NalyC

Re Il a l'air d'aller bien.. Google Chrome marche dorénavant ^^ Je sais que je ne suis pas à l'abri de nouveaux soucis, mais merci beaucoup !

Voila le rapport ComboFix ComboFix 10-05-08.03 - Céline 09/05/2010 18:16:45.1.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3066.1603 [GMT 2:00] Lancé depuis: c:\users\Céline\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Un antivirus résident est actif . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Céline\AppData\Roaming\7D6E469A42077FAB971889CDE1D93B58 c:\users\Céline\AppData\Roaming\7D6E469A42077FAB971889CDE1D93B58\gotnewupdate000.exe c:\windows\Rgemua.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-09 au 2010-05-09 )))))))))))))))))))))))))))))))))))) . 2010-05-09 16:28 . 2010-05-09 16:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-05-09 15:22 . 2010-05-09 15:22 218798 ----a-w- C:\UsbFix_Upload_Me_PC-DE-CELINE.zip 2010-05-09 14:45 . 2010-05-09 15:22 -------- d-----w- C:\UsbFix 2010-05-09 14:04 . 2010-05-09 14:05 -------- d-----w- C:\rsit 2010-05-09 09:05 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-09 09:05 . 2010-05-09 09:05 -------- d-----w- c:\programdata\Malwarebytes 2010-05-09 09:05 . 2010-05-09 09:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-09 09:05 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-08 21:47 . 2010-05-08 21:47 -------- d-----w- c:\program files\trend micro 2010-05-08 18:17 . 2010-02-24 08:16 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-04-21 16:01 . 2010-02-16 09:00 84912 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100421.002\NAVENG.SYS 2010-04-21 16:01 . 2010-02-16 09:00 1324720 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100421.002\NAVEX15.SYS 2010-04-21 16:01 . 2009-09-17 06:50 177520 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100421.002\NAVENG32.DLL 2010-04-21 16:01 . 2009-09-17 06:50 1647984 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100421.002\NAVEX32A.DLL 2010-04-21 16:01 . 2009-09-17 06:50 102448 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100421.002\ERASER.SYS 2010-04-21 16:01 . 2009-12-14 09:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100421.002\CCERASER.DLL 2010-04-21 16:01 . 2009-10-19 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100421.002\ECMSVR32.DLL 2010-04-21 16:01 . 2009-09-17 06:50 371248 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100421.002\EECTRL.SYS 2010-04-15 04:46 . 2010-02-23 11:32 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-04-15 04:46 . 2010-02-23 11:32 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-04-15 04:46 . 2010-02-23 11:32 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-04-15 04:46 . 2010-02-18 14:49 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-04-15 04:46 . 2010-02-18 14:49 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-04-15 04:46 . 2010-03-04 18:54 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-04-15 04:46 . 2010-02-18 14:49 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-04-15 04:46 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll 2010-04-15 04:46 . 2010-02-18 11:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys 2010-04-14 19:07 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll 2010-04-14 19:07 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll 2010-04-13 05:36 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-09 16:00 . 2009-10-04 16:01 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-05-09 15:40 . 2008-01-21 08:40 679418 ----a-w- c:\windows\system32\perfh00C.dat 2010-05-09 15:40 . 2008-01-21 08:40 128418 ----a-w- c:\windows\system32\perfc00C.dat 2010-05-09 15:35 . 2009-03-09 05:36 27934 ----a-w- c:\programdata\nvModes.dat 2010-05-08 19:16 . 2008-12-11 18:31 -------- d-----w- c:\program files\Google 2010-04-21 16:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-04-16 06:14 . 2008-10-31 16:41 -------- d-----w- c:\programdata\Microsoft Help 2010-03-14 20:03 . 2010-03-14 20:02 -------- d-----w- c:\program files\iTunes 2010-03-14 20:02 . 2010-03-14 20:02 -------- d-----w- c:\program files\iPod 2010-03-14 20:02 . 2009-03-08 15:24 -------- d-----w- c:\program files\Common Files\Apple 2010-03-10 20:00 . 2010-03-10 20:00 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll 2010-03-10 20:00 . 2010-03-10 20:00 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll 2010-03-10 20:00 . 2010-03-10 20:00 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll 2010-03-10 20:00 . 2010-03-10 20:00 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll 2010-03-10 20:00 . 2010-03-10 20:00 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll 2010-03-10 20:00 . 2010-03-10 20:00 300616 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll 2010-03-10 20:00 . 2010-03-10 20:00 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll 2010-03-10 20:00 . 2010-03-10 20:00 329312 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll 2010-03-10 20:00 . 2009-11-23 22:54 -------- d-----w- c:\program files\Common Files\Real 2010-03-10 19:56 . 2009-11-23 22:54 -------- d-----w- c:\program files\Real 2010-03-10 19:55 . 2010-03-10 19:55 -------- d-----w- c:\program files\Common Files\xing shared 2010-03-09 16:28 . 2010-03-31 16:22 833024 ----a-w- c:\windows\system32\wininet.dll 2010-03-09 16:25 . 2010-03-31 16:22 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-09 14:01 . 2010-03-31 16:22 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2010-03-01 12:56 . 2010-03-01 12:56 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb201F.tmp.exe 2010-02-25 10:09 . 2009-11-11 09:13 120984 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT 2010-02-20 23:39 . 2010-03-11 06:49 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-02-20 23:37 . 2010-03-11 06:49 31232 ----a-w- c:\windows\system32\httpapi.dll 2010-02-20 21:18 . 2010-03-11 06:49 411136 ----a-w- c:\windows\system32\drivers\http.sys 2010-02-16 09:00 . 2010-02-16 09:00 84912 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\NAVENG.SYS 2010-02-16 09:00 . 2010-02-16 09:00 1324720 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\NAVEX15.SYS 2010-02-15 17:41 . 2010-02-15 17:41 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-04 22:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Google Update"="c:\users\Céline\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-05-09 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312] "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896] "eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768] "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-07 13543968] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-07 92704] "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-11 24064] "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456] "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936] "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936] "ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-10 202256] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3890085218-2298435822-1139494261-1000] "EnableNotificationsRef"=dword:00000002 R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072] R3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-11 24064] R3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\DRIVERS\lgmcbus.sys [2008-01-09 83584] R3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\DRIVERS\lgmcmdfl.sys [2008-01-09 14976] R3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\DRIVERS\lgmcmdm.sys [2008-01-09 110464] R3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\lgmcmgmt.sys [2008-01-09 104448] R3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);c:\windows\system32\DRIVERS\lgmcnd5.sys [2008-01-09 25344] R3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\DRIVERS\lgmcobex.sys [2008-01-09 100480] R3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\DRIVERS\lgmcunic.sys [2008-01-09 109952] S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424] S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384] S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504] S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320] S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424] S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-21 81296] S3 NETw5v32;Pilote de carte Intel® Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-08-07 44064] S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - KLMDB *Deregistered* - klmdb . Contenu du dossier 'Tâches planifiées' 2010-03-14 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-05 08:53] 2010-02-28 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-05 08:53] 2010-05-09 c:\windows\Tasks\Norton Security Scan for Céline.job - c:\program files\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-09-20 14:45] . . ------- Examen supplémentaire ------- . uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:5555 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html FF - ProfilePath - c:\users\Céline\AppData\Roaming\Mozilla\Firefox\Profiles\q8u8hml6.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-eRecoveryService - (no file) SafeBoot-klmdb.sys AddRemove-AVerMedia A310 (MiniCard, DVB-T) - c:\program files\AVerMedia\AVerMedia A310 (MiniCard ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-09 18:28 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Heure de fin: 2010-05-09 18:32:36 ComboFix-quarantined-files.txt 2010-05-09 16:32 Avant-CF: 168 789 004 288 octets libres Après-CF: 170 246 512 640 octets libres - - End Of File - - 9324E21E66DF2796A39D77B45AA108D3

Arf >< ... Bah la plutôt bien. Sauf que j'ai ré-installé Google Chrome (que j'avais supprimé vu qu'il ne voulait plus marcher suite au virus) et il ne marche toujours pas, mais bon, rien d'important je marche avec Mozilla Firefox, ca me va. Merci !

17:32:36:680 5980 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04 17:32:36:680 5980 ================================================================================ 17:32:36:680 5980 SystemInfo: 17:32:36:680 5980 OS Version: 6.0.6001 ServicePack: 1.0 17:32:36:680 5980 Product type: Workstation 17:32:36:680 5980 ComputerName: PC-DE-CELINE 17:32:36:680 5980 UserName: Céline 17:32:36:680 5980 Windows directory: C:\Windows 17:32:36:680 5980 Processor architecture: Intel x86 17:32:36:680 5980 Number of processors: 2 17:32:36:680 5980 Page size: 0x1000 17:32:36:683 5980 Boot type: Normal boot 17:32:36:683 5980 ================================================================================ 17:32:36:688 5980 UnloadDriverW: NtUnloadDriver error 2 17:32:36:688 5980 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2 17:32:50:063 5980 wfopen_ex: Trying to open file C:\Windows\system32\config\system 17:32:50:063 5980 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 17:32:50:063 5980 wfopen_ex: Trying to KLMD file open 17:32:50:063 5980 wfopen_ex: File opened ok (Flags 2) 17:32:50:095 5980 wfopen_ex: Trying to open file C:\Windows\system32\config\software 17:32:50:095 5980 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 17:32:50:095 5980 wfopen_ex: Trying to KLMD file open 17:32:50:095 5980 wfopen_ex: File opened ok (Flags 2) 17:32:50:095 5980 Initialize success 17:32:50:095 5980 17:32:50:098 5980 Scanning Services ... 17:32:50:998 5980 Raw services enum returned 456 services 17:32:51:025 5980 Suspicious serv wfyyrvlt (h: 0, b: 1) 17:32:51:025 5980 17:32:51:025 5980 Hidden service detected! 17:32:51:025 5980 Service name: wfyyrvlt 17:32:51:028 5980 Image path: 17:32:51:028 5980 Type "delete" (without quotes) to delete it: 17:33:07:163 5980 17:33:07:163 5980 By user detect wfyyrvlt 17:33:07:163 5980 RegNode HKLM\SYSTEM\ControlSet001\services\wfyyrvlt infected by TDSS rootkit ... 17:33:07:163 5980 will be deleted on reboot 17:33:07:213 5980 RegNode HKLM\SYSTEM\ControlSet002\services\wfyyrvlt infected by TDSS rootkit ... 17:33:07:215 5980 will be deleted on reboot 17:33:07:248 5980 File C:\Windows\system32\drivers\wfyyrvlt.sys infected by TDSS rootkit ... 17:33:07:248 5980 will be deleted on reboot 17:33:07:248 5980 17:33:07:248 5980 Scanning Kernel memory ... 17:33:07:248 5980 Devices to scan: 5 17:33:07:248 5980 17:33:07:250 5980 Driver Name: USBSTOR 17:33:07:250 5980 IRP_MJ_CREATE : 90119B40 17:33:07:250 5980 IRP_MJ_CREATE_NAMED_PIPE : 8226E013 17:33:07:250 5980 IRP_MJ_CLOSE : 90119BB8 17:33:07:250 5980 IRP_MJ_READ : 90119C30 17:33:07:250 5980 IRP_MJ_WRITE : 90119C30 17:33:07:250 5980 IRP_MJ_QUERY_INFORMATION : 8226E013 17:33:07:250 5980 IRP_MJ_SET_INFORMATION : 8226E013 17:33:07:250 5980 IRP_MJ_QUERY_EA : 8226E013 17:33:07:250 5980 IRP_MJ_SET_EA : 8226E013 17:33:07:250 5980 IRP_MJ_FLUSH_BUFFERS : 8226E013 17:33:07:250 5980 IRP_MJ_QUERY_VOLUME_INFORMATION : 8226E013 17:33:07:250 5980 IRP_MJ_SET_VOLUME_INFORMATION : 8226E013 17:33:07:250 5980 IRP_MJ_DIRECTORY_CONTROL : 8226E013 17:33:07:250 5980 IRP_MJ_FILE_SYSTEM_CONTROL : 8226E013 17:33:07:250 5980 IRP_MJ_DEVICE_CONTROL : 90119828 17:33:07:250 5980 IRP_MJ_INTERNAL_DEVICE_CONTROL : 9010E4AA 17:33:07:250 5980 IRP_MJ_SHUTDOWN : 8226E013 17:33:07:250 5980 IRP_MJ_LOCK_CONTROL : 8226E013 17:33:07:250 5980 IRP_MJ_CLEANUP : 8226E013 17:33:07:250 5980 IRP_MJ_CREATE_MAILSLOT : 8226E013 17:33:07:250 5980 IRP_MJ_QUERY_SECURITY : 8226E013 17:33:07:250 5980 IRP_MJ_SET_SECURITY : 8226E013 17:33:07:250 5980 IRP_MJ_POWER : 90117F9A 17:33:07:250 5980 IRP_MJ_SYSTEM_CONTROL : 901157A2 17:33:07:250 5980 IRP_MJ_DEVICE_CHANGE : 8226E013 17:33:07:250 5980 IRP_MJ_QUERY_QUOTA : 8226E013 17:33:07:250 5980 IRP_MJ_SET_QUOTA : 8226E013 17:33:07:265 5980 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1 17:33:07:265 5980 17:33:07:265 5980 Driver Name: USBSTOR 17:33:07:265 5980 IRP_MJ_CREATE : 90119B40 17:33:07:265 5980 IRP_MJ_CREATE_NAMED_PIPE : 8226E013 17:33:07:265 5980 IRP_MJ_CLOSE : 90119BB8 17:33:07:265 5980 IRP_MJ_READ : 90119C30 17:33:07:265 5980 IRP_MJ_WRITE : 90119C30 17:33:07:265 5980 IRP_MJ_QUERY_INFORMATION : 8226E013 17:33:07:265 5980 IRP_MJ_SET_INFORMATION : 8226E013 17:33:07:265 5980 IRP_MJ_QUERY_EA : 8226E013 17:33:07:265 5980 IRP_MJ_SET_EA : 8226E013 17:33:07:265 5980 IRP_MJ_FLUSH_BUFFERS : 8226E013 17:33:07:265 5980 IRP_MJ_QUERY_VOLUME_INFORMATION : 8226E013 17:33:07:265 5980 IRP_MJ_SET_VOLUME_INFORMATION : 8226E013 17:33:07:265 5980 IRP_MJ_DIRECTORY_CONTROL : 8226E013 17:33:07:265 5980 IRP_MJ_FILE_SYSTEM_CONTROL : 8226E013 17:33:07:265 5980 IRP_MJ_DEVICE_CONTROL : 90119828 17:33:07:265 5980 IRP_MJ_INTERNAL_DEVICE_CONTROL : 9010E4AA 17:33:07:265 5980 IRP_MJ_SHUTDOWN : 8226E013 17:33:07:265 5980 IRP_MJ_LOCK_CONTROL : 8226E013 17:33:07:265 5980 IRP_MJ_CLEANUP : 8226E013 17:33:07:265 5980 IRP_MJ_CREATE_MAILSLOT : 8226E013 17:33:07:265 5980 IRP_MJ_QUERY_SECURITY : 8226E013 17:33:07:265 5980 IRP_MJ_SET_SECURITY : 8226E013 17:33:07:265 5980 IRP_MJ_POWER : 90117F9A 17:33:07:265 5980 IRP_MJ_SYSTEM_CONTROL : 901157A2 17:33:07:265 5980 IRP_MJ_DEVICE_CHANGE : 8226E013 17:33:07:265 5980 IRP_MJ_QUERY_QUOTA : 8226E013 17:33:07:265 5980 IRP_MJ_SET_QUOTA : 8226E013 17:33:07:268 5980 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1 17:33:07:268 5980 17:33:07:268 5980 Driver Name: USBSTOR 17:33:07:268 5980 IRP_MJ_CREATE : 90119B40 17:33:07:268 5980 IRP_MJ_CREATE_NAMED_PIPE : 8226E013 17:33:07:268 5980 IRP_MJ_CLOSE : 90119BB8 17:33:07:270 5980 IRP_MJ_READ : 90119C30 17:33:07:270 5980 IRP_MJ_WRITE : 90119C30 17:33:07:270 5980 IRP_MJ_QUERY_INFORMATION : 8226E013 17:33:07:270 5980 IRP_MJ_SET_INFORMATION : 8226E013 17:33:07:270 5980 IRP_MJ_QUERY_EA : 8226E013 17:33:07:270 5980 IRP_MJ_SET_EA : 8226E013 17:33:07:270 5980 IRP_MJ_FLUSH_BUFFERS : 8226E013 17:33:07:270 5980 IRP_MJ_QUERY_VOLUME_INFORMATION : 8226E013 17:33:07:270 5980 IRP_MJ_SET_VOLUME_INFORMATION : 8226E013 17:33:07:270 5980 IRP_MJ_DIRECTORY_CONTROL : 8226E013 17:33:07:270 5980 IRP_MJ_FILE_SYSTEM_CONTROL : 8226E013 17:33:07:270 5980 IRP_MJ_DEVICE_CONTROL : 90119828 17:33:07:270 5980 IRP_MJ_INTERNAL_DEVICE_CONTROL : 9010E4AA 17:33:07:270 5980 IRP_MJ_SHUTDOWN : 8226E013 17:33:07:270 5980 IRP_MJ_LOCK_CONTROL : 8226E013 17:33:07:270 5980 IRP_MJ_CLEANUP : 8226E013 17:33:07:270 5980 IRP_MJ_CREATE_MAILSLOT : 8226E013 17:33:07:270 5980 IRP_MJ_QUERY_SECURITY : 8226E013 17:33:07:270 5980 IRP_MJ_SET_SECURITY : 8226E013 17:33:07:270 5980 IRP_MJ_POWER : 90117F9A 17:33:07:270 5980 IRP_MJ_SYSTEM_CONTROL : 901157A2 17:33:07:270 5980 IRP_MJ_DEVICE_CHANGE : 8226E013 17:33:07:270 5980 IRP_MJ_QUERY_QUOTA : 8226E013 17:33:07:270 5980 IRP_MJ_SET_QUOTA : 8226E013 17:33:07:273 5980 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1 17:33:07:273 5980 17:33:07:273 5980 Driver Name: USBSTOR 17:33:07:273 5980 IRP_MJ_CREATE : 90119B40 17:33:07:273 5980 IRP_MJ_CREATE_NAMED_PIPE : 8226E013 17:33:07:273 5980 IRP_MJ_CLOSE : 90119BB8 17:33:07:273 5980 IRP_MJ_READ : 90119C30 17:33:07:273 5980 IRP_MJ_WRITE : 90119C30 17:33:07:273 5980 IRP_MJ_QUERY_INFORMATION : 8226E013 17:33:07:273 5980 IRP_MJ_SET_INFORMATION : 8226E013 17:33:07:273 5980 IRP_MJ_QUERY_EA : 8226E013 17:33:07:273 5980 IRP_MJ_SET_EA : 8226E013 17:33:07:273 5980 IRP_MJ_FLUSH_BUFFERS : 8226E013 17:33:07:273 5980 IRP_MJ_QUERY_VOLUME_INFORMATION : 8226E013 17:33:07:273 5980 IRP_MJ_SET_VOLUME_INFORMATION : 8226E013 17:33:07:273 5980 IRP_MJ_DIRECTORY_CONTROL : 8226E013 17:33:07:273 5980 IRP_MJ_FILE_SYSTEM_CONTROL : 8226E013 17:33:07:273 5980 IRP_MJ_DEVICE_CONTROL : 90119828 17:33:07:273 5980 IRP_MJ_INTERNAL_DEVICE_CONTROL : 9010E4AA 17:33:07:273 5980 IRP_MJ_SHUTDOWN : 8226E013 17:33:07:273 5980 IRP_MJ_LOCK_CONTROL : 8226E013 17:33:07:273 5980 IRP_MJ_CLEANUP : 8226E013 17:33:07:273 5980 IRP_MJ_CREATE_MAILSLOT : 8226E013 17:33:07:273 5980 IRP_MJ_QUERY_SECURITY : 8226E013 17:33:07:273 5980 IRP_MJ_SET_SECURITY : 8226E013 17:33:07:273 5980 IRP_MJ_POWER : 90117F9A 17:33:07:273 5980 IRP_MJ_SYSTEM_CONTROL : 901157A2 17:33:07:273 5980 IRP_MJ_DEVICE_CHANGE : 8226E013 17:33:07:273 5980 IRP_MJ_QUERY_QUOTA : 8226E013 17:33:07:275 5980 IRP_MJ_SET_QUOTA : 8226E013 17:33:07:278 5980 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1 17:33:07:278 5980 17:33:07:278 5980 Driver Name: iaStor 17:33:07:278 5980 IRP_MJ_CREATE : 807592D2 17:33:07:278 5980 IRP_MJ_CREATE_NAMED_PIPE : 8226E013 17:33:07:278 5980 IRP_MJ_CLOSE : 807592D2 17:33:07:278 5980 IRP_MJ_READ : 8226E013 17:33:07:278 5980 IRP_MJ_WRITE : 8226E013 17:33:07:278 5980 IRP_MJ_QUERY_INFORMATION : 8226E013 17:33:07:278 5980 IRP_MJ_SET_INFORMATION : 8226E013 17:33:07:278 5980 IRP_MJ_QUERY_EA : 8226E013 17:33:07:278 5980 IRP_MJ_SET_EA : 8226E013 17:33:07:278 5980 IRP_MJ_FLUSH_BUFFERS : 8226E013 17:33:07:278 5980 IRP_MJ_QUERY_VOLUME_INFORMATION : 8226E013 17:33:07:278 5980 IRP_MJ_SET_VOLUME_INFORMATION : 8226E013 17:33:07:278 5980 IRP_MJ_DIRECTORY_CONTROL : 8226E013 17:33:07:278 5980 IRP_MJ_FILE_SYSTEM_CONTROL : 8226E013 17:33:07:278 5980 IRP_MJ_DEVICE_CONTROL : 807564FC 17:33:07:278 5980 IRP_MJ_INTERNAL_DEVICE_CONTROL : 807534FC 17:33:07:278 5980 IRP_MJ_SHUTDOWN : 8226E013 17:33:07:278 5980 IRP_MJ_LOCK_CONTROL : 8226E013 17:33:07:278 5980 IRP_MJ_CLEANUP : 8226E013 17:33:07:278 5980 IRP_MJ_CREATE_MAILSLOT : 8226E013 17:33:07:278 5980 IRP_MJ_QUERY_SECURITY : 8226E013 17:33:07:278 5980 IRP_MJ_SET_SECURITY : 8226E013 17:33:07:278 5980 IRP_MJ_POWER : 8074E7E8 17:33:07:278 5980 IRP_MJ_SYSTEM_CONTROL : 8074DC6A 17:33:07:278 5980 IRP_MJ_DEVICE_CHANGE : 8226E013 17:33:07:278 5980 IRP_MJ_QUERY_QUOTA : 8226E013 17:33:07:278 5980 IRP_MJ_SET_QUOTA : 8226E013 17:33:07:298 5980 C:\Windows\system32\DRIVERS\iaStor.sys - Verdict: 1 17:33:07:298 5980 Reboot required for cure complete.. 17:33:07:360 5980 Cure on reboot scheduled successfully 17:33:07:360 5980 17:33:07:360 5980 Completed 17:33:07:360 5980 17:33:07:360 5980 Results: 17:33:07:363 5980 Memory objects infected / cured / cured on reboot: 0 / 0 / 0 17:33:07:363 5980 Registry objects infected / cured / cured on reboot: 2 / 0 / 2 17:33:07:363 5980 File objects infected / cured / cured on reboot: 1 / 0 / 1 17:33:07:363 5980 17:33:07:363 5980 fclose_ex: Trying to close file C:\Windows\system32\config\system 17:33:07:365 5980 fclose_ex: Trying to close file C:\Windows\system32\config\software 17:33:07:368 5980 KLMD(ARK) unloaded successfully

Ah bon? Mon prénom fait penser à quoi ? lol Voila le rapport ############################## | UsbFix V6.112 | User : Céline (Administrateurs) # PC-DE-CELINE Update on 09/05/2010 by El Desaparecido , C_XX & Chimay8 Start at: 17:16:58 | 09/05/2010 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com Intel® Core2 Duo CPU T6400 @ 2.00GHz Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1 Internet Explorer 7.0.6001.18000 Windows Firewall Status : Disabled C:\ -> Disque fixe local # 227,88 Go (157,28 Go free) [ACER] # NTFS D:\ -> Disque fixe local # 227,88 Go (206,3 Go free) [Multimédia] # NTFS E:\ -> Disque CD-ROM F:\ -> Disque amovible G:\ -> Disque amovible # 3,74 Go (3,74 Go free) [NEW VOLUME] # FAT32 H:\ -> Disque amovible I:\ -> Disque amovible ################## | Elements infectieux | Supprimé ! C:\Users\CLINE~1\AppData\Local\Temp\a.dat Supprimé ! C:\Users\CLINE~1\AppData\Local\Temp\Rnq.exe Supprimé ! C:\Users\CLINE~1\AppData\Local\Temp\8BD54F3E-DD19-4a69-93D8-5C6A5BBBE20E.exe Supprimé ! C:\Users\CLINE~1\AppData\Local\Temp\xmlUpdater.exe Supprimé ! C:\$Recycle.Bin\S-1-5-21-3890085218-2298435822-1139494261-1000 Supprimé ! C:\$Recycle.Bin\S-1-5-21-3890085218-2298435822-1139494261-500 Supprimé ! D:\$Recycle.Bin\S-1-5-21-3890085218-2298435822-1139494261-1000 Supprimé ! D:\$Recycle.Bin\S-1-5-21-3890085218-2298435822-1139494261-500 ################## | Registre | ################## | Mountpoints2 | Supprimé ! HKCU\...\Explorer\MountPoints2\{50cdad00-3364-11de-a869-00238b4c6866}\Shell\AutoRun\Command ################## | Listing des fichiers présent | [18/09/2006 23:43|--a------|24] C:\autoexec.bat [21/01/2008 04:24|-rahs----|333203] C:\bootmgr [01/11/2008 02:21|-ra-s----|8192] C:\BOOTSECT.BAK [18/09/2006 23:43|--a------|10] C:\config.sys [?|?|?] C:\hiberfil.sys [?|?|?] C:\pagefile.sys [31/10/2008 18:26|--a------|426] C:\RHDSetup.log [09/05/2010 11:02|--a------|527] C:\rkill.log [09/05/2010 17:22|--a------|2011] C:\UsbFix.txt [03/03/2010 02:30|--a------|4214616] D:\-.mp3 [03/02/2010 21:08|--a------|3169095] D:\Ailys - Je te promets.mp3 [24/11/2009 01:22|--a------|19760883] D:\Alicia Keys - Doesn't Mean Anything.m4v [24/11/2009 08:22|--a------|20555020] D:\Alicia Keys Doesn't Mean Anything (Official Music Video) HD 1080p.m4v [24/11/2009 02:01|--a------|18812560] D:\Black Eyed Peas - Meet me halfway (clip officiel).m4v [17/02/2010 15:01|--a------|456047] D:\c'est mon choix - generique2.mp3 [17/02/2010 22:37|--a------|2469519] D:\c'est mon choix - generique4.wmv [28/10/2009 22:21|--a------|34711410] D:\Carine.wmv [08/03/2010 00:30|--a------|19517825] D:\Charice - Pyramid (ft IYAZ).m4v [08/03/2010 00:30|--a------|3779985] D:\Charice - Pyramid (ft IYAZ).mp3 [24/11/2009 08:22|--a------|14405430] D:\ChaŒne de KanyeWestUniverse.m4v [08/03/2010 00:31|--a------|12641756] D:\Facebook Accueil.m4v [06/12/2009 19:16|--a------|32232505] D:\Facebook Accueil2.m4v [21/02/2010 22:50|--a------|16038948] D:\Facebook Carlwin Garrido.m4v [18/03/2010 18:53|--a------|33542873] D:\Facebook Mtb Dvj.m4v [03/03/2010 22:30|--a------|17587327] D:\Facebook.m4v [27/10/2009 23:03|--a------|43542014] D:\Family.wmv [24/11/2009 02:01|--a------|25359083] D:\Gangsta Luv Ft The Dream Official Music Video.m4v [17/02/2010 15:58|--a------|4167184] D:\Generique de Fin.wmv [17/02/2010 22:41|--a------|2029204] D:\Generique du d‚but.wmv [24/11/2009 02:01|--a------|19166167] D:\IYAZ- Replay [MUSIC VIDEO HQ].m4v [26/02/2010 13:40|--a------|24354964] D:\J Entercom - Kiss [because I'm A Girl].m4v [24/11/2009 08:22|--a------|21541522] D:\Jason Derulo - Whatcha Say - Official Video.m4v [09/03/2010 20:46|--a------|3217674] D:\Keyshia Cole - This is us.mp3 [26/11/2009 23:06|--a------|44347857] D:\MEGAVIDEO - Je le regarde.m4v [26/11/2009 23:12|--a------|39806211] D:\MEGAVIDEO - Je le regarde2.m4v [24/11/2009 08:22|--a------|36967692] D:\New Boyz Ft. Ray J Tie Me Down OFFICIAL Music Video [HQ] Skee.TV.m4v [24/11/2009 01:21|--a------|14572752] D:\trey songz i invented sex.m4v [27/01/2010 12:48|--a------|3755105] D:\Willy Denz - Vivo volando.mp3 [27/01/2010 12:55|--a------|3940723] D:\Willy Denzey - Va t'en.mp3 ################## | Vaccination | # C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). # D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). # G:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). ################## | Upload | Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_PC-DE-CELINE.zip : http://chiquitine.changelog.fr/Sample/Upload.php Merci pour votre contribution . ################## | ! Fin du rapport # UsbFix V6.112 ! |

J'ai une clé USB mais je l'ai pas sous la main pour le moment donc .. :/ J'avais oublié mon lecteur de cartes avec carte HDMI, je viens de le mettre, voici le rapport. ############################## | UsbFix V6.112 | User : Céline (Administrateurs) # PC-DE-CELINE Update on 09/05/2010 by El Desaparecido , C_XX & Chimay8 Start at: 17:02:14 | 09/05/2010 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com Intel® Core2 Duo CPU T6400 @ 2.00GHz Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1 Internet Explorer 7.0.6001.18000 Windows Firewall Status : Disabled C:\ -> Disque fixe local # 227,88 Go (157,46 Go free) [ACER] # NTFS D:\ -> Disque fixe local # 227,88 Go (206,3 Go free) [Multimédia] # NTFS E:\ -> Disque CD-ROM F:\ -> Disque amovible G:\ -> Disque amovible # 3,74 Go (3,74 Go free) [NEW VOLUME] # FAT32 H:\ -> Disque amovible I:\ -> Disque amovible ################## | Elements infectieux | C:\Users\CLINE~1\AppData\Local\Temp\a.dat C:\Users\CLINE~1\AppData\Local\Temp\Rnq.exe C:\Users\CLINE~1\AppData\Local\Temp\8BD54F3E-DD19-4a69-93D8-5C6A5BBBE20E.exe C:\Users\CLINE~1\AppData\Local\Temp\xmlUpdater.exe ################## | Registre | ################## | Mountpoints2 | HKCU\..\..\Explorer\MountPoints2\{50cdad00-3364-11de-a869-00238b4c6866} shell\AutoRun\command =pcxis.exe shell\open\Command =pcxis.exe ################## | Vaccin | (!) Cet ordinateur n'est pas vacciné ! ################## | ! Fin du rapport # UsbFix V6.112 ! | Je procède maintenant à la désinfection?

Hmm oui il a l'air d'aller mieux, du moins Antivirus Software ne se manifeste plus. A savoir, avant d'avoir tout fait comme demandé (Rkill, Mbam puis RSIT) mon ordinateur s'est éteint deux fois sans que je touche quoique ce soit (je regardais une série). Est-ce que ca peut etre le virus? Le virus a-t-il été éradiqué ou bien pas totalement ? Voila le rapport de UsbFix : ############################## | UsbFix V6.112 | User : Céline (Administrateurs) # PC-DE-CELINE Update on 09/05/2010 by El Desaparecido , C_XX & Chimay8 Start at: 16:47:39 | 09/05/2010 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com Intel® Core2 Duo CPU T6400 @ 2.00GHz Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1 Internet Explorer 7.0.6001.18000 Windows Firewall Status : Disabled C:\ -> Disque fixe local # 227,88 Go (157,57 Go free) [ACER] # NTFS D:\ -> Disque fixe local # 227,88 Go (206,3 Go free) [Multimédia] # NTFS E:\ -> Disque CD-ROM ################## | Elements infectieux | C:\Users\CLINE~1\AppData\Local\Temp\a.dat C:\Users\CLINE~1\AppData\Local\Temp\Rnq.exe C:\Users\CLINE~1\AppData\Local\Temp\8BD54F3E-DD19-4a69-93D8-5C6A5BBBE20E.exe C:\Users\CLINE~1\AppData\Local\Temp\xmlUpdater.exe ################## | Registre | ################## | Mountpoints2 | HKCU\..\..\Explorer\MountPoints2\{50cdad00-3364-11de-a869-00238b4c6866} shell\AutoRun\command =pcxis.exe shell\open\Command =pcxis.exe ################## | Vaccin | (!) Cet ordinateur n'est pas vacciné ! ################## | ! Fin du rapport # UsbFix V6.112 ! |

Re, voila ce que ca donne avec Hijackthis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:25:17, on 09/05/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18444) Boot mode: Normal Running processes: C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\system32\Dwm.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\Explorer.EXE C:\Windows\system32\WTablet\TabUserW.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\System32\rundll32.exe C:\Users\CLINE~1\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Windows\PLFSetI.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Céline\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...;m=aspire_7730g R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...;m=aspire_7730g R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...;m=aspire_7730g R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...;m=aspire_7730g R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe -- End of file - 25666 bytes

RSIT a enfn marché, voilà ce qui se trouve dans info.txt info.txt logfile of random's system information tool 1.06 2010-05-09 16:05:02 ======Uninstall list====== -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\Setup.exe" -uninstall -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\Setup.exe" -uninstall Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall Acer Crystal Eye Webcam 2.0.8-->C:\Program Files\InstallShield Installation Information\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}\setup.exe -runfromtemp -l0x040c -removeonly Acer eAudio Management-->"C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.exe" -uninstall Acer eDataSecurity Management-->C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x040c -removeonly Acer ePower Management-->"C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -runfromtemp -l0x040c -removeonly Acer eRecovery Management-->"C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x040c -removeonly Acer eSettings Management-->"C:\Program Files\InstallShield Installation Information\{13D85C14-2B85-419F-AC41-C7F21E68B25D}\setup.exe" -runfromtemp -l0x040c -removeonly Acer GameZone Console 2.0.1.1-->"C:\Program Files\Acer GameZone\GameConsole\unins000.exe" Acer GridVista-->C:\Windows\GVUni.exe GridV.UNI Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x40c -removeonly Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07} Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F} Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8} Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5} Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F} Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001} Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C} Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe" Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923} Agere Systems HDA Modem-->agrsmdel Alice Greenfingers-->"C:\Program Files\Acer GameZone\Alice Greenfingers\Uninstall.exe" "C:\Program Files\Acer GameZone\Alice Greenfingers\install.log" Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143} Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7} AVerMedia A310 (MiniCard, DVB-T) 1.1.0.27-->C:\Program Files\AVerMedia\AVerMedia A310 (MiniCard, DVB-T)\uninst.exe AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe" Backspin Billiards-->"C:\Program Files\Acer GameZone\Backspin Billiards\Uninstall.exe" "C:\Program Files\Acer GameZone\Backspin Billiards\install.log" Bejeweled 2 Deluxe 1.0-->C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\Install.log" Big Kahuna Reef-->"C:\Program Files\Acer GameZone\Big Kahuna Reef\Uninstall.exe" "C:\Program Files\Acer GameZone\Big Kahuna Reef\install.log" BitComet 0.59-->C:\Program Files\BitComet\uninst.exe Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Bricks of Egypt-->"C:\Program Files\Acer GameZone\Bricks of Egypt\Uninstall.exe" "C:\Program Files\Acer GameZone\Bricks of Egypt\install.log" Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{A64A5576-D862-44F8-89DC-2B17FCC9B86E} Cake Mania-->"C:\Program Files\Acer GameZone\Cake Mania\Uninstall.exe" "C:\Program Files\Acer GameZone\Cake Mania\install.log" Canon EOS Kiss_N REBEL_XT 350D WIA Driver-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{33CF7CDF-9805-4500-9CC7-D19D52AD63C4} Diner Dash Flo on the Go-->"C:\Program Files\Acer GameZone\Diner Dash Flo on the Go\Uninstall.exe" "C:\Program Files\Acer GameZone\Diner Dash Flo on the Go\install.log" DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN EOS USB WIA Driver-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\EOS USB WIA Driver\Uninst.ini" FileZilla Client 3.2.3.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31} Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall iTunes-->MsiExec.exe /I{81063354-9060-42B2-A000-1EBE96778AA9} Java 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF} Jewel Quest Solitaire-->"C:\Program Files\Acer GameZone\Jewel Quest Solitaire\Uninstall.exe" "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\install.log" JMicron JMB38X Flash Media Controller-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe" -l0x40c -removeonly Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5} Kick N Rush-->"C:\Program Files\Acer GameZone\Kick N Rush\Uninstall.exe" "C:\Program Files\Acer GameZone\Kick N Rush\install.log" Launch Manager-->C:\Windows\UnInst32.exe QtZgAcer.UNI LG MC USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6059C682-4C5F-4106-8487-943E98225D3B}\setup.exe" -l0x40c -removeonly LG PC Suite II-->C:\Program Files\InstallShield Installation Information\{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}\setup.exe -runfromtemp -l0x040c -removeonly LimeWire 5.1.1-->"C:\Program Files\LimeWire\uninstall.exe" Mahjong Escape Ancient China-->"C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\Uninstall.exe" "C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\install.log" Mahjongg Artifacts-->"C:\Program Files\Acer GameZone\Mahjongg Artifacts\Uninstall.exe" "C:\Program Files\Acer GameZone\Mahjongg Artifacts\install.log" Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31} Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C} Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C} Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3} Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223} Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe Mozilla Firefox (3.5.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Mystery Case Files - Huntsville-->"C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\install.log" Mystery Solitaire - Secret Island-->"C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\install.log" Norton Security Scan-->C:\Program Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\InstStub.exe /X Notepad++-->C:\Program Files\Notepad++\uninstall.exe NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x040c NTI Media Maker 8-->C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x040c NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI OpenOffice.org 3.1-->MsiExec.exe /I{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6} Orion-->MsiExec.exe /X{5B63A470-9334-44D1-AF61-6CE2DB565AE9} Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe" PhotoNow!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" -uninstall PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2} RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0 Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly RealUpgrade 1.0-->MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF} Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86} Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D} Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Tablette-->C:\Program Files\Tablet\Remove.exe /u Turbo Pizza-->"C:\Program Files\Acer GameZone\Turbo Pizza\Uninstall.exe" "C:\Program Files\Acer GameZone\Turbo Pizza\install.log" Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for 2007 Microsoft Office System (KB981715)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {661B3F32-FFE4-4606-AE3A-DFA11DCC0D79} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7} Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF} Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331} VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} Winbond CIR Device Drivers-->MsiExec.exe /I{10F498FF-5392-4DF3-8F73-FE172A9F3800} Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818} Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1} YouTube Downloader App 1.02-->C:\Program Files\Regensoft\Downloader App\uninstaller.exe Zuma Deluxe-->"C:\Program Files\Acer GameZone\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Zuma Deluxe\install.log" ======Security center information====== AS: Windows Defender ======System event log====== Computer Name: PC-de-Celine Event Code: 1003 Message: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir du serveur DHCP) pour la carte réseau dont l'adresse réseau est 00216B01666C. Il s'est produit l'erreur suivante : L'opération a été annulée par l'utilisateur.. Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du serveur d'adresse réseau (DHCP). Record Number: 64859 Source Name: Microsoft-Windows-Dhcp-Client Time Written: 20100217054653.000000-000 Event Type: Avertissement User: Computer Name: PC-de-Celine Event Code: 15300 Message: Échec du démarrage de MTP WPD Driver, erreur : 0x80070002 Record Number: 64867 Source Name: Microsoft-Windows-WPD-MTPClassDriver Time Written: 20100217102048.000000-000 Event Type: Erreur User: Computer Name: PC-de-Celine Event Code: 1003 Message: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir du serveur DHCP) pour la carte réseau dont l'adresse réseau est 00216B01666C. Il s'est produit l'erreur suivante : L'opération a été annulée par l'utilisateur.. Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du serveur d'adresse réseau (DHCP). Record Number: 64869 Source Name: Microsoft-Windows-Dhcp-Client Time Written: 20100217102052.000000-000 Event Type: Avertissement User: Computer Name: PC-de-Celine Event Code: 4 Message: Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected. Record Number: 64897 Source Name: b57nd60x Time Written: 20100217134942.015725-000 Event Type: Avertissement User: Computer Name: PC-de-Celine Event Code: 4 Message: Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected. Record Number: 64902 Source Name: b57nd60x Time Written: 20100217135030.192107-000 Event Type: Avertissement User: =====Application event log===== Computer Name: PC-de-Celine Event Code: 10 Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. Record Number: 8776 Source Name: Microsoft-Windows-WMI Time Written: 20100509104948.000000-000 Event Type: Erreur User: Computer Name: PC-de-Celine Event Code: 1000 Message: Application défaillante Tablet.exe, version 5.0.3.4, horodatage 0x461ff678, module défaillant Tablet.exe, version 5.0.3.4, horodatage 0x461ff678, code d’exception 0xc0000005, décalage d’erreur 0x000491d6, ID du processus 0xba0, heure de début de l’application 0x01caef662122b0fa. Record Number: 8810 Source Name: Application Error Time Written: 20100509105526.000000-000 Event Type: Erreur User: Computer Name: PC-de-Celine Event Code: 10 Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. Record Number: 8811 Source Name: Microsoft-Windows-WMI Time Written: 20100509105527.000000-000 Event Type: Erreur User: Computer Name: PC-de-Celine Event Code: 10 Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. Record Number: 8865 Source Name: Microsoft-Windows-WMI Time Written: 20100509121329.000000-000 Event Type: Erreur User: Computer Name: PC-de-Celine Event Code: 10 Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. Record Number: 8922 Source Name: Microsoft-Windows-WMI Time Written: 20100509140331.000000-000 Event Type: Erreur User: =====Security event log===== Computer Name: PC-de-Celine Event Code: 4672 Message: Privilèges spéciaux attribués à la nouvelle ouverture de session. Sujet : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 Privilèges : SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 15939 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100509140328.428289-000 Event Type: Succès de l'audit User: Computer Name: PC-de-Celine Event Code: 4648 Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites. Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-DE-CELINE$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Compte dont les informations d’identification ont été utilisées : Nom du compte : Céline Domaine du compte : PC-DE-CELINE GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Serveur cible : Nom du serveur cible : localhost Informations supplémentaires : localhost Informations sur le processus : ID du processus : 0x560 Nom du processus : C:\Windows\System32\winlogon.exe Informations sur le réseau : Adresse du réseau : 127.0.0.1 Port : 0 Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS. Record Number: 15940 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100509140339.152089-000 Event Type: Succès de l'audit User: Computer Name: PC-de-Celine Event Code: 4624 Message: L’ouverture de session d’un compte s’est correctement déroulée. Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-DE-CELINE$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 Type d’ouverture de session : 2 Nouvelle ouverture de session : ID de sécurité : S-1-5-21-3890085218-2298435822-1139494261-1000 Nom du compte : Céline Domaine du compte : PC-DE-CELINE ID d’ouverture de session : 0x4b61e GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Informations sur le processus : ID du processus : 0x560 Nom du processus : C:\Windows\System32\winlogon.exe Informations sur le réseau : Nom de la station de travail : PC-DE-CELINE Adresse du réseau source : 127.0.0.1 Port source : 0 Informations détaillées sur l’authentification : Processus d’ouverture de session : User32 Package d’authentification : Negotiate Services en transit : - Nom du package (NTLM uniquement) : - Longueur de la clé : 0 Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée. Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe. Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau). Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté. Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas. Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique. - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC . - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session. - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM. - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée. Record Number: 15941 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100509140339.152089-000 Event Type: Succès de l'audit User: Computer Name: PC-de-Celine Event Code: 4624 Message: L’ouverture de session d’un compte s’est correctement déroulée. Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-DE-CELINE$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 Type d’ouverture de session : 2 Nouvelle ouverture de session : ID de sécurité : S-1-5-21-3890085218-2298435822-1139494261-1000 Nom du compte : Céline Domaine du compte : PC-DE-CELINE ID d’ouverture de session : 0x4b647 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Informations sur le processus : ID du processus : 0x560 Nom du processus : C:\Windows\System32\winlogon.exe Informations sur le réseau : Nom de la station de travail : PC-DE-CELINE Adresse du réseau source : 127.0.0.1 Port source : 0 Informations détaillées sur l’authentification : Processus d’ouverture de session : User32 Package d’authentification : Negotiate Services en transit : - Nom du package (NTLM uniquement) : - Longueur de la clé : 0 Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée. Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe. Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau). Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté. Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas. Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique. - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC . - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session. - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM. - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée. Record Number: 15942 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100509140339.152089-000 Event Type: Succès de l'audit User: Computer Name: PC-de-Celine Event Code: 4672 Message: Privilèges spéciaux attribués à la nouvelle ouverture de session. Sujet : ID de sécurité : S-1-5-21-3890085218-2298435822-1139494261-1000 Nom du compte : Céline Domaine du compte : PC-DE-CELINE ID d’ouverture de session : 0x4b61e Privilèges : SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 15943 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100509140339.152089-000 Event Type: Succès de l'audit User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=170a "NUMBER_OF_PROCESSORS"=2 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "DFSTRACINGON"=FALSE "Pathtem"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64 "NTIPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\; "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- Logfile of random's system information tool 1.07 (written by random/random) Run by Céline at 2010-05-09 16:04:58 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1 System drive C: has 161 GB (69%) free of 233 GB Total RAM: 3066 MB (67% free) HijackThis download failed ======Scheduled tasks folder====== C:\Windows\tasks\McDefragTask.job C:\Windows\tasks\McQcTask.job C:\Windows\tasks\Norton Security Scan for Céline.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}] McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-01-09 246800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-10 329312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-03-25 62784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}] ShowBarObj Class - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-03-05 312880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-05 142896] {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-28 6111232] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-01-18 1033512] "mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-01-08 645328] "ePower_DMC"=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-04-23 397312] "eDataSecurity Loader"=C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-03-05 526896] "eAudio"=C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [2008-03-07 544768] "BkupTray"=C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-06 34040] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-07-20 182808] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-08-07 13543968] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-08-07 92704] "LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2008-07-02 821768] "PLFSetI"=C:\Windows\PLFSetI.exe [2007-10-23 200704] "Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-11 24064] "eRecoveryService"= [] "ArcadeDeluxeAgent"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [2008-05-12 147456] "CLMLServer"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [2008-05-12 167936] "PlayMovie"=C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [2008-05-12 167936] "ProductReg"=C:\Program Files\Acer\WR_PopUp\ProductReg.exe [2008-09-23 6144] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-03-10 202256] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-02-15 141608] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50cdad00-3364-11de-a869-00238b4c6866}] shell\AutoRun\command - pcxis.exe shell\open\command - pcxis.exe ======List of files/folders created in the last 1 months====== 2010-05-09 16:04:58 ----D---- C:\rsit 2010-05-09 11:05:58 ----D---- C:\Users\Céline\AppData\Roaming\Malwarebytes 2010-05-09 11:05:47 ----D---- C:\ProgramData\Malwarebytes 2010-05-09 11:05:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-05-08 23:47:20 ----D---- C:\Program Files\trend micro 2010-05-08 20:17:13 ----N---- C:\Windows\system32\MpSigStub.exe 2010-05-07 21:14:37 ----A---- C:\Windows\Rgemua.exe 2010-05-07 21:14:31 ----D---- C:\Users\Céline\AppData\Roaming\7D6E469A42077FAB971889CDE1D93B58 2010-04-15 06:46:48 ----A---- C:\Windows\system32\ntoskrnl.exe 2010-04-15 06:46:48 ----A---- C:\Windows\system32\ntkrnlpa.exe 2010-04-15 06:46:43 ----A---- C:\Windows\system32\vbscript.dll 2010-04-15 06:46:22 ----A---- C:\Windows\system32\iphlpsvc.dll 2010-04-14 21:07:12 ----A---- C:\Windows\system32\wintrust.dll 2010-04-14 21:07:09 ----A---- C:\Windows\system32\cabview.dll 2010-04-13 07:36:41 ----A---- C:\Windows\system32\browserchoice.exe ======List of files/folders modified in the last 1 months====== 2010-05-09 16:04:59 ----D---- C:\Windows\Temp 2010-05-09 16:03:44 ----D---- C:\Users\Céline\AppData\Roaming\WTablet 2010-05-09 16:02:47 ----D---- C:\Windows\System32 2010-05-09 16:02:46 ----D---- C:\Windows\system32\drivers 2010-05-09 16:01:46 ----D---- C:\Windows\PCHEALTH 2010-05-09 14:21:09 ----D---- C:\Windows\inf 2010-05-09 14:21:09 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-05-09 11:05:47 ----HD---- C:\ProgramData 2010-05-09 11:05:46 ----RD---- C:\Program Files 2010-05-09 00:01:28 ----SHD---- C:\System Volume Information 2010-05-08 23:46:25 ----D---- C:\Program Files\Mozilla Firefox 2010-05-08 23:46:16 ----D---- C:\Windows\Prefetch 2010-05-08 21:16:06 ----D---- C:\Windows\Tasks 2010-05-08 21:16:06 ----D---- C:\ProgramData\Google 2010-05-08 21:16:06 ----D---- C:\Program Files\Google 2010-05-08 21:16:05 ----SHD---- C:\Windows\Installer 2010-05-07 22:39:15 ----D---- C:\Program Files\Internet Explorer 2010-05-07 21:14:45 ----D---- C:\Windows\system32\Tasks 2010-05-07 21:14:37 ----D---- C:\Windows 2010-05-07 08:29:48 ----D---- C:\Windows\Minidump 2010-05-07 00:04:37 ----D---- C:\Users\Céline\AppData\Roaming\LimeWire 2010-05-03 18:07:31 ----RSD---- C:\Windows\Fonts 2010-05-01 14:07:55 ----D---- C:\Windows\winsxs 2010-04-30 08:56:37 ----D---- C:\Windows\system32\catroot2 2010-04-30 08:56:37 ----D---- C:\Windows\system32\catroot 2010-04-21 18:28:16 ----D---- C:\Program Files\Windows Mail 2010-04-21 18:20:09 ----D---- C:\Users\Céline\AppData\Roaming\Skype 2010-04-21 18:01:34 ----D---- C:\Program Files\Common Files\Symantec Shared 2010-04-16 08:14:11 ----D---- C:\ProgramData\Microsoft Help ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-03-25 214024] R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2008-10-23 130424] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424] R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-03-21 15392] R2 NTIPPKernel;NTIPPKernel; \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368] R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-03-05 16944] R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-03-05 60464] R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208] R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2008-07-02 21264] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-28 2127512] R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-04-21 81296] R3 NETw5v32;Pilote de carte Intel® Wireless WiFi Link pour Windows Vista 32 bits ; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752] R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848] R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-08-07 44064] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-08-07 7545824] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-01-18 196784] R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] R3 wacommousefilter;Wacom Mouse Filter Driver; C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312] R3 wacomvhid;Wacom Virtual Hid Driver; C:\Windows\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848] R3 winbondcir;Winbond IR Transceiver; C:\Windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264] S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-07-28 919552] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 lgmcbus;LGE Mobile driver (WDM); C:\Windows\system32\DRIVERS\lgmcbus.sys [2008-01-09 83584] S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter; C:\Windows\system32\DRIVERS\lgmcmdfl.sys [2008-01-09 14976] S3 lgmcmdm;LGE Mobile USB WMC Modem Driver; C:\Windows\system32\DRIVERS\lgmcmdm.sys [2008-01-09 110464] S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\lgmcmgmt.sys [2008-01-09 104448] S3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS); C:\Windows\system32\DRIVERS\lgmcnd5.sys [2008-01-09 25344] S3 lgmcobex;LGE Mobile USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\lgmcobex.sys [2008-01-09 100480] S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM); C:\Windows\system32\DRIVERS\lgmcunic.sys [2008-01-09 109952] S3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-03-25 79880] S3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-03-25 35272] S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-03-25 34216] S3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-03-25 40552] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088] S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384] R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504] R2 eDataSecurity Service;eDataSecurity Service; C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-03-05 500784] R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576] R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-07-20 354840] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320] R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-01-08 797864] R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952] R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 110592] R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-01-09 26640] R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-08-07 196608] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2007-01-09 272024] R2 TabletService;TabletService; C:\Windows\system32\Tablet.exe [2007-04-13 1189424] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2010-02-15 545576] S2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-01-09 2482848] S2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-03-25 144704] S2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-03-19 884360] S3 aspnet_state;Service d'état ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-29 654848] S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-11 24064] S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-04-01 365072] S3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-03-24 606736] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF-----------------

Après une longue attente, voila le rapport de MBAM Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4080 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 09/05/2010 16:00:26 mbam-log-2010-05-09 (16-00-26).txt Type d'examen: Examen complet (C:\|D:\|) Elément(s) analysé(s): 283756 Temps écoulé: 1 heure(s), 44 minute(s), 52 seconde(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 2 Clé(s) du Registre infectée(s): 4 Valeur(s) du Registre infectée(s): 4 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 26 Processus mémoire infecté(s): C:\Users\Céline\AppData\Local\bsbjppqpo\ymfsuestssd.exe (Rogue.AntiSpywareSoft) -> Unloaded process successfully. Module(s) mémoire infecté(s): C:\Users\Céline\AppData\Local\Temp\f3nz3o9zq7.dll (Trojan.Ertfor) -> Delete on reboot. C:\Windows\System32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\okwmjooj (Rogue.AntiSpywareSoft) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mcexecwin (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\canaveral (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Users\Céline\AppData\Local\Temp\f3nz3o9zq7.dll (Trojan.Ertfor) -> Delete on reboot. C:\Users\Céline\AppData\Local\bsbjppqpo\ymfsuestssd.exe (Rogue.AntiSpywareSoft) -> Quarantined and deleted successfully. C:\Users\Céline\AppData\Local\Temp\ieyih.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Céline\AppData\Local\Temp\vzi8je.exe (Trojan.Ertfor) -> Quarantined and deleted successfully. C:\Users\Céline\AppData\Local\Temp\oweasmrxnc.exe (Rootkit.Dropper) -> Quarantined and deleted successfully. C:\Users\Céline\AppData\Local\Temp\smss.exe (Trojan.Clicker) -> Quarantined and deleted successfully. C:\Users\Céline\AppData\Local\Temp\khvcol.exe (Rogue.AntiSpywareSoft) -> Quarantined and deleted successfully. C:\Users\Céline\AppData\Local\Temp\ljbwz9xhq.exe (Trojan.Clicker) -> Quarantined and deleted successfully. C:\Users\Céline\AppData\Local\Temp\semacxwnro.exe (Trojan.Hiloti) -> Quarantined and deleted successfully. C:\Users\Céline\AppData\Local\Temp\rknfl.exe (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Users\Céline\AppData\Local\Temp\Rnp.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully. C:\Users\Céline\AppData\Local\Temp\cawexrmons.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully. C:\Users\Céline\AppData\Local\Temp\67D7.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Users\Céline\AppData\Local\Temp\8247.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Users\Céline\AppData\Local\Temp\8D71.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Users\Céline\AppData\Local\Temp\win.exe (Trojan.Clicker) -> Quarantined and deleted successfully. C:\Users\Céline\AppData\Local\Temp\winlogon.exe (Trojan.Clicker) -> Quarantined and deleted successfully. C:\Users\Céline\AppData\Local\Temp\install.exe (Trojan.Clicker) -> Quarantined and deleted successfully. C:\Users\Céline\AppData\Local\Temp\sanmoxcwre.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Céline\AppData\Local\Temp\mracwnoesx.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\System32\j0gms9.dll (Trojan.Ertfor) -> Quarantined and deleted successfully. C:\Windows\System32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\System32\srv.net (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\System32\drivers\wfyyrvlt.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. C:\Users\Céline\AppData\Local\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. Je reessaye RSIT ^^

Ben en fait je n'ai pas de dossier rkill dans mon disque C .. Le bloc notes s'est ouvert juste après que j'ai lancé Rkill. Je suis toujours en analyse MBAM depuis bentôt une heure lol, j'attends

Bonjour. J'ai téléchargé le logiciel pour la réparation des applications exe comme demandé, redémarré mon PC puis executé rkill. LA fenetre noire s'est ouverte, puis de suite le bloc notes avec ceci : This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as C‚line on 09/05/2010 at 11:02:15. Processes terminated by Rkill or while it was running: C:\Users\CLINE~1\AppData\Local\Temp\RtkBtMnt.exe C:\Users\Céline\AppData\Local\bsbjppqpo\ymfsuestssd.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Céline\Desktop\rkill.exe Rkill completed on 09/05/2010 at 11:02:21. Je continue avec MBAM dans le post suivant. Merci bien.

Je viens de me rendre compte que je ne peux plus rien ouvrir, les applications en .exe comme msn, photoshop ou meme rsit sont bloquées par le virus..

Aucun des liens ne marche pour moi. Tout d'abord un écran noir puis nada. Je commence vraiment a desespérer.. Dois-je tenter MBAM quand meme ?

Est ce normal que ma barre et mon bureau aient disparus ? Je suis peut etre en cours d'analyse encore?

Bonsoir Oui désolée, déjà que j'ai eu du mal a comprendre ce que c'était la configuration lol ! C'est un 32 bits ^^

Bonjour à tous (ou plutôt bonsoir !) Voilà, moi aussi j'ai été infectée par ce virus, allez savoir comment, du jour au lendemain des alertes pénibles sont survenues. Au début, j'ai pensé que ca allait passer, mais voila que plusieurs boites de dialogues "Security Warning" s'ouvrent en me disant "Application cannot be executed. The file wuauclt.exe (ou d'autres applications) is infected. Do you want to activate your antivirus software now?" J'ai beau cliquer sur non, un nouveau pretexte survient a chaque fois pour m'empêcher de travailler sur l'ordinateur. La fenetre "Centre de securité Windows" s'ouvre directement après que mon antivirus (McAfee) a expiré.. *oups* N'étant pas professionelle dans le domaine de l'informatique, je fais appel aux connaisseurs pour venir à mon aide. Merci d'avance.