:\Program Files\MSBuild
[17/03/2009|17:47] C:\Program Files\MSNFix
[16/10/2007|11:51] C:\Program Files\MSXML 4.0
[09/03/2009|16:45] C:\Program Files\NewTech Infosystems
[30/08/2008|21:17] C:\Program Files\Orange
[06/09/2008|15:06] C:\Program Files\Orange HSS
[10/02/2009|20:08] C:\Program Files\PhotoFiltre
[22/01/2009|16:58] C:\Program Files\PhotoScape
[20/02/2009|23:49] C:\Program Files\Real
[02/10/2007|06:03] C:\Program Files\Realtek
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[18/02/2009|16:45] C:\Program Files\Samsung
[31/08/2008|00:16] C:\Program Files\Skype
[02/10/2007|06:05] C:\Program Files\Synaptics
[05/03/2009|22:09] C:\Program Files\TeamViewer
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[05/11/2008|01:01] C:\Program Files\uTorrent
[01/02/2009|14:18] C:\Program Files\Veoh Networks
[06/09/2008|19:34] C:\Program Files\VideoLAN
[01/10/2008|22:26] C:\Program Files\Windows Calendar
[01/10/2008|22:26] C:\Program Files\Windows Collaboration
[01/10/2008|22:26] C:\Program Files\Windows Defender
[01/10/2008|22:26] C:\Program Files\Windows Journal
[17/03/2009|17:38] C:\Program Files\Windows Live
[10/02/2009|20:33] C:\Program Files\Windows Live SkyDrive
[11/03/2009|13:39] C:\Program Files\Windows Mail
[11/03/2009|13:39] C:\Program Files\Windows Media Player
[30/08/2008|19:34] C:\Program Files\Windows NT
[01/10/2008|22:26] C:\Program Files\Windows Photo Gallery
[01/10/2008|22:26] C:\Program Files\Windows Sidebar
[24/11/2008|17:55] C:\Program Files\WinRAR

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[16/10/2007|12:01] C:\Program Files\Common Files\Adobe
[16/10/2007|12:22] C:\Program Files\Common Files\DESIGNER
[05/02/2009|00:51] C:\Program Files\Common Files\InstallShield
[08/11/2008|01:52] C:\Program Files\Common Files\Java
[16/10/2007|12:07] C:\Program Files\Common Files\LightScribe
[21/02/2009|01:39] C:\Program Files\Common Files\microsoft shared
[16/10/2007|12:07] C:\Program Files\Common Files\NewTech Infosystems
[06/09/2008|20:07] C:\Program Files\Common Files\PX Storage Engine
[09/03/2009|16:39] C:\Program Files\Common Files\Real
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[31/08/2008|00:16] C:\Program Files\Common Files\Skype
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[30/08/2008|21:16] C:\Program Files\Common Files\Symantec Shared
[01/10/2008|22:26] C:\Program Files\Common Files\System
[16/12/2008|13:57] C:\Program Files\Common Files\Windows Live
[30/08/2008|22:12] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 81 Processes )

iexplore.exe ~ [PID:3560]

--------------------\\ Recherche avec S_Lop

C:\ProgramData\EncCopyCopy.0azof
C:\ProgramData\EncCopyCopy.0f6f3
C:\ProgramData\EncCopyCopy.31uel
C:\ProgramData\EncCopyCopy.3ocpj
C:\ProgramData\EncCopyCopy.4gqb4
C:\ProgramData\EncCopyCopy.4pv2g
C:\ProgramData\EncCopyCopy.53rvz
C:\ProgramData\EncCopyCopy.55mli
C:\ProgramData\EncCopyCopy.6hzlg
C:\ProgramData\EncCopyCopy.82xc7
C:\ProgramData\EncCopyCopy.85cze
C:\ProgramData\EncCopyCopy.atmy1
C:\ProgramData\EncCopyCopy.f67v4
C:\ProgramData\EncCopyCopy.fvao8
C:\ProgramData\EncCopyCopy.g29xe
C:\ProgramData\EncCopyCopy.ggvsb
C:\ProgramData\EncCopyCopy.i4ms4
C:\ProgramData\EncCopyCopy.iuizq
C:\ProgramData\EncCopyCopy.iwy1y
C:\ProgramData\EncCopyCopy.k115d
C:\ProgramData\EncCopyCopy.l8ier
C:\ProgramData\EncCopyCopy.mv99x
C:\ProgramData\EncCopyCopy.n75rp
C:\ProgramData\EncCopyCopy.o52ib
C:\ProgramData\EncCopyCopy.odpbq
C:\ProgramData\EncCopyCopy.psfhm
C:\ProgramData\EncCopyCopy.sr0ue
C:\ProgramData\EncCopyCopy.te8fd
C:\ProgramData\EncCopyCopy.uhbup
C:\ProgramData\EncCopyCopy.ui92y
C:\ProgramData\EncCopyCopy.v1m54
C:\ProgramData\EncCopyCopy.vco3i
C:\ProgramData\EncCopyCopy.veib4
C:\ProgramData\EncCopyCopy.vov8v
C:\ProgramData\EncCopyCopy.vuazw
C:\ProgramData\EncCopyCopy.wrd4c
C:\ProgramData\EncCopyCopy.xqpnf
C:\ProgramData\EncCopyCopy.xzm8l
C:\ProgramData\EncCopyCopy.yotmy
C:\ProgramData\EncCopyCopy.066kpi
C:\ProgramData\EncCopyCopy.0crrzg
C:\ProgramData\EncCopyCopy.17gjqs
C:\ProgramData\EncCopyCopy.183cnh
C:\ProgramData\EncCopyCopy.1g56qf
C:\ProgramData\EncCopyCopy.2r1uo0
C:\ProgramData\EncCopyCopy.5gzees
C:\ProgramData\EncCopyCopy.c8hefj
C:\ProgramData\EncCopyCopy.cnwmv6
C:\ProgramData\EncCopyCopy.ct75t1
C:\ProgramData\EncCopyCopy.fn25xl
C:\ProgramData\EncCopyCopy.g88gpr
C:\ProgramData\EncCopyCopy.gm5sse
C:\ProgramData\EncCopyCopy.hgoena
C:\ProgramData\EncCopyCopy.iz94po
C:\ProgramData\EncCopyCopy.j4hi16
C:\ProgramData\EncCopyCopy.jeqbfe
C:\ProgramData\EncCopyCopy.k4sj0z
C:\ProgramData\EncCopyCopy.moldi5
C:\ProgramData\EncCopyCopy.mv8di5
C:\ProgramData\EncCopyCopy.mzq8dk
C:\ProgramData\EncCopyCopy.nlhkoc
C:\ProgramData\EncCopyCopy.nx2xan
C:\ProgramData\EncCopyCopy.o6qo39
C:\ProgramData\EncCopyCopy.oihk8j
C:\ProgramData\EncCopyCopy.qublut
C:\ProgramData\EncCopyCopy.qv8r9v
C:\ProgramData\EncCopyCopy.r2hadd
C:\ProgramData\EncCopyCopy.rjaz0o
C:\ProgramData\EncCopyCopy.ttepez
C:\ProgramData\EncCopyCopy.w9bz57
C:\ProgramData\EncCopyCopy.zecn2a
C:\ProgramData\Surf Pure Bore.nm51iy
C:\ProgramData\EncCopyCopy.1j39x21
C:\ProgramData\EncCopyCopy.29tuqf0
C:\ProgramData\EncCopyCopy.3k0pblk
C:\ProgramData\EncCopyCopy.3s6ch6e
C:\ProgramData\EncCopyCopy.5oacb1m
C:\ProgramData\EncCopyCopy.62kws6z
C:\ProgramData\EncCopyCopy.8us8f6z
C:\ProgramData\EncCopyCopy.9ad70da
C:\ProgramData\EncCopyCopy.9qtasq5
C:\ProgramData\EncCopyCopy.dypbj1w
C:\ProgramData\EncCopyCopy.ebtsw9p
C:\ProgramData\EncCopyCopy.g8t720w
C:\ProgramData\EncCopyCopy.gehef15
C:\ProgramData\EncCopyCopy.gj9hwqw
C:\ProgramData\EncCopyCopy.him24fg
C:\ProgramData\EncCopyCopy.jgi5iqr
C:\ProgramData\EncCopyCopy.k6cgpf8
C:\ProgramData\EncCopyCopy.kg1rxbc
C:\ProgramData\EncCopyCopy.ks4d5wy
C:\ProgramData\EncCopyCopy.osovn85
C:\ProgramData\EncCopyCopy.rz8vpa9
C:\ProgramData\EncCopyCopy.sncsmpn
C:\ProgramData\EncCopyCopy.tm8zev7
C:\ProgramData\EncCopyCopy.vxqidyx
C:\ProgramData\EncCopyCopy.wa6k09u
C:\ProgramData\EncCopyCopy.wa84a50
C:\ProgramData\EncCopyCopy.xztme07

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\ProgramData\Poke admin tons bike
C:\ProgramData\Poke admin tons bike\coal dent.exe
C:\Users\Elodie\AppData\Local\Temp\msgpl_481b.tmp
C:\Users\Elodie\AppData\Local\Temp\msgpl_5f19.tmp
C:\Users\Elodie\AppData\Local\Temp\msgpl_90f0.tmp
C:\Users\Elodie\AppData\Local\Temp\msgpl_a260.tmp
C:\Users\Elodie\AppData\Local\Temp\msgpl_a950.tmp
C:\Users\Elodie\AppData\Local\Temp\msgpl_ab8b.tmp
C:\Users\Elodie\AppData\Local\Temp\msgpl_b3d0.tmp
C:\Users\Elodie\AppData\Local\Temp\msgpl_c9be.tmp
C:\Users\Elodie\AppData\Local\Temp\msgpl_d6d7.tmp

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"drv acid"="\"C:\\ProgramData\\EncCopyCopy.9ad70da\""
"tons bike intra poll"="\"C:\\ProgramData\\Surf Pure Bore.nm51iy\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 14:25:45
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 170

--------------------\\ Recherche d'autres infections

C:\Program Files\Live-Player
C:\Program Files\Live-Player\data
C:\Program Files\Live-Player\live-player.exe
C:\Program Files\Live-Player\SkinCrafterDll.dll
C:\Program Files\Live-Player\skins
C:\Program Files\Live-Player\sqlite3.dll
C:\Users\Elodie\AppData\Local\live-player
C:\Users\Elodie\AppData\Local\live-player\flv.swf
C:\Users\Elodie\AppData\Local\live-player\liveplayer.s3db
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player\Conditions g‚n‚rales.url
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player\Confidentialit‚.url
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player\D‚sinstaller.lnk
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player\Live-Player.lnk
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player\Website.url
[b]==> EGDACCESS <==/b



[F:1672][D:132]-> C:\Users\Elodie\AppData\Local\Temp
[F:153][D:1]-> C:\Users\Elodie\AppData\Roaming\MICROS~1\Windows\Cookies
[F:848][D:4]-> C:\Users\Elodie\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:4][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 13/04/2009|14:27 - Option : [1]

--------------------\\ Fin du rapport a 14:27:53
[ UAC => 1 ]

Merci de votre réponse :p

--> Double-clique sur le raccourci de Lop S&D pour le lancer.
(Sous Vista, il faut cliquer droit sur le raccourci de Lop S&D et choisir Exécuter en tant qu'administrateur)

--> Choisis cette fois-ci l'option 2 (Suppression).

--> Ne ferme pas la fenêtre lors de la suppression !

--> Poste le rapport généré (C:\lopR.txt).

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz )
BIOS : Ver 1.00PARTTBL
USER : Elodie ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Not Activated)
Firewall : Norton Internet Security 2007 (Not Activated)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:37 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:59 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 13/04/2009|14:38 )

[ UAC => 1 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\ProgramData\Poke admin tons bike\coal dent.exe
Supprime! - C:\Users\Elodie\AppData\Local\Temp\msgpl_481b.tmp
Supprime! - C:\Users\Elodie\AppData\Local\Temp\msgpl_5f19.tmp
Supprime! - C:\Users\Elodie\AppData\Local\Temp\msgpl_90f0.tmp
Supprime! - C:\Users\Elodie\AppData\Local\Temp\msgpl_a260.tmp
Supprime! - C:\Users\Elodie\AppData\Local\Temp\msgpl_a950.tmp
Supprime! - C:\Users\Elodie\AppData\Local\Temp\msgpl_ab8b.tmp
Supprime! - C:\Users\Elodie\AppData\Local\Temp\msgpl_b3d0.tmp
Supprime! - C:\Users\Elodie\AppData\Local\Temp\msgpl_c9be.tmp
Supprime! - C:\Users\Elodie\AppData\Local\Temp\msgpl_d6d7.tmp
Supprime! - C:\ProgramData\EncCopyCopy.0azof
Supprime! - C:\ProgramData\EncCopyCopy.0f6f3
Supprime! - C:\ProgramData\EncCopyCopy.31uel
Supprime! - C:\ProgramData\EncCopyCopy.3ocpj
Supprime! - C:\ProgramData\EncCopyCopy.4gqb4
Supprime! - C:\ProgramData\EncCopyCopy.4pv2g
Supprime! - C:\ProgramData\EncCopyCopy.53rvz
Supprime! - C:\ProgramData\EncCopyCopy.55mli
Supprime! - C:\ProgramData\EncCopyCopy.6hzlg
Supprime! - C:\ProgramData\EncCopyCopy.82xc7
Supprime! - C:\ProgramData\EncCopyCopy.85cze
Supprime! - C:\ProgramData\EncCopyCopy.atmy1
Supprime! - C:\ProgramData\EncCopyCopy.f67v4
Supprime! - C:\ProgramData\EncCopyCopy.fvao8
Supprime! - C:\ProgramData\EncCopyCopy.g29xe
Supprime! - C:\ProgramData\EncCopyCopy.ggvsb
Supprime! - C:\ProgramData\EncCopyCopy.i4ms4
Supprime! - C:\ProgramData\EncCopyCopy.iuizq
Supprime! - C:\ProgramData\EncCopyCopy.iwy1y
Supprime! - C:\ProgramData\EncCopyCopy.k115d
Supprime! - C:\ProgramData\EncCopyCopy.l8ier
Supprime! - C:\ProgramData\EncCopyCopy.mv99x
Supprime! - C:\ProgramData\EncCopyCopy.n75rp
Supprime! - C:\ProgramData\EncCopyCopy.o52ib
Supprime! - C:\ProgramData\EncCopyCopy.odpbq
Supprime! - C:\ProgramData\EncCopyCopy.psfhm
Supprime! - C:\ProgramData\EncCopyCopy.sr0ue
Supprime! - C:\ProgramData\EncCopyCopy.te8fd
Supprime! - C:\ProgramData\EncCopyCopy.uhbup
Supprime! - C:\ProgramData\EncCopyCopy.ui92y
Supprime! - C:\ProgramData\EncCopyCopy.v1m54
Supprime! - C:\ProgramData\EncCopyCopy.vco3i
Supprime! - C:\ProgramData\EncCopyCopy.veib4
Supprime! - C:\ProgramData\EncCopyCopy.vov8v
Supprime! - C:\ProgramData\EncCopyCopy.vuazw
Supprime! - C:\ProgramData\EncCopyCopy.wrd4c
Supprime! - C:\ProgramData\EncCopyCopy.xqpnf
Supprime! - C:\ProgramData\EncCopyCopy.xzm8l
Supprime! - C:\ProgramData\EncCopyCopy.yotmy
Supprime! - C:\ProgramData\EncCopyCopy.066kpi
Supprime! - C:\ProgramData\EncCopyCopy.0crrzg
Supprime! - C:\ProgramData\EncCopyCopy.17gjqs
Supprime! - C:\ProgramData\EncCopyCopy.183cnh
Supprime! - C:\ProgramData\EncCopyCopy.1g56qf
Supprime! - C:\ProgramData\EncCopyCopy.2r1uo0
Supprime! - C:\ProgramData\EncCopyCopy.5gzees
Supprime! - C:\ProgramData\EncCopyCopy.c8hefj
Supprime! - C:\ProgramData\EncCopyCopy.cnwmv6
Supprime! - C:\ProgramData\EncCopyCopy.ct75t1
Supprime! - C:\ProgramData\EncCopyCopy.fn25xl
Supprime! - C:\ProgramData\EncCopyCopy.g88gpr
Supprime! - C:\ProgramData\EncCopyCopy.gm5sse
Supprime! - C:\ProgramData\EncCopyCopy.hgoena
Supprime! - C:\ProgramData\EncCopyCopy.iz94po
Supprime! - C:\ProgramData\EncCopyCopy.j4hi16
Supprime! - C:\ProgramData\EncCopyCopy.jeqbfe
Supprime! - C:\ProgramData\EncCopyCopy.k4sj0z
Supprime! - C:\ProgramData\EncCopyCopy.moldi5
Supprime! - C:\ProgramData\EncCopyCopy.mv8di5
Supprime! - C:\ProgramData\EncCopyCopy.mzq8dk
Supprime! - C:\ProgramData\EncCopyCopy.nlhkoc
Supprime! - C:\ProgramData\EncCopyCopy.nx2xan
Supprime! - C:\ProgramData\EncCopyCopy.o6qo39
Supprime! - C:\ProgramData\EncCopyCopy.oihk8j
Supprime! - C:\ProgramData\EncCopyCopy.qublut
Supprime! - C:\ProgramData\EncCopyCopy.qv8r9v
Supprime! - C:\ProgramData\EncCopyCopy.r2hadd
Supprime! - C:\ProgramData\EncCopyCopy.rjaz0o
Supprime! - C:\ProgramData\EncCopyCopy.ttepez
Supprime! - C:\ProgramData\EncCopyCopy.w9bz57
Supprime! - C:\ProgramData\EncCopyCopy.zecn2a
Supprime! - C:\ProgramData\Surf Pure Bore.nm51iy
Supprime! - C:\ProgramData\EncCopyCopy.1j39x21
Supprime! - C:\ProgramData\EncCopyCopy.29tuqf0
Supprime! - C:\ProgramData\EncCopyCopy.3k0pblk
Supprime! - C:\ProgramData\EncCopyCopy.3s6ch6e
Supprime! - C:\ProgramData\EncCopyCopy.5oacb1m
Supprime! - C:\ProgramData\EncCopyCopy.62kws6z
Supprime! - C:\ProgramData\EncCopyCopy.8us8f6z
Supprime! - C:\ProgramData\EncCopyCopy.9ad70da
Supprime! - C:\ProgramData\EncCopyCopy.9qtasq5
Supprime! - C:\ProgramData\EncCopyCopy.dypbj1w
Supprime! - C:\ProgramData\EncCopyCopy.ebtsw9p
Supprime! - C:\ProgramData\EncCopyCopy.g8t720w
Supprime! - C:\ProgramData\EncCopyCopy.gehef15
Supprime! - C:\ProgramData\EncCopyCopy.gj9hwqw
Supprime! - C:\ProgramData\EncCopyCopy.him24fg
Supprime! - C:\ProgramData\EncCopyCopy.jgi5iqr
Supprime! - C:\ProgramData\EncCopyCopy.k6cgpf8
Supprime! - C:\ProgramData\EncCopyCopy.kg1rxbc
Supprime! - C:\ProgramData\EncCopyCopy.ks4d5wy
Supprime! - C:\ProgramData\EncCopyCopy.osovn85
Supprime! - C:\ProgramData\EncCopyCopy.rz8vpa9
Supprime! - C:\ProgramData\EncCopyCopy.sncsmpn
Supprime! - C:\ProgramData\EncCopyCopy.tm8zev7
Supprime! - C:\ProgramData\EncCopyCopy.vxqidyx
Supprime! - C:\ProgramData\EncCopyCopy.wa6k09u
Supprime! - C:\ProgramData\EncCopyCopy.wa84a50
Supprime! - C:\ProgramData\EncCopyCopy.xztme07
Supprime! - C:\ProgramData\Poke admin tons bike
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans Local

[29/11/2008|18:11] C:\Users\Elodie\AppData\Local\{7326CE9D-C0D2-433A-8A57-B7934EA13EC8}
[30/08/2008|19:52] C:\Users\Elodie\AppData\Local\Acer Arcade Deluxe
[30/08/2008|19:39] C:\Users\Elodie\AppData\Local\acer eNM
[06/10/2008|12:07] C:\Users\Elodie\AppData\Local\Adobe
[14/09/2008|14:01] C:\Users\Elodie\AppData\Local\Apple
[11/10/2008|17:12] C:\Users\Elodie\AppData\Local\Apple Computer
[30/08/2008|19:38] C:\Users\Elodie\AppData\Local\Application Data
[30/08/2008|18:16] C:\Users\Elodie\AppData\Local\CyberLink
[29/03/2009|02:26] C:\Users\Elodie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[23/11/2008|14:34] C:\Users\Elodie\AppData\Local\DVDivine
[16/02/2009|11:52] C:\Users\Elodie\AppData\Local\ebaxvmr.bat
[18/02/2009|21:19] C:\Users\Elodie\AppData\Local\eMule
[30/08/2008|19:38] C:\Users\Elodie\AppData\Local\GDIPFONTCACHEV1.DAT
[30/08/2008|21:50] C:\Users\Elodie\AppData\Local\Google
[30/08/2008|19:38] C:\Users\Elodie\AppData\Local\Historique
[30/08/2008|18:16] C:\Users\Elodie\AppData\Local\HomeMedia
[13/04/2009|14:21] C:\Users\Elodie\AppData\Local\IconCache.db
[06/01/2009|01:10] C:\Users\Elodie\AppData\Local\live-player
[09/03/2009|22:31] C:\Users\Elodie\AppData\Local\Microsoft
[21/12/2008|12:00] C:\Users\Elodie\AppData\Local\Microsoft Games
[01/02/2009|02:27] C:\Users\Elodie\AppData\Local\Mozilla
[05/01/2009|16:39] C:\Users\Elodie\AppData\Local\Pando
[03/09/2008|20:51] C:\Users\Elodie\AppData\Local\PlayMovie
[30/08/2008|19:52] C:\Users\Elodie\AppData\Local\PowerCinema
[13/04/2009|14:38] C:\Users\Elodie\AppData\Local\Temp
[30/08/2008|19:38] C:\Users\Elodie\AppData\Local\Temporary Internet Files
[19/10/2008|16:27] C:\Users\Elodie\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[13/04/2009 14:22][--ah-----] C:\Windows\tasks\SA.DAT
[13/04/2009 14:21][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[16/10/2007|12:25] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[16/10/2007|12:01] C:\ProgramData\Adobe
[14/09/2008|13:59] C:\ProgramData\Apple
[09/03/2009|16:48] C:\ProgramData\Apple Computer
[02/11/2006|15:02] C:\ProgramData\Application Data
[26/11/2008|00:02] C:\ProgramData\Avira
[30/08/2008|19:34] C:\ProgramData\Bureau
[26/11/2008|17:38] C:\ProgramData\CheckPoint
[31/08/2008|13:10] C:\ProgramData\CyberLink
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[18/02/2009|21:19] C:\ProgramData\eMule
[31/08/2008|00:17] C:\ProgramData\ezsidmv.dat
[30/08/2008|19:34] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[31/08/2008|00:12] C:\ProgramData\Forge of Games
[26/11/2008|00:21] C:\ProgramData\F-Secure
[30/08/2008|12:33] C:\ProgramData\fssg
[30/08/2008|15:01] C:\ProgramData\Google
[05/02/2009|00:52] C:\ProgramData\InstallShield
[27/03/2009|01:29] C:\ProgramData\LauncherAccess.dt
[27/11/2008|12:02] C:\ProgramData\Malwarebytes
[30/08/2008|19:34] C:\ProgramData\Menu D‚marrer
[17/03/2009|18:41] C:\ProgramData\Messenger Plus!
[17/03/2009|16:41] C:\ProgramData\Microsoft
[12/12/2008|18:53] C:\ProgramData\Microsoft Help
[30/08/2008|19:34] C:\ProgramData\ModŠles
[06/10/2008|12:00] C:\ProgramData\Office Genuine Advantage
[28/01/2009|19:44] C:\ProgramData\oncereal
[31/08/2008|00:16] C:\ProgramData\Skype
[02/11/2006|15:02] C:\ProgramData\Start Menu
[30/08/2008|21:15] C:\ProgramData\Symantec
[06/09/2008|14:38] C:\ProgramData\TEMP
[02/11/2006|15:02] C:\ProgramData\Templates
[16/12/2008|19:05] C:\ProgramData\WLInstaller

--------------------\\ Listing des dossiers dans C:\Program Files

[16/02/2008|22:59] C:\Program Files\Acer Arcade Deluxe
[06/09/2008|14:54] C:\Program Files\Acer GameZone
[16/02/2008|23:23] C:\Program Files\Acer Inc
[16/10/2007|12:25] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[16/10/2007|12:01] C:\Program Files\Adobe
[26/11/2008|00:02] C:\Program Files\Avira
[14/09/2008|14:03] C:\Program Files\Bonjour
[02/10/2007|06:06] C:\Program Files\Broadcom
[09/03/2009|16:50] C:\Program Files\Common Files
[09/03/2009|16:46] C:\Program Files\CyberLink
[04/01/2009|04:15] C:\Program Files\DivX
[18/02/2009|21:19] C:\Program Files\eMule
[30/08/2008|19:34] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[30/08/2008|16:49] C:\Program Files\Google
[09/03/2009|16:46] C:\Program Files\InstallShield Installation Information
[02/10/2007|05:46] C:\Program Files\Intel
[01/10/2008|22:26] C:\Program Files\Internet Explorer
[08/11/2008|01:54] C:\Program Files\Java
[16/02/2008|23:26] C:\Program Files\Launch Manager
[06/01/2009|16:08] C:\Program Files\Live-Player
[27/11/2008|12:02] C:\Program Files\Malwarebytes' Anti-Malware
[17/03/2009|17:39] C:\Program Files\Messenger Plus! Live
[16/12/2008|14:11] C:\Program Files\Microsoft
[30/08/2008|22:39] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[16/10/2007|12:24] C:\Program Files\Microsoft Office
[28/02/2009|20:53] C:\Program Files\Microsoft Silverlight
[17/03/2009|14:42] C:\Program Files\Microsoft Works
[16/10/2007|12:22] C:\Program Files\Microsoft.NET
[01/10/2008|22:26] C:\Program Files\Movie Maker
[13/04/2009|14:28] C:\Program Files\Mozilla Firefox
[02/11/2006|14:37] C:\Program Files\MSBuild
[17/03/2009|17:47] C:\Program Files\MSNFix
[16/10/2007|11:51] C:\Program Files\MSXML 4.0
[09/03/2009|16:45] C:\Program Files\NewTech Infosystems
[30/08/2008|21:17] C:\Program Files\Orange
[06/09/2008|15:06] C:\Program Files\Orange HSS
[10/02/2009|20:08] C:\Program Files\PhotoFiltre
[22/01/2009|16:58] C:\Program Files\PhotoScape
[20/02/2009|23:49] C:\Program Files\Real
[02/10/2007|06:03] C:\Program Files\Realtek
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[18/02/2009|16:45] C:\Program Files\Samsung
[31/08/2008|00:16] C:\Program Files\Skype
[02/10/2007|06:05] C:\Program Files\Synaptics
[05/03/2009|22:09] C:\Program Files\TeamViewer
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[05/11/2008|01:01] C:\Program Files\uTorrent
[01/02/2009|14:18] C:\Program Files\Veoh Networks
[06/09/2008|19:34] C:\Program Files\VideoLAN
[01/10/2008|22:26] C:\Program Files\Windows Calendar
[01/10/2008|22:26] C:\Program Files\Windows Collaboration
[01/10/2008|22:26] C:\Program Files\Windows Defender
[01/10/2008|22:26] C:\Program Files\Windows Journal
[17/03/2009|17:38] C:\Program Files\Windows Live
[10/02/2009|20:33] C:\Program Files\Windows Live SkyDrive
[11/03/2009|13:39] C:\Program Files\Windows Mail
[11/03/2009|13:39] C:\Program Files\Windows Media Player
[30/08/2008|19:34] C:\Program Files\Windows NT
[01/10/2008|22:26] C:\Program Files\Windows Photo Gallery
[01/10/2008|22:26] C:\Program Files\Windows Sidebar
[24/11/2008|17:55] C:\Program Files\WinRAR

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[16/10/2007|12:01] C:\Program Files\Common Files\Adobe
[16/10/2007|12:22] C:\Program Files\Common Files\DESIGNER
[05/02/2009|00:51] C:\Program Files\Common Files\InstallShield
[08/11/2008|01:52] C:\Program Files\Common Files\Java
[16/10/2007|12:07] C:\Program Files\Common Files\LightScribe
[21/02/2009|01:39] C:\Program Files\Common Files\microsoft shared
[16/10/2007|12:07] C:\Program Files\Common Files\NewTech Infosystems
[06/09/2008|20:07] C:\Program Files\Common Files\PX Storage Engine
[09/03/2009|16:39] C:\Program Files\Common Files\Real
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[31/08/2008|00:16] C:\Program Files\Common Files\Skype
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[30/08/2008|21:16] C:\Program Files\Common Files\Symantec Shared
[01/10/2008|22:26] C:\Program Files\Common Files\System
[16/12/2008|13:57] C:\Program Files\Common Files\Windows Live
[30/08/2008|22:12] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 79 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 14:39:19
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 170

--------------------\\ Recherche d'autres infections

C:\Program Files\Live-Player
C:\Program Files\Live-Player\data
C:\Program Files\Live-Player\live-player.exe
C:\Program Files\Live-Player\SkinCrafterDll.dll
C:\Program Files\Live-Player\skins
C:\Program Files\Live-Player\sqlite3.dll
C:\Users\Elodie\AppData\Local\live-player
C:\Users\Elodie\AppData\Local\live-player\flv.swf
C:\Users\Elodie\AppData\Local\live-player\liveplayer.s3db
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player\Conditions g‚n‚rales.url
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player\Confidentialit‚.url
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player\D‚sinstaller.lnk
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player\Live-Player.lnk
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player\Website.url
[b]==> EGDACCESS <==/b



[F:1663][D:132]-> C:\Users\Elodie\AppData\Local\Temp
[F:155][D:1]-> C:\Users\Elodie\AppData\Roaming\MICROS~1\Windows\Cookies
[F:874][D:4]-> C:\Users\Elodie\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:4][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 13/04/2009|14:27 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 13/04/2009|14:41 - Option : [2]

--------------------\\ Fin du rapport a 14:41:11
[ UAC => 1 ]


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz )
BIOS : Ver 1.00PARTTBL
USER : Elodie ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Not Activated)
Firewall : Norton Internet Security 2007 (Not Activated)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:37 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:59 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 13/04/2009|14:38 )

[ UAC => 1 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\ProgramData\Poke admin tons bike\coal dent.exe
Supprime! - C:\Users\Elodie\AppData\Local\Temp\msgpl_481b.tmp
Supprime! - C:\Users\Elodie\AppData\Local\Temp\msgpl_5f19.tmp
Supprime! - C:\Users\Elodie\AppData\Local\Temp\msgpl_90f0.tmp
Supprime! - C:\Users\Elodie\AppData\Local\Temp\msgpl_a260.tmp
Supprime! - C:\Users\Elodie\AppData\Local\Temp\msgpl_a950.tmp
Supprime! - C:\Users\Elodie\AppData\Local\Temp\msgpl_ab8b.tmp
Supprime! - C:\Users\Elodie\AppData\Local\Temp\msgpl_b3d0.tmp
Supprime! - C:\Users\Elodie\AppData\Local\Temp\msgpl_c9be.tmp
Supprime! - C:\Users\Elodie\AppData\Local\Temp\msgpl_d6d7.tmp
Supprime! - C:\ProgramData\EncCopyCopy.0azof
Supprime! - C:\ProgramData\EncCopyCopy.0f6f3
Supprime! - C:\ProgramData\EncCopyCopy.31uel
Supprime! - C:\ProgramData\EncCopyCopy.3ocpj
Supprime! - C:\ProgramData\EncCopyCopy.4gqb4
Supprime! - C:\ProgramData\EncCopyCopy.4pv2g
Supprime! - C:\ProgramData\EncCopyCopy.53rvz
Supprime! - C:\ProgramData\EncCopyCopy.55mli
Supprime! - C:\ProgramData\EncCopyCopy.6hzlg
Supprime! - C:\ProgramData\EncCopyCopy.82xc7
Supprime! - C:\ProgramData\EncCopyCopy.85cze
Supprime! - C:\ProgramData\EncCopyCopy.atmy1
Supprime! - C:\ProgramData\EncCopyCopy.f67v4
Supprime! - C:\ProgramData\EncCopyCopy.fvao8
Supprime! - C:\ProgramData\EncCopyCopy.g29xe
Supprime! - C:\ProgramData\EncCopyCopy.ggvsb
Supprime! - C:\ProgramData\EncCopyCopy.i4ms4
Supprime! - C:\ProgramData\EncCopyCopy.iuizq
Supprime! - C:\ProgramData\EncCopyCopy.iwy1y
Supprime! - C:\ProgramData\EncCopyCopy.k115d
Supprime! - C:\ProgramData\EncCopyCopy.l8ier
Supprime! - C:\ProgramData\EncCopyCopy.mv99x
Supprime! - C:\ProgramData\EncCopyCopy.n75rp
Supprime! - C:\ProgramData\EncCopyCopy.o52ib
Supprime! - C:\ProgramData\EncCopyCopy.odpbq
Supprime! - C:\ProgramData\EncCopyCopy.psfhm
Supprime! - C:\ProgramData\EncCopyCopy.sr0ue
Supprime! - C:\ProgramData\EncCopyCopy.te8fd
Supprime! - C:\ProgramData\EncCopyCopy.uhbup
Supprime! - C:\ProgramData\EncCopyCopy.ui92y
Supprime! - C:\ProgramData\EncCopyCopy.v1m54
Supprime! - C:\ProgramData\EncCopyCopy.vco3i
Supprime! - C:\ProgramData\EncCopyCopy.veib4
Supprime! - C:\ProgramData\EncCopyCopy.vov8v
Supprime! - C:\ProgramData\EncCopyCopy.vuazw
Supprime! - C:\ProgramData\EncCopyCopy.wrd4c
Supprime! - C:\ProgramData\EncCopyCopy.xqpnf
Supprime! - C:\ProgramData\EncCopyCopy.xzm8l
Supprime! - C:\ProgramData\EncCopyCopy.yotmy
Supprime! - C:\ProgramData\EncCopyCopy.066kpi
Supprime! - C:\ProgramData\EncCopyCopy.0crrzg
Supprime! - C:\ProgramData\EncCopyCopy.17gjqs
Supprime! - C:\ProgramData\EncCopyCopy.183cnh
Supprime! - C:\ProgramData\EncCopyCopy.1g56qf
Supprime! - C:\ProgramData\EncCopyCopy.2r1uo0
Supprime! - C:\ProgramData\EncCopyCopy.5gzees
Supprime! - C:\ProgramData\EncCopyCopy.c8hefj
Supprime! - C:\ProgramData\EncCopyCopy.cnwmv6
Supprime! - C:\ProgramData\EncCopyCopy.ct75t1
Supprime! - C:\ProgramData\EncCopyCopy.fn25xl
Supprime! - C:\ProgramData\EncCopyCopy.g88gpr
Supprime! - C:\ProgramData\EncCopyCopy.gm5sse
Supprime! - C:\ProgramData\EncCopyCopy.hgoena
Supprime! - C:\ProgramData\EncCopyCopy.iz94po
Supprime! - C:\ProgramData\EncCopyCopy.j4hi16
Supprime! - C:\ProgramData\EncCopyCopy.jeqbfe
Supprime! - C:\ProgramData\EncCopyCopy.k4sj0z
Supprime! - C:\ProgramData\EncCopyCopy.moldi5
Supprime! - C:\ProgramData\EncCopyCopy.mv8di5
Supprime! - C:\ProgramData\EncCopyCopy.mzq8dk
Supprime! - C:\ProgramData\EncCopyCopy.nlhkoc
Supprime! - C:\ProgramData\EncCopyCopy.nx2xan
Supprime! - C:\ProgramData\EncCopyCopy.o6qo39
Supprime! - C:\ProgramData\EncCopyCopy.oihk8j
Supprime! - C:\ProgramData\EncCopyCopy.qublut
Supprime! - C:\ProgramData\EncCopyCopy.qv8r9v
Supprime! - C:\ProgramData\EncCopyCopy.r2hadd
Supprime! - C:\ProgramData\EncCopyCopy.rjaz0o
Supprime! - C:\ProgramData\EncCopyCopy.ttepez
Supprime! - C:\ProgramData\EncCopyCopy.w9bz57
Supprime! - C:\ProgramData\EncCopyCopy.zecn2a
Supprime! - C:\ProgramData\Surf Pure Bore.nm51iy
Supprime! - C:\ProgramData\EncCopyCopy.1j39x21
Supprime! - C:\ProgramData\EncCopyCopy.29tuqf0
Supprime! - C:\ProgramData\EncCopyCopy.3k0pblk
Supprime! - C:\ProgramData\EncCopyCopy.3s6ch6e
Supprime! - C:\ProgramData\EncCopyCopy.5oacb1m
Supprime! - C:\ProgramData\EncCopyCopy.62kws6z
Supprime! - C:\ProgramData\EncCopyCopy.8us8f6z
Supprime! - C:\ProgramData\EncCopyCopy.9ad70da
Supprime! - C:\ProgramData\EncCopyCopy.9qtasq5
Supprime! - C:\ProgramData\EncCopyCopy.dypbj1w
Supprime! - C:\ProgramData\EncCopyCopy.ebtsw9p
Supprime! - C:\ProgramData\EncCopyCopy.g8t720w
Supprime! - C:\ProgramData\EncCopyCopy.gehef15
Supprime! - C:\ProgramData\EncCopyCopy.gj9hwqw
Supprime! - C:\ProgramData\EncCopyCopy.him24fg
Supprime! - C:\ProgramData\EncCopyCopy.jgi5iqr
Supprime! - C:\ProgramData\EncCopyCopy.k6cgpf8
Supprime! - C:\ProgramData\EncCopyCopy.kg1rxbc
Supprime! - C:\ProgramData\EncCopyCopy.ks4d5wy
Supprime! - C:\ProgramData\EncCopyCopy.osovn85
Supprime! - C:\ProgramData\EncCopyCopy.rz8vpa9
Supprime! - C:\ProgramData\EncCopyCopy.sncsmpn
Supprime! - C:\ProgramData\EncCopyCopy.tm8zev7
Supprime! - C:\ProgramData\EncCopyCopy.vxqidyx
Supprime! - C:\ProgramData\EncCopyCopy.wa6k09u
Supprime! - C:\ProgramData\EncCopyCopy.wa84a50
Supprime! - C:\ProgramData\EncCopyCopy.xztme07
Supprime! - C:\ProgramData\Poke admin tons bike
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans Local

[29/11/2008|18:11] C:\Users\Elodie\AppData\Local\{7326CE9D-C0D2-433A-8A57-B7934EA13EC8}
[30/08/2008|19:52] C:\Users\Elodie\AppData\Local\Acer Arcade Deluxe
[30/08/2008|19:39] C:\Users\Elodie\AppData\Local\acer eNM
[06/10/2008|12:07] C:\Users\Elodie\AppData\Local\Adobe
[14/09/2008|14:01] C:\Users\Elodie\AppData\Local\Apple
[11/10/2008|17:12] C:\Users\Elodie\AppData\Local\Apple Computer
[30/08/2008|19:38] C:\Users\Elodie\AppData\Local\Application Data
[30/08/2008|18:16] C:\Users\Elodie\AppData\Local\CyberLink
[29/03/2009|02:26] C:\Users\Elodie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[23/11/2008|14:34] C:\Users\Elodie\AppData\Local\DVDivine
[16/02/2009|11:52] C:\Users\Elodie\AppData\Local\ebaxvmr.bat
[18/02/2009|21:19] C:\Users\Elodie\AppData\Local\eMule
[30/08/2008|19:38] C:\Users\Elodie\AppData\Local\GDIPFONTCACHEV1.DAT
[30/08/2008|21:50] C:\Users\Elodie\AppData\Local\Google
[30/08/2008|19:38] C:\Users\Elodie\AppData\Local\Historique
[30/08/2008|18:16] C:\Users\Elodie\AppData\Local\HomeMedia
[13/04/2009|14:21] C:\Users\Elodie\AppData\Local\IconCache.db
[06/01/2009|01:10] C:\Users\Elodie\AppData\Local\live-player
[09/03/2009|22:31] C:\Users\Elodie\AppData\Local\Microsoft
[21/12/2008|12:00] C:\Users\Elodie\AppData\Local\Microsoft Games
[01/02/2009|02:27] C:\Users\Elodie\AppData\Local\Mozilla
[05/01/2009|16:39] C:\Users\Elodie\AppData\Local\Pando
[03/09/2008|20:51] C:\Users\Elodie\AppData\Local\PlayMovie
[30/08/2008|19:52] C:\Users\Elodie\AppData\Local\PowerCinema
[13/04/2009|14:38] C:\Users\Elodie\AppData\Local\Temp
[30/08/2008|19:38] C:\Users\Elodie\AppData\Local\Temporary Internet Files
[19/10/2008|16:27] C:\Users\Elodie\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[13/04/2009 14:22][--ah-----] C:\Windows\tasks\SA.DAT
[13/04/2009 14:21][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[16/10/2007|12:25] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[16/10/2007|12:01] C:\ProgramData\Adobe
[14/09/2008|13:59] C:\ProgramData\Apple
[09/03/2009|16:48] C:\ProgramData\Apple Computer
[02/11/2006|15:02] C:\ProgramData\Application Data
[26/11/2008|00:02] C:\ProgramData\Avira
[30/08/2008|19:34] C:\ProgramData\Bureau
[26/11/2008|17:38] C:\ProgramData\CheckPoint
[31/08/2008|13:10] C:\ProgramData\CyberLink
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[18/02/2009|21:19] C:\ProgramData\eMule
[31/08/2008|00:17] C:\ProgramData\ezsidmv.dat
[30/08/2008|19:34] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[31/08/2008|00:12] C:\ProgramData\Forge of Games
[26/11/2008|00:21] C:\ProgramData\F-Secure
[30/08/2008|12:33] C:\ProgramData\fssg
[30/08/2008|15:01] C:\ProgramData\Google
[05/02/2009|00:52] C:\ProgramData\InstallShield
[27/03/2009|01:29] C:\ProgramData\LauncherAccess.dt
[27/11/2008|12:02] C:\ProgramData\Malwarebytes
[30/08/2008|19:34] C:\ProgramData\Menu D‚marrer
[17/03/2009|18:41] C:\ProgramData\Messenger Plus!
[17/03/2009|16:41] C:\ProgramData\Microsoft
[12/12/2008|18:53] C:\ProgramData\Microsoft Help
[30/08/2008|19:34] C:\ProgramData\ModŠles
[06/10/2008|12:00] C:\ProgramData\Office Genuine Advantage
[28/01/2009|19:44] C:\ProgramData\oncereal
[31/08/2008|00:16] C:\ProgramData\Skype
[02/11/2006|15:02] C:\ProgramData\Start Menu
[30/08/2008|21:15] C:\ProgramData\Symantec
[06/09/2008|14:38] C:\ProgramData\TEMP
[02/11/2006|15:02] C:\ProgramData\Templates
[16/12/2008|19:05] C:\ProgramData\WLInstaller

--------------------\\ Listing des dossiers dans C:\Program Files

[16/02/2008|22:59] C:\Program Files\Acer Arcade Deluxe
[06/09/2008|14:54] C:\Program Files\Acer GameZone
[16/02/2008|23:23] C:\Program Files\Acer Inc
[16/10/2007|12:25] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[16/10/2007|12:01] C:\Program Files\Adobe
[26/11/2008|00:02] C:\Program Files\Avira
[14/09/2008|14:03] C:\Program Files\Bonjour
[02/10/2007|06:06] C:\Program Files\Broadcom
[09/03/2009|16:50] C:\Program Files\Common Files
[09/03/2009|16:46] C:\Program Files\CyberLink
[04/01/2009|04:15] C:\Program Files\DivX
[18/02/2009|21:19] C:\Program Files\eMule
[30/08/2008|19:34] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[30/08/2008|16:49] C:\Program Files\Google
[09/03/2009|16:46] C:\Program Files\InstallShield Installation Information
[02/10/2007|05:46] C:\Program Files\Intel
[01/10/2008|22:26] C:\Program Files\Internet Explorer
[08/11/2008|01:54] C:\Program Files\Java
[16/02/2008|23:26] C:\Program Files\Launch Manager
[06/01/2009|16:08] C:\Program Files\Live-Player
[27/11/2008|12:02] C:\Program Files\Malwarebytes' Anti-Malware
[17/03/2009|17:39] C:\Program Files\Messenger Plus! Live
[16/12/2008|14:11] C:\Program Files\Microsoft
[30/08/2008|22:39] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[16/10/2007|12:24] C:\Program Files\Microsoft Office
[28/02/2009|20:53] C:\Program Files\Microsoft Silverlight
[17/03/2009|14:42] C:\Program Files\Microsoft Works
[16/10/2007|12:22] C:\Program Files\Microsoft.NET
[01/10/2008|22:26] C:\Program Files\Movie Maker
[13/04/2009|14:28] C:\Program Files\Mozilla Firefox
[02/11/2006|14:37] C:\Program Files\MSBuild
[17/03/2009|17:47] C:\Program Files\MSNFix
[16/10/2007|11:51] C:\Program Files\MSXML 4.0
[09/03/2009|16:45] C:\Program Files\NewTech Infosystems
[30/08/2008|21:17] C:\Program Files\Orange
[06/09/2008|15:06] C:\Program Files\Orange HSS
[10/02/2009|20:08] C:\Program Files\PhotoFiltre
[22/01/2009|16:58] C:\Program Files\PhotoScape
[20/02/2009|23:49] C:\Program Files\Real
[02/10/2007|06:03] C:\Program Files\Realtek
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[18/02/2009|16:45] C:\Program Files\Samsung
[31/08/2008|00:16] C:\Program Files\Skype
[02/10/2007|06:05] C:\Program Files\Synaptics
[05/03/2009|22:09] C:\Program Files\TeamViewer
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[05/11/2008|01:01] C:\Program Files\uTorrent
[01/02/2009|14:18] C:\Program Files\Veoh Networks
[06/09/2008|19:34] C:\Program Files\VideoLAN
[01/10/2008|22:26] C:\Program Files\Windows Calendar
[01/10/2008|22:26] C:\Program Files\Windows Collaboration
[01/10/2008|22:26] C:\Program Files\Windows Defender
[01/10/2008|22:26] C:\Program Files\Windows Journal
[17/03/2009|17:38] C:\Program Files\Windows Live
[10/02/2009|20:33] C:\Program Files\Windows Live SkyDrive
[11/03/2009|13:39] C:\Program Files\Windows Mail
[11/03/2009|13:39] C:\Program Files\Windows Media Player
[30/08/2008|19:34] C:\Program Files\Windows NT
[01/10/2008|22:26] C:\Program Files\Windows Photo Gallery
[01/10/2008|22:26] C:\Program Files\Windows Sidebar
[24/11/2008|17:55] C:\Program Files\WinRAR

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[16/10/2007|12:01] C:\Program Files\Common Files\Adobe
[16/10/2007|12:22] C:\Program Files\Common Files\DESIGNER
[05/02/2009|00:51] C:\Program Files\Common Files\InstallShield
[08/11/2008|01:52] C:\Program Files\Common Files\Java
[16/10/2007|12:07] C:\Program Files\Common Files\LightScribe
[21/02/2009|01:39] C:\Program Files\Common Files\microsoft shared
[16/10/2007|12:07] C:\Program Files\Common Files\NewTech Infosystems
[06/09/2008|20:07] C:\Program Files\Common Files\PX Storage Engine
[09/03/2009|16:39] C:\Program Files\Common Files\Real
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[31/08/2008|00:16] C:\Program Files\Common Files\Skype
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[30/08/2008|21:16] C:\Program Files\Common Files\Symantec Shared
[01/10/2008|22:26] C:\Program Files\Common Files\System
[16/12/2008|13:57] C:\Program Files\Common Files\Windows Live
[30/08/2008|22:12] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 79 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 14:39:19
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 170

--------------------\\ Recherche d'autres infections

C:\Program Files\Live-Player
C:\Program Files\Live-Player\data
C:\Program Files\Live-Player\live-player.exe
C:\Program Files\Live-Player\SkinCrafterDll.dll
C:\Program Files\Live-Player\skins
C:\Program Files\Live-Player\sqlite3.dll
C:\Users\Elodie\AppData\Local\live-player
C:\Users\Elodie\AppData\Local\live-player\flv.swf
C:\Users\Elodie\AppData\Local\live-player\liveplayer.s3db
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player\Conditions g‚n‚rales.url
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player\Confidentialit‚.url
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player\D‚sinstaller.lnk
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player\Live-Player.lnk
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player\Website.url
[b]==> EGDACCESS <==/b



[F:1663][D:132]-> C:\Users\Elodie\AppData\Local\Temp
[F:155][D:1]-> C:\Users\Elodie\AppData\Roaming\MICROS~1\Windows\Cookies
[F:874][D:4]-> C:\Users\Elodie\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:4][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 13/04/2009|14:27 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 13/04/2009|14:41 - Option : [2]

--------------------\\ Fin du rapport a 14:41:11
[ UAC => 1 ]

oila ce que tu m'as demandé :) j'attend la suite si il y en a une :p

- Télécharge Navilog1 (de IL-MAFIOSO) et enregistre-le sur le Bureau.

- Double-clique sur Navilog1.exe afin de lancer l'installation.

- Si le fix ne se lance pas automatiquement après son installation, double-clique sur Navilog1 présent sur le Bureau.

- Appuie sur F ou f puis valide par Entrée.

- Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options.

- Choisis l'option 1 et appuie sur la touche Entrée pour valider ton choix.

- Patiente jusqu'au message : *** Analyse terminée le ..... ***

- Le scan fini, le Bloc-notes contenant le rapport sera affiché, poste le contenu de ce rapport dans ta prochaine réponse.

- Si le résultat du scan ne s'affiche pas, tu le trouveras dans C:\fixnavi.txt

N'utilise pas l'option 2, 3 et 4 sans notre accord, des fichiers légitimes peuvent être inclus dans ce scan.

rapport navilog :

Search Navipromo version 3.7.6 commencé le 13/04/2009 à 14:49:10,05

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz )
BIOS : Ver 1.00PARTTBL
USER : Elodie ( Administrator )
BOOT : Normal boot

Antivirus : Norton Internet Security 2007 (Not Activated)
Firewall : Norton Internet Security 2007 (Not Activated)

C:\ (Local Disk) - NTFS - Total:69 Go (Free:37 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:59 Go)
E:\ (CD or DVD)


Recherche executé en mode normal


*** Recherche dossiers dans "C:\Windows" ***


*** Recherche dossiers dans "C:\Program Files" ***

...\Live-Player trouvé !

*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***

...\Live-Player trouvé !

*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***


*** Recherche dossiers dans "C:\ProgramData" ***


*** Recherche dossiers dans "c:\users\elodie\appdata\roaming\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "C:\Users\Elodie\AppData\Local\virtualstore\Program Files" ***



*** Recherche dossiers dans "C:\Users\Elodie\AppData\Local" ***

...\Live-Player trouvé !



*** Recherche dossiers dans "C:\Users\Elodie\AppData\Roaming" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\Windows\system32" *

* Recherche dans "C:\Users\Elodie\AppData\Local\Microsoft" *

* Recherche dans "C:\Users\Elodie\AppData\Local\virtualstore\windows\system32" *

* Recherche dans "C:\Users\Elodie\AppData\Local" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ecqoi"="\"c:\\users\\elodie\\appdata\\local\\ecqoi.exe\" ecqoi"


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\Windows\system32" :


* Dans "C:\Users\Elodie\AppData\Local\Microsoft" :


* Dans "C:\Users\Elodie\AppData\Local\virtualstore\windows\system32" :


* Dans "C:\Users\Elodie\AppData\Local" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :



*** Analyse terminée le 13/04/2009 à 15:00:25,32 ***

en attente de la marche à suivre :p

---> Relance Navilog1, fais l'option 2 et poste le rapport (C:\cleannavi.txt).

Clean Navipromo version 3.7.6 commencé le 13/04/2009 à 15:10:06,75

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz )
BIOS : Ver 1.00PARTTBL
USER : Elodie ( Administrator )
BOOT : Normal boot

Antivirus : Norton Internet Security 2007 (Not Activated)
Firewall : Norton Internet Security 2007 (Not Activated)

C:\ (Local Disk) - NTFS - Total:69 Go (Free:37 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:59 Go)
E:\ (CD or DVD)


Mode suppression automatique
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur


*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\Windows\System32" *


* Suppression dans "C:\Users\Elodie\AppData\Local\Microsoft" *


* Suppression dans "C:\Users\Elodie\AppData\Local\virtualstore\windows\system32" *


* Suppression dans "C:\Users\Elodie\AppData\Local" *



*** Suppression dossiers dans "C:\Windows" ***


*** Suppression dossiers dans "C:\Program Files" ***

...\Live-Player ...suppression...
...\Live-Player supprimé !


*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***

...\Live-Player ...suppression...
...\Live-Player supprimé !


*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***


*** Suppression dossiers dans "C:\ProgramData" ***


*** Suppression dossiers dans c:\users\elodie\appdata\roaming\micros~1\windows\startm~1\programs ***


*** Suppression dossiers dans "C:\Users\Elodie\AppData\Local\virtualstore\Program Files" ***


*** Suppression dossiers dans "C:\Users\Elodie\AppData\Local" ***


*** Suppression dossiers dans "C:\Users\Elodie\AppData\Roaming" ***



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\Elodie\AppData\Local\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\Windows\system32" *



* Dans "C:\Users\Elodie\AppData\Local\Microsoft" *



* Dans "C:\Users\Elodie\AppData\Local\virtualstore\windows\system32" *



* Dans "C:\Users\Elodie\AppData\Local" *



*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !


*** Recherche autres dossiers et fichiers connus ***



*** Nettoyage terminé le 13/04/2009 à 15:15:43,61 ***

Voila en attente de la marche a suivre :)

--> Désinstalle Navilog1.

--> Télécharge DirLook sur ton Bureau.

--> Clique droit sur DirLook.exe et choisis Exécuter en tant qu'administrateur.

--> Copie le texte ci-dessous :




C:\ProgramData\oncereal




--> Dans la petite fenêtre de DirLook, faire un clic droit dans la zone blanche et choisir Coller.
Note : les lignes sélectionnées précédemment doivent avoir été recopiées dans la zone blanche de DirLook.

--> Clique sur le bouton DirLook pour lancer la recherche.

Lorsque l'outil a terminé cette recherche, le Bloc-notes s'ouvre.
Note : Dans le Bloc-notes, vérifie dans le menu Format (en haut) que l'option "Retour automatique à la ligne" n'est pas cochée.

--> Enregistre le rapport sous le nom DirLook1.txt et ferme le Bloc-notes.

--> Ferme DirLook en cliquant sur le bouton Exit puis poste le rapport.

DirLook.exe v2.0 by jpshortstuff
Log created at 15:43 on 13/04/2009
==================================[b]
Contents of "C:\ProgramData\oncereal"
/b
[b][color=blue]---FOLDERS---/b/color

(none found)

[b][color=blue]---FILES---/b/color

(none found)

==================================
[b][color=blue]=EOF=/b/color



voila j'attends la marche a suivre :)

--> Supprime DirLook.

--> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

--> Clique sur Continue à l'écran Disclaimer.

--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

--> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.

fichier .txt info :

info.txt logfile of random's system information tool 1.06 2009-04-13 15:53:08

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31403E22-2FDB-452F-AE9E-20854633226D}\setup.exe" -uninst
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Acer Arcade Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall
Acer Crystal Eye webcam-->C:\Program Files\InstallShield Installation Information\{DD1DED37-2486-4F56-8F89-56AA814003F5}\Setup.exe -runfromtemp -l0x040c -removeonly
Acer Crystal Eye webcam-->Rundll32.exe BisonR07.dll,WinMainRmv
Acer eAudio Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\setup.exe" -uninstall
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x40c -removeonly
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x40c -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x40c -removeonly
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x40c -removeonly
Acer eSettings Management-->"C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -runfromtemp -l0x040c -removeonly
Acer GridVista-->C:\Windows\UnInst32.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x40c -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x40c -removeonly
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Agere Systems HDA Modem-->agrsmdel
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Favorit-->c:\users\elodie\appdata\local\ebaxvmr.bat
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
mIRC-->"C:\Program Files\SpoOf`ScRiPt V2.0\mIRC.exe" -uninstall
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSNFix 1.749-->"C:\Program Files\MSNFix\unins000.exe"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe" -removeonly
NTI Backup NOW! 4.7-->C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe -runfromtemp -l0x040c
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe"
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\Setup.exe" -l0x9 -removeonly
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Veoh Web Player Beta-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"
VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}

======Security center information======

AV: Norton Internet Security (disabled) (outdated)
FW: Norton Internet Security (disabled)
AS: Windows Defender
AS: Norton Internet Security (outdated)

======System event log======

Computer Name: PCportable
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\CdRom0 lors d'une opération de pagination.
Record Number: 74372
Source Name: cdrom
Time Written: 20090413131552.477742-000
Event Type: Avertissement
User:

Computer Name: PCportable
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\CdRom0 lors d'une opération de pagination.
Record Number: 74373
Source Name: cdrom
Time Written: 20090413131552.493342-000
Event Type: Avertissement
User:

Computer Name: PCportable
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\CdRom0 lors d'une opération de pagination.
Record Number: 74374
Source Name: cdrom
Time Written: 20090413131552.936542-000
Event Type: Avertissement
User:

Computer Name: PCportable
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\CdRom0 lors d'une opération de pagination.
Record Number: 74375
Source Name: cdrom
Time Written: 20090413131552.981542-000
Event Type: Avertissement
User:

Computer Name: PCportable
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\CdRom0 lors d'une opération de pagination.
Record Number: 74390
Source Name: cdrom
Time Written: 20090413131700.191542-000
Event Type: Avertissement
User:

=====Application event log=====

Computer Name: PCportable
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-947929881-3701034269-320649905-1000_Classes:
Process 972 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-947929881-3701034269-320649905-1000_CLASSES

Record Number: 17903
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090413122127.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PCportable
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-947929881-3701034269-320649905-1000:
Process 980 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-947929881-3701034269-320649905-1000

Record Number: 17936
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090413131229.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PCportable
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-947929881-3701034269-320649905-1000_Classes:
Process 980 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-947929881-3701034269-320649905-1000_CLASSES

Record Number: 17937
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090413131230.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PCportable
Event Code: 1002
Message: Le programme DirLook.exe version 0.0.0.0 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans l’application Rapports et solutions aux problèmes du Panneau de configuration. ID de processus : 1410 Heure de début : 01c9bc3c912b2d63 Heure de fin : 29
Record Number: 17972
Source Name: Application Hang
Time Written: 20090413134314.000000-000
Event Type: Erreur
User:

Computer Name: PCportable
Event Code: 1002
Message: Le programme DirLook.exe version 0.0.0.0 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans l’application Rapports et solutions aux problèmes du Panneau de configuration. ID de processus : 130 Heure de début : 01c9bc3dd35822f3 Heure de fin : 13
Record Number: 17973
Source Name: Application Hang
Time Written: 20090413134424.000000-000
Event Type: Erreur
User:

=====Security event log=====

Computer Name: PCportable
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 21356
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090413135303.614542-000
Event Type: Échec de l'audit
User:

Computer Name: PCportable
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 21357
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090413135303.708542-000
Event Type: Échec de l'audit
User:

Computer Name: PCportable
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 21358
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090413135303.749542-000
Event Type: Échec de l'audit
User:

Computer Name: PCportable
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 21359
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090413135303.793542-000
Event Type: Échec de l'audit
User:

Computer Name: PCportable
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 21360
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090413135303.836542-000
Event Type: Échec de l'audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Samsung\Samsung PC Studio 3\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2

-----------------EOF-----------------


Fichier .txt log :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Elodie at 2009-04-13 15:55:46
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 39 GB (54%) free of 71 GB
Total RAM: 2038 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:55:47, on 13/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Users\Elodie\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\Elodie\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Elodie\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Elodie\Desktop\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\Elodie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://chat.doctissimo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Users\Elodie\Desktop\OpenOffice.org 2.2\program\quickstart.exe
O4 - Startup: Orion.lnk = C:\Convesoft\Orion\Messenger.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\Elodie\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.orange.fr
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

C'est pas mal.

---> Désinstalle J2SE Runtime Environment 5.0.

---> Mets à jour Java.

---> Mets à jour Adobe Reader.

---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1975
Windows 6.0.6001 Service Pack 1

13/04/2009 16:28:45
mbam-log-2009-04-13 (16-28-45).txt

Type de recherche: Examen rapide
Eléments examinés: 61875
Temps écoulé: 3 minute(s), 22 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


Voila en attente de la marche a suivre :)

---> Supprime les traces de Norton avec ceci.

---> Refais un scan RSIT et poste le rapport log.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Elodie at 2009-04-13 16:39:01
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 37 GB (52%) free of 71 GB
Total RAM: 2038 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:39:03, on 13/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Users\Elodie\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\Elodie\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Elodie\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Elodie\Desktop\RSIT.exe
C:\Program Files\trend micro\Elodie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://chat.doctissimo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Uninstall getPlus(R) for Adobe] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Users\Elodie\Desktop\OpenOffice.org 2.2\program\quickstart.exe
O4 - Startup: Orion.lnk = C:\Convesoft\Orion\Messenger.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\Elodie\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.orange.fr
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--> Double-clique sur l'icône d'Antivir (Parapluie) dans la barre des tâches.

--> Dans Antivir, choisis Outils puis Configuration.

--> Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages.

--> Fais un scan complet et poste le rapport.

Tutoriel sur Antivir

Désolé je suis de retour ^^

voila le log Avira :



Avira AntiVir Personal
Report file date: lundi 13 avril 2009 17:14

Scanning for 1347111 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PCPORTABLE

Version information:
BUILD.DAT : 8.2.0.347 16934 Bytes 16/03/2009 14:45:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 18:41:25
ANTIVIR2.VDF : 7.1.3.0 1330176 Bytes 01/04/2009 18:58:17
ANTIVIR3.VDF : 7.1.3.42 169984 Bytes 11/04/2009 10:34:15
Engineversion : 8.2.0.138
AEVDF.DLL : 8.1.1.0 106868 Bytes 31/01/2009 18:38:01
AESCRIPT.DLL : 8.1.1.73 373114 Bytes 04/04/2009 18:57:31
AESCN.DLL : 8.1.1.10 127348 Bytes 04/04/2009 18:57:29
AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38
AEPACK.DLL : 8.1.3.12 397687 Bytes 04/04/2009 18:57:28
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 22:58:05
AEHEUR.DLL : 8.1.0.114 1700214 Bytes 04/04/2009 18:57:25
AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 22:57:45
AEGEN.DLL : 8.1.1.33 340340 Bytes 04/04/2009 18:57:18
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
AECORE.DLL : 8.1.6.7 176502 Bytes 04/04/2009 18:57:16
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: C:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: lundi 13 avril 2009 17:14

Starting search for hidden objects.
'80905' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'eRAgent.exe' - '1' Module(s) have been scanned
Scan process 'Acer.Empowering.Framework.Supervisor.ex' - '1' Module(s) have been scanned
Scan process 'ePower_DMC.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'eNMTray.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'Mise-a-jour-LiveSearch.exe' - '1' Module(s) have been scanned
Scan process 'RtkBtMnt.exe' - '1' Module(s) have been scanned
Scan process 'Notification-LiveSearch.exe' - '1' Module(s) have been scanned
Scan process 'veohwebplayer.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'igfxext.exe' - '1' Module(s) have been scanned
Scan process 'LManager.exe' - '1' Module(s) have been scanned
Scan process 'eDSLoader.exe' - '1' Module(s) have been scanned
Scan process 'eAudio.exe' - '1' Module(s) have been scanned
Scan process 'PMVService.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'conime.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'ePowerSvc.exe' - '1' Module(s) have been scanned
Scan process 'capuserv.exe' - '1' Module(s) have been scanned
Scan process 'eRecoveryService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'TeamViewer_Service.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MobilityService.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
Scan process 'eNet Service.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'eLockServ.exe' - '1' Module(s) have been scanned
Scan process 'eDSService.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'agrsmsvc.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
78 processes with 78 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '49' files ).


Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1036-7B44-A91000000001}\Data1.cab
[0] Archive type: CAB (Microsoft)
--> Hls.fra
[WARNING] The file could not be written!
--> MinionPro_Bold.otf
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Users\Elodie\Desktop\Programme d'installation d'Adobe Reader 9\Data1.cab
[0] Archive type: CAB (Microsoft)
--> Hls.fra
[WARNING] The file could not be written!
--> MinionPro_Bold.otf
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Windows\System32\OEM\Data1.cab
[0] Archive type: CAB (Microsoft)
--> JSByteCodeWin.bin
[WARNING] The file could not be written!
--> usa86.lex
[WARNING] No further files can be extracted from this archive. The archive will be closed
Begin scan in 'D:\' <DATA>


End of the scan: lundi 13 avril 2009 17:44
Used time: 30:03 Minute(s)

The scan has been done completely.

17419 Scanning directories
246841 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
246839 Files not concerned
1643 Archives were scanned
8 Warnings
0 Notes
80905 Objects were scanned with rootkit scan
0 Hidden objects were found

j'attends la marche suivre :)

Le PC va bien ?

Oui il a plus l'air d'y avoir de fenêtre intempestive qui s'ouvre on verra ce qu'il en est par la suite je reviendrais sur ce message pour te dire si ça recommence. Merci de ton aide :) et passe une bonne soirée :)