Se connecter / S'enregistrer
Votre question

fenetre explorer intempestive[RESOLU]

Tags :
  • Acer
  • Sécurité
Dernière réponse : dans Sécurité et virus
3 Juin 2008 19:10:27

Bonjour, depuis 1 semaine dèja , des fenetres explorer ne cesse d'apparaitre , meme si j'arrete tous les processus explorer ceci revienne et de nouvelles pages apparaisse. De plus mon antivirus,antivir , detecte les memes virus touts ls jours , j'ai beau les supprimés , ils reviennent tous le temps. Quelqu'un pourrais m'aider à nettoyer tous ca svp?

Autres pages sur : fenetre explorer intempestive resolu

4 Juin 2008 07:08:48

Bonjour,

Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

  • Double clique sur HJTInstall.exe pour lancer l'installation.
  • Clique sur Install.
  • Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)
  • Accepte la licence en cliquant sur Yes.
  • Clique sur "Do a system scan and save a logfile".
  • Poste ici le rapport généré.

    Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

    Aide : Comment utiliser HijackThis.
    4 Juin 2008 09:07:45

    Bonjour à tout le monde,

    Je suis tout nouveau sur ce forum: Stéphane de Montpellier.
    Je rencontre le même problème: fenêtres avec publicité intempestive qui s'ouvrent que ce soit avec IE ou Firefox.
    Je suis sous Vista et j'utilise Bitdefender comme logiciel de sécurité.
    Toujours le même problème après avoir lancé Spybot.
    Quelqu'un pour m'aider? Je sais que c'est un peu abusé de demander mais je ne sais pas trop comment résoudre mon problème.
    D'avance toute mon estime à celui ou celle qui se penchera sur mon problème.
    Merci,
    Stéphane

    ps: j'ai posté ici pour ne pas avoir à recréer un double sujet mais peut etre çà aurait le mieux ?
    Contenus similaires
    4 Juin 2008 09:27:38

    Merci de m'avoir répondu si vite , voici ce que tu m'as demandé

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:25, on 2008-06-04
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Users\kiwi\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.iesearch.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\geBqQKaw.dll,#1
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Biasdelete] "C:\ProgramData\Tool Software Software.nawcc6"
    O4 - HKCU\..\Run: [Four file program mode] "C:\ProgramData\Ace help pile.awk56"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\kiwi\AppData\Local\Temp\wvUnMcdB.dll,c
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\kiwi\AppData\Local\Temp\geBqRlKb.dll,#1
    O4 - HKCU\..\Run: [3cfe250a] rundll32.exe "C:\Users\kiwi\AppData\Local\Temp\sssjcufm.dll",b
    O4 - HKCU\..\Run: [BM3fcd1696] Rundll32.exe "C:\Users\kiwi\AppData\Local\Temp\dqbnuvoa.dll",s
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O13 - Gopher Prefix:
    O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_ac...
    O20 - AppInit_DLLs: eNetHook.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Common\Database\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 9695 bytes

    PS : maintenant en plus des pajes , mon naviguateur firefox refuse d'ouvrir des pajes si je ne les lances pas avec un lien qui est dans mes favoris...

    Encore merci de ton aide
    4 Juin 2008 16:55:52

    Re,

    Télécharge Lop S&D.exe (d’ Eric 71 & Angeldark) sur ton bureau.

  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton bureau (Si tu es sous Vista, clique droit -> exécuter en tant qu'admin)
  • Séléctionne la langue souhaitée , puis choisis l'Option 1 (Recherche)
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré (C:\lopR.txt)

    Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
    Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
    Tapes explorer et valide. Cela te fera apparaitre ton bureau
    4 Juin 2008 17:20:14

    voici le rapport :


    -----------------------[ Lop S&D 4.2.1-2 XP/Vista ]---------------------

    [ Windows 'Longhorn' (NT 6.0) Workstation Build 6000 ]
    [ USER : kiwi ] [ "C:\Lop SD" ] [ Selection : 1 ]
    [ 2008-06-04 | 17:09:41.20 ] [ PC : OSCAR ]
    [ MAJ : 01-06-2008 | 15:51 ]
    [ UAC => 0 ]

    -------------[ Listing des dossiers dans Application Data ]------------

    [2007-12-01|20:06] C:\Users\kiwi\AppData\Roaming\Adobe\Linguistics
    [2007-11-27|15:14] C:\Users\kiwi\AppData\Roaming\Adobe\Acrobat

    [2008-01-06|15:22] C:\Users\kiwi\AppData\Roaming\BSplayer\skins
    [2008-01-06|15:18] C:\Users\kiwi\AppData\Roaming\BSplayer\bslib


    [2007-12-06|23:50] C:\Users\kiwi\AppData\Roaming\CyberLink\PlayMovie
    [2007-11-27|20:19] C:\Users\kiwi\AppData\Roaming\CyberLink\PowerCinema
    [2007-11-27|14:48] C:\Users\kiwi\AppData\Roaming\CyberLink\MediaCache
    [2007-11-27|14:48] C:\Users\kiwi\AppData\Roaming\CyberLink\PowerProducer
    [2007-11-27|14:48] C:\Users\kiwi\AppData\Roaming\CyberLink\PowerDVD


    [2007-12-14|11:49] C:\Users\kiwi\AppData\Roaming\dvdcss\BENJAMIN-3230303630353330

    [2008-05-17|19:10] C:\Users\kiwi\AppData\Roaming\Google\GoogleEarth
    [2007-12-06|19:37] C:\Users\kiwi\AppData\Roaming\Google\Local Search History


    [2007-11-27|14:38] C:\Users\kiwi\AppData\Roaming\Identities\{E4A6D14E-AF6E-4B60-9B48-AE1E1E7E03A5}

    [2007-11-28|23:47] C:\Users\kiwi\AppData\Roaming\Leadertech\PowerRegister

    [2008-02-26|22:30] C:\Users\kiwi\AppData\Roaming\Macromedia\Flash Player

    [2008-04-25|21:13] C:\Users\kiwi\AppData\Roaming\MAGIX\PhotoMaker



    [2008-05-20|16:43] C:\Users\kiwi\AppData\Roaming\Microsoft\Windows Photo Gallery
    [2008-05-08|23:39] C:\Users\kiwi\AppData\Roaming\Microsoft\MSN Messenger
    [2008-04-27|17:26] C:\Users\kiwi\AppData\Roaming\Microsoft\Office
    [2008-04-27|17:26] C:\Users\kiwi\AppData\Roaming\Microsoft\OIS
    [2008-04-06|12:34] C:\Users\kiwi\AppData\Roaming\Microsoft\Speech
    [2008-04-06|11:46] C:\Users\kiwi\AppData\Roaming\Microsoft\eHome
    [2008-03-21|20:15] C:\Users\kiwi\AppData\Roaming\Microsoft\Templates
    [2008-02-01|02:26] C:\Users\kiwi\AppData\Roaming\Microsoft\Internet Explorer
    [2008-01-31|23:18] C:\Users\kiwi\AppData\Roaming\Microsoft\IdentityCRL
    [2008-01-31|23:14] C:\Users\kiwi\AppData\Roaming\Microsoft\Credentials
    [2008-01-15|19:05] C:\Users\kiwi\AppData\Roaming\Microsoft\Network
    [2007-12-26|16:39] C:\Users\kiwi\AppData\Roaming\Microsoft\Excel
    [2007-12-20|00:36] C:\Users\kiwi\AppData\Roaming\Microsoft\Word
    [2007-12-19|21:20] C:\Users\kiwi\AppData\Roaming\Microsoft\QuickStyles
    [2007-12-19|19:22] C:\Users\kiwi\AppData\Roaming\Microsoft\UProof
    [2007-12-14|11:38] C:\Users\kiwi\AppData\Roaming\Microsoft\Clip Organizer
    [2007-12-09|16:00] C:\Users\kiwi\AppData\Roaming\Microsoft\HTML Help
    [2007-12-09|00:17] C:\Users\kiwi\AppData\Roaming\Microsoft\OneNote
    [2007-12-07|10:12] C:\Users\kiwi\AppData\Roaming\Microsoft\Proof
    [2007-12-07|10:06] C:\Users\kiwi\AppData\Roaming\Microsoft\Document Building Blocks
    [2007-12-07|10:06] C:\Users\kiwi\AppData\Roaming\Microsoft\AddIns
    [2007-12-01|15:40] C:\Users\kiwi\AppData\Roaming\Microsoft\MMC
    [2007-11-28|21:09] C:\Users\kiwi\AppData\Roaming\Microsoft\Windows
    [2007-11-27|15:15] C:\Users\kiwi\AppData\Roaming\Microsoft\preuve
    [2007-11-27|14:37] C:\Users\kiwi\AppData\Roaming\Microsoft\Protect
    [2007-11-27|14:37] C:\Users\kiwi\AppData\Roaming\Microsoft\Crypto
    [2007-11-27|14:37] C:\Users\kiwi\AppData\Roaming\Microsoft\SystemCertificates

    [2007-12-02|16:10] C:\Users\kiwi\AppData\Roaming\Mozilla\Firefox

    [2007-12-04|22:24] C:\Users\kiwi\AppData\Roaming\Nikon\PictureProject
    [2007-12-01|17:45] C:\Users\kiwi\AppData\Roaming\Nikon\Message Center



    [2008-03-21|20:33] C:\Users\kiwi\AppData\Roaming\OpenOffice.org2\user

    [2008-02-26|21:36] C:\Users\kiwi\AppData\Roaming\PC Tools\Spyware Doctor


    [2008-02-15|22:06] C:\Users\kiwi\AppData\Roaming\Real\RealMediaSDK
    [2008-01-02|00:31] C:\Users\kiwi\AppData\Roaming\Real\RealPlayer

    [2008-02-22|12:13] C:\Users\kiwi\AppData\Roaming\SecuROM\UserData

    [2008-05-18|18:42] C:\Users\kiwi\AppData\Roaming\StarOffice8\user




    [2008-03-26|09:55] C:\Users\kiwi\AppData\Roaming\vlc\cache

    [2008-03-11|20:56] C:\Users\kiwi\AppData\Roaming\Winamp\Plugins



    ----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------

    [2008-06-03 17:46][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{19BB1475-95D8-42A2-BBE3-6790E09093C7}.job
    [2008-06-04 17:08][--ah-----] C:\Windows\tasks\SA.DAT
    [2008-06-04 17:07][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    ------[ Listing des dossiers dans C:\ProgramData ]------

    [2007-08-10|09:59] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    [2008-05-10|00:06] C:\ProgramData\Ace help pile.awk56
    [2008-02-28|00:55] C:\ProgramData\addr_file.html
    [2008-05-09|23:54] C:\ProgramData\Adobe
    [2007-12-01|17:52] C:\ProgramData\Apple
    [2007-12-01|17:53] C:\ProgramData\Apple Computer
    [2006-11-02|15:02] C:\ProgramData\Application Data
    [2008-03-06|22:34] C:\ProgramData\Avira
    [2008-05-29|18:10] C:\ProgramData\BM3fcd1696.txt
    [2008-06-04|09:39] C:\ProgramData\BM3fcd1696.xml
    [2007-11-27|14:33] C:\ProgramData\Bureau
    [2007-11-27|14:48] C:\ProgramData\CyberLink
    [2006-11-02|15:02] C:\ProgramData\Desktop
    [2006-11-02|15:02] C:\ProgramData\Documents
    [2007-12-01|17:42] C:\ProgramData\EnterNHelp
    [2007-11-27|14:33] C:\ProgramData\Favoris
    [2006-11-02|15:02] C:\ProgramData\Favorites
    [2008-05-10|00:06] C:\ProgramData\Ford drive four file
    [2007-11-28|21:09] C:\ProgramData\Forge of Games
    [2007-12-06|19:37] C:\ProgramData\Google
    [2008-06-03|17:51] C:\ProgramData\Google Updater
    [2008-05-12|12:56] C:\ProgramData\HAL
    [2008-03-07|07:02] C:\ProgramData\Kaspersky Lab Setup Files
    [2007-12-01|12:11] C:\ProgramData\Lavasoft
    [2008-04-25|21:06] C:\ProgramData\MAGIX
    [2008-02-22|12:13] C:\ProgramData\Media Center Programs
    [2007-11-27|14:33] C:\ProgramData\Menu D‚marrer
    [2008-02-21|01:07] C:\ProgramData\Microsoft
    [2008-05-12|11:14] C:\ProgramData\Microsoft Help
    [2007-11-27|14:33] C:\ProgramData\ModŠles
    [2007-12-01|15:33] C:\ProgramData\MumboJumbo
    [2007-09-09|03:27] C:\ProgramData\NVIDIA
    [2008-02-19|12:24] C:\ProgramData\OrbNetworks
    [2008-05-12|12:56] C:\ProgramData\PKP_DLds.DAT
    [2008-04-25|20:55] C:\ProgramData\PKP_DLec.DAT
    [2008-06-04|17:09] C:\ProgramData\pskt.ini
    [2008-01-05|22:20] C:\ProgramData\Real
    [2007-12-07|00:50] C:\ProgramData\Sandlot Games
    [2006-11-02|15:02] C:\ProgramData\Start Menu
    [2008-05-15|20:26] C:\ProgramData\Store Name Math
    [2008-05-12|11:50] C:\ProgramData\Symantec
    [2008-02-26|23:49] C:\ProgramData\TEMP
    [2006-11-02|15:02] C:\ProgramData\Templates
    [2008-05-10|00:06] C:\ProgramData\Tool Software Software.96z0k
    [2008-05-10|00:06] C:\ProgramData\Tool Software Software.dw5jyp
    [2008-05-15|20:48] C:\ProgramData\Tool Software Software.nawcc6
    [2008-05-15|20:26] C:\ProgramData\Tool Software Software.qc3u2lv
    [2007-12-08|23:15] C:\ProgramData\Trymedia
    [2007-12-01|17:42] C:\ProgramData\Ultima_T15

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [2008-05-10|19:12] C:\Program Files\3wPlayer
    [2007-09-09|03:30] C:\Program Files\Acer Arcade Deluxe
    [2007-09-09|03:22] C:\Program Files\ACER Crystal Eye webcam
    [2007-09-09|03:34] C:\Program Files\Acer Inc
    [2007-08-10|09:59] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
    [2006-05-12|12:31] C:\Program Files\addoninstall.exe
    [2008-05-09|23:54] C:\Program Files\Adobe
    [2008-01-13|11:13] C:\Program Files\Alwil Software
    [2007-09-09|03:33] C:\Program Files\Apoint2K
    [2007-12-01|17:52] C:\Program Files\Apple Software Update
    [2000-08-29|16:13] C:\Program Files\AudioVis.dll
    [2002-03-26|18:24] C:\Program Files\AV32UID.DAT
    [2008-03-07|07:02] C:\Program Files\Avira
    [2008-02-20|14:13] C:\Program Files\Battlefield Vietnam
    [2007-12-08|23:14] C:\Program Files\BFG
    [2008-04-25|21:11] C:\Program Files\Bitmaps
    [2005-03-09|16:17] C:\Program Files\CDBurnProfiler.exe
    [2008-04-04|23:22] C:\Program Files\CFWebAdvancedU
    [2008-05-12|11:14] C:\Program Files\Common Files
    [2005-07-28|14:20] C:\Program Files\composer.dll
    [2007-08-10|08:40] C:\Program Files\CONEXANT
    [2000-09-07|22:51] C:\Program Files\CPUINF32.DLL
    [2008-04-25|21:13] C:\Program Files\CritOp.log
    [2008-04-25|21:13] C:\Program Files\crm.ini
    [2007-08-10|09:43] C:\Program Files\CyberLink
    [2003-03-17|15:58] C:\Program Files\Dac32.dll
    [2007-12-23|23:34] C:\Program Files\DAEMON Tools Lite
    [2005-05-23|17:44] C:\Program Files\DB_MX.dll
    [2007-12-02|14:06] C:\Program Files\desktop.ini
    [2006-01-25|17:19] C:\Program Files\e-mode.ini
    [2006-01-25|17:19] C:\Program Files\e-mode-upgradedialog.rtf
    [2004-10-18|17:15] C:\Program Files\eModeUpgradeDlg.dll
    [2006-01-25|17:20] C:\Program Files\e-mode-upgradedlg-exit.rtf
    [2008-03-24|17:06] C:\Program Files\EPSON
    [2006-02-07|14:33] C:\Program Files\exemaker.exe
    [2004-08-19|12:51] C:\Program Files\EXIF09.dll
    [2006-01-12|17:18] C:\Program Files\EXIF12.dll
    [2003-02-12|11:20] C:\Program Files\explore.exe
    [2007-11-27|14:33] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
    [2008-04-25|21:11] C:\Program Files\Firebird
    [2004-05-04|11:53] C:\Program Files\gdiplus.dll
    [2008-05-17|19:02] C:\Program Files\Google
    [2008-03-09|14:32] C:\Program Files\Guitar Pro 5
    [2000-09-08|14:05] C:\Program Files\hhprend.ax
    [2000-10-26|13:28] C:\Program Files\HHVREND2.AX
    [2003-04-09|17:30] C:\Program Files\HHWM9Prxy.dll
    [2003-02-20|08:51] C:\Program Files\HHWMPrxy.dll
    [2008-04-25|21:11] C:\Program Files\Icons
    [1999-02-09|11:46] C:\Program Files\IJL10.DLL
    [2006-04-21|11:58] C:\Program Files\IMxP_NokiaPCSuite.dll
    [2005-10-28|17:11] C:\Program Files\IMxP_WmDevice.dll
    [2005-05-18|15:10] C:\Program Files\IMxPNokiaPCSuite.ini
    [2008-04-25|21:12] C:\Program Files\Install.cfg
    [2008-04-25|21:11] C:\Program Files\INSTALL.LOG
    [2008-04-25|21:12] C:\Program Files\INSTALL1.LOG
    [2008-05-12|12:56] C:\Program Files\InstallShield Installation Information
    [2005-08-22|17:26] C:\Program Files\instslct.exe
    [2007-09-09|03:22] C:\Program Files\Intel
    [2008-04-09|10:54] C:\Program Files\Internet Explorer
    [2008-01-15|18:57] C:\Program Files\Inventel
    [2008-04-24|12:40] C:\Program Files\IrfanView
    [2008-05-15|22:18] C:\Program Files\Java
    [2001-08-07|12:19] C:\Program Files\JWVidRend.ax
    [2007-09-09|03:28] C:\Program Files\Launch Manager
    [2007-12-01|12:11] C:\Program Files\Lavasoft
    [2002-09-12|09:36] C:\Program Files\LFBMP13N.DLL
    [2002-09-12|09:39] C:\Program Files\LFCMP13n.DLL
    [2002-09-12|09:36] C:\Program Files\LFFAX13N.DLL
    [2002-09-12|09:36] C:\Program Files\lfgif13n.dll
    [2002-09-12|09:36] C:\Program Files\LFMSP13N.DLL
    [2002-09-12|09:36] C:\Program Files\LFPCD13N.DLL
    [2002-09-12|09:36] C:\Program Files\LFPCX13N.DLL
    [2002-09-12|09:40] C:\Program Files\Lfpng13n.dll
    [2002-09-12|09:37] C:\Program Files\LFPNM13n.dll
    [2002-09-12|09:37] C:\Program Files\LFPSD13N.DLL
    [2002-09-12|09:37] C:\Program Files\LFRAS13N.DLL
    [2002-09-12|09:37] C:\Program Files\LFTGA13N.DLL
    [2002-09-12|09:39] C:\Program Files\LFTIF13N.DLL
    [2003-10-21|00:11] C:\Program Files\libexpat.dll
    [2008-04-25|21:11] C:\Program Files\license.txt
    [2002-09-11|11:26] C:\Program Files\LTCLR13n.dll
    [2002-09-12|09:36] C:\Program Files\LTDIS13n.dll
    [2002-09-12|09:36] C:\Program Files\LTEFX13N.DLL
    [2002-09-12|09:36] C:\Program Files\LTFIL13N.DLL
    [2002-09-12|09:36] C:\Program Files\LTIMG13N.DLL
    [2002-09-12|09:35] C:\Program Files\LTKRN13N.DLL
    [2002-09-12|09:38] C:\Program Files\Ltwvc13n.dll
    [2008-04-25|21:11] C:\Program Files\MAGIX Tirage en ligne
    [2006-01-18|12:03] C:\Program Files\MagixOFA.dll
    [2006-01-18|12:29] C:\Program Files\MagixOFA-fr.dll
    [2004-04-15|15:48] C:\Program Files\MagixUpdater.exe
    [2006-04-11|16:25] C:\Program Files\MAGIXviewer.exe
    [2008-02-22|12:11] C:\Program Files\Maple 10
    [2008-01-05|22:20] C:\Program Files\Media Player Classic
    [2005-12-13|18:18] C:\Program Files\MFL.dll
    [2008-04-06|11:47] C:\Program Files\Microsoft Games
    [2006-11-02|14:42] C:\Program Files\Movie Maker
    [2008-04-21|18:27] C:\Program Files\Mozilla Firefox
    [2006-01-11|16:23] C:\Program Files\mp3encoder_upgrade.rtf
    [2002-03-08|08:09] C:\Program Files\mp3pro_upgrade.rtf
    [2004-08-20|15:16] C:\Program Files\mpeg2.dll
    [2006-11-02|14:37] C:\Program Files\MSBuild
    [2006-11-02|14:37] C:\Program Files\MSN
    [2008-01-31|23:17] C:\Program Files\MSN Messenger
    [2007-12-01|17:38] C:\Program Files\MSXML 4.0
    [2003-08-24|18:35] C:\Program Files\mviewer.ocx
    [2005-03-31|17:20] C:\Program Files\MxAutoUpdate.dll
    [2008-04-25|21:13] C:\Program Files\mxdba.log
    [2006-02-17|14:57] C:\Program Files\MXTLC.dll
    [2004-03-22|19:38] C:\Program Files\MXWIA.dll
    [2007-08-10|09:18] C:\Program Files\NewTech Infosystems
    [2008-05-16|09:31] C:\Program Files\OpenOffice.org 2.4
    [2008-01-15|19:08] C:\Program Files\OrangeHSS
    [2006-05-31|15:49] C:\Program Files\order.rtf
    [2006-04-10|09:55] C:\Program Files\Oxa1971.dll
    [2008-04-25|21:11] C:\Program Files\Palette
    [2005-05-10|08:42] C:\Program Files\photoid.dll
    [2006-03-02|18:42] C:\Program Files\Photomaker.cnt
    [2006-03-15|10:32] C:\Program Files\PhotoMaker.exe
    [2006-03-02|18:42] C:\Program Files\Photomaker.hlp
    [2008-04-25|21:13] C:\Program Files\PhotoMaker.ini
    [2008-04-27|10:04] C:\Program Files\Picasa2
    [2004-08-03|11:43] C:\Program Files\PlayRIpl.dll
    [2006-01-09|11:26] C:\Program Files\PredefinedCategories.ini
    [2008-02-27|00:16] C:\Program Files\ProtectionAssuree
    [2007-12-01|17:54] C:\Program Files\QuickTime
    [2000-08-26|00:56] C:\Program Files\RD32UID.DAT
    [2007-12-16|12:45] C:\Program Files\Real
    [2008-01-05|22:20] C:\Program Files\Real Alternative
    [2007-08-10|08:31] C:\Program Files\Realtek
    [2006-11-02|14:37] C:\Program Files\Reference Assemblies
    [2008-04-25|21:11] C:\Program Files\register.rtf
    [2005-05-20|14:10] C:\Program Files\reinstall3rdParty.exe
    [2008-04-25|21:11] C:\Program Files\reinstall3rdParty.ini
    [1999-12-10|13:00] C:\Program Files\riched20.dll
    [2005-06-13|14:31] C:\Program Files\Rn5d3288.dll
    [2002-06-24|12:00] C:\Program Files\samsig.dll
    [2002-06-24|12:00] C:\Program Files\samsigA6.dll
    [2002-06-24|12:00] C:\Program Files\samsigM5.dll
    [2002-06-24|12:00] C:\Program Files\samsigM6.dll
    [2002-06-24|12:00] C:\Program Files\samsigP5.dll
    [2002-06-24|12:00] C:\Program Files\samsigP6.dll
    [2002-06-24|12:00] C:\Program Files\samsigPX.dll
    [2002-06-24|12:00] C:\Program Files\samsigW7.dll
    [2005-08-04|17:38] C:\Program Files\Shortcuts.ini
    [2008-04-25|21:15] C:\Program Files\shutdown.log
    [2007-12-02|16:59] C:\Program Files\Sierra On-Line
    [2008-04-25|21:06] C:\Program Files\Skins
    [2008-05-17|21:05] C:\Program Files\Sun
    [2005-11-02|15:43] C:\Program Files\support.rtf
    [2007-09-09|03:22] C:\Program Files\SUYIN
    [2003-01-28|12:23] C:\Program Files\thunk16.dll
    [2003-01-28|12:18] C:\Program Files\thunk3216.dll
    [2005-08-30|17:12] C:\Program Files\Tooltip.ini
    [2008-06-04|09:24] C:\Program Files\Trend Micro
    [2000-08-26|00:59] C:\Program Files\UID.DAT
    [2006-11-02|15:01] C:\Program Files\Uninstall Information
    [2005-06-22|15:42] C:\Program Files\uninstall.exe
    [2002-02-18|11:06] C:\Program Files\uninstall.ini
    [2005-08-22|17:40] C:\Program Files\unwise.adf
    [2006-03-22|16:23] C:\Program Files\unwise.exe
    [2008-04-25|21:11] C:\Program Files\unwise.ini
    [1997-12-22|01:30] C:\Program Files\UNZDLL.DLL
    [2006-01-23|11:10] C:\Program Files\Upgrade.rtf
    [2008-02-21|01:04] C:\Program Files\uTorrent
    [2006-02-27|10:43] C:\Program Files\Validation.exe
    [2008-04-25|21:11] C:\Program Files\Validation.ini
    [2008-04-25|21:06] C:\Program Files\VideoFX
    [2008-04-25|21:11] C:\Program Files\Visuals
    [2008-05-18|18:58] C:\Program Files\VLC
    [2008-02-15|22:50] C:\Program Files\Webteh
    [2008-05-12|11:49] C:\Program Files\Winamp
    [2008-02-19|12:24] C:\Program Files\Winamp Remote
    [2007-12-02|13:59] C:\Program Files\Windows Calendar
    [2006-11-02|14:42] C:\Program Files\Windows Collaboration
    [2007-08-10|09:22] C:\Program Files\Windows Defender
    [2006-11-02|14:42] C:\Program Files\Windows Journal
    [2008-05-14|08:58] C:\Program Files\Windows Mail
    [2007-12-02|13:59] C:\Program Files\Windows Media Player
    [2007-11-27|14:33] C:\Program Files\Windows NT
    [2006-11-02|14:42] C:\Program Files\Windows Photo Gallery
    [2008-01-16|00:21] C:\Program Files\Windows Sidebar
    [2007-12-23|23:36] C:\Program Files\WinRAR
    [2000-09-14|11:23] C:\Program Files\WMServerReader.dll
    [2005-06-21|19:06] C:\Program Files\xutility.dll
    [2004-02-11|18:28] C:\Program Files\xviewer.exe
    [2003-07-11|17:01] C:\Program Files\xviewer.ocx
    [2003-08-24|18:17] C:\Program Files\xviewer.scr
    [2008-02-08|12:44] C:\Program Files\Zero G Registry
    [2008-04-06|11:51] C:\Program Files\zeux
    [2004-10-22|17:41] C:\Program Files\Zipdll.dll

    ------[ Listing des dossiers dans C:\Program Files\Common Files ]------

    [2008-05-09|23:54] C:\Program Files\Common Files\Adobe
    [2008-01-15|19:00] C:\Program Files\Common Files\France Telecom
    [2007-08-10|09:30] C:\Program Files\Common Files\InstallShield
    [2008-03-21|20:28] C:\Program Files\Common Files\Java
    [2007-08-10|09:18] C:\Program Files\Common Files\LightScribe
    [2008-03-09|13:00] C:\Program Files\Common Files\Macrovision Shared
    [2008-04-25|21:06] C:\Program Files\Common Files\MAGIX Shared
    [2008-05-12|11:52] C:\Program Files\Common Files\microsoft shared
    [2007-08-10|09:18] C:\Program Files\Common Files\muvee Technologies
    [2007-08-10|09:19] C:\Program Files\Common Files\NewTech Infosystems
    [2008-05-12|12:56] C:\Program Files\Common Files\Nikon
    [2008-02-19|15:28] C:\Program Files\Common Files\NSV
    [2008-01-02|00:31] C:\Program Files\Common Files\Real
    [2008-01-13|11:33] C:\Program Files\Common Files\Sandlot Shared
    [2006-11-02|13:18] C:\Program Files\Common Files\Services
    [2007-09-09|03:22] C:\Program Files\Common Files\snp2uvc
    [2006-11-02|13:18] C:\Program Files\Common Files\SpeechEngines
    [2008-05-12|11:49] C:\Program Files\Common Files\Symantec Shared
    [2007-08-10|09:22] C:\Program Files\Common Files\System
    [2007-12-01|12:10] C:\Program Files\Common Files\Wise Installation Wizard

    ---------------------------[ Process ]--------------------------

    ... 76

    ... OK !

    ----------------------[ Recherche avec S_Lop ]---------------------

    C:\ProgramData\Ace help pile.awk56
    C:\ProgramData\Tool Software Software.96z0k
    C:\ProgramData\Tool Software Software.dw5jyp
    C:\ProgramData\Tool Software Software.nawcc6
    C:\ProgramData\Tool Software Software.qc3u2lv
    C:\ProgramData\Ace help pile.awk56
    C:\ProgramData\Tool Software Software.96z0k
    C:\ProgramData\Tool Software Software.dw5jyp

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    C:\ProgramData\Ford drive four file
    C:\ProgramData\Ford drive four file\Dale two.exe
    C:\Program Files\3wPlayer
    C:\Users\kiwi\AppData\Roaming\MICROS~1\Windows\Cookies\kiwi@adopt.euroclick[2].txt

    ----------------------[ Verification du Registre ]----------------------

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-04 17:13:17
    Windows 6.0.6000 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    => C:\Users\kiwi\Desktop\Black&White II\Crack
    => C:\Users\kiwi\Desktop\Black&White II\Crack\white.exe
    => C:\Users\kiwi\Documents\Guitar Pro Tabs\Stone Temple Pilots\Crackerman.gtp
    => C:\Users\kiwi\Documents\Guitar Pro Tabs\Tabs\T\Tchaikovsky, Pioter Ilych\Tchaikovsky, Pioter Ilych - Nutcracker Suite_ Miniature Overture.gp4
    => C:\Users\kiwi\Documents\Guitar Pro Tabs\Tabs\T\Tchaikovsky, Pioter Ilych\Tchaikovsky, Pioter Ilych - Waltz Of The Flowers From The Nutcracker Ballet, Op. 71.gp3


    [F:741][D:85]-> C:\Users\kiwi\AppData\Local\Temp
    [F:170][D:1]-> C:\Users\kiwi\AppData\Roaming\MICROS~1\Windows\Cookies
    [F:2281][D:8]-> C:\Users\kiwi\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
    [F:23][D:5]-> C:\$Recycle.Bin

    [ UAC => 1 ]

    --------------------[ Fin du rapport a 17:16:59.92 ]----------------------
    4 Juin 2008 18:26:14

    je sais pas si ça peut aider mais antivir detecte de trojan régulièremenr et n'arrive pas a les effacer..

    TR/Crypt.XPACK.Gen
    4 Juin 2008 18:51:10

    Re,

    Sélectionne entièrement l'encadré ci-dessous , puis clique droit Copier

    C:\ProgramData\Ford drive four file
    C:\ProgramData\Store Name Math


    Relance Lop S&D

  • Choisis cette fois ci l'Option 4 (LopScript)
  • Une page blanche va s'ouvrir , clique droit dessus et choisis Coller
  • Ferme la page , il te sera demandé de l'enregistrer , clique sur [Enregistrer]
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré (C:\lopR.txt)
    4 Juin 2008 19:18:31

    Voila


    -----------------------[ Lop S&D 4.2.1-2 XP/Vista ]---------------------

    [ Windows 'Longhorn' (NT 6.0) Workstation Build 6000 ]
    [ USER : kiwi ] [ "C:\Lop SD" ] [ Selection : 4 ]
    [ 2008-06-04 | 19:00:26.66 ] [ PC : OSCAR ]
    [ MAJ : 01-06-2008 | 15:51 ]
    [ UAC => 0 ]

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ LopScript //////////////////////////////////

    C:\ProgramData\Ford drive four file
    C:\ProgramData\Store Name Math

    Supprimé! - C:\ProgramData\Ford drive four file
    Supprimé! - C:\ProgramData\Store Name Math

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

    Supprimé! - C:\Users\kiwi\AppData\Roaming\MICROS~1\Windows\Cookies\kiwi@adopt.euroclick[2].txt
    Supprimé! - C:\ProgramData\Ace help pile.awk56
    Supprimé! - C:\ProgramData\Tool Software Software.96z0k
    Supprimé! - C:\ProgramData\Tool Software Software.dw5jyp
    Supprimé! - C:\ProgramData\Tool Software Software.nawcc6
    Supprimé! - C:\ProgramData\Tool Software Software.qc3u2lv
    Supprimé! - C:\Program Files\3wPlayer
    Restauré! - Fichier Hosts

    //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    -------------[ Listing des dossiers dans Application Data ]------------

    [2007-12-01|20:06] C:\Users\kiwi\AppData\Roaming\Adobe\Linguistics
    [2007-11-27|15:14] C:\Users\kiwi\AppData\Roaming\Adobe\Acrobat

    [2008-01-06|15:22] C:\Users\kiwi\AppData\Roaming\BSplayer\skins
    [2008-01-06|15:18] C:\Users\kiwi\AppData\Roaming\BSplayer\bslib


    [2007-12-06|23:50] C:\Users\kiwi\AppData\Roaming\CyberLink\PlayMovie
    [2007-11-27|20:19] C:\Users\kiwi\AppData\Roaming\CyberLink\PowerCinema
    [2007-11-27|14:48] C:\Users\kiwi\AppData\Roaming\CyberLink\MediaCache
    [2007-11-27|14:48] C:\Users\kiwi\AppData\Roaming\CyberLink\PowerProducer
    [2007-11-27|14:48] C:\Users\kiwi\AppData\Roaming\CyberLink\PowerDVD


    [2007-12-14|11:49] C:\Users\kiwi\AppData\Roaming\dvdcss\BENJAMIN-3230303630353330

    [2008-05-17|19:10] C:\Users\kiwi\AppData\Roaming\Google\GoogleEarth
    [2007-12-06|19:37] C:\Users\kiwi\AppData\Roaming\Google\Local Search History


    [2007-11-27|14:38] C:\Users\kiwi\AppData\Roaming\Identities\{E4A6D14E-AF6E-4B60-9B48-AE1E1E7E03A5}

    [2007-11-28|23:47] C:\Users\kiwi\AppData\Roaming\Leadertech\PowerRegister

    [2008-02-26|22:30] C:\Users\kiwi\AppData\Roaming\Macromedia\Flash Player

    [2008-04-25|21:13] C:\Users\kiwi\AppData\Roaming\MAGIX\PhotoMaker



    [2008-05-20|16:43] C:\Users\kiwi\AppData\Roaming\Microsoft\Windows Photo Gallery
    [2008-05-08|23:39] C:\Users\kiwi\AppData\Roaming\Microsoft\MSN Messenger
    [2008-04-27|17:26] C:\Users\kiwi\AppData\Roaming\Microsoft\Office
    [2008-04-27|17:26] C:\Users\kiwi\AppData\Roaming\Microsoft\OIS
    [2008-04-06|12:34] C:\Users\kiwi\AppData\Roaming\Microsoft\Speech
    [2008-04-06|11:46] C:\Users\kiwi\AppData\Roaming\Microsoft\eHome
    [2008-03-21|20:15] C:\Users\kiwi\AppData\Roaming\Microsoft\Templates
    [2008-02-01|02:26] C:\Users\kiwi\AppData\Roaming\Microsoft\Internet Explorer
    [2008-01-31|23:18] C:\Users\kiwi\AppData\Roaming\Microsoft\IdentityCRL
    [2008-01-31|23:14] C:\Users\kiwi\AppData\Roaming\Microsoft\Credentials
    [2008-01-15|19:05] C:\Users\kiwi\AppData\Roaming\Microsoft\Network
    [2007-12-26|16:39] C:\Users\kiwi\AppData\Roaming\Microsoft\Excel
    [2007-12-20|00:36] C:\Users\kiwi\AppData\Roaming\Microsoft\Word
    [2007-12-19|21:20] C:\Users\kiwi\AppData\Roaming\Microsoft\QuickStyles
    [2007-12-19|19:22] C:\Users\kiwi\AppData\Roaming\Microsoft\UProof
    [2007-12-14|11:38] C:\Users\kiwi\AppData\Roaming\Microsoft\Clip Organizer
    [2007-12-09|16:00] C:\Users\kiwi\AppData\Roaming\Microsoft\HTML Help
    [2007-12-09|00:17] C:\Users\kiwi\AppData\Roaming\Microsoft\OneNote
    [2007-12-07|10:12] C:\Users\kiwi\AppData\Roaming\Microsoft\Proof
    [2007-12-07|10:06] C:\Users\kiwi\AppData\Roaming\Microsoft\Document Building Blocks
    [2007-12-07|10:06] C:\Users\kiwi\AppData\Roaming\Microsoft\AddIns
    [2007-12-01|15:40] C:\Users\kiwi\AppData\Roaming\Microsoft\MMC
    [2007-11-28|21:09] C:\Users\kiwi\AppData\Roaming\Microsoft\Windows
    [2007-11-27|15:15] C:\Users\kiwi\AppData\Roaming\Microsoft\preuve
    [2007-11-27|14:37] C:\Users\kiwi\AppData\Roaming\Microsoft\Protect
    [2007-11-27|14:37] C:\Users\kiwi\AppData\Roaming\Microsoft\Crypto
    [2007-11-27|14:37] C:\Users\kiwi\AppData\Roaming\Microsoft\SystemCertificates

    [2007-12-02|16:10] C:\Users\kiwi\AppData\Roaming\Mozilla\Firefox

    [2007-12-04|22:24] C:\Users\kiwi\AppData\Roaming\Nikon\PictureProject
    [2007-12-01|17:45] C:\Users\kiwi\AppData\Roaming\Nikon\Message Center



    [2008-03-21|20:33] C:\Users\kiwi\AppData\Roaming\OpenOffice.org2\user

    [2008-02-26|21:36] C:\Users\kiwi\AppData\Roaming\PC Tools\Spyware Doctor


    [2008-02-15|22:06] C:\Users\kiwi\AppData\Roaming\Real\RealMediaSDK
    [2008-01-02|00:31] C:\Users\kiwi\AppData\Roaming\Real\RealPlayer

    [2008-02-22|12:13] C:\Users\kiwi\AppData\Roaming\SecuROM\UserData

    [2008-05-18|18:42] C:\Users\kiwi\AppData\Roaming\StarOffice8\user




    [2008-03-26|09:55] C:\Users\kiwi\AppData\Roaming\vlc\cache

    [2008-03-11|20:56] C:\Users\kiwi\AppData\Roaming\Winamp\Plugins



    ----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------

    [2008-06-04 18:11][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{19BB1475-95D8-42A2-BBE3-6790E09093C7}.job
    [2008-06-04 18:59][--ah-----] C:\Windows\tasks\SA.DAT
    [2008-06-04 18:58][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    ------[ Listing des dossiers dans C:\ProgramData ]------

    [2007-08-10|09:59] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    [2008-02-28|00:55] C:\ProgramData\addr_file.html
    [2008-05-09|23:54] C:\ProgramData\Adobe
    [2007-12-01|17:52] C:\ProgramData\Apple
    [2007-12-01|17:53] C:\ProgramData\Apple Computer
    [2006-11-02|15:02] C:\ProgramData\Application Data
    [2008-03-06|22:34] C:\ProgramData\Avira
    [2008-05-29|18:10] C:\ProgramData\BM3fcd1696.txt
    [2008-06-04|18:56] C:\ProgramData\BM3fcd1696.xml
    [2007-11-27|14:33] C:\ProgramData\Bureau
    [2007-11-27|14:48] C:\ProgramData\CyberLink
    [2006-11-02|15:02] C:\ProgramData\Desktop
    [2006-11-02|15:02] C:\ProgramData\Documents
    [2007-12-01|17:42] C:\ProgramData\EnterNHelp
    [2007-11-27|14:33] C:\ProgramData\Favoris
    [2006-11-02|15:02] C:\ProgramData\Favorites
    [2007-11-28|21:09] C:\ProgramData\Forge of Games
    [2007-12-06|19:37] C:\ProgramData\Google
    [2008-06-04|18:52] C:\ProgramData\Google Updater
    [2008-05-12|12:56] C:\ProgramData\HAL
    [2008-03-07|07:02] C:\ProgramData\Kaspersky Lab Setup Files
    [2007-12-01|12:11] C:\ProgramData\Lavasoft
    [2008-04-25|21:06] C:\ProgramData\MAGIX
    [2008-02-22|12:13] C:\ProgramData\Media Center Programs
    [2007-11-27|14:33] C:\ProgramData\Menu D‚marrer
    [2008-02-21|01:07] C:\ProgramData\Microsoft
    [2008-05-12|11:14] C:\ProgramData\Microsoft Help
    [2007-11-27|14:33] C:\ProgramData\ModŠles
    [2007-12-01|15:33] C:\ProgramData\MumboJumbo
    [2007-09-09|03:27] C:\ProgramData\NVIDIA
    [2008-02-19|12:24] C:\ProgramData\OrbNetworks
    [2008-05-12|12:56] C:\ProgramData\PKP_DLds.DAT
    [2008-04-25|20:55] C:\ProgramData\PKP_DLec.DAT
    [2008-06-04|19:00] C:\ProgramData\pskt.ini
    [2008-01-05|22:20] C:\ProgramData\Real
    [2007-12-07|00:50] C:\ProgramData\Sandlot Games
    [2006-11-02|15:02] C:\ProgramData\Start Menu
    [2008-05-12|11:50] C:\ProgramData\Symantec
    [2008-02-26|23:49] C:\ProgramData\TEMP
    [2006-11-02|15:02] C:\ProgramData\Templates
    [2007-12-08|23:15] C:\ProgramData\Trymedia
    [2007-12-01|17:42] C:\ProgramData\Ultima_T15

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [2007-09-09|03:30] C:\Program Files\Acer Arcade Deluxe
    [2007-09-09|03:22] C:\Program Files\ACER Crystal Eye webcam
    [2007-09-09|03:34] C:\Program Files\Acer Inc
    [2007-08-10|09:59] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
    [2006-05-12|12:31] C:\Program Files\addoninstall.exe
    [2008-05-09|23:54] C:\Program Files\Adobe
    [2008-01-13|11:13] C:\Program Files\Alwil Software
    [2007-09-09|03:33] C:\Program Files\Apoint2K
    [2007-12-01|17:52] C:\Program Files\Apple Software Update
    [2000-08-29|16:13] C:\Program Files\AudioVis.dll
    [2002-03-26|18:24] C:\Program Files\AV32UID.DAT
    [2008-03-07|07:02] C:\Program Files\Avira
    [2008-02-20|14:13] C:\Program Files\Battlefield Vietnam
    [2007-12-08|23:14] C:\Program Files\BFG
    [2008-04-25|21:11] C:\Program Files\Bitmaps
    [2005-03-09|16:17] C:\Program Files\CDBurnProfiler.exe
    [2008-04-04|23:22] C:\Program Files\CFWebAdvancedU
    [2008-05-12|11:14] C:\Program Files\Common Files
    [2005-07-28|14:20] C:\Program Files\composer.dll
    [2007-08-10|08:40] C:\Program Files\CONEXANT
    [2000-09-07|22:51] C:\Program Files\CPUINF32.DLL
    [2008-04-25|21:13] C:\Program Files\CritOp.log
    [2008-04-25|21:13] C:\Program Files\crm.ini
    [2007-08-10|09:43] C:\Program Files\CyberLink
    [2003-03-17|15:58] C:\Program Files\Dac32.dll
    [2007-12-23|23:34] C:\Program Files\DAEMON Tools Lite
    [2005-05-23|17:44] C:\Program Files\DB_MX.dll
    [2007-12-02|14:06] C:\Program Files\desktop.ini
    [2006-01-25|17:19] C:\Program Files\e-mode.ini
    [2006-01-25|17:19] C:\Program Files\e-mode-upgradedialog.rtf
    [2004-10-18|17:15] C:\Program Files\eModeUpgradeDlg.dll
    [2006-01-25|17:20] C:\Program Files\e-mode-upgradedlg-exit.rtf
    [2008-03-24|17:06] C:\Program Files\EPSON
    [2006-02-07|14:33] C:\Program Files\exemaker.exe
    [2004-08-19|12:51] C:\Program Files\EXIF09.dll
    [2006-01-12|17:18] C:\Program Files\EXIF12.dll
    [2003-02-12|11:20] C:\Program Files\explore.exe
    [2007-11-27|14:33] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
    [2008-04-25|21:11] C:\Program Files\Firebird
    [2004-05-04|11:53] C:\Program Files\gdiplus.dll
    [2008-05-17|19:02] C:\Program Files\Google
    [2008-03-09|14:32] C:\Program Files\Guitar Pro 5
    [2000-09-08|14:05] C:\Program Files\hhprend.ax
    [2000-10-26|13:28] C:\Program Files\HHVREND2.AX
    [2003-04-09|17:30] C:\Program Files\HHWM9Prxy.dll
    [2003-02-20|08:51] C:\Program Files\HHWMPrxy.dll
    [2008-04-25|21:11] C:\Program Files\Icons
    [1999-02-09|11:46] C:\Program Files\IJL10.DLL
    [2006-04-21|11:58] C:\Program Files\IMxP_NokiaPCSuite.dll
    [2005-10-28|17:11] C:\Program Files\IMxP_WmDevice.dll
    [2005-05-18|15:10] C:\Program Files\IMxPNokiaPCSuite.ini
    [2008-04-25|21:12] C:\Program Files\Install.cfg
    [2008-04-25|21:11] C:\Program Files\INSTALL.LOG
    [2008-04-25|21:12] C:\Program Files\INSTALL1.LOG
    [2008-05-12|12:56] C:\Program Files\InstallShield Installation Information
    [2005-08-22|17:26] C:\Program Files\instslct.exe
    [2007-09-09|03:22] C:\Program Files\Intel
    [2008-04-09|10:54] C:\Program Files\Internet Explorer
    [2008-01-15|18:57] C:\Program Files\Inventel
    [2008-04-24|12:40] C:\Program Files\IrfanView
    [2008-05-15|22:18] C:\Program Files\Java
    [2001-08-07|12:19] C:\Program Files\JWVidRend.ax
    [2007-09-09|03:28] C:\Program Files\Launch Manager
    [2007-12-01|12:11] C:\Program Files\Lavasoft
    [2002-09-12|09:36] C:\Program Files\LFBMP13N.DLL
    [2002-09-12|09:39] C:\Program Files\LFCMP13n.DLL
    [2002-09-12|09:36] C:\Program Files\LFFAX13N.DLL
    [2002-09-12|09:36] C:\Program Files\lfgif13n.dll
    [2002-09-12|09:36] C:\Program Files\LFMSP13N.DLL
    [2002-09-12|09:36] C:\Program Files\LFPCD13N.DLL
    [2002-09-12|09:36] C:\Program Files\LFPCX13N.DLL
    [2002-09-12|09:40] C:\Program Files\Lfpng13n.dll
    [2002-09-12|09:37] C:\Program Files\LFPNM13n.dll
    [2002-09-12|09:37] C:\Program Files\LFPSD13N.DLL
    [2002-09-12|09:37] C:\Program Files\LFRAS13N.DLL
    [2002-09-12|09:37] C:\Program Files\LFTGA13N.DLL
    [2002-09-12|09:39] C:\Program Files\LFTIF13N.DLL
    [2003-10-21|00:11] C:\Program Files\libexpat.dll
    [2008-04-25|21:11] C:\Program Files\license.txt
    [2002-09-11|11:26] C:\Program Files\LTCLR13n.dll
    [2002-09-12|09:36] C:\Program Files\LTDIS13n.dll
    [2002-09-12|09:36] C:\Program Files\LTEFX13N.DLL
    [2002-09-12|09:36] C:\Program Files\LTFIL13N.DLL
    [2002-09-12|09:36] C:\Program Files\LTIMG13N.DLL
    [2002-09-12|09:35] C:\Program Files\LTKRN13N.DLL
    [2002-09-12|09:38] C:\Program Files\Ltwvc13n.dll
    [2008-04-25|21:11] C:\Program Files\MAGIX Tirage en ligne
    [2006-01-18|12:03] C:\Program Files\MagixOFA.dll
    [2006-01-18|12:29] C:\Program Files\MagixOFA-fr.dll
    [2004-04-15|15:48] C:\Program Files\MagixUpdater.exe
    [2006-04-11|16:25] C:\Program Files\MAGIXviewer.exe
    [2008-02-22|12:11] C:\Program Files\Maple 10
    [2008-01-05|22:20] C:\Program Files\Media Player Classic
    [2005-12-13|18:18] C:\Program Files\MFL.dll
    [2008-04-06|11:47] C:\Program Files\Microsoft Games
    [2006-11-02|14:42] C:\Program Files\Movie Maker
    [2008-04-21|18:27] C:\Program Files\Mozilla Firefox
    [2006-01-11|16:23] C:\Program Files\mp3encoder_upgrade.rtf
    [2002-03-08|08:09] C:\Program Files\mp3pro_upgrade.rtf
    [2004-08-20|15:16] C:\Program Files\mpeg2.dll
    [2006-11-02|14:37] C:\Program Files\MSBuild
    [2006-11-02|14:37] C:\Program Files\MSN
    [2008-01-31|23:17] C:\Program Files\MSN Messenger
    [2007-12-01|17:38] C:\Program Files\MSXML 4.0
    [2003-08-24|18:35] C:\Program Files\mviewer.ocx
    [2005-03-31|17:20] C:\Program Files\MxAutoUpdate.dll
    [2008-04-25|21:13] C:\Program Files\mxdba.log
    [2006-02-17|14:57] C:\Program Files\MXTLC.dll
    [2004-03-22|19:38] C:\Program Files\MXWIA.dll
    [2007-08-10|09:18] C:\Program Files\NewTech Infosystems
    [2008-05-16|09:31] C:\Program Files\OpenOffice.org 2.4
    [2008-01-15|19:08] C:\Program Files\OrangeHSS
    [2006-05-31|15:49] C:\Program Files\order.rtf
    [2006-04-10|09:55] C:\Program Files\Oxa1971.dll
    [2008-04-25|21:11] C:\Program Files\Palette
    [2005-05-10|08:42] C:\Program Files\photoid.dll
    [2006-03-02|18:42] C:\Program Files\Photomaker.cnt
    [2006-03-15|10:32] C:\Program Files\PhotoMaker.exe
    [2006-03-02|18:42] C:\Program Files\Photomaker.hlp
    [2008-04-25|21:13] C:\Program Files\PhotoMaker.ini
    [2008-04-27|10:04] C:\Program Files\Picasa2
    [2004-08-03|11:43] C:\Program Files\PlayRIpl.dll
    [2006-01-09|11:26] C:\Program Files\PredefinedCategories.ini
    [2008-02-27|00:16] C:\Program Files\ProtectionAssuree
    [2007-12-01|17:54] C:\Program Files\QuickTime
    [2000-08-26|00:56] C:\Program Files\RD32UID.DAT
    [2007-12-16|12:45] C:\Program Files\Real
    [2008-01-05|22:20] C:\Program Files\Real Alternative
    [2007-08-10|08:31] C:\Program Files\Realtek
    [2006-11-02|14:37] C:\Program Files\Reference Assemblies
    [2008-04-25|21:11] C:\Program Files\register.rtf
    [2005-05-20|14:10] C:\Program Files\reinstall3rdParty.exe
    [2008-04-25|21:11] C:\Program Files\reinstall3rdParty.ini
    [1999-12-10|13:00] C:\Program Files\riched20.dll
    [2005-06-13|14:31] C:\Program Files\Rn5d3288.dll
    [2002-06-24|12:00] C:\Program Files\samsig.dll
    [2002-06-24|12:00] C:\Program Files\samsigA6.dll
    [2002-06-24|12:00] C:\Program Files\samsigM5.dll
    [2002-06-24|12:00] C:\Program Files\samsigM6.dll
    [2002-06-24|12:00] C:\Program Files\samsigP5.dll
    [2002-06-24|12:00] C:\Program Files\samsigP6.dll
    [2002-06-24|12:00] C:\Program Files\samsigPX.dll
    [2002-06-24|12:00] C:\Program Files\samsigW7.dll
    [2005-08-04|17:38] C:\Program Files\Shortcuts.ini
    [2008-04-25|21:15] C:\Program Files\shutdown.log
    [2007-12-02|16:59] C:\Program Files\Sierra On-Line
    [2008-04-25|21:06] C:\Program Files\Skins
    [2008-05-17|21:05] C:\Program Files\Sun
    [2005-11-02|15:43] C:\Program Files\support.rtf
    [2007-09-09|03:22] C:\Program Files\SUYIN
    [2003-01-28|12:23] C:\Program Files\thunk16.dll
    [2003-01-28|12:18] C:\Program Files\thunk3216.dll
    [2005-08-30|17:12] C:\Program Files\Tooltip.ini
    [2008-06-04|09:24] C:\Program Files\Trend Micro
    [2000-08-26|00:59] C:\Program Files\UID.DAT
    [2006-11-02|15:01] C:\Program Files\Uninstall Information
    [2005-06-22|15:42] C:\Program Files\uninstall.exe
    [2002-02-18|11:06] C:\Program Files\uninstall.ini
    [2005-08-22|17:40] C:\Program Files\unwise.adf
    [2006-03-22|16:23] C:\Program Files\unwise.exe
    [2008-04-25|21:11] C:\Program Files\unwise.ini
    [1997-12-22|01:30] C:\Program Files\UNZDLL.DLL
    [2006-01-23|11:10] C:\Program Files\Upgrade.rtf
    [2008-02-21|01:04] C:\Program Files\uTorrent
    [2006-02-27|10:43] C:\Program Files\Validation.exe
    [2008-04-25|21:11] C:\Program Files\Validation.ini
    [2008-04-25|21:06] C:\Program Files\VideoFX
    [2008-04-25|21:11] C:\Program Files\Visuals
    [2008-05-18|18:58] C:\Program Files\VLC
    [2008-02-15|22:50] C:\Program Files\Webteh
    [2008-05-12|11:49] C:\Program Files\Winamp
    [2008-02-19|12:24] C:\Program Files\Winamp Remote
    [2007-12-02|13:59] C:\Program Files\Windows Calendar
    [2006-11-02|14:42] C:\Program Files\Windows Collaboration
    [2007-08-10|09:22] C:\Program Files\Windows Defender
    [2006-11-02|14:42] C:\Program Files\Windows Journal
    [2008-05-14|08:58] C:\Program Files\Windows Mail
    [2007-12-02|13:59] C:\Program Files\Windows Media Player
    [2007-11-27|14:33] C:\Program Files\Windows NT
    [2006-11-02|14:42] C:\Program Files\Windows Photo Gallery
    [2008-01-16|00:21] C:\Program Files\Windows Sidebar
    [2007-12-23|23:36] C:\Program Files\WinRAR
    [2000-09-14|11:23] C:\Program Files\WMServerReader.dll
    [2005-06-21|19:06] C:\Program Files\xutility.dll
    [2004-02-11|18:28] C:\Program Files\xviewer.exe
    [2003-07-11|17:01] C:\Program Files\xviewer.ocx
    [2003-08-24|18:17] C:\Program Files\xviewer.scr
    [2008-02-08|12:44] C:\Program Files\Zero G Registry
    [2008-04-06|11:51] C:\Program Files\zeux
    [2004-10-22|17:41] C:\Program Files\Zipdll.dll

    ------[ Listing des dossiers dans C:\Program Files\Common Files ]------

    [2008-05-09|23:54] C:\Program Files\Common Files\Adobe
    [2008-01-15|19:00] C:\Program Files\Common Files\France Telecom
    [2007-08-10|09:30] C:\Program Files\Common Files\InstallShield
    [2008-03-21|20:28] C:\Program Files\Common Files\Java
    [2007-08-10|09:18] C:\Program Files\Common Files\LightScribe
    [2008-03-09|13:00] C:\Program Files\Common Files\Macrovision Shared
    [2008-04-25|21:06] C:\Program Files\Common Files\MAGIX Shared
    [2008-05-12|11:52] C:\Program Files\Common Files\microsoft shared
    [2007-08-10|09:18] C:\Program Files\Common Files\muvee Technologies
    [2007-08-10|09:19] C:\Program Files\Common Files\NewTech Infosystems
    [2008-05-12|12:56] C:\Program Files\Common Files\Nikon
    [2008-02-19|15:28] C:\Program Files\Common Files\NSV
    [2008-01-02|00:31] C:\Program Files\Common Files\Real
    [2008-01-13|11:33] C:\Program Files\Common Files\Sandlot Shared
    [2006-11-02|13:18] C:\Program Files\Common Files\Services
    [2007-09-09|03:22] C:\Program Files\Common Files\snp2uvc
    [2006-11-02|13:18] C:\Program Files\Common Files\SpeechEngines
    [2008-05-12|11:49] C:\Program Files\Common Files\Symantec Shared
    [2007-08-10|09:22] C:\Program Files\Common Files\System
    [2007-12-01|12:10] C:\Program Files\Common Files\Wise Installation Wizard

    ---------------------------[ Process ]--------------------------

    ... 78

    ... OK !

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    Aucun fichier / dossier Lop trouvé !

    ----------------------[ Verification du Registre ]----------------------

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-04 19:03:28
    Windows 6.0.6000 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    => C:\Users\kiwi\Desktop\Black&White II\Crack
    => C:\Users\kiwi\Desktop\Black&White II\Crack\white.exe
    => C:\Users\kiwi\Documents\Guitar Pro Tabs\Stone Temple Pilots\Crackerman.gtp
    => C:\Users\kiwi\Documents\Guitar Pro Tabs\Tabs\T\Tchaikovsky, Pioter Ilych\Tchaikovsky, Pioter Ilych - Nutcracker Suite_ Miniature Overture.gp4
    => C:\Users\kiwi\Documents\Guitar Pro Tabs\Tabs\T\Tchaikovsky, Pioter Ilych\Tchaikovsky, Pioter Ilych - Waltz Of The Flowers From The Nutcracker Ballet, Op. 71.gp3


    [F:742][D:85]-> C:\Users\kiwi\AppData\Local\Temp
    [F:169][D:1]-> C:\Users\kiwi\AppData\Roaming\MICROS~1\Windows\Cookies
    [F:2282][D:8]-> C:\Users\kiwi\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
    [F:23][D:5]-> C:\$Recycle.Bin

    [ UAC => 1 ]

    --------------------[ Fin du rapport a 19:07:24.00 ]----------------------

    Au moment de démarrer il m'affiche ce message d'errreur :

    C:\Users\kiwi\AppData\local\Temp\opnolIXQ.Dll
    4 Juin 2008 19:24:40

    Le deuzieme trojan est


    TR\Lowzones.SG

    4 Juin 2008 19:43:43

    Ah :) 

    Télécharge FindAWF.

  • Enregistre le sur ton Bureau.
  • Double clique sur FindAWF.exe pour le lancer.
  • Appuie sur une touche comme demandé pour continuer.
    Si ton antivirus réagit, ignore son alerte, et laisse le programme s’exécuter.
  • Tape 1, puis valide pour lancer Scan For Bak Folders.
  • Patiente pendant la durée du scan ..
  • Poste le rapport généré : Find AWF report
    4 Juin 2008 19:53:48


    Find AWF report by noahdfear ©2006
    Version 1.40



    bak folders found
    ~~~~~~~~~~~



    Duplicate files of bak directory contents
    ~~~~~~~~~~~~~~~~~~~~~~~



    end of report
    4 Juin 2008 20:01:24

    Où est détecté le fichier ? Et son nom ?

    Désactive l'UAC ( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le )

    Démarrer / tous les programmes / accessoires / Executer, tape ceci :
    "%SystemDrive%\Lop SD\LopSD" /AWF

    Poste le log généré à la fin.
    5 Juin 2008 08:45:36


    [\\\\\\\\\\\\\\\\\\\\\\\\\\\\\[ AWF ]\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\]

    [ Microsoft Windows [version 6.0.6000] Windows_NT ]
    [ "C:\Lop SD" ]
    [ 2008-06-05 | 8:44:42.34 ] [ OSCAR ]


    [\\\\\\\\\\\\\\\\\\\\\[ Recherche de dossiers BAK\* ]\\\\\\\\\\\\\\\\\\\\\]


    Aucun dossier BAK\* trouvé !
    ¨

    [\\\\\\\\\\\\\\\\\\\\\\[ Recherche de dossiers BAK ]\\\\\\\\\\\\\\\\\\\\\\]


    Aucun dossier BAK trouvé !
    ¨

    [\\\\\\\\\\\\\\\\\\\\\[ Fin du rapport à 8:44:42.40 ]\\\\\\\\\\\\\\\\\\\\]
    5 Juin 2008 08:55:54

    Je crois pas qu'il arrive a faire le scan , au bout de 5 min, la fenetre m'affiche toujours scan en cours et une fenetre windows s'affiche pour me dire que le programm utiliraire QGREP , recherche de chaine de caractère a cesser de fonctionner et qu'il va mettre fin a l'application . Il me l'envoie deux fois , et quand je clique sur ok pour la deusieme fois (pas d'(autre choix) le scan se termine...
    5 Juin 2008 09:01:18

    Et y m'affiche encore un module d'erreur au démarrage
    5 Juin 2008 18:51:48

    Re,

    Poste un nouveau rapport HijackThis.
    5 Juin 2008 18:57:31

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:25, on 2008-06-04
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Users\kiwi\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.iesearch.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\geBqQKaw.dll,#1
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Biasdelete] "C:\ProgramData\Tool Software Software.nawcc6"
    O4 - HKCU\..\Run: [Four file program mode] "C:\ProgramData\Ace help pile.awk56"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\kiwi\AppData\Local\Temp\wvUnMcdB.dll,c
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\kiwi\AppData\Local\Temp\geBqRlKb.dll,#1
    O4 - HKCU\..\Run: [3cfe250a] rundll32.exe "C:\Users\kiwi\AppData\Local\Temp\sssjcufm.dll",b
    O4 - HKCU\..\Run: [BM3fcd1696] Rundll32.exe "C:\Users\kiwi\AppData\Local\Temp\dqbnuvoa.dll",s
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O13 - Gopher Prefix:
    O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_ac...
    O20 - AppInit_DLLs: eNetHook.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Common\Database\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 9695 bytes
    5 Juin 2008 19:07:01

    Re,

    Télécharge ComboFix (de sUBs) sur ton Bureau.

  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Double clique sur ComboFix.exe.
  • Accepte la licence en cliquant sur Oui.
  • Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    Aide : Comment utiliser ComboFix.
    5 Juin 2008 19:15:18

    Il veut pas me l'ouvrir
    Un message d'erreur me dit :'une référence a été renvoyé par le serveur'
    ...
    5 Juin 2008 19:39:55

    Téléchargement ou exécution du logiciel ?
    5 Juin 2008 19:43:39

    Execution du logiciel , il est sur mon bureau , je doublie clique et c'est a ce moment que s'affiche le message !!!!
    5 Juin 2008 19:49:22

    Essaie en mode sans échec.
    5 Juin 2008 20:13:17

    re ,
    Impec en mode sans echec, voila le log

    ComboFix 08-06-05.2 - kiwi 2008-06-05 20:00:55.2 - NTFSx86 MINIMAL
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1577 [GMT 2:00]
    Endroit: C:\Users\kiwi\Desktop\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\Windows\system32\ACER.exe
    C:\Windows\system32\kmd.exe
    C:\Windows\system32\mlJYqNFv.dll
    C:\Windows\system32\pmnoOGYO.dll
    C:\Windows\system32\ssqOHywV.dll
    C:\Windows\system32\xxyyyYqo.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-05 to 2008-06-05 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-04 17:06 . 2008-06-04 19:07 <REP> d-------- C:\Lop SD
    2008-06-04 09:24 . 2008-06-04 09:24 <REP> d-------- C:\Program Files\Trend Micro
    2008-05-29 22:00 . 2008-06-03 17:44 250,157,889 --a------ C:\Windows\MEMORY.DMP
    2008-05-28 05:06 . 2008-03-08 02:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-05-28 05:06 . 2008-03-08 06:30 1,686,528 --a------ C:\Windows\System32\gameux.dll
    2008-05-27 23:09 . 2008-05-27 23:09 <REP> d-------- C:\Users\Public\Asa [Asha]
    2008-05-18 18:42 . 2008-05-18 18:52 <REP> d-------- C:\Users\kiwi\AppData\Roaming\StarOffice8
    2008-05-17 21:05 . 2008-05-17 21:05 <REP> d-------- C:\Program Files\Sun
    2008-05-17 19:00 . 2008-06-04 18:52 <REP> d-------- C:\Users\All Users\Google Updater
    2008-05-17 19:00 . 2008-06-04 18:52 <REP> d-------- C:\PROGRA~2\Google Updater
    2008-05-16 09:31 . 2008-05-16 09:31 <REP> d-------- C:\Program Files\OpenOffice.org 2.4

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-04 10:45 --------- d-----w C:\Users\kiwi\AppData\Roaming\uTorrent
    2008-06-01 17:14 41,192 ----a-w C:\Users\kiwi\AppData\Roaming\nvModes.dat
    2008-06-01 16:18 --------- d-----w C:\Users\kiwi\AppData\Roaming\OpenOffice.org2
    2008-05-18 16:58 --------- d-----w C:\Program Files\VLC
    2008-05-17 17:02 --------- d-----w C:\Program Files\Google
    2008-05-15 20:18 --------- d-----w C:\Program Files\Java
    2008-05-14 06:58 --------- d-----w C:\Program Files\Windows Mail
    2008-05-12 10:56 0 ---h--w C:\Users\All Users\PKP_DLds.DAT
    2008-05-12 10:56 0 ---h--w C:\PROGRA~2\PKP_DLds.DAT
    2008-05-12 10:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-12 10:56 --------- d-----w C:\Program Files\Common Files\Nikon
    2008-05-12 09:50 --------- d-----w C:\PROGRA~2\Symantec
    2008-05-12 09:49 --------- d-----w C:\Program Files\Winamp
    2008-05-12 09:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-05-12 09:14 --------- d-----w C:\PROGRA~2\Microsoft Help
    2008-05-09 21:54 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-04-27 08:04 --------- d-----w C:\Program Files\Picasa2
    2008-04-25 19:15 0 ----a-w C:\Program Files\shutdown.log
    2008-04-25 19:13 314 ----a-w C:\Program Files\PhotoMaker.ini
    2008-04-25 19:13 205 ----a-w C:\Program Files\crm.ini
    2008-04-25 19:13 0 ---ha-w C:\Program Files\CritOp.log
    2008-04-25 19:13 0 ----a-w C:\Program Files\mxdba.log
    2008-04-25 19:13 --------- d-----w C:\Users\kiwi\AppData\Roaming\MAGIX
    2008-04-25 19:12 21,273 ----a-w C:\Program Files\INSTALL1.LOG
    2008-04-25 19:12 2,378 ----a-w C:\Program Files\Install.cfg
    2008-04-25 19:11 933 ----a-w C:\Program Files\reinstall3rdParty.ini
    2008-04-25 19:11 689 ----a-w C:\Program Files\unwise.ini
    2008-04-25 19:11 33,667 ----a-w C:\Program Files\license.txt
    2008-04-25 19:11 146 ----a-w C:\Program Files\Validation.ini
    2008-04-25 19:11 14,681 ----a-w C:\Program Files\register.rtf
    2008-04-25 19:11 126,279 ----a-w C:\Program Files\INSTALL.LOG
    2008-04-25 19:11 --------- d-----w C:\Program Files\Visuals
    2008-04-25 19:11 --------- d-----w C:\Program Files\Palette
    2008-04-25 19:11 --------- d-----w C:\Program Files\MAGIX Tirage en ligne
    2008-04-25 19:11 --------- d-----w C:\Program Files\Icons
    2008-04-25 19:11 --------- d-----w C:\Program Files\Firebird
    2008-04-25 19:11 --------- d-----w C:\Program Files\Bitmaps
    2008-04-25 19:06 --------- d-----w C:\Program Files\VideoFX
    2008-04-25 19:06 --------- d-----w C:\Program Files\Skins
    2008-04-25 19:06 --------- d-----w C:\Program Files\Common Files\MAGIX Shared
    2008-04-25 19:06 --------- d-----w C:\PROGRA~2\MAGIX
    2008-04-25 18:55 20 ---h--w C:\Users\All Users\PKP_DLec.DAT
    2008-04-25 18:55 20 ---h--w C:\PROGRA~2\PKP_DLec.DAT
    2008-04-24 10:40 --------- d-----w C:\Program Files\IrfanView
    2008-04-06 09:51 --------- d-----w C:\Program Files\zeux
    2008-04-06 09:47 --------- d-----w C:\Program Files\Microsoft Games
    2008-03-08 04:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-03-08 04:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-03-08 04:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-03-08 04:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-03-08 00:22 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
    2007-12-02 12:06 174 --sha-w C:\Program Files\desktop.ini
    2007-11-27 12:56 0 ----a-w C:\Users\kiwi\AppData\Roaming\wklnhst.dat
    2006-05-31 13:49 13,094 ----a-w C:\Program Files\order.rtf
    2006-05-12 10:31 269,397 ----a-w C:\Program Files\addoninstall.exe
    2006-04-21 09:58 53,248 ----a-w C:\Program Files\IMxP_NokiaPCSuite.dll
    2006-04-11 14:25 1,961,472 ----a-w C:\Program Files\MAGIXviewer.exe
    2006-04-10 07:55 229,484 ----a-w C:\Program Files\Oxa1971.dll
    2006-03-22 14:23 176,128 ----a-w C:\Program Files\unwise.exe
    2006-03-15 08:32 7,735,180 ----a-w C:\Program Files\PhotoMaker.exe
    2006-03-02 16:42 6,468 ----a-w C:\Program Files\Photomaker.cnt
    2006-03-02 16:42 2,113,719 ----a-w C:\Program Files\Photomaker.hlp
    2006-02-27 08:43 24,576 ----a-w C:\Program Files\Validation.exe
    2006-02-17 12:57 475,136 ----a-w C:\Program Files\MXTLC.dll
    2006-02-07 12:33 92,160 ----a-w C:\Program Files\exemaker.exe
    2006-01-25 15:20 6,566 ----a-w C:\Program Files\e-mode-upgradedlg-exit.rtf
    2006-01-25 15:19 6,602 ----a-w C:\Program Files\e-mode-upgradedialog.rtf
    2006-01-25 15:19 2,691 ----a-w C:\Program Files\e-mode.ini
    2006-01-23 09:10 2,701 ----a-w C:\Program Files\Upgrade.rtf
    2006-01-18 10:29 86,016 ----a-w C:\Program Files\MagixOFA-fr.dll
    2006-01-18 10:03 626,688 ----a-w C:\Program Files\MagixOFA.dll
    2006-01-12 15:18 49,152 ----a-w C:\Program Files\EXIF12.dll
    2006-01-11 14:23 2,280 ----a-w C:\Program Files\mp3encoder_upgrade.rtf
    2006-01-09 09:26 671 ----a-w C:\Program Files\PredefinedCategories.ini
    2005-12-13 16:18 442,368 ----a-w C:\Program Files\MFL.dll
    2005-11-02 13:43 10,291 ----a-w C:\Program Files\support.rtf
    2005-10-28 15:11 270,336 ----a-w C:\Program Files\IMxP_WmDevice.dll
    2005-08-30 15:12 2,729 ----a-w C:\Program Files\Tooltip.ini
    2005-08-22 15:40 81,920 ----a-w C:\Program Files\unwise.adf
    2005-08-22 15:26 176,128 ----a-w C:\Program Files\instslct.exe
    2005-08-04 15:38 4,511 ----a-w C:\Program Files\Shortcuts.ini
    2005-07-28 12:20 564,142 ----a-w C:\Program Files\composer.dll
    2005-06-22 13:42 128,512 ----a-w C:\Program Files\uninstall.exe
    2005-06-21 17:06 35,840 ----a-w C:\Program Files\xutility.dll
    2005-06-13 12:31 102,400 ----a-w C:\Program Files\Rn5d3288.dll
    2005-05-23 15:44 172,032 ----a-w C:\Program Files\DB_MX.dll
    2005-05-20 12:10 192,512 ----a-w C:\Program Files\reinstall3rdParty.exe
    2005-05-18 13:10 1,103 ----a-w C:\Program Files\IMxPNokiaPCSuite.ini
    2005-05-10 06:42 1,163,264 ----a-w C:\Program Files\photoid.dll
    2005-03-31 15:20 65,536 ----a-w C:\Program Files\MxAutoUpdate.dll
    2005-03-09 14:17 34,304 ----a-w C:\Program Files\CDBurnProfiler.exe
    2004-10-22 15:41 118,784 ----a-w C:\Program Files\Zipdll.dll
    2004-10-18 15:15 212,992 ----a-w C:\Program Files\eModeUpgradeDlg.dll
    2004-08-20 13:16 144,896 ----a-w C:\Program Files\mpeg2.dll
    2004-08-19 10:51 45,056 ----a-w C:\Program Files\EXIF09.dll
    2004-08-03 09:43 716,800 ----a-w C:\Program Files\PlayRIpl.dll
    2004-05-04 09:53 1,645,320 ----a-w C:\Program Files\gdiplus.dll
    2004-04-15 13:48 32,768 ----a-w C:\Program Files\MagixUpdater.exe
    2004-03-22 17:38 110,592 ----a-w C:\Program Files\MXWIA.dll
    2004-02-11 16:28 219,136 ----a-w C:\Program Files\xviewer.exe
    .

    ------- Sigcheck -------

    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{758A44CD-8365-447F-984B-B6B144F5B6E6}]
    2008-05-23 22:15 370176 --a------ C:\Users\kiwi\AppData\Local\Temp\wvUnMcdB.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-16 00:21 1232896]
    "Acer Tour Reminder"="" []
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216]
    "Acer Tour"="" []
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 17:39 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 17:39 8470528]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 17:39 81920]
    "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-06-27 11:15 752136]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 13:00 174872]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 10:06 159744]
    "eRecoveryService"="" []
    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
    "eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 15:54 1286144]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-23 22:33 262401]

    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
    Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-10 09:29:07 535336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ValidateAdminCodeSignatures"= 1 (0x1)
    "FilterAdministratorToken"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{0CF5D165-517E-48B6-B3C7-3054A24F8BF6}"= C:\Windows\system32\xxyyyYqo.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=eNetHook.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM
    "vidc.ffds"= C:\PROGRA~1\VLC\COMBIN~1\Filters\FFDShow\ff_vfw.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 C:\Users\kiwi\AppData\Local\Temp\wvUnMcdB

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{1ACDC690-E812-4BF4-8277-CADB310BB196}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
    "{975C10A6-89E7-450F-8386-9F6BEC5992B5}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
    "{4B2A96AC-90BB-469D-96F2-1E462E2F2103}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
    "{CB0A5015-2744-4511-8C92-B47FF3948EAF}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:D V Wizard
    "{849D0299-7E5F-4D16-821F-6475DF1EFD43}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{25219AE5-C395-490A-927D-5917C456B162}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{4501C1FC-2596-4C90-8279-68E71179C8F6}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:D VDivine
    "{2FA21601-CB39-4331-866E-40BD0890B95E}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:p lay Movie
    "{F2EDC553-44F9-4BB6-A65B-C619B0F9AA3D}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:p lay Movie Resident Program
    "TCP Query User{A6A4212C-46B0-4D86-970A-F3910D1BB94F}C:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= UDP:C:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
    "UDP Query User{5EAEB291-8EBC-4D14-B8B8-C77D87D262BA}C:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= TCP:C:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
    "{8F085BA9-5D2D-4897-9877-B2FA31C2D599}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
    "{55093EC2-D8D3-4822-9DA4-B72DAD44F255}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
    "TCP Query User{BAF5D7E9-168C-43C9-858F-F1CF197816D4}D:\\zeux\\ea games\\battlefield 1942\\bf1942.exe"= UDP:D :\zeux\ea games\battlefield 1942\bf1942.exe:BF1942
    "UDP Query User{FAD46079-0209-4B7B-B626-39C5B1EEAE02}D:\\zeux\\ea games\\battlefield 1942\\bf1942.exe"= TCP:D :\zeux\ea games\battlefield 1942\bf1942.exe:BF1942
    "TCP Query User{6F4DAA97-F672-4F19-B86D-204D39D4899F}C:\\program files\\half-life\\hl.exe"= UDP:C:\program files\half-life\hl.exe:Half-Life Launcher
    "UDP Query User{DC22B9C5-FFDD-495D-ACF2-30B46ABDA4B0}C:\\program files\\half-life\\hl.exe"= TCP:C:\program files\half-life\hl.exe:Half-Life Launcher
    "TCP Query User{BE00F0D4-3FAE-4A7D-A8BE-6B656A70460C}C:\\program files\\zeux\\ea games\\battlefield 1942\\bf1942.exe"= UDP:C:\program files\zeux\ea games\battlefield 1942\bf1942.exe:BF1942.exe
    "UDP Query User{CBF43121-F86E-4320-B1EE-08CDC11EE37E}C:\\program files\\zeux\\ea games\\battlefield 1942\\bf1942.exe"= TCP:C:\program files\zeux\ea games\battlefield 1942\bf1942.exe:BF1942.exe
    "TCP Query User{7D5EF960-2B6A-4CBB-96AE-6341F33E063E}C:\\program files\\microsoft games\\age of empires iii\\age3.exe"= UDP:C:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3
    "UDP Query User{686C86A7-1E6C-4C14-AAA3-DC4EC99182CF}C:\\program files\\microsoft games\\age of empires iii\\age3.exe"= TCP:C:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3
    "TCP Query User{09F0331A-9ABD-44AA-9DA8-1393893DB856}C:\\program files\\microsoft games\\age of mythology\\aom.exe"= UDP:C:\program files\microsoft games\age of mythology\aom.exe:Age of Mythology
    "UDP Query User{9AF36308-03DA-4D61-8274-83EA4EDF7808}C:\\program files\\microsoft games\\age of mythology\\aom.exe"= TCP:C:\program files\microsoft games\age of mythology\aom.exe:Age of Mythology
    "TCP Query User{50EDF01D-9403-4B7F-9E1E-FAFE7936FC51}C:\\program files\\microsoft games\\age of mythology\\aom.exe"= UDP:C:\program files\microsoft games\age of mythology\aom.exe:Age of Mythology
    "UDP Query User{7A23E977-D187-443F-B555-E3204516930B}C:\\program files\\microsoft games\\age of mythology\\aom.exe"= TCP:C:\program files\microsoft games\age of mythology\aom.exe:Age of Mythology
    "TCP Query User{523F5FB3-25BB-4BBF-BEEC-12A8BAB4433B}C:\\program files\\vlc\\vlc.exe"= UDP:C:\program files\vlc\vlc.exe:VLC media player
    "UDP Query User{D2B897AE-D12E-4B1B-A7C4-376DD5172476}C:\\program files\\vlc\\vlc.exe"= TCP:C:\program files\vlc\vlc.exe:VLC media player
    "TCP Query User{AC4293CF-1E4C-456D-A5E9-D55C63712A8C}C:\\program files\\serious sam 2\\bin\\sam2.exe"= UDP:C:\program files\serious sam 2\bin\sam2.exe:Sam2.exe
    "UDP Query User{EC032255-5EF0-4611-9104-203933CA76FA}C:\\program files\\serious sam 2\\bin\\sam2.exe"= TCP:C:\program files\serious sam 2\bin\sam2.exe:Sam2.exe
    "{C90959AF-D439-456E-8496-3860C69C10B1}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
    "{3FCEFF21-F74D-411D-B372-C43F7FCE0115}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
    "{94C6498A-F8C8-4F2E-BD37-792B5D428340}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
    "{CFC10431-EAAE-408C-85B7-2EA3A40C9FF4}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
    "{BCA44E92-9BFE-4271-A95D-C136FECC7429}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "TCP Query User{3DC099DE-814E-43E1-9609-F9C45CD59831}C:\\program files\\maple 10\\jre\\bin\\maple.exe"= UDP:C:\program files\maple 10\jre\bin\maple.exe:maple.exe
    "UDP Query User{D4897CF7-A6AE-4C43-8D08-9C97649D572B}C:\\program files\\maple 10\\jre\\bin\\maple.exe"= TCP:C:\program files\maple 10\jre\bin\maple.exe:maple.exe
    "TCP Query User{4384103E-5D51-4047-AC17-D2A8EB49567B}C:\\program files\\maple 10\\jre\\bin\\java.exe"= UDP:C:\program files\maple 10\jre\bin\java.exe:java.exe
    "UDP Query User{35BCA76C-1A64-458B-AAA1-360EAD1D3ECA}C:\\program files\\maple 10\\jre\\bin\\java.exe"= TCP:C:\program files\maple 10\jre\bin\java.exe:java.exe
    "{7416B301-8C8D-457B-B1A2-78C24CA37C1D}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:o rb
    "{5DC3E9FC-11BB-4E6F-BF06-47D5FACB7AD3}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:o rb
    "{2C4FEB05-7CB6-446B-85BC-63E15BF5F14A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:o rbTray
    "{61B18EFA-7FC9-4A53-A7FE-24A9E9A32E52}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:o rbTray
    "{E21A2B53-5B06-41EE-89ED-AD69C4B3534B}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:o rbIR
    "{877953C9-565A-4F33-8088-A31B1B3CB6AA}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:o rbIR
    "{588CA41F-43B8-451C-9FDA-317694063088}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:o rb Stream Client
    "{3B5E60F9-7143-479E-BFDC-0465156DD0BF}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:o rb Stream Client
    "TCP Query User{403D3CF1-7ECD-4823-8BE7-C6C238DB8F60}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent.exe
    "UDP Query User{FB498415-9528-46CB-8845-9B7F4CA76130}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent.exe
    "TCP Query User{8B23B94E-C4DF-4920-8886-5458D4DFFDE9}C:\\program files\\battlefield vietnam\\bfvietnam.exe"= UDP:C:\program files\battlefield vietnam\bfvietnam.exe:BfVietnam.exe
    "UDP Query User{34DDAE2E-4A7E-42C8-B0E8-4CE36B5CE142}C:\\program files\\battlefield vietnam\\bfvietnam.exe"= TCP:C:\program files\battlefield vietnam\bfvietnam.exe:BfVietnam.exe
    "TCP Query User{B59B58FF-A72E-4E34-870E-1A58D560BA5D}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent.exe
    "UDP Query User{ECC690B4-7BE7-4575-8E75-742BD9E43A46}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent.exe
    "TCP Query User{51949B8A-E8E6-4DE0-830F-04E74A9985E5}C:\\program files\\battlefield vietnam\\bfvietnam_w32ded.exe"= UDP:C:\program files\battlefield vietnam\bfvietnam_w32ded.exe:bfvietnam_w32ded.exe
    "UDP Query User{CF1B6C2F-C85E-4800-82FF-108B6C0F0489}C:\\program files\\battlefield vietnam\\bfvietnam_w32ded.exe"= TCP:C:\program files\battlefield vietnam\bfvietnam_w32ded.exe:bfvietnam_w32ded.exe
    "TCP Query User{A1FEA10D-FDBB-4D26-8685-52EC001174C4}C:\\program files\\zeux\\ea games\\battlefield 2\\bf2_w32ded.exe"= UDP:C:\program files\zeux\ea games\battlefield 2\bf2_w32ded.exe:Bf2_w32ded.exe
    "UDP Query User{0CA215EA-006D-4412-BCFA-DBBEE55BDBD5}C:\\program files\\zeux\\ea games\\battlefield 2\\bf2_w32ded.exe"= TCP:C:\program files\zeux\ea games\battlefield 2\bf2_w32ded.exe:Bf2_w32ded.exe
    "TCP Query User{C1C3E00F-DFB3-49C0-B4E0-4B2FC16E9FD1}C:\\program files\\microsoft games\\age of mythology\\aomx (3).exe"= UDP:C:\program files\microsoft games\age of mythology\aomx (3).exe:Age of Mythology - The Titans Expansion
    "UDP Query User{031E1E21-9481-4254-B3A4-9294E6E998F8}C:\\program files\\microsoft games\\age of mythology\\aomx (3).exe"= TCP:C:\program files\microsoft games\age of mythology\aomx (3).exe:Age of Mythology - The Titans Expansion
    "TCP Query User{B85F3CA4-0181-4EE0-A2E2-FC3CE281722B}C:\\program files\\microsoft games\\age of mythology\\aom (2).exe"= UDP:C:\program files\microsoft games\age of mythology\aom (2).exe:Age of Mythology
    "UDP Query User{E25EB855-83E7-49FD-AEA1-C70122D73AD8}C:\\program files\\microsoft games\\age of mythology\\aom (2).exe"= TCP:C:\program files\microsoft games\age of mythology\aom (2).exe:Age of Mythology
    "TCP Query User{4CFA7A41-4E16-4F0F-92BD-86FF4A0EA78A}C:\\program files\\maple 10\\jre\\bin\\maple.exe"= UDP:C:\program files\maple 10\jre\bin\maple.exe:maple.exe
    "UDP Query User{4485F812-863F-4EE6-AFE9-3C47CE45347E}C:\\program files\\maple 10\\jre\\bin\\maple.exe"= TCP:C:\program files\maple 10\jre\bin\maple.exe:maple.exe
    "TCP Query User{54112D43-8133-4B6B-8FED-F4AE3C3964E3}C:\\program files\\microsoft games\\age of mythology\\aomx (3).exe"= UDP:C:\program files\microsoft games\age of mythology\aomx (3).exe:Age of Mythology - The Titans Expansion
    "UDP Query User{7F39D384-BDA5-468F-ABCF-FF914F6E9444}C:\\program files\\microsoft games\\age of mythology\\aomx (3).exe"= TCP:C:\program files\microsoft games\age of mythology\aomx (3).exe:Age of Mythology - The Titans Expansion
    "TCP Query User{4D64A671-865A-45F4-9B8B-303F874659E0}C:\\program files\\microsoft games\\age of mythology\\aom (2).exe"= UDP:C:\program files\microsoft games\age of mythology\aom (2).exe:Age of Mythology
    "UDP Query User{FCC90EB2-F2F0-4C79-8376-DDA2AB1A2777}C:\\program files\\microsoft games\\age of mythology\\aom (2).exe"= TCP:C:\program files\microsoft games\age of mythology\aom (2).exe:Age of Mythology

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

    R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 16:34]
    R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16:34]
    R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 16:34]
    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 16:51]
    R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 14:24]
    R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 16:34]
    R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 15:00]
    R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 14:05]
    R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
    R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 12:23]
    R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 07:23]
    R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 12:03]
    R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 10:26]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 10:57]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
    S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 22:46]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 22:46]
    S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 16:47]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74833774-a6ec-11dc-b17a-e3a2a79b2d9e}]
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toy.exe

    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-05 20:05:20
    Windows 6.0.6000 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\Windows\system32\lsass.exe
    -> C:\Users\kiwi\AppData\Local\Temp\wvUnMcdB.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Windows\System32\audiodg.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\System32\drivers\XAudio.exe
    C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    C:\Windows\System32\wbem\unsecapp.exe
    C:\Windows\System32\conime.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Users\kiwi\AppData\Local\Temp\RtkBtMnt.exe
    C:\Acer\Empowering Technology\eNet\eNMTray.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
    C:\Program Files\Apoint2K\ApntEx.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-05 20:10:35 - machine was rebooted [kiwi]
    ComboFix-quarantined-files.txt 2008-06-05 18:10:12

    Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
    Post-Run: 23,350,644,736 octets libres

    330 --- E O F --- 2008-05-30 05:32:14
    5 Juin 2008 21:25:55

    Le moteur de recherche y marche impec par contre plus moyen d'ouvrir aucun fichiez .exe , comme combofix il m'envoie toujour un message d'erreur, une référence à été renvoyé au serveur ...
    5 Juin 2008 21:35:08

    "ShellExecuteEx failed; code 8235
    une référence a été renvoyée par le serveur"
    5 Juin 2008 21:53:57

    J'ai trouvé en faite pour le message d'erreur , j'ai été voir un peu sur le web ,et j'ai redécocher l'UAC et ca marche . C'est important l'UAC ? :) 
    6 Juin 2008 07:16:55

    Re,

    Ça ne doit pas empêcher le fonctionnement des exe... Mais demander des confirmations.

    Sélectionne l'intégralité du cadre ci-dessous :

    Collect::
    C:\Users\kiwi\AppData\Local\Temp\wvUnMcdB.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{758A44CD-8365-447F-984B-B6B144F5B6E6}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acer Tour Reminder"=-
    "WMPNSCFG"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"=-
    "Acer Tour"=-
    "eRecoveryService"=-
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{0CF5D165-517E-48B6-B3C7-3054A24F8BF6}"=-


    Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport ComboFix.txt.
    S'il n'y a pas de rédémarrage, poste quand même le rapport.

  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix. Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
    6 Juin 2008 13:12:32

    ComboFix 08-06-05.2 - kiwi 2008-06-06 12:43:51.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1182 [GMT 2:00]
    Endroit: C:\Users\kiwi\Desktop\ComboFix.exe
    Command switches used :: C:\Users\kiwi\Desktop\CFScript.txt
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Users\kiwi\AppData\Local\Temp\wvUnMcdB.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-06 to 2008-06-06 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-06 12:42 . 2008-06-06 12:42 <REP> d-------- C:\327882R2FWJFW
    2008-06-06 10:09 . 2008-06-06 10:09 <REP> d-------- C:\Users\Public\Pictures
    2008-06-05 21:50 . 2008-06-05 21:59 <REP> d-------- C:\Users\kiwi\AppData\Roaming\XnView
    2008-06-05 21:43 . 2008-06-05 21:49 <REP> d-------- C:\Program Files\XnView
    2008-06-04 17:06 . 2008-06-04 19:07 <REP> d-------- C:\Lop SD
    2008-06-04 09:24 . 2008-06-04 09:24 <REP> d-------- C:\Program Files\Trend Micro
    2008-05-29 22:00 . 2008-06-03 17:44 250,157,889 --a------ C:\Windows\MEMORY.DMP
    2008-05-28 05:06 . 2008-03-08 02:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-05-28 05:06 . 2008-03-08 06:30 1,686,528 --a------ C:\Windows\System32\gameux.dll
    2008-05-27 23:09 . 2008-05-27 23:09 <REP> d-------- C:\Users\Public\Asa [Asha]
    2008-05-18 18:42 . 2008-05-18 18:52 <REP> d-------- C:\Users\kiwi\AppData\Roaming\StarOffice8
    2008-05-17 21:05 . 2008-05-17 21:05 <REP> d-------- C:\Program Files\Sun
    2008-05-17 19:00 . 2008-06-05 20:17 <REP> d-------- C:\Users\All Users\Google Updater
    2008-05-17 19:00 . 2008-06-05 20:17 <REP> d-------- C:\ProgramData\Google Updater
    2008-05-16 09:31 . 2008-05-16 09:31 <REP> d-------- C:\Program Files\OpenOffice.org 2.4

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-04 10:45 --------- d-----w C:\Users\kiwi\AppData\Roaming\uTorrent
    2008-06-01 17:14 41,192 ----a-w C:\Users\kiwi\AppData\Roaming\nvModes.dat
    2008-06-01 16:18 --------- d-----w C:\Users\kiwi\AppData\Roaming\OpenOffice.org2
    2008-05-18 16:58 --------- d-----w C:\Program Files\VLC
    2008-05-17 17:02 --------- d-----w C:\Program Files\Google
    2008-05-15 20:18 --------- d-----w C:\Program Files\Java
    2008-05-14 06:58 --------- d-----w C:\Program Files\Windows Mail
    2008-05-12 10:56 0 ---h--w C:\Users\All Users\PKP_DLds.DAT
    2008-05-12 10:56 0 ---h--w C:\ProgramData\PKP_DLds.DAT
    2008-05-12 10:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-12 10:56 --------- d-----w C:\Program Files\Common Files\Nikon
    2008-05-12 09:50 --------- d-----w C:\ProgramData\Symantec
    2008-05-12 09:49 --------- d-----w C:\Program Files\Winamp
    2008-05-12 09:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-05-12 09:14 --------- d-----w C:\ProgramData\Microsoft Help
    2008-05-09 21:54 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-04-27 08:04 --------- d-----w C:\Program Files\Picasa2
    2008-04-25 19:15 0 ----a-w C:\Program Files\shutdown.log
    2008-04-25 19:13 314 ----a-w C:\Program Files\PhotoMaker.ini
    2008-04-25 19:13 205 ----a-w C:\Program Files\crm.ini
    2008-04-25 19:13 0 ---ha-w C:\Program Files\CritOp.log
    2008-04-25 19:13 0 ----a-w C:\Program Files\mxdba.log
    2008-04-25 19:13 --------- d-----w C:\Users\kiwi\AppData\Roaming\MAGIX
    2008-04-25 19:12 21,273 ----a-w C:\Program Files\INSTALL1.LOG
    2008-04-25 19:12 2,378 ----a-w C:\Program Files\Install.cfg
    2008-04-25 19:11 933 ----a-w C:\Program Files\reinstall3rdParty.ini
    2008-04-25 19:11 689 ----a-w C:\Program Files\unwise.ini
    2008-04-25 19:11 33,667 ----a-w C:\Program Files\license.txt
    2008-04-25 19:11 146 ----a-w C:\Program Files\Validation.ini
    2008-04-25 19:11 14,681 ----a-w C:\Program Files\register.rtf
    2008-04-25 19:11 126,279 ----a-w C:\Program Files\INSTALL.LOG
    2008-04-25 19:11 --------- d-----w C:\Program Files\Visuals
    2008-04-25 19:11 --------- d-----w C:\Program Files\Palette
    2008-04-25 19:11 --------- d-----w C:\Program Files\MAGIX Tirage en ligne
    2008-04-25 19:11 --------- d-----w C:\Program Files\Icons
    2008-04-25 19:11 --------- d-----w C:\Program Files\Firebird
    2008-04-25 19:11 --------- d-----w C:\Program Files\Bitmaps
    2008-04-25 19:06 --------- d-----w C:\ProgramData\MAGIX
    2008-04-25 19:06 --------- d-----w C:\Program Files\VideoFX
    2008-04-25 19:06 --------- d-----w C:\Program Files\Skins
    2008-04-25 19:06 --------- d-----w C:\Program Files\Common Files\MAGIX Shared
    2008-04-25 18:55 20 ---h--w C:\Users\All Users\PKP_DLec.DAT
    2008-04-25 18:55 20 ---h--w C:\ProgramData\PKP_DLec.DAT
    2008-04-24 10:40 --------- d-----w C:\Program Files\IrfanView
    2008-04-06 09:51 --------- d-----w C:\Program Files\zeux
    2008-04-06 09:47 --------- d-----w C:\Program Files\Microsoft Games
    2008-03-08 04:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-03-08 04:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-03-08 04:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-03-08 04:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-03-08 00:22 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
    2007-12-02 12:06 174 --sha-w C:\Program Files\desktop.ini
    2007-11-27 12:56 0 ----a-w C:\Users\kiwi\AppData\Roaming\wklnhst.dat
    2006-05-31 13:49 13,094 ----a-w C:\Program Files\order.rtf
    2006-05-12 10:31 269,397 ----a-w C:\Program Files\addoninstall.exe
    2006-04-21 09:58 53,248 ----a-w C:\Program Files\IMxP_NokiaPCSuite.dll
    2006-04-11 14:25 1,961,472 ----a-w C:\Program Files\MAGIXviewer.exe
    2006-04-10 07:55 229,484 ----a-w C:\Program Files\Oxa1971.dll
    2006-03-22 14:23 176,128 ----a-w C:\Program Files\unwise.exe
    2006-03-15 08:32 7,735,180 ----a-w C:\Program Files\PhotoMaker.exe
    2006-03-02 16:42 6,468 ----a-w C:\Program Files\Photomaker.cnt
    2006-03-02 16:42 2,113,719 ----a-w C:\Program Files\Photomaker.hlp
    2006-02-27 08:43 24,576 ----a-w C:\Program Files\Validation.exe
    2006-02-17 12:57 475,136 ----a-w C:\Program Files\MXTLC.dll
    2006-02-07 12:33 92,160 ----a-w C:\Program Files\exemaker.exe
    2006-01-25 15:20 6,566 ----a-w C:\Program Files\e-mode-upgradedlg-exit.rtf
    2006-01-25 15:19 6,602 ----a-w C:\Program Files\e-mode-upgradedialog.rtf
    2006-01-25 15:19 2,691 ----a-w C:\Program Files\e-mode.ini
    2006-01-23 09:10 2,701 ----a-w C:\Program Files\Upgrade.rtf
    2006-01-18 10:29 86,016 ----a-w C:\Program Files\MagixOFA-fr.dll
    2006-01-18 10:03 626,688 ----a-w C:\Program Files\MagixOFA.dll
    2006-01-12 15:18 49,152 ----a-w C:\Program Files\EXIF12.dll
    2006-01-11 14:23 2,280 ----a-w C:\Program Files\mp3encoder_upgrade.rtf
    2006-01-09 09:26 671 ----a-w C:\Program Files\PredefinedCategories.ini
    2005-12-13 16:18 442,368 ----a-w C:\Program Files\MFL.dll
    2005-11-02 13:43 10,291 ----a-w C:\Program Files\support.rtf
    2005-10-28 15:11 270,336 ----a-w C:\Program Files\IMxP_WmDevice.dll
    2005-08-30 15:12 2,729 ----a-w C:\Program Files\Tooltip.ini
    2005-08-22 15:40 81,920 ----a-w C:\Program Files\unwise.adf
    2005-08-22 15:26 176,128 ----a-w C:\Program Files\instslct.exe
    2005-08-04 15:38 4,511 ----a-w C:\Program Files\Shortcuts.ini
    2005-07-28 12:20 564,142 ----a-w C:\Program Files\composer.dll
    2005-06-22 13:42 128,512 ----a-w C:\Program Files\uninstall.exe
    2005-06-21 17:06 35,840 ----a-w C:\Program Files\xutility.dll
    2005-06-13 12:31 102,400 ----a-w C:\Program Files\Rn5d3288.dll
    2005-05-23 15:44 172,032 ----a-w C:\Program Files\DB_MX.dll
    2005-05-20 12:10 192,512 ----a-w C:\Program Files\reinstall3rdParty.exe
    2005-05-18 13:10 1,103 ----a-w C:\Program Files\IMxPNokiaPCSuite.ini
    2005-05-10 06:42 1,163,264 ----a-w C:\Program Files\photoid.dll
    2005-03-31 15:20 65,536 ----a-w C:\Program Files\MxAutoUpdate.dll
    2005-03-09 14:17 34,304 ----a-w C:\Program Files\CDBurnProfiler.exe
    2004-10-22 15:41 118,784 ----a-w C:\Program Files\Zipdll.dll
    2004-10-18 15:15 212,992 ----a-w C:\Program Files\eModeUpgradeDlg.dll
    2004-08-20 13:16 144,896 ----a-w C:\Program Files\mpeg2.dll
    2004-08-19 10:51 45,056 ----a-w C:\Program Files\EXIF09.dll
    2004-08-03 09:43 716,800 ----a-w C:\Program Files\PlayRIpl.dll
    2004-05-04 09:53 1,645,320 ----a-w C:\Program Files\gdiplus.dll
    2004-04-15 13:48 32,768 ----a-w C:\Program Files\MagixUpdater.exe
    2004-03-22 17:38 110,592 ----a-w C:\Program Files\MXWIA.dll
    2004-02-11 16:28 219,136 ----a-w C:\Program Files\xviewer.exe
    .

    ------- Sigcheck -------

    .
    ((((((((((((((((((((((((((((( snapshot@2008-06-05_20.09.42.13 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-06-05 18:02:49 67,584 ----a-w C:\Windows\bootstat.dat
    + 2008-06-06 10:51:34 67,584 ----a-w C:\Windows\bootstat.dat
    - 2008-06-05 18:02:50 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-06-06 10:51:35 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2008-06-05 18:02:50 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2008-06-06 10:51:35 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-06-05 18:04:16 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
    + 2008-06-06 10:53:57 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
    + 2008-06-06 10:53:57 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2008-06-05 18:04:54 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-06-06 10:56:18 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-06-06 10:56:18 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2008-06-05 17:18:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-06-05 18:17:03 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-06-05 17:18:26 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-06-05 18:17:03 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-06-05 17:18:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-06-05 18:17:03 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-03-26 07:55:42 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
    + 2008-06-06 10:43:29 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
    + 2008-06-06 10:43:29 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
    - 2008-06-05 18:00:43 103,314 ----a-w C:\Windows\System32\perfc009.dat
    + 2008-06-06 10:45:37 103,924 ----a-w C:\Windows\System32\perfc009.dat
    - 2008-06-05 18:00:43 116,988 ----a-w C:\Windows\System32\perfc00C.dat
    + 2008-06-06 10:45:37 117,572 ----a-w C:\Windows\System32\perfc00C.dat
    - 2008-06-05 18:00:43 609,532 ----a-w C:\Windows\System32\perfh009.dat
    + 2008-06-06 10:45:37 610,142 ----a-w C:\Windows\System32\perfh009.dat
    - 2008-06-05 18:00:43 689,846 ----a-w C:\Windows\System32\perfh00C.dat
    + 2008-06-06 10:45:37 690,832 ----a-w C:\Windows\System32\perfh00C.dat
    - 2008-06-05 18:05:31 9,844 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2375981963-3849432644-2204959874-1000_UserData.bin
    + 2008-06-06 10:54:10 9,892 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2375981963-3849432644-2204959874-1000_UserData.bin
    - 2008-06-05 18:05:31 93,554 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-06-06 10:54:10 93,856 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-05-29 05:18:10 2,690 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
    + 2008-06-05 20:27:19 2,690 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
    - 2008-06-05 18:05:27 63,490 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-06-06 10:40:49 63,490 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-16 00:21 1232896]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]
    "Acer Tour Reminder"="" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 17:39 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 17:39 8470528]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 17:39 81920]
    "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-06-27 11:15 752136]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 13:00 174872]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 10:06 159744]
    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
    "eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 15:54 1286144]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-23 22:33 262401]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-10 09:29:07 535336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "ValidateAdminCodeSignatures"= 1 (0x1)
    "FilterAdministratorToken"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=eNetHook.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM
    "vidc.ffds"= C:\PROGRA~1\VLC\COMBIN~1\Filters\FFDShow\ff_vfw.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{1ACDC690-E812-4BF4-8277-CADB310BB196}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
    "{975C10A6-89E7-450F-8386-9F6BEC5992B5}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
    "{4B2A96AC-90BB-469D-96F2-1E462E2F2103}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
    "{CB0A5015-2744-4511-8C92-B47FF3948EAF}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:D V Wizard
    "{849D0299-7E5F-4D16-821F-6475DF1EFD43}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{25219AE5-C395-490A-927D-5917C456B162}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{4501C1FC-2596-4C90-8279-68E71179C8F6}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:D VDivine
    "{2FA21601-CB39-4331-866E-40BD0890B95E}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:p lay Movie
    "{F2EDC553-44F9-4BB6-A65B-C619B0F9AA3D}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:p lay Movie Resident Program
    "TCP Query User{A6A4212C-46B0-4D86-970A-F3910D1BB94F}C:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= UDP:C:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
    "UDP Query User{5EAEB291-8EBC-4D14-B8B8-C77D87D262BA}C:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= TCP:C:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
    "{8F085BA9-5D2D-4897-9877-B2FA31C2D599}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
    "{55093EC2-D8D3-4822-9DA4-B72DAD44F255}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
    "TCP Query User{BAF5D7E9-168C-43C9-858F-F1CF197816D4}D:\\zeux\\ea games\\battlefield 1942\\bf1942.exe"= UDP:D :\zeux\ea games\battlefield 1942\bf1942.exe:BF1942
    "UDP Query User{FAD46079-0209-4B7B-B626-39C5B1EEAE02}D:\\zeux\\ea games\\battlefield 1942\\bf1942.exe"= TCP:D :\zeux\ea games\battlefield 1942\bf1942.exe:BF1942
    "TCP Query User{6F4DAA97-F672-4F19-B86D-204D39D4899F}C:\\program files\\half-life\\hl.exe"= UDP:C:\program files\half-life\hl.exe:Half-Life Launcher
    "UDP Query User{DC22B9C5-FFDD-495D-ACF2-30B46ABDA4B0}C:\\program files\\half-life\\hl.exe"= TCP:C:\program files\half-life\hl.exe:Half-Life Launcher
    "TCP Query User{BE00F0D4-3FAE-4A7D-A8BE-6B656A70460C}C:\\program files\\zeux\\ea games\\battlefield 1942\\bf1942.exe"= UDP:C:\program files\zeux\ea games\battlefield 1942\bf1942.exe:BF1942.exe
    "UDP Query User{CBF43121-F86E-4320-B1EE-08CDC11EE37E}C:\\program files\\zeux\\ea games\\battlefield 1942\\bf1942.exe"= TCP:C:\program files\zeux\ea games\battlefield 1942\bf1942.exe:BF1942.exe
    "TCP Query User{7D5EF960-2B6A-4CBB-96AE-6341F33E063E}C:\\program files\\microsoft games\\age of empires iii\\age3.exe"= UDP:C:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3
    "UDP Query User{686C86A7-1E6C-4C14-AAA3-DC4EC99182CF}C:\\program files\\microsoft games\\age of empires iii\\age3.exe"= TCP:C:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3
    "TCP Query User{09F0331A-9ABD-44AA-9DA8-1393893DB856}C:\\program files\\microsoft games\\age of mythology\\aom.exe"= UDP:C:\program files\microsoft games\age of mythology\aom.exe:Age of Mythology
    "UDP Query User{9AF36308-03DA-4D61-8274-83EA4EDF7808}C:\\program files\\microsoft games\\age of mythology\\aom.exe"= TCP:C:\program files\microsoft games\age of mythology\aom.exe:Age of Mythology
    "TCP Query User{50EDF01D-9403-4B7F-9E1E-FAFE7936FC51}C:\\program files\\microsoft games\\age of mythology\\aom.exe"= UDP:C:\program files\microsoft games\age of mythology\aom.exe:Age of Mythology
    "UDP Query User{7A23E977-D187-443F-B555-E3204516930B}C:\\program files\\microsoft games\\age of mythology\\aom.exe"= TCP:C:\program files\microsoft games\age of mythology\aom.exe:Age of Mythology
    "TCP Query User{523F5FB3-25BB-4BBF-BEEC-12A8BAB4433B}C:\\program files\\vlc\\vlc.exe"= UDP:C:\program files\vlc\vlc.exe:VLC media player
    "UDP Query User{D2B897AE-D12E-4B1B-A7C4-376DD5172476}C:\\program files\\vlc\\vlc.exe"= TCP:C:\program files\vlc\vlc.exe:VLC media player
    "TCP Query User{AC4293CF-1E4C-456D-A5E9-D55C63712A8C}C:\\program files\\serious sam 2\\bin\\sam2.exe"= UDP:C:\program files\serious sam 2\bin\sam2.exe:Sam2.exe
    "UDP Query User{EC032255-5EF0-4611-9104-203933CA76FA}C:\\program files\\serious sam 2\\bin\\sam2.exe"= TCP:C:\program files\serious sam 2\bin\sam2.exe:Sam2.exe
    "{C90959AF-D439-456E-8496-3860C69C10B1}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
    "{3FCEFF21-F74D-411D-B372-C43F7FCE0115}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
    "{94C6498A-F8C8-4F2E-BD37-792B5D428340}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
    "{CFC10431-EAAE-408C-85B7-2EA3A40C9FF4}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
    "{BCA44E92-9BFE-4271-A95D-C136FECC7429}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "TCP Query User{3DC099DE-814E-43E1-9609-F9C45CD59831}C:\\program files\\maple 10\\jre\\bin\\maple.exe"= UDP:C:\program files\maple 10\jre\bin\maple.exe:maple.exe
    "UDP Query User{D4897CF7-A6AE-4C43-8D08-9C97649D572B}C:\\program files\\maple 10\\jre\\bin\\maple.exe"= TCP:C:\program files\maple 10\jre\bin\maple.exe:maple.exe
    "TCP Query User{4384103E-5D51-4047-AC17-D2A8EB49567B}C:\\program files\\maple 10\\jre\\bin\\java.exe"= UDP:C:\program files\maple 10\jre\bin\java.exe:java.exe
    "UDP Query User{35BCA76C-1A64-458B-AAA1-360EAD1D3ECA}C:\\program files\\maple 10\\jre\\bin\\java.exe"= TCP:C:\program files\maple 10\jre\bin\java.exe:java.exe
    "{7416B301-8C8D-457B-B1A2-78C24CA37C1D}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:o rb
    "{5DC3E9FC-11BB-4E6F-BF06-47D5FACB7AD3}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:o rb
    "{2C4FEB05-7CB6-446B-85BC-63E15BF5F14A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:o rbTray
    "{61B18EFA-7FC9-4A53-A7FE-24A9E9A32E52}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:o rbTray
    "{E21A2B53-5B06-41EE-89ED-AD69C4B3534B}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:o rbIR
    "{877953C9-565A-4F33-8088-A31B1B3CB6AA}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:o rbIR
    "{588CA41F-43B8-451C-9FDA-317694063088}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:o rb Stream Client
    "{3B5E60F9-7143-479E-BFDC-0465156DD0BF}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:o rb Stream Client
    "TCP Query User{403D3CF1-7ECD-4823-8BE7-C6C238DB8F60}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent.exe
    "UDP Query User{FB498415-9528-46CB-8845-9B7F4CA76130}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent.exe
    "TCP Query User{8B23B94E-C4DF-4920-8886-5458D4DFFDE9}C:\\program files\\battlefield vietnam\\bfvietnam.exe"= UDP:C:\program files\battlefield vietnam\bfvietnam.exe:BfVietnam.exe
    "UDP Query User{34DDAE2E-4A7E-42C8-B0E8-4CE36B5CE142}C:\\program files\\battlefield vietnam\\bfvietnam.exe"= TCP:C:\program files\battlefield vietnam\bfvietnam.exe:BfVietnam.exe
    "TCP Query User{B59B58FF-A72E-4E34-870E-1A58D560BA5D}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent.exe
    "UDP Query User{ECC690B4-7BE7-4575-8E75-742BD9E43A46}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent.exe
    "TCP Query User{51949B8A-E8E6-4DE0-830F-04E74A9985E5}C:\\program files\\battlefield vietnam\\bfvietnam_w32ded.exe"= UDP:C:\program files\battlefield vietnam\bfvietnam_w32ded.exe:bfvietnam_w32ded.exe
    "UDP Query User{CF1B6C2F-C85E-4800-82FF-108B6C0F0489}C:\\program files\\battlefield vietnam\\bfvietnam_w32ded.exe"= TCP:C:\program files\battlefield vietnam\bfvietnam_w32ded.exe:bfvietnam_w32ded.exe
    "TCP Query User{A1FEA10D-FDBB-4D26-8685-52EC001174C4}C:\\program files\\zeux\\ea games\\battlefield 2\\bf2_w32ded.exe"= UDP:C:\program files\zeux\ea games\battlefield 2\bf2_w32ded.exe:Bf2_w32ded.exe
    "UDP Query User{0CA215EA-006D-4412-BCFA-DBBEE55BDBD5}C:\\program files\\zeux\\ea games\\battlefield 2\\bf2_w32ded.exe"= TCP:C:\program files\zeux\ea games\battlefield 2\bf2_w32ded.exe:Bf2_w32ded.exe
    "TCP Query User{C1C3E00F-DFB3-49C0-B4E0-4B2FC16E9FD1}C:\\program files\\microsoft games\\age of mythology\\aomx (3).exe"= UDP:C:\program files\microsoft games\age of mythology\aomx (3).exe:Age of Mythology - The Titans Expansion
    "UDP Query User{031E1E21-9481-4254-B3A4-9294E6E998F8}C:\\program files\\microsoft games\\age of mythology\\aomx (3).exe"= TCP:C:\program files\microsoft games\age of mythology\aomx (3).exe:Age of Mythology - The Titans Expansion
    "TCP Query User{B85F3CA4-0181-4EE0-A2E2-FC3CE281722B}C:\\program files\\microsoft games\\age of mythology\\aom (2).exe"= UDP:C:\program files\microsoft games\age of mythology\aom (2).exe:Age of Mythology
    "UDP Query User{E25EB855-83E7-49FD-AEA1-C70122D73AD8}C:\\program files\\microsoft games\\age of mythology\\aom (2).exe"= TCP:C:\program files\microsoft games\age of mythology\aom (2).exe:Age of Mythology
    "TCP Query User{4CFA7A41-4E16-4F0F-92BD-86FF4A0EA78A}C:\\program files\\maple 10\\jre\\bin\\maple.exe"= UDP:C:\program files\maple 10\jre\bin\maple.exe:maple.exe
    "UDP Query User{4485F812-863F-4EE6-AFE9-3C47CE45347E}C:\\program files\\maple 10\\jre\\bin\\maple.exe"= TCP:C:\program files\maple 10\jre\bin\maple.exe:maple.exe
    "TCP Query User{54112D43-8133-4B6B-8FED-F4AE3C3964E3}C:\\program files\\microsoft games\\age of mythology\\aomx (3).exe"= UDP:C:\program files\microsoft games\age of mythology\aomx (3).exe:Age of Mythology - The Titans Expansion
    "UDP Query User{7F39D384-BDA5-468F-ABCF-FF914F6E9444}C:\\program files\\microsoft games\\age of mythology\\aomx (3).exe"= TCP:C:\program files\microsoft games\age of mythology\aomx (3).exe:Age of Mythology - The Titans Expansion
    "TCP Query User{4D64A671-865A-45F4-9B8B-303F874659E0}C:\\program files\\microsoft games\\age of mythology\\aom (2).exe"= UDP:C:\program files\microsoft games\age of mythology\aom (2).exe:Age of Mythology
    "UDP Query User{FCC90EB2-F2F0-4C79-8376-DDA2AB1A2777}C:\\program files\\microsoft games\\age of mythology\\aom (2).exe"= TCP:C:\program files\microsoft games\age of mythology\aom (2).exe:Age of Mythology

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

    R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 16:34]
    R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16:34]
    R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 16:34]
    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 16:51]
    R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 14:24]
    R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 16:34]
    R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 15:00]
    R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 14:05]
    R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
    R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 12:23]
    R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 07:23]
    R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 12:03]
    R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 10:26]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 10:57]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
    S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 22:46]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 22:46]
    S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 16:47]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74833774-a6ec-11dc-b17a-e3a2a79b2d9e}]
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toy.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-06-05 18:06:48 C:\Windows\Tasks\User_Feed_Synchronization-{19BB1475-95D8-42A2-BBE3-6790E09093C7}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-06 12:56:18
    Windows 6.0.6000 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\Windows\Explorer.exe
    -> ?:\Windows\system32\LINKINFO.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Windows\System32\audiodg.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\System32\drivers\XAudio.exe
    C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    C:\Windows\System32\wbem\unsecapp.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\conime.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Acer\Empowering Technology\eNet\eNMTray.exe
    C:\Program Files\Apoint2K\ApntEx.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\System32\sdclt.exe
    C:\Windows\assembly\GAC_32\mcupdate\6.0.6000.0__31bf3856ad364e35\mcupdate.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-06 13:03:43 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-06 11:03:20
    ComboFix2.txt 2008-06-05 18:10:36

    Pre-Run: 23,170,846,720 octets libres
    Post-Run: 22,224,990,208 octets libres

    369 --- E O F --- 2008-06-06 10:59:08
    6 Juin 2008 13:55:04

    Il m'a aussi demandé pour aller sur internet pour avoir plus de renseignement sur un fichier mais je ne savais duquel fichier il parlait donc je n'ai rien fait .
    6 Juin 2008 17:45:52

    Re,

    Télécharge Flash Disinfector (de sUBs) sur ton Bureau.

  • Connecte tous les périphériques externes ( DD , USB , ..... )
  • Double clique sur Flash Disinfector et laisse toi guider.

    ******

    Supprime C:\327882R2FWJFW

    - Poste de travail/outils/option des dossiers/affichage/afficher les fichiers et dossiers cachés/Appliquer - - > OK
    - Poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d’exploitation/Appliquer - - > OK

    Tu recoches ces options après !

    Fais analyser ce(s) fichier(s) sur ce site >> Virustotal <<

  • Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier : C:\Windows\system32\ LINKINFO.dll
  • Clique maintenant sur Envoyer le fichier.
  • Poste le rapport (De Fichier *** reçu le *** jusqu’à SHA1 : ***)
    6 Juin 2008 18:11:05

    Je n'arrive pas à aller sur virustotal
    il m'envoir deux messages d'erreur, l'un ou l'autre :
    Service Temporarily Unavailable

    The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

    le deuzième:

    Proxy Error

    The proxy server received an invalid response from an upstream server.
    The proxy server could not handle the request GET /flash/index_en.html.

    Reason: Error reading from remote server

    Pourtant je ne passe pas par un proxy pour ma connection internet
    6 Juin 2008 18:31:17

    Le deuxième ..?
    6 Juin 2008 18:39:14

    Proxy error c'est le deuzieme
    Le premier s'est the server is temporarily unable to service...
    6 Juin 2008 18:51:31

    Je n'ai pas réussi à le trouver dans parcourir mais quand je fesait une recherche à partir de window dans tous les fichiers de mon système il le trouvait , donc j'ai quand meme fait le scan en copiant le nom du fichier ...

    Fichier linkinfo.dll reçu le 2008.06.06 18:47:50 (CET)
    Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
    Résultat: 0/32 (0%)
    en train de charger les informations du serveur...
    Votre fichier est dans la file d'attente, en position: ___.
    L'heure estimée de démarrage est entre ___ et ___ .
    Ne fermez pas la fenêtre avant la fin de l'analyse.
    L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
    Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
    Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
    les résultats seront affichés au fur et à mesure de leur génération.
    Formaté Formaté
    Impression des résultats Impression des résultats
    Votre fichier a expiré ou n'existe pas.
    Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

    Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
    Email:

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.5.30.1 2008.06.05 -
    AntiVir 7.8.0.55 2008.06.06 -
    Authentium 5.1.0.4 2008.06.06 -
    Avast 4.8.1195.0 2008.06.06 -
    AVG 7.5.0.516 2008.06.06 -
    BitDefender 7.2 2008.06.06 -
    CAT-QuickHeal 9.50 2008.06.06 -
    ClamAV 0.92.1 2008.06.06 -
    DrWeb 4.44.0.09170 2008.06.06 -
    eSafe 7.0.15.0 2008.06.05 -
    eTrust-Vet 31.6.5853 2008.06.06 -
    Ewido 4.0 2008.06.06 -
    F-Prot 4.4.4.56 2008.06.05 -
    F-Secure 6.70.13260.0 2008.06.06 -
    Fortinet 3.14.0.0 2008.06.06 -
    GData 2.0.7306.1023 2008.06.06 -
    Ikarus T3.1.1.26.0 2008.06.06 -
    Kaspersky 7.0.0.125 2008.06.06 -
    McAfee 5311 2008.06.05 -
    Microsoft 1.3604 2008.06.06 -
    NOD32v2 3164 2008.06.06 -
    Norman 5.80.02 2008.06.06 -
    Panda 9.0.0.4 2008.06.05 -
    Prevx1 V2 2008.06.06 -
    Rising 20.47.42.00 2008.06.06 -
    Sophos 4.30.0 2008.06.06 -
    Sunbelt 3.0.1145.1 2008.06.05 -
    Symantec 10 2008.06.06 -
    TheHacker 6.2.92.338 2008.06.06 -
    VBA32 3.12.6.7 2008.06.06 -
    VirusBuster 4.3.26:9 2008.06.06 -
    Webwasher-Gateway 6.6.2 2008.06.06 -
    Information additionnelle
    File size: 22016 bytes
    MD5...: 24f90aefebe601d427cb4511e74cdcb6
    SHA1..: 20f061224a9e002da9b9a61a897909ac13b516dd
    6 Juin 2008 18:56:16

    Ok, poste un nouveau rapport HijackThis.
    6 Juin 2008 21:12:51

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:10:33, on 06/06/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.iesearch.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O13 - Gopher Prefix:
    O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_ac...
    O20 - AppInit_DLLs: eNetHook.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Common\Database\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 7708 bytes
    6 Juin 2008 23:26:12

    Re,

    Télécharge Clean (de Malekal) sur ton Bureau.

  • Dézippe le sur ton Bureau. Double-clic sur le dossier Clean qui vient d'apparaître.
  • Double-clic sur Clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
  • Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
  • Poste le rapport qui se trouve ici : C:\rapport_clean.txt

    Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.

    Aide : Comment utiliser Clean.
    7 Juin 2008 09:59:27

    Voici le rapport

    07/06/2008 a 9:26:30,20

    *** Recherche C:
    C:\autorun.inf FOUND

    *** Recherche C:\Windows\

    *** Recherche C:\Windows\system32
    C:\Windows\system32\wininit.exe FOUND
    C:\Windows\system32\wininit.exe FOUND

    *** Recherche C:\Program Files
    "C:\Program Files\Uninstall.exe" FOUND
    *** End of the report !


    Par contre j'ai obtenue un fichier
    upload_moi_oscar.tar.gz
    Mais je n'arrive pas à l'envoyer , je suis la procédure comme indiquer , mais au bout de 5 min , il me dit qu'il n'a recu aucun fichier .
    Es ce que je dois d'abord dézippé upload_moi_oscar.tar et apres les envoyer un par un ?
    7 Juin 2008 13:17:29

    Re,

    Sélectionne l’intégralité du cadre ci-dessous (espaces compris) :
    REGEDIT4

    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74833774-a6ec-11dc-b17a-e3a2a79b2d9e}]


    Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Enregistre le sous sur ton Bureau sous le nom de Correction.reg
    Double-clique dessus, accepte l’inscription des données.


    **********

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées :
    Redémarre en mode sans échec
    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.

    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    [#FF0000]Aide
    : Comment utiliser MBAM.
    7 Juin 2008 14:30:08

    Malwarebytes' Anti-Malware 1.15
    Version de la base de données: 837

    14:21:07 07/06/2008
    mbam-log-6-7-2008 (14-21-07).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|F:\|)
    Eléments examinés: 195682
    Temps écoulé: 42 minute(s), 34 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 4
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 5

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{0cf5d165-517e-48b6-b3c7-3054a24f8bf6} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\QooBox\Quarantine\C\Windows\System32\mlJYqNFv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\pmnoOGYO.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\ssqOHywV.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\xxyyyYqo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    7 Juin 2008 14:31:54

    Ok,

    Supprime C:\Program Files\Uninstall.exe.

    Poste un nouveau rapport HJT.
    7 Juin 2008 17:55:08

    Voici le rapport HJT

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:49:48, on 07/06/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.iesearch.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O13 - Gopher Prefix:
    O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_ac...
    O20 - AppInit_DLLs: eNetHook.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Common\Database\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 7616 bytes
    7 Juin 2008 18:46:30

    Re,

    Relance HijackThis (clique droit -> lancer en tant qu'adminstrateur sous Vista), do a system scan only, coche ces lignes (si toujours présentes) :
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/y [...] .yahoo.com

    Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
    Puis Fix Checked !

    Sélectionne l’intégralité du cadre ci-dessous :
    @echo off & cls
    sc config VundoFixSvc start= disabled
    sc stop VundoFixSvc
    sc delete VundoFixSvc
    cd %windir%\system32 & del VundoFixSVC.exe
    exit

    Copie/colle le dans le Bloc-notes (Démarrer\Tous les programmes\Accessoires\Bloc-notes.)
    Enregistre le sous sur ton Bureau sous le nom de Correction.bat
    Double-clique dessus. Poste le rapport généré (si présent).

    Puis poste un nouveau rapport HijackThis =)
    7 Juin 2008 21:02:05

    Je l'enregistre sur mon bureau , et je double clique dessus , mais la fenetre apparait et disparait immédiatement . J'ai même essayer en mode sans echec , rien n'y fait .
    7 Juin 2008 22:40:56

    Au faite , je parle du fichier Correction.bat .
    8 Juin 2008 18:10:44

    C'est normal. Reposte un HijackThis ;) 
    8 Juin 2008 18:23:26

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:21:56, on 08/06/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.iesearch.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O13 - Gopher Prefix:
    O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_ac...
    O20 - AppInit_DLLs: eNetHook.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Common\Database\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 7137 bytes
    8 Juin 2008 18:36:57

    Re,

    Sélectionne l’intégralité du cadre ci-dessous :
    @echo off & cls
    sc config CLTNetCnServicestart= disabled
    sc delete CLTNetCnService
    exit

    Copie/colle le dans le Bloc-notes (Démarrer\Tous les programmes\Accessoires\Bloc-notes.)
    Enregistre le sous sur ton Bureau sous le nom de Correction.bat
    Double-clique dessus. Poste le rapport généré (si présent).

    *********

    Télécharge ToolsCleaner2 (de A.Rothstein)

  • Installe le sur ton Bureau.
  • Clique sur Recherche pour lancer le scan.
  • Clique sur Supprimer pour nettoyer les outils utilisés.
  • Clique sur Quitter.
  • Poste ce rapport ~>C:\TCleaner.txt<~

  • Garde Ccleaner, Avg (ou MBAM) et AntiVir si nous les avons installés..
  • Désactive-réactive la restauration système.
  • Rapporte ton infection sur Malware Complaints >Tuto<
  • Ton(tes) infection(s) : Lop, Vundo.
  • Si tu ne la trouves pas dans la liste, poste dans Autres infections,

  • Mets ton ordi correctement à jour >ici<
  • Si ce n'est pas fait, assure-toi que les Mises à jour Automatiques Windows soient activées !

    Puis regarde ces dossiers :

    - Sécurité/Prévention
    - Conséquences de la multi-protection
    - Toolbars : Inutilité et ralentissements

    Bonne journée/soirée :) 
    8 Juin 2008 18:58:11

    re

    Le fichier Correction.bat ne répond toujours pas , il s'ouvre puis se quitte automatiquement

    Voila le rapport Tcleaner

    -->- Recherche:

    C:\Combofix: trouvé !
    C:\Lop SD: trouvé !
    C:\Qoobox: trouvé !
    C:\Lop SD\Lop S&D.lnk: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
    C:\Users\kiwi\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Users\kiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\Lop S&D: trouvé !
    C:\Users\kiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lop S&D: trouvé !
    C:\Users\kiwi\Desktop\HijackThis.lnk: trouvé !
    C:\Users\kiwi\Desktop\Lop S&D.lnk: trouvé !
    C:\Users\kiwi\Desktop\LopSD.exe: trouvé !
    C:\Users\kiwi\Desktop\ComboFix.exe: trouvé !
    C:\Users\kiwi\Desktop\HJTInstall.exe: trouvé !
    C:\Users\kiwi\Desktop\Qoobox: trouvé !
    C:\Users\kiwi\Desktop\clean\tar.exe: trouvé !
    C:\Users\kiwi\Desktop\clean\remove.reg: trouvé !
    C:\Users\kiwi\Desktop\clean\LFiles.exe: trouvé !
    C:\Users\kiwi\Desktop\clean\gzip.exe: trouvé !
    C:\Users\kiwi\Desktop\clean\delsiri.cmd: trouvé !
    C:\Users\kiwi\Desktop\clean\delr.cmd: trouvé !
    C:\Users\kiwi\Desktop\clean\del3.cmd: trouvé !
    C:\Users\kiwi\Desktop\clean\del2.cmd: trouvé !
    C:\Users\kiwi\Desktop\clean\clean.cmd: trouvé !
    C:\Users\kiwi\Desktop\clean\cherche.cmd: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Lop SD\Lop S&D.lnk: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
    C:\Users\kiwi\Desktop\HijackThis.lnk: supprimé !
    C:\Users\kiwi\Desktop\Lop S&D.lnk: supprimé !
    C:\Users\kiwi\Desktop\LopSD.exe: supprimé !
    C:\Users\kiwi\Desktop\ComboFix.exe: supprimé !
    C:\Users\kiwi\Desktop\HJTInstall.exe: supprimé !
    C:\Users\kiwi\Desktop\clean\tar.exe: supprimé !
    C:\Users\kiwi\Desktop\clean\remove.reg: supprimé !
    C:\Users\kiwi\Desktop\clean\LFiles.exe: supprimé !
    C:\Users\kiwi\Desktop\clean\gzip.exe: supprimé !
    C:\Users\kiwi\Desktop\clean\delsiri.cmd: supprimé !
    C:\Users\kiwi\Desktop\clean\delr.cmd: supprimé !
    C:\Users\kiwi\Desktop\clean\del3.cmd: supprimé !
    C:\Users\kiwi\Desktop\clean\del2.cmd: supprimé !
    C:\Users\kiwi\Desktop\clean\clean.cmd: supprimé !
    C:\Users\kiwi\Desktop\clean\cherche.cmd: supprimé !
    C:\Combofix: supprimé !
    C:\Lop SD: supprimé !
    C:\Qoobox: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !
    C:\Users\kiwi\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis: supprimé !
    C:\Users\kiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\Lop S&D: ERREUR DE SUPPRESSION !!
    C:\Users\kiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lop S&D: supprimé !
    C:\Users\kiwi\Desktop\Qoobox: supprimé !


    La procédure désactivation ,réactivation de la restauration système est expliqué pour xp , pas de consequence si je l'applique avec Vista ?
        • 1 / 2
        • 2
        • Dernier
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS