Se connecter / S'enregistrer
Votre question

[Résolu] Comment supprimer " System integrity scan wizard"

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
30 Avril 2008 08:37:11

Bonjour, a tous j'ai besoin de votre aide

il y a quelques jour que j'ai une fenetre qui s'ouvre m'indiqant que j'ai un virus comment supprimer cette fenetre

" System integrity scan wizard"


merci de votre aide

Autres pages sur : resolu supprimer system integrity scan wizard

30 Avril 2008 09:42:23

:hello:  Bonjour,

Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
NB : Tu dois être connecté avec des droits d'Administrateur.
  • ferme toutes les applications et fenêtres
  • double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous
    Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)
  • s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
  • tu devras cliquer 2 fois sur le OK des boîtes de dialogue
    Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée
  • quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :
    main.txt <- ouvert en premier plan et en plein écran
    extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
    S'il s'agit d'une utilisation supplémentaire de DSS :
  • tu n'auras pas de boîte de dialogue (pas de OK)
  • quand le traitement est terminé, un fichier texte s'affiche :
    main.txt <- ouvert en premier plan et en plein écran

  • copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post
  • copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)
  • n'oublie pas de réactiver les protections si elles ont été stoppées.



    Ce que fait DSS :
  • crée un point de restauration dans Windows XP et Vista
  • nettoie les fichiers temporaires, DPF-Downloaded Program Files et le Cache Internet, vide la Corbeille de tous les lecteurs
  • vérifie quelques zones importantes de ton système et établit un rapport pour examen par ton conseiller en sécurité. DSS lance automatiquement HijackThis pour toi; il va aussi créer un raccourci HijackThis sur ton Bureau si tu n'as pas déjà HijackThis d'installé.

    ;) 
    30 Avril 2008 13:30:02

    Je yiens a te remercier Merillym pour l'intteret que tu porte a mon topic. j'ai fait se que tu m'a demandé voici les résultats:

    main.txt


    Deckard's System Scanner v20071014.68
    Run by Moi on 2008-04-30 13:21:17
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- Last 5 Restore Point(s) --
    7: 2008-04-29 19:20:36 UTC - RP53 - Installed Vista Codec Package.
    6: 2008-04-29 16:31:12 UTC - RP52 - Scheduled Checkpoint
    5: 2008-04-28 20:13:22 UTC - RP51 - SPTD setup V1.50
    4: 2008-04-28 15:58:06 UTC - RP49 - Scheduled Checkpoint
    3: 2008-04-27 17:28:32 UTC - RP48 - Scheduled Checkpoint


    -- First Restore Point --
    1: 2008-04-26 12:40:54 UTC - RP46 - Scheduled Checkpoint


    Backed up registry hives.
    Performed disk cleanup.

    Total Physical Memory: 1022 MiB (1024 MiB recommended).


    -- HijackThis (run as Moi.exe) -------------------------------------------------

    logfile has no content; running clone.
    -- HijackThis Clone ------------------------------------------------------------


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2008-04-30 13:25:21
    Platform: Windows Vista (6.00.6000)
    MSIE: Internet Explorer (7.00.6000.16386)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\dwm.exe
    C:\Windows\explorer.exe
    C:\Windows\System32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\ProgramData\lmlywgbl\opytqxsx.exe
    C:\ProgramData\abkhsdox\almrspon.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\System32\svehost.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Windows\System32\taskeng.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\microsoft shared\Windows Live\WLLoginProxy.exe
    C:\Windows\System32\Macromed\Flash\FlashUtil9f.exe
    C:\Users\Moi\Desktop\dss.exe
    C:\Windows\System32\conime.exe
    C:\Windows\System32\SearchFilterHost.exe
    C:\Program Files\Google\googletoolbar1user.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [lmlywgbl] C:\ProgramData\lmlywgbl\opytqxsx.exe
    O4 - HKCU\..\Run: [9YMGPAClWx] C:\ProgramData\abkhsdox\almrspon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
    O4 - Global Startup: E_SPSU01.lnk = C:\Windows\System32\spool\drivers\w32x86\3\E_SPSU01.EXE
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
    O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
    O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe


    --
    End of file - 7242 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    S0 OemBiosDevice (Royalty OEM Bios Extension) - c:\windows\system32\drivers\royal.sys <Not Verified; PARADOX; SLP Kernel-Mode Driver>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Files created between 2008-03-30 and 2008-04-30 -----------------------------

    2008-04-30 13:25:05 0 d-------- C:\Program Files\Trend Micro
    2008-04-30 07:49:19 2156 --a------ C:\Windows\system32\tmp.reg
    2008-04-29 21:21:37 0 d-------- C:\Users\All Users\Apple Computer
    2008-04-29 21:21:37 0 d-------- C:\Program Files\VistaCodecPack
    2008-04-29 21:21:19 0 d-------- C:\Program Files\illiminable
    2008-04-29 08:04:01 0 d-------- C:\Users\All Users\lmlywgbl
    2008-04-29 08:04:01 0 d-------- C:\Users\All Users\abkhsdox
    2008-04-29 07:56:26 0 d-------- C:\Program Files\MagicISO
    2008-04-28 22:13:53 685816 --a------ C:\Windows\system32\drivers\sptd.sys
    2008-04-28 20:49:07 530 --a------ C:\Windows\eReg.dat
    2008-04-24 22:05:24 0 d-------- C:\Program Files\Microsoft Etudes
    2008-04-24 22:02:19 0 d-------- C:\Program Files\Learning Essentials
    2008-04-23 22:23:12 0 d-------- C:\Program Files\Doblon
    2008-04-23 22:11:02 0 d-------- C:\Users\Moi\Incomplete
    2008-04-23 21:59:36 0 d-------- C:\Program Files\Java
    2008-04-23 21:57:45 0 d-------- C:\Program Files\Common Files\Java
    2008-04-23 21:57:20 0 d-------- C:\Program Files\LimeWire
    2008-04-23 13:27:30 0 d-------- C:\Program Files\Anti-Leech
    2008-04-23 08:33:56 0 d-------- C:\Program Files\PDF - Word
    2008-04-23 08:32:55 0 d-a------ C:\Users\All Users\TEMP
    2008-04-22 23:18:43 0 d-------- C:\Users\All Users\Azureus
    2008-04-22 23:16:54 0 d-------- C:\Program Files\Azureus
    2008-04-22 21:31:37 111932 --a------ C:\Windows\system32\EPPICPrinterDB.dat
    2008-04-22 21:31:37 1139 --a------ C:\Windows\system32\EPPICPresetData_PT.dat
    2008-04-22 21:31:37 1120 --a------ C:\Windows\system32\EPPICPresetData_IT.dat
    2008-04-22 21:31:37 1107 --a------ C:\Windows\system32\EPPICPresetData_GE.dat
    2008-04-22 21:31:37 1129 --a------ C:\Windows\system32\EPPICPresetData_FR.dat
    2008-04-22 21:31:37 1136 --a------ C:\Windows\system32\EPPICPresetData_ES.dat
    2008-04-22 21:31:37 1104 --a------ C:\Windows\system32\EPPICPresetData_EN.dat
    2008-04-22 21:31:37 1146 --a------ C:\Windows\system32\EPPICPresetData_DU.dat
    2008-04-22 21:31:37 1129 --a------ C:\Windows\system32\EPPICPresetData_CF.dat
    2008-04-22 21:31:37 1139 --a------ C:\Windows\system32\EPPICPresetData_BP.dat
    2008-04-22 21:31:37 4943 --a------ C:\Windows\system32\EPPICPattern6.dat
    2008-04-22 21:31:37 21390 --a------ C:\Windows\system32\EPPICPattern5.dat
    2008-04-22 21:31:37 11811 --a------ C:\Windows\system32\EPPICPattern4.dat
    2008-04-22 21:31:37 24903 --a------ C:\Windows\system32\EPPICPattern3.dat
    2008-04-22 21:31:37 20148 --a------ C:\Windows\system32\EPPICPattern2.dat
    2008-04-22 21:31:37 31053 --a------ C:\Windows\system32\EPPICPattern131.dat
    2008-04-22 21:31:37 27417 --a------ C:\Windows\system32\EPPICPattern121.dat
    2008-04-22 21:31:37 26154 --a------ C:\Windows\system32\EPPICPattern1.dat
    2008-04-22 18:44:45 0 d-------- C:\Program Files\FMA 2
    2008-04-22 17:22:02 0 d-------- C:\Windows\system32\appmgmt
    2008-04-22 16:48:14 0 d-------- C:\Users\All Users\NVIDIA
    2008-04-22 16:08:27 0 d-------- C:\Users\All Users\Google
    2008-04-22 16:08:00 0 d-------- C:\Users\All Users\Google Updater
    2008-04-22 16:07:56 0 d-------- C:\Program Files\Google
    2008-04-22 03:23:25 0 d-------- C:\Windows\Panther
    2008-04-22 03:23:10 0 d--hs---- C:\Boot
    2008-04-21 21:56:39 0 d-------- C:\Users\All Users\Nero
    2008-04-21 21:56:39 0 d-------- C:\Program Files\Nero
    2008-04-21 21:56:39 0 d-------- C:\Program Files\Common Files\Nero
    2008-04-21 21:45:26 0 d-------- C:\Windows\system32\Macromed
    2008-04-21 21:17:29 0 d-------- C:\Program Files\EPSON
    2008-04-21 21:17:04 0 -rahs---- C:\MSDOS.SYS
    2008-04-21 21:17:04 0 -rahs---- C:\IO.SYS
    2008-04-21 20:13:18 942080 -r-hs---- C:\Windows\system32\svehost.exe
    2008-04-21 20:03:20 0 d-------- C:\Program Files\Synaptics
    2008-04-21 20:02:06 0 d-------- C:\Program Files\Microsoft Silverlight
    2008-04-21 19:45:08 0 d-------- C:\Program Files\CONEXANT
    2008-04-21 19:37:37 0 d-------- C:\Program Files\Common Files\Adobe
    2008-04-21 19:37:27 0 d-------- C:\Users\All Users\Adobe
    2008-04-21 19:31:28 196608 --a------ C:\Windows\system32\pdfcmnnt.dll <Not Verified; internet-support foehr.com; RedMon EE>
    2008-04-21 19:31:27 119568 --a------ C:\Windows\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
    2008-04-21 19:31:27 141312 --a------ C:\Windows\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>
    2008-04-21 19:31:27 59904 --a------ C:\Windows\system32\MSCC2FR.DLL <Not Verified; Microsoft Corporation; Bibliothèque d'objets de Microsoft Common Controls 2>
    2008-04-21 19:31:26 23552 --a------ C:\Windows\system32\MSMPIDE.DLL <Not Verified; Microsoft Corporation; MSMAPI-Steuerelementbibliothek>
    2008-04-21 19:31:26 0 d-------- C:\Program Files\PDFCreator
    2008-04-21 19:17:55 0 d-------- C:\Program Files\Microsoft Works
    2008-04-21 19:15:17 0 d-------- C:\Program Files\Microsoft.NET
    2008-04-21 19:11:08 0 d-------- C:\Program Files\Microsoft Visual Studio 8
    2008-04-21 19:09:18 0 d-------- C:\Users\All Users\Microsoft Help
    2008-04-21 19:07:42 0 d-------- C:\Program Files\Alwil Software
    2008-04-21 19:06:36 0 dr-h----- C:\MSOCache
    2008-04-21 19:02:10 0 d-------- C:\Program Files\IZArc
    2008-04-21 18:47:52 240128 --a------ C:\Windows\system32\drivers\royal.sys <Not Verified; PARADOX; SLP Kernel-Mode Driver>
    2008-04-21 18:43:41 0 d------c- C:\Windows\system32\DRVSTORE
    2008-04-21 18:42:45 0 d-------- C:\System.sav
    2008-04-21 18:42:44 0 d-------- C:\swsetup
    2008-04-21 18:39:23 0 d-------- C:\Users\All Users\Messenger Plus!
    2008-04-21 18:36:03 688952 --a------ C:\Windows\system32\perfh00C.dat
    2008-04-21 18:36:03 117092 --a------ C:\Windows\system32\perfc00C.dat
    2008-04-21 18:34:19 0 d-------- C:\Windows\fr-FR
    2008-04-21 18:34:11 0 d-------- C:\Windows\system32\fr
    2008-04-21 18:34:11 0 d-------- C:\Windows\system32\drivers\fr-FR
    2008-04-21 18:34:11 0 d-------- C:\Windows\system32\040C
    2008-04-21 18:17:45 0 d-------- C:\Program Files\Messenger Plus! Live
    2008-04-21 17:53:02 0 d-------- C:\Windows\PCHEALTH
    2008-04-21 17:40:04 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-04-21 17:39:40 0 d-------- C:\Program Files\Windows Live
    2008-04-21 17:39:14 0 d--hs---- C:\Windows\Installer
    2008-04-21 17:39:10 0 d-------- C:\Users\All Users\WLInstaller
    2008-04-21 17:34:43 0 dr------- C:\Users\Moi\Searches
    2008-04-21 17:34:31 0 dr------- C:\Users\Moi\Contacts
    2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\Templates
    2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\Start Menu
    2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\SendTo
    2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\Recent
    2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\PrintHood
    2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\NetHood
    2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\My Documents
    2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\Local Settings
    2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\Cookies
    2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\Application Data
    2008-04-21 17:34:25 0 dr------- C:\Users\Moi\Videos
    2008-04-21 17:34:25 0 dr------- C:\Users\Moi\Saved Games
    2008-04-21 17:34:25 0 dr------- C:\Users\Moi\Pictures
    2008-04-21 17:34:25 2621440 --ahs---- C:\Users\Moi\NTUSER.DAT
    2008-04-21 17:34:25 0 dr------- C:\Users\Moi\Music
    2008-04-21 17:34:25 0 dr------- C:\Users\Moi\Links
    2008-04-21 17:34:25 0 dr------- C:\Users\Moi\Favorites
    2008-04-21 17:34:25 0 d-------- C:\Users\Moi\Downloads
    2008-04-21 17:34:25 0 dr------- C:\Users\Moi\Documents
    2008-04-21 17:34:25 0 dr------- C:\Users\Moi\Desktop
    2008-04-21 17:34:25 0 d--h----- C:\Users\Moi\AppData
    2008-04-21 17:28:03 0 d-------- C:\Windows\SoftwareDistribution
    2008-04-21 17:26:15 0 d-------- C:\Windows\Debug
    2008-04-21 17:26:14 0 d-------- C:\Windows\CSC
    2008-04-21 17:24:35 0 d-------- C:\Windows\Prefetch
    2008-04-21 17:24:20 0 d--hs---- C:\System Volume Information


    -- Find3M Report ---------------------------------------------------------------

    2008-04-30 07:57:12 54547 --a------ C:\Users\Moi\AppData\Roaming\nvModes.dat
    2008-04-30 07:57:12 54547 --a------ C:\Users\Moi\AppData\Roaming\nvModes.001
    2008-04-30 07:53:06 35 --a------ C:\Users\Moi\AppData\Roaming\SetValue.bat
    2008-04-30 07:53:06 691 --a------ C:\Users\Moi\AppData\Roaming\GetValue.vbs
    2008-04-23 22:22:48 0 d-------- C:\Users\Moi\AppData\Roaming\LimeWire
    2008-04-23 21:57:45 0 d-------- C:\Program Files\Common Files
    2008-04-23 09:12:21 0 d-------- C:\Users\Moi\AppData\Roaming\Azureus
    2008-04-23 08:41:21 0 d-------- C:\Users\Moi\AppData\Roaming\AdobeUM
    2008-04-22 21:31:31 0 d-------- C:\Users\Moi\AppData\Roaming\InstallShield
    2008-04-22 20:23:12 0 d-------- C:\Users\Moi\AppData\Roaming\FMA
    2008-04-22 16:09:21 0 d-------- C:\Users\Moi\AppData\Roaming\Google
    2008-04-21 22:01:20 0 d-------- C:\Users\Moi\AppData\Roaming\Nero
    2008-04-21 21:45:30 0 d-------- C:\Users\Moi\AppData\Roaming\Macromedia
    2008-04-21 21:45:29 0 d-------- C:\Users\Moi\AppData\Roaming\Adobe
    2008-04-21 21:06:11 174 --ahs---- C:\Program Files\desktop.ini
    2008-04-21 21:01:07 0 d-------- C:\Program Files\Windows Calendar
    2008-04-21 21:01:06 0 d-------- C:\Program Files\Windows Mail
    2008-04-21 21:01:04 0 d-------- C:\Program Files\Windows Defender
    2008-04-21 21:01:00 0 d-------- C:\Program Files\Windows Sidebar
    2008-04-21 19:17:33 0 d-------- C:\Program Files\MSBuild
    2008-04-21 18:34:20 0 d-------- C:\Program Files\Windows Photo Gallery
    2008-04-21 18:34:20 0 d-------- C:\Program Files\Windows Journal
    2008-04-21 18:34:20 0 d-------- C:\Program Files\Windows Collaboration
    2008-04-21 18:34:20 0 d-------- C:\Program Files\Movie Maker
    2008-04-21 17:34:33 0 d-------- C:\Users\Moi\AppData\Roaming\Identities


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [21/04/2008 20:09]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [29/03/2008 19:37]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [27/02/2007 11:26]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [27/02/2007 11:26]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [27/02/2007 11:26]
    "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [15/09/2007 02:29]
    "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 14:57]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [03/12/2007 14:21]
    "Microsoft Updates"="svehost.exe" [21/04/2008 20:13 C:\Windows\System32\svehost.exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [21/04/2008 19:51]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [13/12/2007 19:10]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [22/04/2008 16:08]
    "lmlywgbl"="C:\ProgramData\lmlywgbl\opytqxsx.exe" [29/04/2008 08:04]
    "9YMGPAClWx"="C:\ProgramData\abkhsdox\almrspon.exe" [29/04/2008 08:04]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 14:33]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "Microsoft Updates"=svehost.exe

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    E_SPSU01.lnk - C:\Windows\System32\spool\drivers\w32x86\3\E_SPSU01.EXE [21/04/2008 21:21:13]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 4:44:06]
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [22/04/2008 16:08:00]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @="IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @="SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @="SecurityDevices"


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-04-30 13:26:44 ------------




    extra.txt

    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft® Windows Vista™ Édition Intégrale (build 6000)
    Architecture: X86; Language: English

    CPU 0: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
    Percentage of Memory in Use: 69%
    Physical Memory (total/avail): 1021.44 MiB / 313.52 MiB
    Pagefile Memory (total/avail): 2296.46 MiB / 1347.3 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1900.93 MiB

    C: is Fixed (NTFS) - 83.42 GiB total, 47.35 GiB free.
    D: is Fixed (NTFS) - 93.16 GiB total, 79.23 GiB free.
    E: is Fixed (FAT32) - 8.72 GiB total, 1.36 GiB free.
    F: is CDROM (No Media)
    G: is Fixed (NTFS) - 74.53 GiB total, 34.87 GiB free.

    \\.\PHYSICALDRIVE0 - FUJITSU MHV2100BH PL ATA Device - 93.16 GiB - 3 partitions
    \PARTITION0 (bootable) - Système de fichiers installable - 83.42 GiB - C:
    \PARTITION1 - Unknown - 8.73 GiB - E:
    \PARTITION2 - Unknown - 1027.56 MiB

    \\.\PHYSICALDRIVE1 - FUJITSU MHV2100BH PL ATA Device - 93.16 GiB - 1 partition
    \PARTITION0 (bootable) - Système de fichiers installable - 93.16 GiB - D:

    \\.\PHYSICALDRIVE2 - HITACHI HTS541680J9SA00 USB Device - 74.53 GiB - 1 partition
    \PARTITION0 (bootable) - Système de fichiers installable - 74.53 GiB - G:



    -- Security Center -------------------------------------------------------------

    AUOptions is disabled.
    Windows Internal Firewall is disabled.

    AV: avast! antivirus 4.8.1169 [VPS 080430-0] v4.8.1169 (ALWIL Software) Disabled
    AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
    AS: avast! antivirus 4.8.1169 [VPS 080430-0] v4.8.1169 (ALWIL Software) Disabled

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\ProgramData
    APPDATA=C:\Users\Moi\AppData\Roaming
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=QUENTIN
    ComSpec=C:\Windows\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Users\Moi
    LOCALAPPDATA=C:\Users\Moi\AppData\Local
    LOGONSERVER=\\QUENTIN
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0f06
    ProgramData=C:\ProgramData
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    PUBLIC=C:\Users\Public
    SystemDrive=C:
    SystemRoot=C:\Windows
    TEMP=C:\Users\Moi\AppData\Local\Temp
    TMP=C:\Users\Moi\AppData\Local\Temp
    USERDOMAIN=Quentin
    USERNAME=Moi
    USERPROFILE=C:\Users\Moi
    windir=C:\Windows


    -- User Profiles ---------------------------------------------------------------

    Moi


    -- Add/Remove Programs ---------------------------------------------------------

    --> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
    --> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
    --> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
    --> C:\Windows\UNNeroShowTime.exe /UNINSTALL
    --> C:\Windows\UNNeroVision.exe /UNINSTALL
    --> C:\Windows\UNRecode.exe /UNINSTALL
    --> MsiExec.exe /I{0F122737-72B2-4095-8B3E-7AAE753DFD3D}
    Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 7.0 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000}
    Anti-Leech Plugin for Internet Explorer --> C:\Program Files\Anti-Leech\ALIE_1.0.2.3\iesetup2.exe uninstall
    Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    Azureus --> C:\Program Files\Azureus\Uninstall.exe
    Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
    Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -IwisR30B7.INF
    EPSON Logiciel imprimante --> C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
    FLAC codecs --> C:\Program Files\illiminable\oggcodecs\uninst.exe
    floAt's Mobile Agent 2 --> "C:\Program Files\FMA 2\unins000.exe"
    Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
    HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IwqcVenz.inf
    Intel(R) Network Connections Drivers --> Prounstl.exe
    IZArc 3.81 --> "C:\Program Files\IZArc\unins000.exe"
    Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
    Les Indispensables Éducation pour Microsoft Office --> MsiExec.exe /X{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}
    LimeWire PRO 4.13.6 --> "C:\Program Files\LimeWire\uninstall.exe"
    Magic ISO Maker v5.3 (build 0229) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
    Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft Encarta 2008 - Études --> MsiExec.exe /I{08181881-FCA5-44A7-B863-D66037A16AAF}
    Microsoft Encarta Maths --> MsiExec.exe /I{07183840-959A-4B0D-8825-2C533F0DDB19}
    Microsoft Office Access MUI (French) 2007 --> MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007 --> MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (French) 2007 --> MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (French) 2007 --> MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007 --> MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
    Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007 --> MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007 --> MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007 --> MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007 --> MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007 --> MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Nero 8 --> MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1036}
    neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
    Outil de mise à jour Google --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
    PDFCreator --> C:\Program Files\PDFCreator\unins000.exe
    Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
    VeryPDF PDF2Word v2.0 --> "C:\Program Files\PDF - Word\unins000.exe"
    Vista Codec Package --> MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
    WBEncarta --> RunDll32.exe advpack.dll, LaunchINFSectionEx C:\Program Files\Learning Essentials\1.0\fr\FR\WBEncarta\Uninstall\Uninstall.inf,Uninstall,,,N
    Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
    Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}


    -- Application Event Log -------------------------------------------------------

    Event Record #/Type1490 / Success
    Event Submitted/Written: 04/30/2008 08:16:00 AM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.

    Event Record #/Type1485 / Success
    Event Submitted/Written: 04/30/2008 07:56:53 AM
    Event ID/Source: 5617 / WinMgmt
    Event Description:


    Event Record #/Type1481 / Success
    Event Submitted/Written: 04/30/2008 07:56:44 AM
    Event ID/Source: 5615 / WinMgmt
    Event Description:


    Event Record #/Type1478 / Success
    Event Submitted/Written: 04/30/2008 07:56:01 AM
    Event ID/Source: 902 / Software Licensing Service
    Event Description:
    Le service de gestion des licences du logiciel a démarré.

    Event Record #/Type1466 / Warning
    Event Submitted/Written: 04/30/2008 07:54:44 AM
    Event ID/Source: 6000 / Wlclntfy
    Event Description:
    L’abonné aux notifications Winlogon <GPClient> n’était pas disponible pour traiter un événement de notification.



    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type19380 / Error
    Event Submitted/Written: 04/30/2008 07:57:26 AM
    Event ID/Source: 7000 / Service Control Manager
    Event Description:
    Parallel port driver%%1058

    Event Record #/Type19322 / Warning
    Event Submitted/Written: 04/30/2008 07:54:46 AM
    Event ID/Source: 4001 / Microsoft-Windows-WLAN-AutoConfig
    Event Description:


    Event Record #/Type19318 / Error
    Event Submitted/Written: 04/30/2008 07:48:54 AM
    Event ID/Source: 7026 / Service Control Manager
    Event Description:
    aswSP
    spldr
    Wanarpv6

    Event Record #/Type19309 / Error
    Event Submitted/Written: 04/30/2008 07:48:54 AM
    Event ID/Source: 7001 / Service Control Manager
    Event Description:
    Computer BrowserServer%%1068

    Event Record #/Type19292 / Error
    Event Submitted/Written: 04/30/2008 07:48:04 AM
    Event ID/Source: 10005 / DCOM
    Event Description:
    1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}



    -- End of Deckard's System Scanner: finished at 2008-04-30 13:26:44 ------------




    j'attends de tes nouvelles
    Contenus similaires
    30 Avril 2008 13:39:27

    Re,

    1) Désactive l'UAC ( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le )

    2) Relance HijackThis (clique droit -> lancer en tant qu'adminstrateur sous Vista), clique sur "do a system scan only", coche ces lignes ( si présentes ) puis clique sur "Fix Checked" et referme HijackThis :

    O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
    O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
    O4 - HKCU\..\Run: [lmlywgbl] C:\ProgramData\lmlywgbl\opytqxsx.exe
    O4 - HKCU\..\Run: [9YMGPAClWx] C:\ProgramData\abkhsdox\almrspon.exe


    3) Télécharger OTMoveIt2 par OldTimer.

  • Enregistrer ce fichier sur le Bureau.
  • Faire un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si vous utilisez Vista, faire un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
  • Copier les lignes de la zone "Code" ci-dessous en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
    C:\Users\All Users\lmlywgbl
    C:\Users\All Users\abkhsdox
    C:\Windows\system32\svehost.exe

  • Retourner dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone "Paste Standard List of Files/Folders to Move" (sous la barre bleu clair) puis choisir Coller.
  • Cliquer sur le bouton rouge Moveit!.
  • Copier tout ce qui se trouve dans la zone Results (sous la barre verte) en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.
  • Fermer OTMoveIt2

    Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes. Dans ce cas, après le redémarrage, ouvrir le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), cliquer sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuyer sur la touche Entrée, naviguer jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvrir le fichier .log le plus récent; ensuite faire un copier/coller du contenu de ce document en réponse sur le forum.

    Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.

    4) Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    ;) 
    30 Avril 2008 14:42:13

    voici les rapports

    OTMoveit:

    C:\Users\All Users\lmlywgbl moved successfully.
    C:\Users\All Users\abkhsdox moved successfully.
    C:\Windows\system32\svehost.exe moved successfully.

    OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04302008_134835




    Malwarebytes:

    en cours je posterai quand il sera terminé
    30 Avril 2008 15:02:46

    le voici le voilou:

    rapport de malwarebytes:


    Malwarebytes' Anti-Malware 1.11
    Version de la base de données: 700

    Type de recherche: Examen complet (C:\|D:\|E:\|)
    Eléments examinés: 151375
    Temps écoulé: 57 minute(s), 29 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 27
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\services (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Classes\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\_OTMoveIt\MovedFiles\04302008_134835\Users\All Users\abkhsdox\almrspon.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\_OTMoveIt\MovedFiles\04302008_134835\Users\All Users\lmlywgbl\opytqxsx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    30 Avril 2008 17:04:21

    Re,

    Poste un nouveau rapport dss scan.

    Comment va le PC ? Toujours des problèmes ?

    ;) 
    30 Avril 2008 17:14:17

    plus de problème avec le pc (pour l'instant voici le scan dss)
    Par rapport a ce scan peux tu me dire si je peux cloturer ce topic?

    Encore un grand merci

    Deckard's System Scanner v20071014.68
    Run by Moi on 2008-04-30 17:11:05
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    Total Physical Memory: 1022 MiB (1024 MiB recommended).


    -- HijackThis (run as Moi.exe) -------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:11:27, on 30/04/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Moi\Desktop\dss.exe
    C:\Windows\system32\conime.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Moi.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [9YMGPAClWx] C:\ProgramData\abkhsdox\almrspon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 6159 bytes

    -- Files created between 2008-03-30 and 2008-04-30 -----------------------------

    2008-04-30 13:55:15 0 d-------- C:\Users\All Users\Malwarebytes
    2008-04-30 13:55:15 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-30 13:25:05 0 d-------- C:\Program Files\Trend Micro
    2008-04-30 07:49:19 2156 --a------ C:\Windows\system32\tmp.reg
    2008-04-29 21:21:37 0 d-------- C:\Users\All Users\Apple Computer
    2008-04-29 21:21:37 0 d-------- C:\Program Files\VistaCodecPack
    2008-04-29 21:21:19 0 d-------- C:\Program Files\illiminable
    2008-04-29 07:56:26 0 d-------- C:\Program Files\MagicISO
    2008-04-28 22:13:53 685816 --a------ C:\Windows\system32\drivers\sptd.sys
    2008-04-28 20:49:07 530 --a------ C:\Windows\eReg.dat
    2008-04-24 22:05:24 0 d-------- C:\Program Files\Microsoft Etudes
    2008-04-24 22:02:19 0 d-------- C:\Program Files\Learning Essentials
    2008-04-23 22:23:12 0 d-------- C:\Program Files\Doblon
    2008-04-23 22:11:02 0 d-------- C:\Users\Moi\Incomplete
    2008-04-23 21:59:36 0 d-------- C:\Program Files\Java
    2008-04-23 21:57:45 0 d-------- C:\Program Files\Common Files\Java
    2008-04-23 21:57:20 0 d-------- C:\Program Files\LimeWire
    2008-04-23 13:27:30 0 d-------- C:\Program Files\Anti-Leech
    2008-04-23 08:33:56 0 d-------- C:\Program Files\PDF - Word
    2008-04-23 08:32:55 0 d-a------ C:\Users\All Users\TEMP
    2008-04-22 23:18:43 0 d-------- C:\Users\All Users\Azureus
    2008-04-22 23:16:54 0 d-------- C:\Program Files\Azureus
    2008-04-22 21:31:37 111932 --a------ C:\Windows\system32\EPPICPrinterDB.dat
    2008-04-22 21:31:37 1139 --a------ C:\Windows\system32\EPPICPresetData_PT.dat
    2008-04-22 21:31:37 1120 --a------ C:\Windows\system32\EPPICPresetData_IT.dat
    2008-04-22 21:31:37 1107 --a------ C:\Windows\system32\EPPICPresetData_GE.dat
    2008-04-22 21:31:37 1129 --a------ C:\Windows\system32\EPPICPresetData_FR.dat
    2008-04-22 21:31:37 1136 --a------ C:\Windows\system32\EPPICPresetData_ES.dat
    2008-04-22 21:31:37 1104 --a------ C:\Windows\system32\EPPICPresetData_EN.dat
    2008-04-22 21:31:37 1146 --a------ C:\Windows\system32\EPPICPresetData_DU.dat
    2008-04-22 21:31:37 1129 --a------ C:\Windows\system32\EPPICPresetData_CF.dat
    2008-04-22 21:31:37 1139 --a------ C:\Windows\system32\EPPICPresetData_BP.dat
    2008-04-22 21:31:37 4943 --a------ C:\Windows\system32\EPPICPattern6.dat
    2008-04-22 21:31:37 21390 --a------ C:\Windows\system32\EPPICPattern5.dat
    2008-04-22 21:31:37 11811 --a------ C:\Windows\system32\EPPICPattern4.dat
    2008-04-22 21:31:37 24903 --a------ C:\Windows\system32\EPPICPattern3.dat
    2008-04-22 21:31:37 20148 --a------ C:\Windows\system32\EPPICPattern2.dat
    2008-04-22 21:31:37 31053 --a------ C:\Windows\system32\EPPICPattern131.dat
    2008-04-22 21:31:37 27417 --a------ C:\Windows\system32\EPPICPattern121.dat
    2008-04-22 21:31:37 26154 --a------ C:\Windows\system32\EPPICPattern1.dat
    2008-04-22 18:44:45 0 d-------- C:\Program Files\FMA 2
    2008-04-22 17:22:02 0 d-------- C:\Windows\system32\appmgmt
    2008-04-22 16:48:14 0 d-------- C:\Users\All Users\NVIDIA
    2008-04-22 16:08:27 0 d-------- C:\Users\All Users\Google
    2008-04-22 16:08:00 0 d-------- C:\Users\All Users\Google Updater
    2008-04-22 16:07:56 0 d-------- C:\Program Files\Google
    2008-04-22 03:23:25 0 d-------- C:\Windows\Panther
    2008-04-22 03:23:10 0 d--hs---- C:\Boot
    2008-04-21 21:56:39 0 d-------- C:\Users\All Users\Nero
    2008-04-21 21:56:39 0 d-------- C:\Program Files\Nero
    2008-04-21 21:56:39 0 d-------- C:\Program Files\Common Files\Nero
    2008-04-21 21:45:26 0 d-------- C:\Windows\system32\Macromed
    2008-04-21 21:17:29 0 d-------- C:\Program Files\EPSON
    2008-04-21 21:17:04 0 -rahs---- C:\MSDOS.SYS
    2008-04-21 21:17:04 0 -rahs---- C:\IO.SYS
    2008-04-21 20:03:20 0 d-------- C:\Program Files\Synaptics
    2008-04-21 20:02:06 0 d-------- C:\Program Files\Microsoft Silverlight
    2008-04-21 19:45:08 0 d-------- C:\Program Files\CONEXANT
    2008-04-21 19:37:37 0 d-------- C:\Program Files\Common Files\Adobe
    2008-04-21 19:37:27 0 d-------- C:\Users\All Users\Adobe
    2008-04-21 19:31:28 196608 --a------ C:\Windows\system32\pdfcmnnt.dll <Not Verified; internet-support foehr.com; RedMon EE>
    2008-04-21 19:31:27 119568 --a------ C:\Windows\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
    2008-04-21 19:31:27 141312 --a------ C:\Windows\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>
    2008-04-21 19:31:27 59904 --a------ C:\Windows\system32\MSCC2FR.DLL <Not Verified; Microsoft Corporation; Bibliothèque d'objets de Microsoft Common Controls 2>
    2008-04-21 19:31:26 23552 --a------ C:\Windows\system32\MSMPIDE.DLL <Not Verified; Microsoft Corporation; MSMAPI-Steuerelementbibliothek>
    2008-04-21 19:31:26 0 d-------- C:\Program Files\PDFCreator
    2008-04-21 19:17:55 0 d-------- C:\Program Files\Microsoft Works
    2008-04-21 19:15:17 0 d-------- C:\Program Files\Microsoft.NET
    2008-04-21 19:11:08 0 d-------- C:\Program Files\Microsoft Visual Studio 8
    2008-04-21 19:09:18 0 d-------- C:\Users\All Users\Microsoft Help
    2008-04-21 19:07:42 0 d-------- C:\Program Files\Alwil Software
    2008-04-21 19:06:36 0 dr-h----- C:\MSOCache
    2008-04-21 19:02:10 0 d-------- C:\Program Files\IZArc
    2008-04-21 18:47:52 240128 --a------ C:\Windows\system32\drivers\royal.sys <Not Verified; PARADOX; SLP Kernel-Mode Driver>
    2008-04-21 18:43:41 0 d------c- C:\Windows\system32\DRVSTORE
    2008-04-21 18:42:45 0 d-------- C:\System.sav
    2008-04-21 18:42:44 0 d-------- C:\swsetup
    2008-04-21 18:39:23 0 d-------- C:\Users\All Users\Messenger Plus!
    2008-04-21 18:36:03 688952 --a------ C:\Windows\system32\perfh00C.dat
    2008-04-21 18:36:03 117092 --a------ C:\Windows\system32\perfc00C.dat
    2008-04-21 18:34:19 0 d-------- C:\Windows\fr-FR
    2008-04-21 18:34:11 0 d-------- C:\Windows\system32\fr
    2008-04-21 18:34:11 0 d-------- C:\Windows\system32\drivers\fr-FR
    2008-04-21 18:34:11 0 d-------- C:\Windows\system32\040C
    2008-04-21 18:17:45 0 d-------- C:\Program Files\Messenger Plus! Live
    2008-04-21 17:53:02 0 d-------- C:\Windows\PCHEALTH
    2008-04-21 17:40:04 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-04-21 17:39:40 0 d-------- C:\Program Files\Windows Live
    2008-04-21 17:39:14 0 d--hs---- C:\Windows\Installer
    2008-04-21 17:39:10 0 d-------- C:\Users\All Users\WLInstaller
    2008-04-21 17:34:43 0 dr------- C:\Users\Moi\Searches
    2008-04-21 17:34:31 0 dr------- C:\Users\Moi\Contacts
    2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\Templates
    2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\Start Menu
    2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\SendTo
    2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\Recent
    2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\PrintHood
    2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\NetHood
    2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\My Documents
    2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\Local Settings
    2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\Cookies
    2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\Application Data
    2008-04-21 17:34:25 0 dr------- C:\Users\Moi\Videos
    2008-04-21 17:34:25 0 dr------- C:\Users\Moi\Saved Games
    2008-04-21 17:34:25 0 dr------- C:\Users\Moi\Pictures
    2008-04-21 17:34:25 2621440 --ahs---- C:\Users\Moi\NTUSER.DAT
    2008-04-21 17:34:25 0 dr------- C:\Users\Moi\Music
    2008-04-21 17:34:25 0 dr------- C:\Users\Moi\Links
    2008-04-21 17:34:25 0 dr------- C:\Users\Moi\Favorites
    2008-04-21 17:34:25 0 d-------- C:\Users\Moi\Downloads
    2008-04-21 17:34:25 0 dr------- C:\Users\Moi\Documents
    2008-04-21 17:34:25 0 dr------- C:\Users\Moi\Desktop
    2008-04-21 17:34:25 0 d--h----- C:\Users\Moi\AppData
    2008-04-21 17:28:03 0 d-------- C:\Windows\SoftwareDistribution
    2008-04-21 17:26:15 0 d-------- C:\Windows\Debug
    2008-04-21 17:26:14 0 d-------- C:\Windows\CSC
    2008-04-21 17:24:35 0 d-------- C:\Windows\Prefetch
    2008-04-21 17:24:20 0 d--hs---- C:\System Volume Information


    -- Find3M Report ---------------------------------------------------------------

    2008-04-30 15:15:39 54547 --a------ C:\Users\Moi\AppData\Roaming\nvModes.dat
    2008-04-30 15:15:39 54547 --a------ C:\Users\Moi\AppData\Roaming\nvModes.001
    2008-04-30 14:46:47 0 d-------- C:\Users\Moi\AppData\Roaming\Real
    2008-04-30 13:55:21 0 d-------- C:\Users\Moi\AppData\Roaming\Malwarebytes
    2008-04-30 13:55:04 0 d-------- C:\Users\Moi\AppData\Roaming\Download Manager
    2008-04-30 07:53:06 35 --a------ C:\Users\Moi\AppData\Roaming\SetValue.bat
    2008-04-30 07:53:06 691 --a------ C:\Users\Moi\AppData\Roaming\GetValue.vbs
    2008-04-23 22:22:48 0 d-------- C:\Users\Moi\AppData\Roaming\LimeWire
    2008-04-23 21:57:45 0 d-------- C:\Program Files\Common Files
    2008-04-23 09:12:21 0 d-------- C:\Users\Moi\AppData\Roaming\Azureus
    2008-04-23 08:41:21 0 d-------- C:\Users\Moi\AppData\Roaming\AdobeUM
    2008-04-22 21:31:31 0 d-------- C:\Users\Moi\AppData\Roaming\InstallShield
    2008-04-22 20:23:12 0 d-------- C:\Users\Moi\AppData\Roaming\FMA
    2008-04-22 16:09:21 0 d-------- C:\Users\Moi\AppData\Roaming\Google
    2008-04-21 22:01:20 0 d-------- C:\Users\Moi\AppData\Roaming\Nero
    2008-04-21 21:45:30 0 d-------- C:\Users\Moi\AppData\Roaming\Macromedia
    2008-04-21 21:45:29 0 d-------- C:\Users\Moi\AppData\Roaming\Adobe
    2008-04-21 21:06:11 174 --ahs---- C:\Program Files\desktop.ini
    2008-04-21 21:01:07 0 d-------- C:\Program Files\Windows Calendar
    2008-04-21 21:01:06 0 d-------- C:\Program Files\Windows Mail
    2008-04-21 21:01:04 0 d-------- C:\Program Files\Windows Defender
    2008-04-21 21:01:00 0 d-------- C:\Program Files\Windows Sidebar
    2008-04-21 19:17:33 0 d-------- C:\Program Files\MSBuild
    2008-04-21 18:34:20 0 d-------- C:\Program Files\Windows Photo Gallery
    2008-04-21 18:34:20 0 d-------- C:\Program Files\Windows Journal
    2008-04-21 18:34:20 0 d-------- C:\Program Files\Windows Collaboration
    2008-04-21 18:34:20 0 d-------- C:\Program Files\Movie Maker
    2008-04-21 17:34:33 0 d-------- C:\Users\Moi\AppData\Roaming\Identities


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [21/04/2008 20:09]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [29/03/2008 19:37]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [27/02/2007 11:26]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [27/02/2007 11:26]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [27/02/2007 11:26]
    "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [15/09/2007 02:29]
    "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 14:57]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [03/12/2007 14:21]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [21/04/2008 19:51]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [13/12/2007 19:10]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [22/04/2008 16:08]
    "9YMGPAClWx"="C:\ProgramData\abkhsdox\almrspon.exe" []
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 14:33]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 4:44:06]
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [22/04/2008 16:08:00]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)
    "EnableLUA"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @="IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @="SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @="SecurityDevices"


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-04-30 17:12:23 ------------

    30 Avril 2008 17:29:06

    Re,

    1) Relance HijackThis (clique droit -> lancer en tant qu'adminstrateur sous Vista), clique sur "do a system scan only", coche ces lignes ( si présentes ) puis clique sur "Fix Checked" et referme HijackThis :

    O4 - HKCU\..\Run: [9YMGPAClWx] C:\ProgramData\abkhsdox\almrspon.exe


    2) Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

    Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
    Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

    Télécharge et installe Antivir. (tuto)
    Pourquoi changer ? : Avast! vs Antivir
    mais aussi:
    14 antivirus au banc d'essai
    Citation :
    Antivir : le plus efficace des gratuits

    Vérifie qu’il soit bien à jour ! Fais une analyse complète en mode sans échec, sauvegarde le rapport et poste le moi.

    ;) 
    1 Mai 2008 12:07:26

    Voici le rapport de Antivir (il n'existe pas en français?)



    Avira AntiVir Personal
    Report file date: jeudi 1 mai 2008 11:28

    Scanning for 1245960 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic

    Platform: Windows Vista

    Boot mode: Save mode with network


    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 9/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 7/02/2008 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 7/03/2008 13:08:58
    ANTIVIR2.VDF : 7.0.3.197 1260032 Bytes 22/04/2008 09:13:33
    ANTIVIR3.VDF : 7.0.3.235 248832 Bytes 30/04/2008 09:13:36
    Engineversion : 8.1.0.37
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.28 233851 Bytes 1/05/2008 09:13:56
    AESCN.DLL : 8.1.0.15 119157 Bytes 1/05/2008 09:13:55
    AERDL.DLL : 8.1.0.20 418165 Bytes 1/05/2008 09:13:54
    AEPACK.DLL : 8.1.1.4 364918 Bytes 1/05/2008 09:13:51
    AEOFFICE.DLL : 8.1.0.18 192890 Bytes 1/05/2008 09:13:49
    AEHEUR.DLL : 8.1.0.21 1196407 Bytes 1/05/2008 09:13:47
    AEHELP.DLL : 8.1.0.14 115063 Bytes 1/05/2008 09:13:40
    AEGEN.DLL : 8.1.0.18 299381 Bytes 1/05/2008 09:13:39
    AEEMU.DLL : 8.1.0.5 430450 Bytes 7/04/2008 15:34:43
    AECORE.DLL : 8.1.0.27 168310 Bytes 1/05/2008 09:13:37
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 6/03/2008 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:, E:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: jeudi 1 mai 2008 11:28

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsm.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'wininit.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    22 processes with 22 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!
    Boot sector 'E:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '18' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Users\Moi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPCPYCG7\souplesse_fr[1].htm
    [DETECTION] Contains suspicious code HEUR/HTML.Malware
    [NOTE] The fund was classified as suspicious.
    [WARNING] The file was ignored!
    C:\Windows\System32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <Data>
    Begin scan in 'E:\' <HP_RECOVERY>


    End of the scan: jeudi 1 mai 2008 12:04
    Used time: 35:33 min

    The scan has been done completely.

    14517 Scanning directories
    361552 Files were scanned
    0 viruses and/or unwanted programs were found
    1 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    361552 Files not concerned
    4063 Archives were scanned
    3 Warnings
    1 Notes
    1 Mai 2008 14:48:36

    :hello: 

    Fais un scan en linge avec BitDefender, avec internet explorer ! Sauvegarde tes musiques et photos, il arrive que BitDefender les supprime ;) 

    http://www.bitdefender.fr/
    et copie colle le résultat ici
    * En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
    * Dans la nouvelle fenêtre, clique sur I agree
    * La fenêtre change encore, clique sur Click here to scan
    * Les signatures se chargent, etc.

    Tutorial en image : http://forum.pcastuces.com/sujet.asp?f=25&s=31584

    Poste-moi le rapport en entier ;) 
    1 Mai 2008 17:08:27

    Rapport BitDefender

    BitDefender Online Scanner - Rapport virus en temps réel



    Généré à: Thu, May 01, 2008 - 17:06:47


    --------------------------------------------------------------------------------





    Info d'analyse



    Fichiers scannés 78161

    Infectés Fichiers 2

    Virus Détectés



    Backdoor.IRCBot.ABSW 1

    Trojan.Kitkar.A 1






    1 Mai 2008 22:33:04

    Re,

    Bien :super:

    Poste un nouveau rapport hijackthis et dis-moi comment va le PC.

    ;) 
    1 Mai 2008 23:02:03

    Rapport HijackThis

    Depuis hier soir plus de problème



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:00:18, on 1/05/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
    O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
    O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
    O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 6566 bytes
    1 Mai 2008 23:03:13

    C’est OK, tu ne seras plus infecté(e) quand tu auras fait TOUTES les manip’ ci-dessous :p 

    1) Télécharge ToolsCleaner sur ton bureau.
    http://www.commentcamarche.net/telecharger/toolscleaner...

    Ce programme va te faire désinstaller tous les outils que je t’ai faits utiliser.

  • Clique sur Recherche et laisse le scan agir ...
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    2) Télécharge et installe Ccleaner :
    http://www.01net.com/telecharger/windows/Utilitaire/net...
  • Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Clique sur l'onglet "Nettoyeur" puis sur "Lancer le Nettoyage".
  • Ensuite clique sur l'onglet Registre, clique sur "Chercher des erreurs" puis sur "Réparer les erreurs sélectionnées". Il est inutile de faire des sauvegardes des clés. Répète l'opération autant de fois qu'il le faut jusqu'à qu'il ne trouve plus d'erreurs.
  • Tutorial ici : http://www.infos-du-net.com/forum/272336-7-ccleaner-und...
    3)
  • Désactive ta restauration systeme

  • Réactive ta restauration systeme

  • Tutorial ici : http://www.infos-du-net.com/forum/272480-11-desactiver-...
    ********************************************************************************

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Ce serait sympa de rapporter ton infection sur > Malware-Complaints < pour faire condamner ses auteurs

    - Règles du forum <- ici
    - Poster un message <- ici ( par Malekal )

    Pour t'enregistrer clique sur le bouton register ( en haut )
    Si tu as plus de 13 ans choisis " I Agree to these terms and am over or exactly 13 years of age "
    Si tu as moins de 13 ans choisis " I Agree to these terms and am under 13 years of age "

    Tu auras une liste par type d'infection
    Si ton infection n'est pas dans la liste crée un message dans Autres infections

    a+ et bon surf :hello: 


    Quelques liens intéressants :

    http://mickael.barroux.free.fr/securite/
    http://www.malekal.com/
    http://www.infos-du-net.com/forum/275481-11-dossier-pre...
    1 Mai 2008 23:13:16

    Rapport TCleaner


    -->- Recherche:

    C:\_OtMoveIt: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
    C:\Users\Moi\Desktop\Dss.exe: trouvé !
    C:\Users\Moi\Desktop\HijackThis.lnk: trouvé !
    C:\Users\Moi\Desktop\OtMoveIt2.exe: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Users\Moi\Desktop\Dss.exe: supprimé !
    C:\Users\Moi\Desktop\HijackThis.lnk: supprimé !
    C:\Users\Moi\Desktop\OtMoveIt2.exe: supprimé !
    C:\_OtMoveIt: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !



    Un grand merci de ta part

    (Est ce que tu saurais m'aider a comprendre tout se que j'ai fait comme manipulation depuis hier? Comme ca je pourrais etre un peu plus actif sur le forum et t'aider dans toute les réponses de topic. De plus cela enrichira mes connaissances informatiques.)

    Merci
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS