bonjour, j'ai un probleme et je n'y comprend pas grands chose, j'ai une fenetre de securité system warning qui s'affiche régulierement me disant que j'ai un virus, et me demande d'acheter un logiciel. je ne sais pas comment il est arrivé la et je ne sais encore moins le desinstaller. Pourrez vous m'aider. J'ai fait un rapport avec navilog : Search Navipromo version 3.5.2 commencé le 02/04/2008 à 18:42:19,84 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "sandra sandrine" Mise à jour le 29.03.2008 à 22h00 par IL-MAFIOSO Microsoft Windows Vista 6.0.6000 Internet Explorer : 7.0.6000.16609 Système de fichiers : NTFS Executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans C:\Windows *** C:\Windows\mslagent trouvé ! *** Recherche dossiers dans C:\Program Files *** *** Recherche dossiers dans C:\ProgramData *** *** Recherche dossiers dans C:\ProgramData\Microsoft\Windows\Start Menu\Programs *** *** Recherche dossiers dans c:\users\sandra sandrine\appdata\roaming\microsoft\windows\start menu\programs *** *** Recherche dossiers dans C:\Users\sandra sandrine\AppData\Local\virtualstore\Program Files *** *** Recherche dossiers dans C:\Users\sandra sandrine\AppData\Roaming *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Aucun Fichier trouvé *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans C:\Windows\system32 * * Recherche dans C:\Users\sandra sandrine\AppData\Local\Microsoft * * Recherche dans C:\Users\sandra sandrine\AppData\Local\virtualstore\windows\system32 * * Recherche dans C:\Users\sandra sandrine\AppData\Local * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans C:\Windows\system32 : * Dans C:\Users\sandra sandrine\AppData\Local\Microsoft : * Dans C:\Users\sandra sandrine\AppData\Local\virtualstore\windows\system32 : * Dans C:\Users\sandra sandrine\AppData\Local : 3)Recherche Certificats : Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : *** Analyse terminée le 02/04/2008 à 18:59:29,38 *** pourriez vous m'aider svp

Securité system warning

Réponse 1 / 21

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
7 avril 2008 à 19:59

salut,

Veille à ce que le contrôle des comptes utilisateurs (UAC) soit désactivé.
Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis "Exécuter en tant qu'administrateur".

Au menu principal, Fais le choix 2
Laisse toi guider et patiente.
Le fix va t'informer qu'il va alors redémarrer ton PC
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuie sur une touche comme demandé.
(si ton Pc ne redémarre pas automatiquement, fais-le toi-même)
Au redémarrage de ton PC, choisis ta session habituelle si nécessaire.
Patiente jusqu'au message :
*** Nettoyage Termine le ..... ***
Le blocnote va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver
Referme le blocnote. Ton bureau va réapparaître
Réactive le contrôle des comptes utilisateurs (UAC)

PS:Si ton bureau ne réapparaît pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tape explorer et valide. Cela te fera apparaître ton bureau

post le rapport

@+

sandraemma
7 avril 2008 à 20:53

voici pour vos conseil voila mon rapport, j'espere avoir fait les bonnes manips : dans navolog j'ai donc taper 2 et recherché, il me demander plusieur choix, j'espere que c'etait le bon, donc voici le rapport :

Clean Navipromo version 3.5.2 commencé le 07/04/2008 à 20:37:56,03

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "sandra sandrine"

Mise à jour le 29.03.2008 à 22h00 par IL-MAFIOSO

Microsoft Windows Vista 6.0.6000
Internet Explorer : 7.0.6000.16609
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS

*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans C:\Windows\System32 *

* Suppression dans C:\Users\sandra sandrine\AppData\Local\Microsoft *

* Suppression dans C:\Users\sandra sandrine\AppData\Local\virtualstore\windows\system32 *

* Suppression dans C:\Users\sandra sandrine\AppData\Local *

*** Suppression dossiers dans C:\Windows ***

C:\Windows\mslagent ...suppression...
C:\Windows\mslagent supprimé !

*** Suppression dossiers dans C:\Program Files ***

*** Suppression dossiers dans C:\ProgramData ***

*** Suppression dossiers dans C:\ProgramData\Microsoft\Windows\Start Menu\Programs ***

*** Suppression dossiers dans c:\users\sandra sandrine\appdata\roaming\microsoft\windows\start menu\programs ***

*** Suppression dossiers dans C:\Users\sandra sandrine\AppData\Local\virtualstore\Program Files ***

*** Suppression dossiers dans C:\Users\sandra sandrine\AppData\Roaming ***

*** Suppression fichiers ***

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\SANDRA~1\AppData\Local\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans C:\Windows\system32 *

* Dans C:\Users\sandra sandrine\AppData\Local\Microsoft *

* Dans C:\Users\sandra sandrine\AppData\Local\virtualstore\windows\system32 *

* Dans C:\Users\sandra sandrine\AppData\Local *

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 07/04/2008 à 20:43:41,98 ***

et maintenant je fait quoi, désolé mais je suis pas trés forte et je n'y connais rien.
je vous remercie de l'aide

Réponse 2 / 21

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
7 avril 2008 à 21:03

de rien ;-)

Télécharge HijackThis ici :

-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/Hijenr.gif

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

Post le rapport généré ici stp...

@+

sandraemma
7 avril 2008 à 21:21

re
voila mon rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:17:38, on 07/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\byryhsvw\rejinoro.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Windows\System32\huhotodq.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Users\sandra sandrine\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [mebndsgn] C:\Windows\system32\huhotodq.exe
O4 - HKLM\..\Policies\Explorer\Run: [3yWOOiHVjy] C:\ProgramData\byryhsvw\rejinoro.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: CD-MENU.LNK = E:\AutoMenu.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O21 - SSODL: Windows Live Toolbar - {E1456757-0848-1684-8541-00B59958803B} - c:\program files\windows live toolbar\winrwfye2.dll (file missing)
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

Réponse 3 / 21

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
7 avril 2008 à 21:24

re,

C´est loin d´etre fini...

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

+

un nouveau rapport hijack this

@+

sandraemma
7 avril 2008 à 22:00

je n'arrive pas a lancer combofix, une page de demarage se met et disparait, j'ai peut etre pas desactionner mon antivirus avast comment on fait, je sais mais j'y connais rien, peut tu m'aider

sandraemma
7 avril 2008 à 22:20

et je suis toujours connecté a internet comment se deconnecter?

Réponse 4 / 21

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
7 avril 2008 à 22:21

re,

deconnecte toi du net, click sur l´icone d´avast et choisie desctiver la protection residente, apres le scan tu la remet

@+

Réponse 5 / 21

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
7 avril 2008 à 22:33

re,

tu eteinds ton modem

sandraemma
7 avril 2008 à 23:05

j'ai eteint mon modem et desactiver mon antivirus mais je n'arrive toujours pas a démarer combofix, la fenetre redisparait.
en vain qu'est ce qu'il faut faire?

Réponse 6 / 21

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
8 avril 2008 à 09:20

salut sandraemma,

fais ceci :

Télécharge BTFix de Bibi26
http://cluster1.easy-hebergement.net/
Dézippe l'archive sur ton Bureau.
Ouvre le dossier BTFix.
Double clique sur BTFix.exe.
Clique sur Rechercher.
Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.

@+

sandraemma
8 avril 2008 à 12:21

bonjour,
donc je me suis servi de BTFix et voila le rapport :

BTFix 1.095 (par bibi26) - 08/04/2008 12:17:13 - Analyse
Lancé depuis C:\Users\sandra sandrine\Desktop\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés

- C:\Program Files\BrowsingSoftware\
- C:\Program Files\AskTBar\
- C:\Users\sandra sandrine\AppData\Roaming\WeatherDPA\
- C:\ProgramData\Application Data\HotbarSA\
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\

---> Analyse terminée le 08/04/2008 12:17:13

petit rapport ! et maintemant, je ne me suis pas servi de combofix car cela ne voulait pas se lancer.
merci pour votre patience et je vous remercie de votre aide.

Réponse 7 / 21

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
8 avril 2008 à 14:00

salut sandraemma,

la suite :

Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.

puis

Ouvre BTFix.
Clique sur Nettoyer.
Un rapport va apparaître.

sauvegarde le de facon a le retrouver

Redémarre normalement

Poste un nouveau log HijackThis avec le rapport de BTFix.

@+

sandraemma
8 avril 2008 à 17:01

donc voici le rapport avec BTFix :

BTFix 1.095 (par bibi26) - 08/04/2008 16:49:39 - Nettoyage - Mode sans échec
Lancé depuis C:\Users\sandra sandrine\Desktop\BTFix\BTFix.exe

---> Fichiers/dossiers supprimés (Première passe)

- Fichiers temporaires effacés
- C:\Program Files\BrowsingSoftware\
- C:\Program Files\AskTBar\bar\1.bin\
- C:\Program Files\AskTBar\bar\Cache\
- C:\Program Files\AskTBar\bar\History\
- C:\Program Files\AskTBar\bar\Settings\
- C:\Program Files\AskTBar\bar\
- C:\Program Files\AskTBar\PopSwatr\History\
- C:\Program Files\AskTBar\PopSwatr\
- C:\Program Files\AskTBar\SrchAstt\1.bin\
- C:\Program Files\AskTBar\SrchAstt\
- C:\Program Files\AskTBar\
- C:\Users\sandra sandrine\AppData\Roaming\WeatherDPA\
- C:\ProgramData\Application Data\HotbarSA\
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\

---> Nettoyage terminé le 08/04/2008 16:49:43

et ainsi le rapport avec hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54:38, on 08/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\byryhsvw\rejinoro.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Windows\System32\huhotodq.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\sandra sandrine\Desktop\HijackThis.exe
C:\Program Files\Windows Media Player\wmplayer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [mebndsgn] C:\Windows\system32\huhotodq.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\users\sandra sandrine\desktop\registrybooster 2\StartRegistryBooster.exe
O4 - HKLM\..\Policies\Explorer\Run: [3yWOOiHVjy] C:\ProgramData\byryhsvw\rejinoro.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: CD-MENU.LNK = E:\AutoMenu.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O21 - SSODL: Windows Live Toolbar - {E1456757-0848-1684-8541-00B59958803B} - c:\program files\windows live toolbar\winrwfye2.dll (file missing)
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

Réponse 8 / 21

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
8 avril 2008 à 17:11

re,

ok pour btfix

maintenant post un rapport de celui ci :

¤ Télécharge ComboScan sur ton Bureau.
---> http://deckard.geekstogo.com/dss.exe

Ferme toutes les applications en cours ; antivirus, pare-feu, etc ..
Double-clic sur comboscan.exe A la fenêtre qui s'affiche, clic sur OK.
Soit patient ..
Le rapport Comboscan.txt s'affichera, copie et colle le contenu de ce fichier ici.

@+

sandraemma
8 avril 2008 à 17:44

il ma posté deux rapport, je ne sais pas lequel cé le bon, je vous envoie les deux :

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Édition Familiale Premium (build 6000)
Architecture: X86; Language: French

CPU 0: AMD Sempron(tm) Processor 3600+
Percentage of Memory in Use: 67%
Physical Memory (total/avail): 766.88 MiB / 249.54 MiB
Pagefile Memory (total/avail): 1792.85 MiB / 967.04 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1935.51 MiB

C: is Fixed (NTFS) - 111.7 GiB total, 35.81 GiB free.
D: is Fixed (NTFS) - 111.43 GiB total, 107.44 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3250820AS ATA Device - 232.88 GiB - 3 partitions
\PARTITION0 - Unknown - 9.76 GiB
\PARTITION1 (bootable) - MS-DOS V4 Huge - 111.7 GiB - C:
\PARTITION2 - Système de fichiers installable - 111.43 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.7.1098 [VPS 080407-1] v4.7.1098 (ALWIL Software) [COLOR=RED]Disabled/COLOR
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"="C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe:*:Enabled:encryption"
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"="C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe:*:Enabled:decryption"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\sandra sandrine\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PC-DE-SANDRASAN
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HKCU_S=\REGISTRY\CUSER\Software
HKLM_S=\REGISTRY\MACHINE\Software
HOMEDRIVE=C:
HOMEPATH=\Users\sandra sandrine
LOCALAPPDATA=C:\Users\sandra sandrine\AppData\Local
LOGONSERVER=\\PC-DE-SANDRASAN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4f02
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\SANDRA~1\AppData\Local\Temp
TMP=C:\Users\SANDRA~1\AppData\Local\Temp
USERDOMAIN=PC-de-sandrasan
USERNAME=sandra sandrine
USERPROFILE=C:\Users\sandra sandrine
windir=C:\Windows
__COMPAT_LAYER=ElevateCreateProcess

-- User Profiles ---------------------------------------------------------------

sandra sandrine [I](admin)/I

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Acer Arcade Live Main Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\SETUP.exe" -uninstall
Acer DV Magician --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6EFFB76-4A07-11DA-9D78-000129760D75}\SETUP.exe" -uninstall
Acer DVDivine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\SETUP.exe" -uninstall
Acer eDataSecurity Management --> C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer Empowering Technology --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly
Acer ePerformance Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}\setup.exe" -l0x40c -removeonly
Acer HomeMedia --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\SETUP.exe" -uninstall
Acer HomeMedia Connect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}\SETUP.exe" -uninstall
Acer ScreenSaver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer SlideShow DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41581EF5-45A7-11DA-9D78-000129760D75}\SETUP.exe" -uninstall
Acer Tour --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x40c -removeonly
Acer VideoMagician --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\SETUP.exe" -uninstall
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
Ask Toolbar --> rundll32 C:\PROGRA~1\AskTBar\bar\1.bin\AskTBar.dll,O
Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
eSobi v2 --> C:\Program Files\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe -runfromtemp -l0x040c
Extension de Windows Live Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
Fish Aquarium 3D Screensaver 1.0 --> "C:\Program Files\Fish Aquarium 3D Screensaver\unins000.exe"
Galerie de photos Windows Live --> MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
GUILD WARS --> "D:\GUILD WARS\Gw.exe" -uninstall
HijackThis 2.0.2 --> "C:\Users\sandra sandrine\Desktop\HijackThis.exe" /uninstall
HOT ALBUM MYBOX --> C:\Program Files\HOTALBUMMyBOX\VUninst.exe /a
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Lexmark 2400 Series --> C:\Program Files\Lexmark 2400 Series\Install\x86\Uninst.exe
Lexmark Barre d'outils --> regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Menus intelligents (Windows Live Toolbar) --> MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Microsoft Office Excel MUI (French) 2007 --> MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1) --> msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office OneNote MUI (French) 2007 --> MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007 --> MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007 --> MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007 --> MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007 --> MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007 --> MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Navilog1 3.5.2 --> "C:\Program Files\Navilog1\unins000.exe"
Nero 8 Trial --> MsiExec.exe /X{BE282C23-5484-47FF-B2C1-EBEA5C891036}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Neuf - Kit de connexion --> C:\Program Files\Neuf\Kit\uninstall.exe
NTI Backup NOW! 4.7 --> "C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly
NTI CD & DVD-Maker --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
SAMSUNG Mobile Modem Driver Set --> C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software --> C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 --> "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
Samsung PC Studio 3 USB Driver Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c -removeonly
Samsung Samples Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AC15160-A49B-4A89-B181-D4619C025FFF}\setup.exe" -l0x40c -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
SereneScreen Marine Aquarium 2 --> "C:\Program Files\SereneScreen\Marine Aquarium 2\unins000.exe"
Shareaza 2.3.1.0 --> "C:\Program Files\Shareaza\Uninstall\unins000.exe"
Solutions de télécopie Lexmark --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
Surligneur (Windows Live Toolbar) --> MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Favorites pour Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail --> MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Toolbar --> MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Writer --> MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type24260 / Success
Event Submitted/Written: 04/08/2008 04:53:35 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
Le service de gestion des licences du logiciel a démarré.

Event Record #/Type24253 / Success
Event Submitted/Written: 04/08/2008 04:52:12 PM
Event ID/Source: 5617 / WinMgmt
Event Description:

Event Record #/Type24251 / Success
Event Submitted/Written: 04/08/2008 04:52:10 PM
Event ID/Source: 5615 / WinMgmt
Event Description:

Event Record #/Type24236 / Warning
Event Submitted/Written: 04/08/2008 04:50:44 PM
Event ID/Source: 6000 / Wlclntfy
Event Description:
L’abonné aux notifications Winlogon <GPClient> n’était pas disponible pour traiter un événement de notification.

Event Record #/Type24233 / Warning
Event Submitted/Written: 04/08/2008 04:50:44 PM
Event ID/Source: 6000 / Wlclntfy
Event Description:
L’abonné aux notifications Winlogon <GPClient> n’était pas disponible pour traiter un événement de notification.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type62779 / Warning
Event Submitted/Written: 04/08/2008 05:01:48 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.

Event Record #/Type62681 / Error
Event Submitted/Written: 04/08/2008 04:51:23 PM
Event ID/Source: 6 / ACPI
Event Description:
IRQARB : le BIOS ACP ne contient pas un IRQ pour le périphérique dans le connecteur PCI 7, fonction 0.
Contactez le fabricant de votre ordinateur pour une assistance technique.

Event Record #/Type62674 / Error
Event Submitted/Written: 04/08/2008 04:50:22 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Service Liste des réseauxConnaissance des emplacements réseau%%1068

Event Record #/Type62673 / Error
Event Submitted/Written: 04/08/2008 04:50:22 PM
Event ID/Source: 10005 / DCOM
Event Description:
1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Event Record #/Type62672 / Error
Event Submitted/Written: 04/08/2008 04:50:22 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Service Liste des réseauxConnaissance des emplacements réseau%%1068

-- End of Deckard's System Scanner: finished at 2008-04-08 17:31:41 ------------

et le deuxieme :

Deckard's System Scanner v20071014.68
Run by sandra sandrine on 2008-04-08 17:24:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
12: 2008-04-07 16:56:03 UTC - RP224 - Supprimé Norton Security Scan
11: 2008-04-07 16:42:56 UTC - RP223 - Removed Google Toolbar for Internet Explorer
10: 2008-04-07 16:40:07 UTC - RP222 - Removed Google Earth.
9: 2008-04-07 16:25:30 UTC - RP221 - Spyware Doctor: Cleaning Threats
8: 2008-04-07 15:35:50 UTC - RP219 - Removed Google Toolbar for Internet Explorer

-- First Restore Point --
1: 2008-04-02 23:06:41 UTC - RP212 - Supprimé DP Search Torrents

Backed up registry hives.
Performed disk cleanup.

[color=red]Total Physical Memory: 767 MiB (1024 MiB recommended)./color

-- HijackThis (run as sandra sandrine.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:29:20, on 08/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\byryhsvw\rejinoro.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Windows\System32\huhotodq.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\sandra sandrine\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\SANDRA~1\Desktop\sandra sandrine.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [mebndsgn] C:\Windows\system32\huhotodq.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\users\sandra sandrine\desktop\registrybooster 2\StartRegistryBooster.exe
O4 - HKLM\..\Policies\Explorer\Run: [3yWOOiHVjy] C:\ProgramData\byryhsvw\rejinoro.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: CD-MENU.LNK = E:\AutoMenu.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O21 - SSODL: Windows Live Toolbar - {E1456757-0848-1684-8541-00B59958803B} - c:\program files\windows live toolbar\winrwfye2.dll (file missing)
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

Réponse 9 / 21

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
8 avril 2008 à 18:06

oui c´est bon

la suite :

là il faut se concentrer un peu :

* Télécharge OTMoveIt2 (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

n´y touche pas

redemarre en mode sans echec:

Comment redémarrer en mode sans echec?

Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
capture d´ecran : http://www.coupdepoucepc.com/images_cdppc4/fichespratiques/windowsxp/modese/modese2.jpg
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.

Note : en mode sans echec tu n´auras plus acces au net alors imprime ou copie les instructions ci dessous dans un fichier texte que tu pourras consulter a souhait
une fois en mode sans echec.

Fix.reg

Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(x)) :

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"3yWOOiHVjy"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mebndsgn"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Note : Regedit4 est sur la premiere ligne dans le bloc note et il y a une ligne blanche a la fin.
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"

ca doit ressembler a ca une fois enrregistré :

http://img520.imageshack.us/img520/4251/screenshot005ps2.png

double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"

* Double-clique sur OTMoveIt.exe pour lancer le programme,
* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Custom List of Files/Folders to Move" :

C:\Windows\system32\tuspppo.dll
C:\Windows\sxfnewqb.dll
C:\ProgramData\byryhsvw
C:\Windows\system32\huhotodq.exe
C:\Windows\stfngdvw.dll
C:\Windows\fkdnrwsv.dll
C:\Windows\system32WINWGPX.EXE
C:\Windows\system32winsystem.exe
C:\Windows\system32winlogonpc.exe
C:\Windows\system32vcatchpi.dll
C:\Windows\system32vbsys2.dll
C:\Windows\system32thun32.dll
C:\Windows\system32thun.dll
C:\Windows\system32temp#01.exe
C:\Windows\system32taack.exe
C:\Windows\system32taack.dat
C:\Windows\system32sysreq.exe
C:\Windows\system32ssvchost.exe
C:\Windows\system32ssvchost.com
C:\Windows\system32ssurf022.dll
C:\Windows\system32sncntr.exe
C:\Windows\system32smp
C:\Windows\system32Rundl1.exe
C:\Windows\system32regm64.dll
C:\Windows\system32regc64.dll
C:\Windows\system32psoft1.exe
C:\Windows\system32psof1.exe
C:\Windows\system32ps1.exe
C:\Windows\system32newsd32.exe
C:\Windows\system32netode.exe
C:\Windows\system32mwin32.exe
C:\Windows\system32mtr2.exe
C:\Windows\system32msvchost.exe
C:\Windows\system32mssecu.exe
C:\Windows\system32msnbho.dll
C:\Windows\system32msgp.exe
C:\Windows\system32medup020.dll
C:\Windows\system32medup012.dll
C:\Windows\system32hxiwlgpm.exe
C:\Windows\system32hxiwlgpm.dat
C:\Windows\system32hoproxy.dll
C:\Windows\system32h@tkeysh@@k.dll
C:\Windows\system32emesx.dll
C:\Windows\system32dpcproxy.exe
C:\Windows\system32bsva-egihsg52.exe
C:\Windows\system32bdn.com
C:\Windows\system32awtoolb.dll
C:\Windows\system32anticipator.dll
C:\Windows\system32akttzn.exe
C:\Windows\mssecu.exe
C:\Windows\iTunesMusic.exe
C:\Windows\bdn.com
C:\Windows\a.bat
C:\Users\sandra sandrine\Desktopvirii
C:\Users\sandra sandrine\DesktopFWebdEditor.exe
C:\Users\sandra sandrine\Desktopfwebd.exe
C:\Users\sandra sandrine\Desktopfilemanagerclient.exe
C:\Users\All Users\byryhsvw
C:\Windows\system32\huhotodq.exe

* Clique sur MoveIt! pour lancer la suppression,
* Le résultat appraraîtra dans le cadre Results.
* Clique sur Exit pour fermer le programme.
* Poste le rapport qui est situé ici : C:\\\_OTMoveIt\MovedFiles
* Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

Redemarre normalement et post le rapport de ot_move it ici stp ainsi qu´un nouveau rapport hijack this.

ps : si tu ne comprends pas quelque chose demande moi avant de commencer

@+

sandraemma
8 avril 2008 à 19:00

donc j'ai créer le dossier bloc note ça ma bien mis votre icone puis j'ai redemarer en mode sans echec et lancer le bloc donc cé bon puis j'ai lancer OTMovelt2 en insererant les fichiers et j'ai cliqué sur movelt, ça a commencer a supprimer sur resultat mais OTMovelt a interompu me disant qu'il doit fermer et que il n'a pas pu finir....

HELP

Réponse 10 / 21

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
8 avril 2008 à 20:09

huuum...

peux tu m´envoyer son rapport stp

Poste le rapport qui est situé ici : C:\\\_OTMoveIt\MovedFiles

@+

sandraemma
8 avril 2008 à 20:31

je voudrais bien mais je n'ai pas de rapport en plus je n'ai plus les icones de mes dossiers, j'ai bien un dossier OTMovelt mais je n'ai pas de rapport donc voila
re help

Réponse 11 / 21

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
8 avril 2008 à 21:35

re,

comment ca tu n´as plus l´icone de tes dossiers ?

peux tu reposter un rapport comboscan stp

@+

sandraemma
8 avril 2008 à 22:20

voici le rapport combo :

Deckard's System Scanner v20071014.68
Run by sandra sandrine on 2008-04-08 22:15:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

[color=red]Total Physical Memory: 767 MiB (1024 MiB recommended).[/color]

-- HijackThis (run as sandra sandrine.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:15:32, on 08/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\sandra sandrine\Desktop\dss.exe
C:\Users\SANDRA~1\Desktop\sandra sandrine.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\users\sandra sandrine\desktop\registrybooster 2\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: CD-MENU.LNK = E:\AutoMenu.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O21 - SSODL: Windows Live Toolbar - {E1456757-0848-1684-8541-00B59958803B} - c:\program files\windows live toolbar\winrwfye2.dll (file missing)
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

sandraemma
8 avril 2008 à 22:28

c'est bon j'ai les icones mais ça résolu pas le probleme de OTMovelt2

Réponse 12 / 21

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
8 avril 2008 à 22:59

re,

essaie a nouveau combofix stp car les fichiers (infections) sont toujours present

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

@+

sandraemma
8 avril 2008 à 23:36

voici le rapport de combofix :

ComboFix 08-04-08.4 - sandra sandrine 2008-04-08 23:26:53.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.313 [GMT 2:00]
Endroit: C:\Users\sandra sandrine\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-08 to 2008-04-08 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-08 16:46 --------- d-----w C:\ProgramData\wvuhmtgr
2008-04-08 09:35 640 ----a-w C:\Users\sandra sandrine\AppData\Roaming\wklnhst.dat
2008-04-07 19:45 --------- d-----w C:\Users\sandra sandrine\AppData\Roaming\Uniblue
2008-04-07 18:43 --------- d-----w C:\Program Files\Navilog1
2008-04-07 17:01 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-04-07 16:48 --------- d-----w C:\Program Files\Google
2008-04-07 16:46 --------- d---a-w C:\ProgramData\TEMP
2008-04-07 16:33 --------- d-----w C:\Users\sandra sandrine\AppData\Roaming\Talkback
2008-04-07 15:22 --------- d-----w C:\Program Files\ItsLabel
2008-04-07 15:16 --------- d-----w C:\Program Files\lx_cats
2008-04-07 15:05 --------- d-----w C:\Users\sandra sandrine\AppData\Roaming\EoRezo
2008-04-07 15:05 --------- d-----w C:\Program Files\EoRezo
2008-04-06 18:05 --------- d-----w C:\Program Files\NeroInstall.bak
2008-04-06 17:50 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-06 17:46 --------- d-----w C:\ProgramData\Nero
2008-04-06 16:41 --------- d-----w C:\Program Files\PC-Cleaner
2008-04-03 23:45 --------- d-----w C:\ProgramData\fssg
2008-04-03 22:56 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-31 21:13 --------- d-----w C:\Program Files\Torrent Search
2008-03-30 22:13 --------- d-----w C:\ProgramData\Media Center Programs
2008-03-30 20:51 --------- d-----w C:\Program Files\PC-Antispyware
2008-03-29 20:59 --------- d-----w C:\Program Files\DivX
2008-03-29 17:46 --------- d-----w C:\Users\sandra sandrine\AppData\Roaming\PC-Cleaner
2008-03-25 17:33 --------- d-----w C:\Users\sandra sandrine\AppData\Roaming\Samsung
2008-03-25 17:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-13 11:52 --------- d-----w C:\Program Files\Windows Mail
2008-03-13 11:46 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-07 18:29 --------- d-----w C:\Users\sandra sandrine\AppData\Roaming\Apple Computer
2008-03-07 18:28 --------- d-----w C:\ProgramData\Apple Computer
2008-03-07 18:28 --------- d-----w C:\Program Files\iTunes
2008-03-07 18:28 --------- d-----w C:\Program Files\iPod
2008-03-07 18:27 --------- d-----w C:\Program Files\QuickTime
2008-03-07 18:21 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-05 00:07 --------- d-----w C:\Program Files\VSO
2008-03-05 00:06 47,360 ----a-w C:\Users\sandra sandrine\AppData\Roaming\pcouffin.sys
2008-03-05 00:06 --------- d-----w C:\Users\sandra sandrine\AppData\Roaming\Vso
2008-03-04 23:59 --------- d-----w C:\Users\sandra sandrine\AppData\Roaming\DivX
2008-03-04 23:46 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-03-04 23:38 --------- d-----w C:\ProgramData\NtiDvdCopy
2008-02-28 16:08 --------- d-----w C:\ProgramData\LightScribe
2008-02-28 15:59 --------- d-----w C:\Users\sandra sandrine\AppData\Roaming\Nero
2008-02-28 15:54 --------- d-----w C:\Program Files\Nero
2008-02-28 15:43 --------- d-----w C:\Program Files\Ahead
2008-02-28 15:41 --------- d-----w C:\Users\sandra sandrine\AppData\Roaming\ItsLabel
2008-02-28 15:38 972,072 ----a-w C:\Windows\UNNeroMediaHome.exe
2008-02-28 14:44 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-02-28 14:38 --------- d-----w C:\Program Files\Yahoo!
2008-02-28 14:01 --------- d-----w C:\ProgramData\Ahead
2008-02-28 14:01 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-28 08:59 --------- d-----w C:\Program Files\Windows Live
2008-02-26 14:14 972,072 ----a-w C:\Windows\UNRecode.exe
2008-02-21 02:03 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-02-18 14:04 95,600 ----a-w C:\Windows\System32\NeroCo.dll
2008-02-18 10:16 30,464 ----a-w C:\Windows\system32\drivers\usbaapl.sys
2008-02-13 12:58 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 12:58 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 12:54 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 12:54 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 12:54 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 12:54 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 12:54 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 12:54 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 12:54 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 12:54 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 12:54 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 12:54 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 12:54 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-13 12:54 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 12:53 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 12:53 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 12:53 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 12:53 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 12:53 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 12:53 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-13 12:51 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 12:51 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 12:51 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 12:51 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-11 16:36 --------- d-----w C:\Program Files\LibreSystem
2008-02-11 16:11 --------- d-----w C:\Users\sandra sandrine\AppData\Roaming\libresystem
2008-02-11 16:05 --------- d-----w C:\Program Files\Common Files\LibreSystem
2008-02-01 10:17 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-01-10 08:13 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-08 08:03 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-04-08_23.13.59,72 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-08 16:49:37 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-08 21:17:18 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-04-08 21:04:52 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-04-08 21:23:31 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-04-08 19:22:57 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-04-08 21:20:00 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-04-08 21:20:00 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-04-08 21:09:51 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-04-08 21:23:33 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-04-08 16:51:59 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-04-08 21:19:54 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-04-08 21:19:54 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-04-08 20:25:30 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-08 21:22:48 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-08 20:25:30 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-08 21:22:48 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-08 20:25:30 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-08 21:22:48 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-08 19:23:39 103,726 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-08 21:22:56 103,726 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-08 19:23:39 117,366 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-04-08 21:22:57 117,366 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-04-08 19:23:39 609,944 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-08 21:22:56 609,944 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-08 19:23:39 690,594 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-04-08 21:22:57 690,594 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-04-08 16:52:01 11,454 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-781064967-1303576918-4005160290-1000_UserData.bin
+ 2008-04-08 21:19:36 11,454 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-781064967-1303576918-4005160290-1000_UserData.bin
- 2008-04-08 16:52:01 60,132 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-08 21:19:35 60,140 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10F0C2A9-8E38-43e3-204D-45524C494E20}]
2008-03-29 23:42 176128 --------- C:\Program Files\PC-Antispyware\IeExtension.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 10:13 1232896]
"Acer Tour Reminder"="" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2008-01-01 18:49 4739072]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2008-02-28 17:07 132392]
"Uniblue RegistryBooster 2"="c:\users\sandra sandrine\desktop\registrybooster 2\StartRegistryBooster.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-06 21:28:40 528384]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-06 21:33:11 200812]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Windows Live Toolbar"= {E1456757-0848-1684-8541-00B59958803B} - c:\program files\windows live toolbar\winrwfye2.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
c:\Program Files\Norton Internet Security\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3949DEB9-8DD8-42E4-A506-7B9F4A231291}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A033DC2D-F311-40C6-91FC-22337523B865}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F726BF72-BF4E-4B4F-B9FE-4CDF4E903131}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{51674872-C1F2-4F6E-9B9C-A757F38BE2C6}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{00717E99-5B5E-4D82-B899-5B920CE145A9}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{F90A806B-AED4-4244-AC78-EA10F3E4F0E6}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{2EACCE03-44AD-4451-AFA5-833B35CC35B9}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{39E7738E-3D11-43B9-835D-D16D2F3B2B0D}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{59B339AA-E6E9-43D5-A0ED-DAC81D658E12}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{B70C9DFF-8065-445C-8092-F386899335A3}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{9F52794C-B028-4208-88E2-1D78370B9A3B}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{88AFEB6C-72F5-40D6-8D72-2319F5BCD35D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B806CE8E-B21A-495A-82E0-58D170550BFF}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{CBAA3875-8D77-428F-966D-7497308AF300}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{27E9550E-7994-4E04-AB65-219D1EBED821}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C23C3D15-DBDF-4217-BB4B-EABFBC744A51}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{C787582F-07F3-4723-99FC-617864138FE2}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{12BF26CF-00C2-4B84-A05A-02D40C04764B}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{DDEC5FDA-FD5A-4794-B3BC-ADF65653903E}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{99804F25-CD48-462E-90AE-DB4AF05A1314}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{1B2F9B22-7A25-4D81-B7C3-06F364D65FF6}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{C4062E9C-B4EA-4081-8570-BEE7A8B1EBEA}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"TCP Query User{D8619921-47E1-4CD0-BFB8-BA33A4211AE9}C:\\program files\\shareaza\\shareaza.exe"= UDP:C:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"UDP Query User{6336D062-5D3F-4095-965E-748B69114E9D}C:\\program files\\shareaza\\shareaza.exe"= TCP:C:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"{0EE64B0A-54BB-4935-932F-6D9E2CD2D6D7}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{CC3AADA1-01D0-459B-945F-2FD62748649D}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 05:22]
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 16:52]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 16:04]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 04:12]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-16 11:01:58 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-08 23:30:15
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-08 23:31:15
ComboFix-quarantined-files.txt 2008-04-08 21:30:47
ComboFix2.txt 2008-04-08 21:14:28
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
.
2008-04-07 09:53:43 --- E O F ---

alors bien sur, j'ai eu un soucis, je sais j'ai la poisse, j'ai donc lancer combofix, ça ma donner un rapport et impossible de le retrouver pourtant j'aai ete dans le dossier comme vous m'avais dit, j'ai fait une recherche manuelle et rien pas de rapport donc j'ai refait l'analyse...

voila et encore

sandraemma
8 avril 2008 à 23:40

oups, rapport de la premiere analyse retrouver :

ComboFix 08-04-08.4 - sandra sandrine 2008-04-08 23:10:25.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.281 [GMT 2:00]
Endroit: C:\Users\sandra sandrine\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\sandra sandrine\AppData\Roaming\inst.exe
C:\Users\sandra sandrine\Desktopblackbird.jpg
C:\Users\sandra sandrine\DesktopEditorFKWP1.5.exe
C:\Users\sandra sandrine\DesktopEditorFKWP2.0.exe
C:\Users\sandra sandrine\Desktopfilemanagerclient.exe
C:\Users\sandra sandrine\Desktopfkwp1.5.exe
C:\Users\sandra sandrine\Desktopfkwp2.0.exe
C:\Users\sandra sandrine\Desktopfwebd.exe
C:\Users\sandra sandrine\DesktopFWebdEditor.exe
C:\Users\sandra sandrine\DesktopTrojan.Win32.BlackBird.exe
C:\Users\sandra sandrine\Desktopvirii
C:\Windows\a.bat
C:\Windows\bdn.com
C:\Windows\fkdnrwsv.dll
C:\Windows\iTunesMusic.exe
C:\Windows\mssecu.exe
C:\Windows\system32akttzn.exe
C:\Windows\system32anticipator.dll
C:\Windows\system32awtoolb.dll
C:\Windows\system32bdn.com
C:\Windows\system32bsva-egihsg52.exe
C:\Windows\system32dpcproxy.exe
C:\Windows\system32emesx.dll
C:\Windows\system32h@tkeysh@@k.dll
C:\Windows\system32hoproxy.dll
C:\Windows\system32hxiwlgpm.dat
C:\Windows\system32hxiwlgpm.exe
C:\Windows\system32medup012.dll
C:\Windows\system32medup020.dll
C:\Windows\system32msgp.exe
C:\Windows\system32msnbho.dll
C:\Windows\system32mssecu.exe
C:\Windows\system32msvchost.exe
C:\Windows\system32mtr2.exe
C:\Windows\system32mwin32.exe
C:\Windows\system32netode.exe
C:\Windows\system32newsd32.exe
C:\Windows\system32ps1.exe
C:\Windows\system32psof1.exe
C:\Windows\system32psoft1.exe
C:\Windows\system32regc64.dll
C:\Windows\system32regm64.dll
C:\Windows\system32Rundl1.exe
C:\Windows\system32smp
C:\Windows\system32smp\msrc.exe
C:\Windows\system32sncntr.exe
C:\Windows\system32ssurf022.dll
C:\Windows\system32ssvchost.com
C:\Windows\system32ssvchost.exe
C:\Windows\system32sysreq.exe
C:\Windows\system32taack.dat
C:\Windows\system32taack.exe
C:\Windows\system32temp#01.exe
C:\Windows\system32thun.dll
C:\Windows\system32thun32.dll
C:\Windows\system32VBIEWER.OCX
C:\Windows\system32vbsys2.dll
C:\Windows\system32vcatchpi.dll
C:\Windows\system32winlogonpc.exe
C:\Windows\system32winsystem.exe
C:\Windows\system32WINWGPX.EXE
C:\Windows\Web\def.htm

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-08 to 2008-04-08 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-08 16:46 --------- d-----w C:\ProgramData\wvuhmtgr
2008-04-08 09:35 640 ----a-w C:\Users\sandra sandrine\AppData\Roaming\wklnhst.dat
2008-04-07 19:45 --------- d-----w C:\Users\sandra sandrine\AppData\Roaming\Uniblue
2008-04-07 18:43 --------- d-----w C:\Program Files\Navilog1
2008-04-07 17:01 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-04-07 16:48 --------- d-----w C:\Program Files\Google
2008-04-07 16:46 --------- d---a-w C:\ProgramData\TEMP
2008-04-07 16:33 --------- d-----w C:\Users\sandra sandrine\AppData\Roaming\Talkback
2008-04-07 15:22 --------- d-----w C:\Program Files\ItsLabel
2008-04-07 15:16 --------- d-----w C:\Program Files\lx_cats
2008-04-07 15:05 --------- d-----w C:\Users\sandra sandrine\AppData\Roaming\EoRezo
2008-04-07 15:05 --------- d-----w C:\Program Files\EoRezo
2008-04-06 18:05 --------- d-----w C:\Program Files\NeroInstall.bak
2008-04-06 17:50 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-06 17:46 --------- d-----w C:\ProgramData\Nero
2008-04-06 16:41 --------- d-----w C:\Program Files\PC-Cleaner
2008-04-03 23:45 --------- d-----w C:\ProgramData\fssg
2008-04-03 22:56 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-31 21:13 --------- d-----w C:\Program Files\Torrent Search
2008-03-30 22:13 --------- d-----w C:\ProgramData\Media Center Programs
2008-03-30 20:51 --------- d-----w C:\Program Files\PC-Antispyware
2008-03-29 20:59 --------- d-----w C:\Program Files\DivX
2008-03-29 17:46 --------- d-----w C:\Users\sandra sandrine\AppData\Roaming\PC-Cleaner
2008-03-25 17:33 --------- d-----w C:\Users\sandra sandrine\AppData\Roaming\Samsung
2008-03-25 17:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-13 11:52 --------- d-----w C:\Program Files\Windows Mail
2008-03-13 11:46 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-07 18:29 --------- d-----w C:\Users\sandra sandrine\AppData\Roaming\Apple Computer
2008-03-07 18:28 --------- d-----w C:\ProgramData\Apple Computer
2008-03-07 18:28 --------- d-----w C:\Program Files\iTunes
2008-03-07 18:28 --------- d-----w C:\Program Files\iPod
2008-03-07 18:27 --------- d-----w C:\Program Files\QuickTime
2008-03-07 18:21 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-05 00:07 --------- d-----w C:\Program Files\VSO
2008-03-05 00:06 47,360 ----a-w C:\Users\sandra sandrine\AppData\Roaming\pcouffin.sys
2008-03-05 00:06 --------- d-----w C:\Users\sandra sandrine\AppData\Roaming\Vso
2008-03-04 23:59 --------- d-----w C:\Users\sandra sandrine\AppData\Roaming\DivX
2008-03-04 23:46 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-03-04 23:38 --------- d-----w C:\ProgramData\NtiDvdCopy
2008-02-28 16:08 --------- d-----w C:\ProgramData\LightScribe
2008-02-28 15:59 --------- d-----w C:\Users\sandra sandrine\AppData\Roaming\Nero
2008-02-28 15:54 --------- d-----w C:\Program Files\Nero
2008-02-28 15:43 --------- d-----w C:\Program Files\Ahead
2008-02-28 15:41 --------- d-----w C:\Users\sandra sandrine\AppData\Roaming\ItsLabel
2008-02-28 15:38 972,072 ----a-w C:\Windows\UNNeroMediaHome.exe
2008-02-28 14:44 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-02-28 14:38 --------- d-----w C:\Program Files\Yahoo!
2008-02-28 14:01 --------- d-----w C:\ProgramData\Ahead
2008-02-28 14:01 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-28 08:59 --------- d-----w C:\Program Files\Windows Live
2008-02-26 14:14 972,072 ----a-w C:\Windows\UNRecode.exe
2008-02-21 02:03 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-02-18 14:04 95,600 ----a-w C:\Windows\System32\NeroCo.dll
2008-02-18 10:16 30,464 ----a-w C:\Windows\system32\drivers\usbaapl.sys
2008-02-13 12:58 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 12:58 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 12:54 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 12:54 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 12:54 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 12:54 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 12:54 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 12:54 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 12:54 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 12:54 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 12:54 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 12:54 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 12:54 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-13 12:54 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 12:53 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 12:53 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 12:53 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 12:53 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 12:53 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 12:53 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-13 12:51 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 12:51 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 12:51 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 12:51 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-11 16:36 --------- d-----w C:\Program Files\LibreSystem
2008-02-11 16:11 --------- d-----w C:\Users\sandra sandrine\AppData\Roaming\libresystem
2008-02-11 16:05 --------- d-----w C:\Program Files\Common Files\LibreSystem
2008-02-01 10:17 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-01-10 08:13 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-08 08:03 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10F0C2A9-8E38-43e3-204D-45524C494E20}]
2008-03-29 23:42 176128 --------- C:\Program Files\PC-Antispyware\IeExtension.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 10:13 1232896]
"Acer Tour Reminder"="" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2008-01-01 18:49 4739072]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2008-02-28 17:07 132392]
"Uniblue RegistryBooster 2"="c:\users\sandra sandrine\desktop\registrybooster 2\StartRegistryBooster.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-06 21:28:40 528384]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-06 21:33:11 200812]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Windows Live Toolbar"= {E1456757-0848-1684-8541-00B59958803B} - c:\program files\windows live toolbar\winrwfye2.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
c:\Program Files\Norton Internet Security\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3949DEB9-8DD8-42E4-A506-7B9F4A231291}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A033DC2D-F311-40C6-91FC-22337523B865}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F726BF72-BF4E-4B4F-B9FE-4CDF4E903131}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{51674872-C1F2-4F6E-9B9C-A757F38BE2C6}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{00717E99-5B5E-4D82-B899-5B920CE145A9}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{F90A806B-AED4-4244-AC78-EA10F3E4F0E6}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{2EACCE03-44AD-4451-AFA5-833B35CC35B9}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{39E7738E-3D11-43B9-835D-D16D2F3B2B0D}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{59B339AA-E6E9-43D5-A0ED-DAC81D658E12}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{B70C9DFF-8065-445C-8092-F386899335A3}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{9F52794C-B028-4208-88E2-1D78370B9A3B}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{88AFEB6C-72F5-40D6-8D72-2319F5BCD35D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B806CE8E-B21A-495A-82E0-58D170550BFF}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{CBAA3875-8D77-428F-966D-7497308AF300}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{27E9550E-7994-4E04-AB65-219D1EBED821}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C23C3D15-DBDF-4217-BB4B-EABFBC744A51}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{C787582F-07F3-4723-99FC-617864138FE2}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{12BF26CF-00C2-4B84-A05A-02D40C04764B}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{DDEC5FDA-FD5A-4794-B3BC-ADF65653903E}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{99804F25-CD48-462E-90AE-DB4AF05A1314}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{1B2F9B22-7A25-4D81-B7C3-06F364D65FF6}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{C4062E9C-B4EA-4081-8570-BEE7A8B1EBEA}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"TCP Query User{D8619921-47E1-4CD0-BFB8-BA33A4211AE9}C:\\program files\\shareaza\\shareaza.exe"= UDP:C:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"UDP Query User{6336D062-5D3F-4095-965E-748B69114E9D}C:\\program files\\shareaza\\shareaza.exe"= TCP:C:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"{0EE64B0A-54BB-4935-932F-6D9E2CD2D6D7}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{CC3AADA1-01D0-459B-945F-2FD62748649D}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 05:22]
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 16:52]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 16:04]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 04:12]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-16 11:01:58 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-08 23:13:38
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-08 23:14:27
ComboFix-quarantined-files.txt 2008-04-08 21:14:10
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
.
2008-04-07 09:53:43 --- E O F ---

vraiment désolé il n'etait pas dans le bon dossier il s'etait perdu

Réponse 13 / 21

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
8 avril 2008 à 23:41

ok laisse moi faire le trie

Réponse 14 / 21

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
8 avril 2008 à 23:47

ok

fais ceci :

il va trier par rapport a ce qu´il a deja supprimés et ce que je voulais supprimer...

Copie le texte ci-dessous :

File::
C:\Windows\system32\tuspppo.dll
C:\Windows\sxfnewqb.dll
C:\ProgramData\byryhsvw
C:\Windows\system32\huhotodq.exe
C:\Windows\stfngdvw.dll
C:\Windows\fkdnrwsv.dll
C:\Windows\system32WINWGPX.EXE
C:\Windows\system32winsystem.exe
C:\Windows\system32winlogonpc.exe
C:\Windows\system32vcatchpi.dll
C:\Windows\system32vbsys2.dll
C:\Windows\system32thun32.dll
C:\Windows\system32thun.dll
C:\Windows\system32temp#01.exe
C:\Windows\system32taack.exe
C:\Windows\system32taack.dat
C:\Windows\system32sysreq.exe
C:\Windows\system32ssvchost.exe
C:\Windows\system32ssvchost.com
C:\Windows\system32ssurf022.dll
C:\Windows\system32sncntr.exe
C:\Windows\system32smp
C:\Windows\system32Rundl1.exe
C:\Windows\system32regm64.dll
C:\Windows\system32regc64.dll
C:\Windows\system32psoft1.exe
C:\Windows\system32psof1.exe
C:\Windows\system32ps1.exe
C:\Windows\system32newsd32.exe
C:\Windows\system32netode.exe
C:\Windows\system32mwin32.exe
C:\Windows\system32mtr2.exe
C:\Windows\system32msvchost.exe
C:\Windows\system32mssecu.exe
C:\Windows\system32msnbho.dll
C:\Windows\system32msgp.exe
C:\Windows\system32medup020.dll
C:\Windows\system32medup012.dll
C:\Windows\system32hxiwlgpm.exe
C:\Windows\system32hxiwlgpm.dat
C:\Windows\system32hoproxy.dll
C:\Windows\system32h@tkeysh@@k.dll
C:\Windows\system32emesx.dll
C:\Windows\system32dpcproxy.exe
C:\Windows\system32bsva-egihsg52.exe
C:\Windows\system32bdn.com
C:\Windows\system32awtoolb.dll
C:\Windows\system32anticipator.dll
C:\Windows\system32akttzn.exe
C:\Windows\mssecu.exe
C:\Windows\iTunesMusic.exe
C:\Windows\bdn.com
C:\Windows\a.bat
C:\Users\sandra sandrine\Desktopvirii
C:\Users\sandra sandrine\DesktopFWebdEditor.exe
C:\Users\sandra sandrine\Desktopfwebd.exe
C:\Users\sandra sandrine\Desktopfilemanagerclient.exe
C:\Users\All Users\byryhsvw
C:\Windows\system32\huhotodq.exe

Folder::
C:\Users\sandra sandrine\AppData\Roaming\EoRezo
C:\Program Files\EoRezo

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"3yWOOiHVjy"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mebndsgn"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+

sandraemma
9 avril 2008 à 00:04

rapport combofix :

ComboFix 08-04-08.4 - sandra sandrine 2008-04-08 23:52:15.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.261 [GMT 2:00]
Endroit: C:\Users\sandra sandrine\Desktop\ComboFix.exe
Command switches used :: C:\Users\sandra sandrine\Desktop\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\ProgramData\byryhsvw
C:\Users\All Users\byryhsvw
C:\Users\sandra sandrine\Desktopfilemanagerclient.exe
C:\Users\sandra sandrine\Desktopfwebd.exe
C:\Users\sandra sandrine\DesktopFWebdEditor.exe
C:\Users\sandra sandrine\Desktopvirii
C:\Windows\a.bat
C:\Windows\bdn.com
C:\Windows\fkdnrwsv.dll
C:\Windows\iTunesMusic.exe
C:\Windows\mssecu.exe
C:\Windows\stfngdvw.dll
C:\Windows\sxfnewqb.dll
C:\Windows\system32\huhotodq.exe
C:\Windows\system32\tuspppo.dll
C:\Windows\system32akttzn.exe
C:\Windows\system32anticipator.dll
C:\Windows\system32awtoolb.dll
C:\Windows\system32bdn.com
C:\Windows\system32bsva-egihsg52.exe
C:\Windows\system32dpcproxy.exe
C:\Windows\system32emesx.dll
C:\Windows\system32h@tkeysh@@k.dll
C:\Windows\system32hoproxy.dll
C:\Windows\system32hxiwlgpm.dat
C:\Windows\system32hxiwlgpm.exe
C:\Windows\system32medup012.dll
C:\Windows\system32medup020.dll
C:\Windows\system32msgp.exe
C:\Windows\system32msnbho.dll
C:\Windows\system32mssecu.exe
C:\Windows\system32msvchost.exe
C:\Windows\system32mtr2.exe
C:\Windows\system32mwin32.exe
C:\Windows\system32netode.exe
C:\Windows\system32newsd32.exe
C:\Windows\system32ps1.exe
C:\Windows\system32psof1.exe
C:\Windows\system32psoft1.exe
C:\Windows\system32regc64.dll
C:\Windows\system32regm64.dll
C:\Windows\system32Rundl1.exe
C:\Windows\system32smp
C:\Windows\system32sncntr.exe
C:\Windows\system32ssurf022.dll
C:\Windows\system32ssvchost.com
C:\Windows\system32ssvchost.exe
C:\Windows\system32sysreq.exe
C:\Windows\system32taack.dat
C:\Windows\system32taack.exe
C:\Windows\system32temp#01.exe
C:\Windows\system32thun.dll
C:\Windows\system32thun32.dll
C:\Windows\system32vbsys2.dll
C:\Windows\system32vcatchpi.dll
C:\Windows\system32winlogonpc.exe
C:\Windows\system32winsystem.exe
C:\Windows\system32WINWGPX.EXE
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\EoRezo
C:\Program Files\EoRezo\EoAdv\eoAdv.url
C:\Program Files\EoRezo\EoAdv\tmp\eoRezoBho.dll.9782
C:\Users\sandra sandrine\AppData\Roaming\EoRezo
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\cache
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\cmhost.cyp
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\ConfMedia.cyp
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\db\cat.cyp
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\eoDesktop\config.xml
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\eoDesktop\eoDesktop.html
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\eoDesktop\userConfig.xml
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\eoStats\eoStats.txt
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather.cfg
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\EoWeatherVal_02EC282.cfg
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\67_day.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\67_night.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\69_day.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\69_night.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\70_day.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\70_night.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\78_day.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\78_night.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\82_day.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\82_night.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\83_day.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\83_night.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\84_day.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\84_night.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\85_day.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\85_night.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\89_day.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\89_night.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\back.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\background.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\background_1.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\background_1days.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\background_2days.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\background_7days.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\backPressed.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\band.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\band_small.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\close.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\closePressed.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\dayPrevisionBackground.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\dayPrevisionClose.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\earth.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\fonds_écran.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\help.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\helpPressed.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\minimise.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\minimisePressed.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\next.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\nextPressed.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\option.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\optionPressed.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\reflet_ecran.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\small_background.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_classic\Thumbs.db
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\67_day.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\67_night.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\69_day.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\69_night.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\70_day.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\70_night.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\78_day.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\78_night.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\82_day.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\82_night.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\83_day.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\83_night.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\84_day.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\84_night.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\85_day.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\85_night.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\89_day.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\89_night.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\about.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\back.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background_1.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background_1days.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background_2days.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background_7days.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\backPressed.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\close.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\closePressed.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\dayPrevisionBackground.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\dayPrevisionClose.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\earth.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\fonds_écran.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\help.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\helpPressed.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\minimise.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\minimisePressed.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\next.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\nextPressed.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\option.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\optionPressed.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\reflet_ecran.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\Thumbs.db
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\txt_14x13.png
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\host.cyp
C:\Users\sandra sandrine\AppData\Roaming\EoRezo\user.cyp

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-08 to 2008-04-08 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-08 16:46 --------- d-----w C:\ProgramData\wvuhmtgr
2008-04-08 09:35 640 ----a-w C:\Users\sandra sandrine\AppData\Roaming\wklnhst.dat
2008-04-07 19:45 --------- d-----w C:\Users\sandra sandrine\AppData\Roaming\Uniblue
2008-04-07 18:43 --------- d-----w C:\Program Files\Navilog1
2008-04-07 17:01 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-04-07 16:48 --------- d-----w C:\Program Files\Google
2008-04-07 16:46 --------- d---a-w C:\ProgramData\TEMP
2008-04-07 16:33 --------- d-----w C:\Users\sandra sandrine\AppData\Roaming\Talkback
2008-04-07 15:22 --------- d-----w C:\Program Files\ItsLabel
2008-04-07 15:16 --------- d-----w C:\Program Files\lx_cats
2008-04-06 18:05 --------- d-----w C:\Program Files\NeroInstall.bak
2008-04-06 17:50 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-06 17:46 --------- d-----w C:\ProgramData\Nero
2008-04-06 16:41 --------- d-----w C:\Program Files\PC-Cleaner
2008-04-03 23:45 --------- d-----w C:\ProgramData\fssg
2008-04-03 22:56 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-31 21:13 --------- d-----w C:\Program Files\Torrent Search
2008-03-30 22:13 --------- d-----w C:\ProgramData\Media Center Programs
2008-03-30 20:51 --------- d-----w C:\Program Files\PC-Antispyware
2008-03-29 20:59 --------- d-----w C:\Program Files\DivX
2008-03-29 17:46 --------- d-----w C:\Users\sandra sandrine\AppData\Roaming\PC-Cleaner
2008-03-25 17:33 --------- d-----w C:\Users\sandra sandrine\AppData\Roaming\Samsung
2008-03-25 17:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-13 11:52 --------- d-----w C:\Program Files\Windows Mail
2008-03-13 11:46 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-07 18:29 --------- d-----w C:\Users\sandra sandrine\AppData\Roaming\Apple Computer
2008-03-07 18:28 --------- d-----w C:\ProgramData\Apple Computer
2008-03-07 18:28 --------- d-----w C:\Program Files\iTunes
2008-03-07 18:28 --------- d-----w C:\Program Files\iPod
2008-03-07 18:27 --------- d-----w C:\Program Files\QuickTime
2008-03-07 18:21 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-05 00:07 --------- d-----w C:\Program Files\VSO
2008-03-05 00:06 47,360 ----a-w C:\Users\sandra sandrine\AppData\Roaming\pcouffin.sys
2008-03-05 00:06 --------- d-----w C:\Users\sandra sandrine\AppData\Roaming\Vso
2008-03-04 23:59 --------- d-----w C:\Users\sandra sandrine\AppData\Roaming\DivX
2008-03-04 23:46 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-03-04 23:38 --------- d-----w C:\ProgramData\NtiDvdCopy
2008-02-28 16:08 --------- d-----w C:\ProgramData\LightScribe
2008-02-28 15:59 --------- d-----w C:\Users\sandra sandrine\AppData\Roaming\Nero
2008-02-28 15:54 --------- d-----w C:\Program Files\Nero
2008-02-28 15:43 --------- d-----w C:\Program Files\Ahead
2008-02-28 15:41 --------- d-----w C:\Users\sandra sandrine\AppData\Roaming\ItsLabel
2008-02-28 15:38 972,072 ----a-w C:\Windows\UNNeroMediaHome.exe
2008-02-28 14:44 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-02-28 14:38 --------- d-----w C:\Program Files\Yahoo!
2008-02-28 14:01 --------- d-----w C:\ProgramData\Ahead
2008-02-28 14:01 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-28 08:59 --------- d-----w C:\Program Files\Windows Live
2008-02-26 14:14 972,072 ----a-w C:\Windows\UNRecode.exe
2008-02-21 02:03 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-02-18 14:04 95,600 ----a-w C:\Windows\System32\NeroCo.dll
2008-02-18 10:16 30,464 ----a-w C:\Windows\system32\drivers\usbaapl.sys
2008-02-13 12:58 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 12:58 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 12:54 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 12:54 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 12:54 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 12:54 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 12:54 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 12:54 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 12:54 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 12:54 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 12:54 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 12:54 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 12:54 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-13 12:54 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 12:53 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 12:53 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 12:53 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 12:53 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 12:53 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 12:53 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-13 12:51 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 12:51 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 12:51 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 12:51 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-11 16:36 --------- d-----w C:\Program Files\LibreSystem
2008-02-11 16:11 --------- d-----w C:\Users\sandra sandrine\AppData\Roaming\libresystem
2008-02-11 16:05 --------- d-----w C:\Program Files\Common Files\LibreSystem
2008-02-01 10:17 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-01-10 08:13 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-08 08:03 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot_2008-04-08_23.30.36,62 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-08 21:23:31 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-04-08 21:32:40 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10F0C2A9-8E38-43e3-204D-45524C494E20}]
2008-03-29 23:42 176128 --------- C:\Program Files\PC-Antispyware\IeExtension.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 10:13 1232896]
"Acer Tour Reminder"="" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2008-01-01 18:49 4739072]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2008-02-28 17:07 132392]
"Uniblue RegistryBooster 2"="c:\users\sandra sandrine\desktop\registrybooster 2\StartRegistryBooster.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-06 21:28:40 528384]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-06 21:33:11 200812]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Windows Live Toolbar"= {E1456757-0848-1684-8541-00B59958803B} - c:\program files\windows live toolbar\winrwfye2.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
c:\Program Files\Norton Internet Security\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3949DEB9-8DD8-42E4-A506-7B9F4A231291}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A033DC2D-F311-40C6-91FC-22337523B865}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F726BF72-BF4E-4B4F-B9FE-4CDF4E903131}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{51674872-C1F2-4F6E-9B9C-A757F38BE2C6}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{00717E99-5B5E-4D82-B899-5B920CE145A9}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{F90A806B-AED4-4244-AC78-EA10F3E4F0E6}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{2EACCE03-44AD-4451-AFA5-833B35CC35B9}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{39E7738E-3D11-43B9-835D-D16D2F3B2B0D}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{59B339AA-E6E9-43D5-A0ED-DAC81D658E12}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{B70C9DFF-8065-445C-8092-F386899335A3}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{9F52794C-B028-4208-88E2-1D78370B9A3B}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{88AFEB6C-72F5-40D6-8D72-2319F5BCD35D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B806CE8E-B21A-495A-82E0-58D170550BFF}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{CBAA3875-8D77-428F-966D-7497308AF300}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{27E9550E-7994-4E04-AB65-219D1EBED821}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C23C3D15-DBDF-4217-BB4B-EABFBC744A51}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{C787582F-07F3-4723-99FC-617864138FE2}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{12BF26CF-00C2-4B84-A05A-02D40C04764B}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{DDEC5FDA-FD5A-4794-B3BC-ADF65653903E}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{99804F25-CD48-462E-90AE-DB4AF05A1314}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{1B2F9B22-7A25-4D81-B7C3-06F364D65FF6}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{C4062E9C-B4EA-4081-8570-BEE7A8B1EBEA}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"TCP Query User{D8619921-47E1-4CD0-BFB8-BA33A4211AE9}C:\\program files\\shareaza\\shareaza.exe"= UDP:C:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"UDP Query User{6336D062-5D3F-4095-965E-748B69114E9D}C:\\program files\\shareaza\\shareaza.exe"= TCP:C:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"{0EE64B0A-54BB-4935-932F-6D9E2CD2D6D7}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{CC3AADA1-01D0-459B-945F-2FD62748649D}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 05:22]
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 16:52]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 16:04]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 04:12]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-16 11:01:58 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-08 23:55:00
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-08 23:55:48
ComboFix-quarantined-files.txt 2008-04-08 21:55:32
ComboFix2.txt 2008-04-08 21:31:16
ComboFix3.txt 2008-04-08 21:14:28
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
.
2008-04-07 09:53:43 --- E O F ---

rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:56:49, on 08/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\System32\mobsync.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Users\sandra sandrine\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\users\sandra sandrine\desktop\registrybooster 2\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: CD-MENU.LNK = E:\AutoMenu.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O21 - SSODL: Windows Live Toolbar - {E1456757-0848-1684-8541-00B59958803B} - c:\program files\windows live toolbar\winrwfye2.dll (file missing)
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

Réponse 15 / 21

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
9 avril 2008 à 00:10

non c´est ok ;-)

tu peux me tutoyer ;D

supprime encore ceci :

C:\ProgramData\wvuhmtgr < le dossier

puis performes ce scan :

Fais un scan avec cet antispyware :

Telecharge malwarebytes + tutoriel :

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

@+

sandraemma
9 avril 2008 à 01:00

alors voila le rapport :

Malwarebytes' Anti-Malware 1.11
Version de la base de données: 603

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 120530
Temps écoulé: 34 minute(s), 24 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 17
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 9

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{10f0c2a9-8e38-43e3-204d-45524c494e20} (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10f0c2a9-8e38-43e3-204d-45524c494e20} (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{81d67d9c-0ffd-4448-b8f8-75f59aa365d7} (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9b696c2c-2f1c-4304-b03a-b3423fcf0cd6} (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9e3dec3d-8542-4325-83bc-c8f0543b13e7} (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a5f0e6ec-a311-4ab1-8575-2fcfcd0e6642} (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d7702d57-0804-47b6-8503-d2565238e5ba} (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{efc3be85-3f9f-48df-a04a-879529ef3bb3} (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC-Antispyware (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\pcsd (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\pcsd (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{81d67d9c-0ffd-4448-b8f8-75f59aa365d7} (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9b696c2c-2f1c-4304-b03a-b3423fcf0cd6} (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9e3dec3d-8542-4325-83bc-c8f0543b13e7} (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{a5f0e6ec-a311-4ab1-8575-2fcfcd0e6642} (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{d7702d57-0804-47b6-8503-d2565238e5ba} (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{efc3be85-3f9f-48df-a04a-879529ef3bb3} (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\PC-Cleaner\com (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\PC-Antispyware (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
C:\Users\sandra sandrine\AppData\Roaming\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\PC-Antispyware\IeExtension.dll (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-781064967-1303576918-4005160290-1000\$RBIHWC1\ilqzorcj.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\fkdnrwsv.dll.vir (Trojan.FalkeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\Web\def.htm.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04082008_184002\Windows\sxfnewqb.dll (Trojan.FalkeAlert) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04082008_184002\Windows\system32\huhotodq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PC-Cleaner\com\pcsd.dll (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Users\sandra sandrine\AppData\Roaming\PC-Cleaner\log.dat (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\Users\sandra sandrine\AppData\Roaming\PC-Cleaner\settings.dat (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.

j'ai donc fait le scan mais j'ai pas mis mon ordi en mode sans echec...
et maintenant

Réponse 16 / 21

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
9 avril 2008 à 09:56

salut sandraemme,

cool pour malwarebytes,

post un nouveau rapport hijack this stp

@+

sandraemma
9 avril 2008 à 13:49

rapport hijjack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:44:41, on 09/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Users\sandra sandrine\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\users\sandra sandrine\desktop\registrybooster 2\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: CD-MENU.LNK = E:\AutoMenu.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O21 - SSODL: Windows Live Toolbar - {E1456757-0848-1684-8541-00B59958803B} - c:\program files\windows live toolbar\winrwfye2.dll (file missing)
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

Réponse 17 / 21

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
9 avril 2008 à 15:37

salut sandraemma,

je ne sais pas pour msn, ca doit venir du faite que msn n´est pas vraiment securisé et qu´il utilise beaucoups de ports lors de la connexion...

en parlant d´antivirus :

regarde ceci concernant avast :

antivir vs avast :

-> http://forum.malekal.com/ftopic3528.php

alors je te conseille de le desinstaller et d´installer antivir a la place

Telecharge et instales l'antivirus Antivir Personal Edition Classic :

->https://www.malekal.com/avira-free-security-antivirus-gratuit/

https://www.avira.com/en/prime

http://mickael.barroux.free.fr/securite/antivir.php
http://speedweb1.free.fr/frames2.php?page=tuto5
<- tutoriel configuration du scanner...

une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

Je te dis tous ca car j´aimerais que tu performes un scan entier de ta machine a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport généré ici stp

@+

sandraemma
9 avril 2008 à 19:09

donc j'ai desintallé avast et installer antivir, voici le rapport :

AntiVir PersonalEdition Classic
Report file date: mercredi 9 avril 2008 18:55

Scanning for 1190067 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: sandra sandrine
Computer name: PC-DE-SANDRASAN

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 16:29:01
ANTIVIR2.VDF : 7.0.3.127 649216 Bytes 07/04/2008 16:29:02
ANTIVIR3.VDF : 7.0.3.141 84480 Bytes 09/04/2008 16:29:02
AVEWIN32.DLL : 7.6.0.81 3424768 Bytes 09/04/2008 16:29:02
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 09/04/2008 16:29:02
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Removable Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\rmdiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: mercredi 9 avril 2008 18:55

Starting search for hidden objects.
'62480' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'eRAgent.exe' - '1' Module(s) have been scanned
Scan process 'Acer.Empowering.Framework.Supervisor.ex' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'mobsync.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'eRecoveryService.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'IoctlSvc.exe' - '1' Module(s) have been scanned
Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'NBService.exe' - '1' Module(s) have been scanned
Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'eDSService.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'MemCheck.exe' - '1' Module(s) have been scanned
Scan process 'PCMMediaSharing.exe' - '1' Module(s) have been scanned
Scan process 'Shareaza.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'CLMSServer.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
58 processes with 58 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
[NOTE] Please restart the search with Administrator rights
Master boot sector HD2
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
[NOTE] Please restart the search with Administrator rights
Master boot sector HD3
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
[NOTE] Please restart the search with Administrator rights
Master boot sector HD4
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
[NOTE] Please restart the search with Administrator rights

Start scanning boot sectors:
Boot sector 'F:\'
[NOTE] In the drive 'F:\' no data medium is inserted!
Boot sector 'G:\'
[NOTE] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[NOTE] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[NOTE] In the drive 'I:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( '11' files ).

Starting the file scan:

Begin scan in 'F:\'
Search path F:\ could not be opened!
Paramètre incorrect.

Begin scan in 'G:\'
Search path G:\ could not be opened!
Paramètre incorrect.

Begin scan in 'H:\'
Search path H:\ could not be opened!
Paramètre incorrect.

Begin scan in 'I:\'
Search path I:\ could not be opened!
Paramètre incorrect.

Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.

End of the scan: mercredi 9 avril 2008 18:58
Used time: 02:27 min

The scan has been done completely.

0 Scanning directories
68 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
68 Files not concerned
0 Archives were scanned
0 Warnings
0 Notes
62480 Objects were scanned with rootkit scan
0 Hidden objects were found

donc voila j'espere que ça va...
est ce que mon probleme est resolu et qu'est que j'avais ?
pour mon pc j'ai que un antivirus donc celui de antivir, est ce que ça suffit?
j'ai tjrs le meme probleme pour ouvrir mes message sur msn, la page n'est pas securisé et les autres personnes peuvent me lirent, cé en gros ce que le message veut dire, il a un cadenna avec un point d'interrogation.

sandraemma
10 avril 2008 à 14:46

re bonjour,
j'ai donc fai_t les scan avec ccleaner et regcleaner, mon ordi va bien, est ce qu'il est réparé, je n'ai plus de fenetre de security system.

maintenant j'ai un antivirus antivir, est ce que ça suffit pour protogé mon ordi?

les logiciels que vous m'avez fait telecharger, a quoi ils correspond : combo, malwarebytes, otmovelt, hijack, dss... et est ce que je peut en supprimé avec les rapports?

je demande ça car je voudrais faire de la place dans mon ordi et faire un menage de printemps, cé la pagaille... mais je voudrais pas effacé des logiciels qui sont importants pour la securité et que je pourrait me servir ultérieurement.

en tout cas je vous remercie beaucoup de m'avoir aider et avoir été trés patient avec moi.

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406 > sandraemma
10 avril 2008 à 15:27

sandraemma

garde ccleaner que tu peux utiliser regulierement

regcleaner garde le aussi et passe le de temps en temps

on va completer antivir

avec ce par feu :

comodo 32 bit :

http://soft.softoogle.com/

tuto :https://www.malekal.com/tutorial-comodo-firewall/

et cet antispyware resident :

spywareblaster :

http://www.brightfort.com/spywareblaster.html

c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"

tuto : https://www.malekal.com/tutorial-spywareblaster/

puis repost un nouveau hijack this car on va alleger un peu tout ca ;-)

@+

sandraemma > g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014
10 avril 2008 à 18:36

alors voila j'ai installé comodo en deux fois maintenant cé bon, puis j'ai installé spyreblaster mais je ne comprend pas tro le system a faire, pour les deux, j'ai des icone qui sont apparus pour les deux logiciels, normal, mais j'ai des petites fenetres de commod ou de l'autre, je suis pommer, qui me demande a chaque fois si je veux accepter l'autre logiciel donc ça beug et la fenetre revient toujours, est ce normal?

que doit-je desintaller pour la suite?

Réponse 18 / 21

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
9 avril 2008 à 19:26

re,

il faut le refaire la antivir n´a scanné que a la recherche de rootkit

procede comme ceci :

click sur l´icone d´antivir dans la barre des taches, puis dans la fenetre du programme click sur scan system now

post le rapport a la fin

@+

sandraemma
10 avril 2008 à 12:18

voici le rapport du scn, il est trés long, 11 h :

AntiVir PersonalEdition Classic
Report file date: jeudi 10 avril 2008 00:36

Scanning for 1190067 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: SYSTEM
Computer name: PC-DE-SANDRASAN

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 16:29:01
ANTIVIR2.VDF : 7.0.3.127 649216 Bytes 07/04/2008 16:29:02
ANTIVIR3.VDF : 7.0.3.141 84480 Bytes 09/04/2008 16:29:02
AVEWIN32.DLL : 7.6.0.81 3424768 Bytes 09/04/2008 16:29:02
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 09/04/2008 16:29:02
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: jeudi 10 avril 2008 00:36

Starting search for hidden objects.
'65998' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'eRAgent.exe' - '1' Module(s) have been scanned
Scan process 'Acer.Empowering.Framework.Supervisor.ex' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'mobsync.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'eRecoveryService.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'IoctlSvc.exe' - '1' Module(s) have been scanned
Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'NBService.exe' - '1' Module(s) have been scanned
Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'eDSService.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'MemCheck.exe' - '1' Module(s) have been scanned
Scan process 'PCMMediaSharing.exe' - '1' Module(s) have been scanned
Scan process 'Shareaza.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'CLMSServer.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
59 processes with 59 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
[NOTE] Please restart the search with Administrator rights
Master boot sector HD2
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
[NOTE] Please restart the search with Administrator rights
Master boot sector HD3
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
[NOTE] Please restart the search with Administrator rights
Master boot sector HD4
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
[NOTE] Please restart the search with Administrator rights

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '6' files ).

Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\_OTMoveIt\MovedFiles\04082008_184002\Windows\system32\tuspppo.dll
[DETECTION] Is the Trojan horse TR/Virtumod.WS
[INFO] The file was moved to '4870e6dc.qua'!
Begin scan in 'D:\' <DATA>

End of the scan: jeudi 10 avril 2008 12:05
Used time: 11:29:37 min

The scan has been done completely.

13666 Scanning directories
227984 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
227983 Files not concerned
1824 Archives were scanned
1 Warnings
0 Notes
65998 Objects were scanned with rootkit scan
0 Hidden objects were found

je pense que cé le meme que le dernier envoyé, pouvez vous me dire ou selectionné pour faire un rapport avec antivir.

Réponse 19 / 21

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
10 avril 2008 à 12:26

salut sandraemme,

ah oui quand meme 11h o_Ö ?!

non ce n´est pas le meme que le dernier que tu m´avais envoyé...

fais ceci :

Ccleaner:

-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):

http://www.commentcamarche.net/telecharger/telechargement 168 ccleaner

-> L´installer.

-> Une fois installé et lancé :

Dans la colonne de gauche, click sur :

->"registre" :

Coches toutes les cases sous"l´integrité du registre", puis click en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs", tu auras un message pour sauvegarder ta base de registre, tu click "oui" puis tu recommence jusqu'à ce qu'il ne trouve plus rien.

ps : les sauvegardes que tu auras faites, pourront etre supprimées ulterieurement si tout va bien.

->"nettoyeur"

quitte ton navigateur avant de le lancer, dans les propriétés du nettoyeur de l´onglet "windows" et "applications"décoche la derniere case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" qunand il aura terminé le scan click en bas a droite sur "lancer le nettoyage" et accepte par oui.

-> Tutoriel en image :

https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

-> Pour ceux qui voudraient aller plus loin en compagnie de jesses (fonctions avancés) :

http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

et

telecharge et instal regcleaner:

http://www.01net.com/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/4894.html

tutorial :

https://forums.cnetfrance.fr

http://www.softastuces.com/tuto/maint/regcleaner/

comment va le pc ?

@+

sandraemma
10 avril 2008 à 18:38

pardon j'ai oublié de te poster le rapport de hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:35, on 10/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avnotify.exe
C:\Users\sandra sandrine\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: CD-MENU.LNK = E:\AutoMenu.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O21 - SSODL: Windows Live Toolbar - {E1456757-0848-1684-8541-00B59958803B} - (no file)
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

Réponse 20 / 21

g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
11 avril 2008 à 05:08

j´arrete
merci de trouver un autre helper

Securité system warning

21 réponses

Discussions similaires

Newsletters