Forum-vista : Entraide et dépannage Windows Vista et Windows Seven

Bonjour,
J ai un souci quand j'allume mon ordinateur il y a ça qui apparait :
C:\Users\AZIZAH~1\AppData\Local\Temp\fpisivsn.dll
Entrée manquante : run

J ai fais un scan avec Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:45, on 06/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft] iexplorer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [Microsoft] iexplorer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\AZIZAH~1\AppData\Local\Temp\vtsqr.dll,#1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\AZIZAH~1\AppData\Local\Temp\byxvw.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\AZIZAH~1\AppData\Local\Temp\fpisivsn.dll",run
O4 - HKCU\..\Run: [2aa81b5c] rundll32.exe "C:\Users\AZIZAH~1\AppData\Local\Temp\mhbpdvhd.dll",b
O4 - HKCU\..\Run: [BM299b28c0] Rundll32.exe "C:\Users\AZIZAH~1\AppData\Local\Temp\vrwqiaow.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\aziz ahammout\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.moove.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 12136 bytes

quelqu un peu m aider svp!!!!

voici le scan de combo.fix

ComboFix 08-03-05.3 - aziz ahammout 2008-03-06 19:18:30.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1050 [GMT 1:00]
Endroit: C:\Users\aziz ahammout\Contacts\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-06 to 2008-03-06 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-06 18:10 --------- d-----w C:\Program Files\Trend Micro
2008-03-06 18:03 --------- d-----w C:\Program Files\Nolmë Informatique
2008-03-06 17:41 43,515 ----a-w C:\Users\aziz ahammout\AppData\Roaming\nvModes.dat
2008-03-06 17:34 --------- d-----w C:\Program Files\InterActual
2008-03-03 16:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-03 15:39 --------- d-----w C:\Users\aziz ahammout\AppData\Roaming\Azureus
2008-03-03 15:39 --------- d-----w C:\ProgramData\Symantec
2008-03-03 15:38 --------- d-----w C:\Program Files\Symantec
2008-03-03 15:29 --------- d-----w C:\Program Files\Alwil Software
2008-02-26 20:00 --------- d-----w C:\Program Files\MSN Messenger
2008-02-26 19:49 --------- d-----w C:\ProgramData\WLInstaller
2008-02-26 18:20 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-26 12:09 --------- d-----w C:\Users\aziz ahammout\AppData\Roaming\AVG7
2008-02-25 22:13 --------- d-----w C:\ProgramData\avg7
2008-02-25 20:59 --------- d-----w C:\ProgramData\Grisoft
2008-02-25 09:26 --------- d-----w C:\Program Files\Windows Live
2008-02-25 09:23 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-24 13:10 --------- d-----w C:\ProgramData\Skype
2008-02-24 00:17 32 ----a-w C:\Users\All Users\ezsid.dat
2008-02-24 00:17 32 ----a-w C:\ProgramData\ezsid.dat
2008-02-24 00:17 --------- d-----w C:\Users\aziz ahammout\AppData\Roaming\skypePM
2008-02-20 18:08 142 ----a-w C:\Users\aziz ahammout\AppData\Roaming\wklnhst.dat
2008-02-19 16:33 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-19 14:50 --------- d-----w C:\Program Files\ICQToolbar
2008-02-18 23:01 --------- d-----w C:\Users\aziz ahammout\AppData\Roaming\ICQ Toolbar
2008-02-18 22:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-18 22:12 --------- d-----w C:\Program Files\ICQ6
2008-02-13 02:12 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 02:12 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 02:10 613,888 ----a-w C:\Windows\System32\wpd_ci.dll
2008-02-13 02:10 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-13 02:10 558,080 ----a-w C:\Windows\System32\oleaut32.dll
2008-02-13 02:10 260,096 ----a-w C:\Windows\System32\dpx.dll
2008-02-13 02:10 224,824 ----a-w C:\Windows\System32\clfs.sys
2008-02-13 02:10 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll
2008-02-13 02:10 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll
2008-02-13 02:10 101,888 ----a-w C:\Windows\System32\drvinst.exe
2008-02-13 02:10 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-02-13 02:06 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 02:06 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 02:06 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 02:06 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 02:06 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 02:06 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 02:06 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-13 02:06 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 02:06 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 02:05 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 02:05 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 02:05 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 02:05 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 02:05 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 02:05 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 02:05 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 02:05 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 02:05 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-13 02:02 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 02:02 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 02:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 02:02 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-09 15:05 --------- d-----w C:\Users\aziz ahammout\AppData\Roaming\SecondLife
2008-02-07 22:42 --------- d-----w C:\Program Files\DivX
2008-02-07 22:13 --------- d-----w C:\Users\aziz ahammout\AppData\Roaming\Yahoo!
2008-02-07 22:13 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-02-07 22:13 --------- d-----w C:\Program Files\Yahoo!
2008-02-03 21:06 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-02-03 21:05 --------- d-----w C:\Users\aziz ahammout\AppData\Roaming\OpenOffice.org2
2008-02-01 17:44 --------- d-----w C:\Users\aziz ahammout\AppData\Roaming\Template
2008-01-19 13:42 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-01-19 12:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-19 12:36 --------- d-----w C:\Program Files\fond-ecran-wallpaper
2008-01-18 20:43 --------- d-----w C:\Program Files\InterVideo
2008-01-18 20:43 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-01-18 20:42 --------- d-----w C:\Program Files\Creative
2008-01-17 21:58 --------- d-----w C:\ProgramData\Adobe Systems
2008-01-11 18:20 81,920 ----a-w C:\Windows\System32\W32N50.dll
2008-01-11 18:20 17,134 ----a-w C:\Windows\System32\PCANDIS5.sys
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-10 02:09 --------- d-----w C:\Program Files\Windows Mail
2008-01-10 02:08 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-10 02:03 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-10 02:03 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-10 02:02 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-07 14:17 --------- d-----w C:\ProgramData\NtiDvdCopy
2007-12-12 21:56 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 21:56 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 21:56 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-10-14 11:05 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 03:02 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"cmds"="C:\Users\AZIZAH~1\AppData\Local\Temp\byxvw.dll" [2008-03-06 17:59 292352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-14 11:54 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 19:57 3784704 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 20:00 815104]
"Acer Tour"="" []
"BisonInst0402"="C:\Windows\BR040286.exe" [2007-03-21 22:16 56112]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-02-27 20:26 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-02-27 20:26 7770112]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-02-27 20:26 81920]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 23:04 464168]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 12:36 32768]
"PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [ ]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2007-01-10 10:34 200704]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2006-08-29 08:26 241664]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2006-11-09 13:37 86016]
"eRecoveryService"="" []
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48 57344]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-01-17 08:01 151552]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-03 21:04 185896]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft"="iexplorer.exe" []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-03-26 21:24:56 528384]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-01-18 21:43:28 212992]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4B1792D5-CE8F-4B56-8BCD-C9A8A09B9225}"= UDP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{77A34628-FB1B-4326-9F10-C1673664B752}"= TCP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{69142319-129A-42BC-9DFD-F8BAA47C5AA3}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{30011F44-8BEC-46E5-A194-71F7BA331C6C}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{4C2DFD7F-5F0C-4517-9866-AF3638F15F05}C:\program files\azureus\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus
"UDP Query User{373B5555-8B3E-4F20-9BCF-20582DE82687}C:\program files\azureus\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus
"TCP Query User{69DE9923-EBD2-4A16-88C7-5A0601A61C59}C:\program files\azureus\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus
"UDP Query User{41FA6826-DF8C-42C1-81F9-222FAF669227}C:\program files\azureus\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus
"{6AB8005F-1775-4386-AF26-A5639A82BFA6}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{20C3C835-E0B5-4F1C-A619-E6BCA73DDA1E}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"TCP Query User{9BBCBA03-8072-4AF2-BEB1-02455AB0E94F}C:\program files\tvants\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts|Desc=TVAnts
"UDP Query User{A65644C2-06F7-4D17-8976-44FE92DBBB19}C:\program files\tvants\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts|Desc=TVAnts
"TCP Query User{85EC105B-DD92-4462-A686-F17BE096B517}C:\program files\sopcast\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application|Desc=SopCast Main Application
"UDP Query User{81596FED-32A5-49CB-87EB-E32DCC1DE0EF}C:\program files\sopcast\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application|Desc=SopCast Main Application
"TCP Query User{63A2323A-392D-44F6-BAF8-7A274B12F2BC}C:\program files\sports interactive\football manager 2008\fm1.exe"= UDP:C:\program files\sports interactive\football manager 2008\fm1.exe:Football Manager 2008|Desc=Football Manager 2008
"UDP Query User{08B23BDD-F429-49EB-973F-5CD93F3D4C1A}C:\program files\sports interactive\football manager 2008\fm1.exe"= TCP:C:\program files\sports interactive\football manager 2008\fm1.exe:Football Manager 2008|Desc=Football Manager 2008
"TCP Query User{D5A15565-FBE2-46ED-8789-6DE7B991100C}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"UDP Query User{864CA17B-27D5-4D8E-A10F-6F1076686226}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"TCP Query User{4FF0C615-EDAE-45B1-B073-2AA2AB204110}C:\users\aziz ahammout\appdata\roaming\sopcast\adv\sopadver.exe"= UDP:C:\users\aziz ahammout\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe|Desc=sopadver.exe
"UDP Query User{51682277-52F2-405D-B3BB-EEEAD1A74ECB}C:\users\aziz ahammout\appdata\roaming\sopcast\adv\sopadver.exe"= TCP:C:\users\aziz ahammout\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe|Desc=sopadver.exe
"TCP Query User{59448707-A2BD-4EDE-B034-93194ECE6B3B}C:\program files\entrecam\entrecam.exe"= UDP:C:\program files\entrecam\entrecam.exe:EntreCam|Desc=EntreCam
"UDP Query User{E1BF9AE2-2F5E-46F1-AEAD-B85260729321}C:\program files\entrecam\entrecam.exe"= TCP:C:\program files\entrecam\entrecam.exe:EntreCam|Desc=EntreCam
"TCP Query User{5B23B5C1-46C1-448C-9A51-955D0354C13B}C:\program files\sopcast\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application|Desc=SopCast Main Application
"UDP Query User{95A63E4F-0E0D-4C04-950A-11658875C3C9}C:\program files\sopcast\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application|Desc=SopCast Main Application
"TCP Query User{73E49E04-E5CF-41E8-B99F-74A3B39B3924}C:\program files\tvants\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts|Desc=TVAnts
"UDP Query User{CD2FA1A0-FBD1-43F8-8684-91BE3415D8C0}C:\program files\tvants\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts|Desc=TVAnts
"TCP Query User{BD773268-A6CF-4AD9-A0CE-CD02BD5EE85B}C:\users\aziz ahammout\appdata\roaming\sopcast\adv\sopadver.exe"= UDP:C:\users\aziz ahammout\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe|Desc=sopadver.exe
"UDP Query User{11D5547B-6E74-4861-8508-1DEDCBEC584D}C:\users\aziz ahammout\appdata\roaming\sopcast\adv\sopadver.exe"= TCP:C:\users\aziz ahammout\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe|Desc=sopadver.exe
"TCP Query User{026CD57B-E8A0-401B-9186-82E1441FA89A}C:\program files\echanblard\emule.exe"= UDP:C:\program files\echanblard\emule.exe:eChanblard|Desc=eChanblard
"UDP Query User{3E0EB115-C668-4109-8B9C-142C39AA77DB}C:\program files\echanblard\emule.exe"= TCP:C:\program files\echanblard\emule.exe:eChanblard|Desc=eChanblard
"TCP Query User{D2CC6A86-F491-4304-8AEA-14298959AD48}C:\program files\echanblard\emule.exe"= UDP:C:\program files\echanblard\emule.exe:eChanblard|Desc=eChanblard
"UDP Query User{03450EE6-DA1E-49FE-8D74-B2C83ACCA541}C:\program files\echanblard\emule.exe"= TCP:C:\program files\echanblard\emule.exe:eChanblard|Desc=eChanblard
"TCP Query User{E6B12FEE-F2CA-4853-A2B6-36A1331B60A9}C:\program files\tvuplayer\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVU Player Component|Desc=TVU Player Component
"UDP Query User{101C0445-F4FA-4EB2-BFAA-D198CCBFA5C6}C:\program files\tvuplayer\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVU Player Component|Desc=TVU Player Component
"TCP Query User{7EB04FDB-7EFB-48EA-ABA5-325AD71EA8F5}C:\program files\sopcast\adv\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver|Desc=SopCast Adver
"UDP Query User{035A9B11-582C-45C5-96DF-CB27AFFEDBDA}C:\program files\sopcast\adv\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver|Desc=SopCast Adver
"TCP Query User{447831CE-D390-4E9C-9F1C-823D41DD8D04}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"UDP Query User{355999D2-839A-4BE5-ADB6-7A34F852F7AD}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"TCP Query User{EE26C134-86F9-496C-8A00-DCED6CB04373}C:\program files\redlightcenter\redlightcenter\redlightcenter.exe"= UDP:C:\program files\redlightcenter\redlightcenter\redlightcenter.exe:Redlightcenter|Desc=Redlightcenter
"UDP Query User{E05BB234-A064-4EE3-AB88-F46794579B0C}C:\program files\redlightcenter\redlightcenter\redlightcenter.exe"= TCP:C:\program files\redlightcenter\redlightcenter\redlightcenter.exe:Redlightcenter|Desc=Redlightcenter
"TCP Query User{C94210E6-5EA8-4C7A-BF37-34F1B250CDF6}C:\program files\entrecam\entrecam.exe"= UDP:C:\program files\entrecam\entrecam.exe:EntreCam|Desc=EntreCam
"UDP Query User{BCFBF3CC-0BCE-4B92-9B1B-C0154625313F}C:\program files\entrecam\entrecam.exe"= TCP:C:\program files\entrecam\entrecam.exe:EntreCam|Desc=EntreCam
"TCP Query User{442C15B1-9BBC-4E31-8DED-B226E97E7028}C:\program files\sopcast\adv\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver|Desc=SopCast Adver
"UDP Query User{9204167E-2312-4859-ADD5-F0EAC72C33EB}C:\program files\sopcast\adv\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver|Desc=SopCast Adver
"TCP Query User{89C96EA9-1F91-450A-89A8-02C9C22F9FA1}C:\program files\videolan\vlc\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player|Desc=VLC media player
"UDP Query User{88489EF1-8FB1-4B43-9DD3-A93F75D5B834}C:\program files\videolan\vlc\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player|Desc=VLC media player
"TCP Query User{3B2EAF13-86E1-4D7B-94FD-BDE97698FDEB}C:\program files\tvuplayer\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVU Player Component|Desc=TVU Player Component
"UDP Query User{D012E3FD-4123-472D-81BE-C83EA1C49804}C:\program files\tvuplayer\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVU Player Component|Desc=TVU Player Component
"{BC8B9CC0-0EA2-4209-9ECF-D664FD3400CB}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{727ADB50-5A47-4DCC-AA65-D1DCA14D6D7A}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{76F66C50-9CD4-41EF-8C33-40F5565CEE3E}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{5E4712FE-99AC-4843-AD6A-6FFE64094DA7}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{0C703C8F-1502-4B85-A6D2-A85E798C40B5}C:\program files\flightgear\bin\win32\fgfs.exe"= UDP:C:\program files\flightgear\bin\win32\fgfs.exe:fgfs|Desc=fgfs
"UDP Query User{2DDE8FB6-1B8B-4EB0-ACEA-0279CE62886D}C:\program files\flightgear\bin\win32\fgfs.exe"= TCP:C:\program files\flightgear\bin\win32\fgfs.exe:fgfs|Desc=fgfs
"TCP Query User{08318509-B6F8-4432-9AD9-13A3E3707E0B}C:\program files\yahoo!\messenger\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger|Desc=Yahoo! Messenger
"UDP Query User{B54E6F60-D281-400D-A52A-D4457B4B6F70}C:\program files\yahoo!\messenger\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger|Desc=Yahoo! Messenger
"{FF369437-3E17-4FB2-8555-4644ED3DEE16}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{912A3172-7C8A-4B2B-8857-DE4842CBF855}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{73F75778-F162-4029-9DB2-8BB787319580}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{F3D46518-A9C4-4B27-BD24-607EE69F1F32}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{B191FB2E-2E38-4B87-8510-A0B57376BA00}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{E0FCD32E-EE7C-4FD7-94A3-D134DDB49353}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{99A90479-E091-4060-BC7C-14134866252A}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{55FCEDD2-794E-4A99-AB4D-EFF18A7C31F4}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"TCP Query User{84F11523-0033-4883-93F9-E5AD8BB02C69}C:\users\aziz ahammout\documents\worms.4.mayhem-reloaded\crack\worms 4 mayhem.exe"= UDP:C:\users\aziz ahammout\documents\worms.4.mayhem-reloaded\crack\worms 4 mayhem.exe:worms 4 mayhem.exe|Desc=worms 4 mayhem.exe
"UDP Query User{4A6EFE11-AE1E-428F-9F36-CC5260C03E65}C:\users\aziz ahammout\documents\worms.4.mayhem-reloaded\crack\worms 4 mayhem.exe"= TCP:C:\users\aziz ahammout\documents\worms.4.mayhem-reloaded\crack\worms 4 mayhem.exe:worms 4 mayhem.exe|Desc=worms 4 mayhem.exe
"TCP Query User{0E709D11-4A4E-49B6-9E6A-769F679EC278}C:\users\aziz ahammout\documents\worms.4.mayhem-reloaded\crack\worms 4 mayhem.exe"= UDP:C:\users\aziz ahammout\documents\worms.4.mayhem-reloaded\crack\worms 4 mayhem.exe:worms 4 mayhem.exe|Desc=worms 4 mayhem.exe
"UDP Query User{F12CF795-106D-4B65-AD7C-53CB8BEEFD9C}C:\users\aziz ahammout\documents\worms.4.mayhem-reloaded\crack\worms 4 mayhem.exe"= TCP:C:\users\aziz ahammout\documents\worms.4.mayhem-reloaded\crack\worms 4 mayhem.exe:worms 4 mayhem.exe|Desc=worms 4 mayhem.exe
"TCP Query User{6583B647-28CE-4148-BB7E-533A694AD548}C:\program files\real\realplayer\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer|Desc=RealPlayer
"UDP Query User{5DC939A9-97A5-4883-BBE5-1C8B69ECB62D}C:\program files\real\realplayer\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer|Desc=RealPlayer
"TCP Query User{9026E28B-9062-46A3-9579-52D95CEC2743}C:\moove\_adv.exe"= UDP:C:\moove\_adv.exe:Roomancer - moove Online World Client|Desc=Roomancer - moove Online World Client
"UDP Query User{DE30549C-A782-451D-98BE-EE48E0DEB85C}C:\moove\_adv.exe"= TCP:C:\moove\_adv.exe:Roomancer - moove Online World Client|Desc=Roomancer - moove Online World Client
"TCP Query User{980BFA54-453E-45B7-A322-8D958DDEEAFD}C:\program files\secondlife\slvoice.exe"= UDP:C:\program files\secondlife\slvoice.exe:SLVoice|Desc=SLVoice
"UDP Query User{4BEC434A-E1E0-402B-BB07-023ABAE5B2FF}C:\program files\secondlife\slvoice.exe"= TCP:C:\program files\secondlife\slvoice.exe:SLVoice|Desc=SLVoice
"TCP Query User{6718FACC-E408-4398-A91A-116ECCCC3315}C:\program files\skype\phone\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath |Desc=Skype. Take a deep breath
"UDP Query User{B43908FA-9709-4522-843C-5417D3461714}C:\program files\skype\phone\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath |Desc=Skype. Take a deep breath
"{A2999B10-B3AD-4A79-B1C1-EA584C6C0509}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-06 23:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-06 23:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-06 23:04]
R1 Hotkey;Hotkey;C:\Windows\system32\drivers\Hotkey.sys [2003-04-28 10:27]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-06 23:04]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-03-22 17:21]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-04-24 18:17]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-01-02 08:33]
R3 Cam5607;Acer OrbiCam;C:\Windows\system32\Drivers\BisonC07.sys [2007-05-02 19:59]
R3 RTL8169;Pilote Realtek 8169 NT;C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 08:30]
R3 WisLMSvc;WisLMSvc;"C:\Program Files\Launch Manager\WisLMSvc.exe" [2006-11-17 19:45]
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 08:30]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 20:18]
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2007-12-27 18:28]
S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 15:47]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c542c40-e379-11dc-b263-0016d358095d}]
\shell\AutoRun\command - ie.exe
\shell\explore\Command - ie.exe
\shell\open\Command - ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d2d119c-d0e7-11dc-b405-0016d358095d}]
\shell\AutoRun\command - F:\p3r1ud.exe
\shell\explore\Command - F:\p3r1ud.exe
\shell\open\Command - F:\p3r1ud.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d2d11de-d0e7-11dc-b405-0016d358095d}]
\shell\AutoRun\command - G:\p3r1ud.exe
\shell\explore\Command - G:\p3r1ud.exe
\shell\open\Command - G:\p3r1ud.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50034aea-c56b-11dc-a558-0016d358095d}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c76a6dc-aa51-11dc-8272-00197e85a989}]
\shell\Setup\command - setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65cdd7e2-9e8a-11dc-990c-0016d358095d}]
\shell\AutoRun\command - G:\euromed.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65cdd7e4-9e8a-11dc-990c-0016d358095d}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72f0530e-7e63-11dc-8190-0016d358095d}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a13e8bd7-c5bd-11dc-9b9e-0016d358095d}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd9b8e44-c755-11dc-8e6d-0016d358095d}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\shell\Open(&0)\command - Recycled\ctfmon.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-05 21:02:21 C:\Windows\Tasks\User_Feed_Synchronization-{33F5DB35-44B2-4EBB-9AD8-73083E358805}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 19:23:06
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-06 19:24:57
.
2008-03-04 18:30:59 --- E O F ---

Bonsoir,

Avant d'aller plus loin :
Il faut désinstaller proprement Symantec avec cet outil:
http://service1.symantec.com/SUPPORT/IN ... =&osv_lvl=
L’outil de désinstallation Norton

Dans Programmes et fonctionnalités, il faut désinstaller ces deux là:
BOONTY et IMVU
Et tout ce qui peut trainer et concerner Symantec ou Norton.

Télécharge et installe Malwarebyte's Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

A la fin de l'installation, veille à ce que l'option Mettre à jour Malwarebytes' Anti-Malware soit cochée. >>> clique sur "Terminer"
Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur le bureau.
Au premier lancement, une fenêtre t'annonce que la version est Free >>> clique sur ok

Laisse les Mises à jour se télécharger

*** Referme le programme ***

Redémarre en "Mode sans échec"

Lance Malwarebyte's Anti-Malware
Onglet "Recherche" >>> coche Exécuter un examen complet >>> Rechercher
Sélectionne ton disque dur >>> clic sur Lancer l'examen

A la fin du scan >>> clique sur Afficher les résultats >>> Enregistrer le Rapport
Suppression des éléments détectés >>>> clique sur Supprimer la sélection
Redémarre en mode normal.

Poste un copier-coller du rapport qui se trouve dans l'onglet Rapport/Logs.
Ainsi qu'un nouveau rapport Hijackthis.

@+

Merci de ton aide
je t envoie le rapport dehijack d abord :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:30, on 08/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [Microsoft] iexplorer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\aziz ahammout\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.moove.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 10825 bytes

voici le rapport de malawarbytes

Malwarebytes' Anti-Malware 1.07
Version de la base de données: 467

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 137214
Temps écoulé: 30 minute(s), 3 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0ac49246-419b-4ee0-8917-8818daad6a4e} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99410cde-6f16-42ce-9d49-3807f78f0287} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Malware.Trace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\aziz ahammout\AppData\Local\Temp\byxvw.dll (Malware.Trace) -> Quarantined and deleted successfully.

Bonjour.

Tu pourras vider la quarantaine de Malwarebytes.

Dans Démarrer, tape dans la barre de recherche services.msc.
Tu double cliques sur chacun de ceux qui suivent et tu les arr^tes et tu les désactives dans Type de démarrage en validant à chaque fois.

Boonty Games - BOONTY
Planificateur LiveUpdate automatique

Tu refermes le gestionnaire de services.

Tu fermes toute autre application et tu lances Hijackthis, par clic droit et Exécuter en tant qu'administrateur et le bouton Do a system scan only.
Tu coches les lignes suivantes :

O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe
O4 - HKLM\..\RunServices: [Microsoft] iexplorer.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\aziz ahammout\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

Cliques sur Fix checked, puis sur le bouton Main menu.
Clique sur Open the misc tools section et Delete an NT service
Dans le pop-up tu colles :
Boonty Games - BOONTY
Et tu valides par OK sans renir compte de l'avertissement
Tu recommences avec
Planificateur LiveUpdate automatique

Télécharge OTMoveIt2 : http://download.bleepingcomputer.com/ol ... oveIt2.exe
Sur ton bureau. Important.

Lance OtMoveIt, il ne nécessite pas d'installation.(Clic droit Exécuter en tant...)

Tu inscris (ou tu colles) le chemin du fichier/dossier à supprimer (C'est à dire ce qui suit)dans la fenêtre de gauche, cadre du haut , en-tête bleu
(Paste Standard List of Files/Folders to Move) et tu cliques sur MoveIt! (en rouge).
(La case Unregister Dll's and OCX's doit être cochée.)

C:\Program Files\Common Files\BOONTY Shared
C:\Program Files\Symantec
C:\Windows\BR040286.exe
C:\Users\aziz ahammout\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU

Le résultat apparaitra dans le cadre Results à droite.
Clique sur Exit pour fermer.
Un rapport sera enregistré dans C:\\_OTMoveIt\MovedFiles.(xxxxxxxx_xxxxxx.log)
Les x sont des chiffres qui correspondent à la date et l'heure du scan.
Redémarre le pc et poste le rapport avec un nouveau Hijackthis.

Il faut mettre à jour:
-Java Runtime Environment (JRE)6u5 :
http://java.sun.com/javase/downloads/index.jsp
Clique sur Download Java Runtime Environment (JRE) 6 update 5
Dans la page suivante, choisis Windows dans Platform coche I agree to the Java SE Runtime Environment 6 License Agreement et Continue
Dans la nouvelle page, coche Windows Offline Installation, et clique sur jre-6u5-windows-i586-p.exe //15.18 MB.
Tu l'installeras hors connexion.
Dans Démarrer, tape appwiz.cpl, puis Entrée et supprime toutes les autres versions.

-Acrobat Reader 8.1.2 :
http://www.adobe.com/products/acrobat/r ... sions.html
Décocher Téléchargez également :Adobe Photoshop® Album Édition
Dans Démarrer, tape appwiz.cpl, puis Entrée et supprime toutes les autres versions.
Tu peux aussi le remplacer par :
http://www.foxitsoftware.com/pdf/reader ... reader.htm
Plus rapide et plus léger.

@+

Merci de ton aide precieuse

voici le rapport de movelt

Folder move failed. C:\Program Files\Common Files\BOONTY Shared\Service scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\BOONTY Shared scheduled to be moved on reboot.
File/Folder C:\Program Files\Symantec not found.
File move failed. C:\Windows\BR040286.exe scheduled to be moved on reboot.
File/Folder C:\Users\aziz ahammout\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU not found.

OTMoveIt2 v1.0.20 log created on 03082008_162708

celui de hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:39:15, on 08/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.moove.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 9778 bytes

Je te remercie pour tout

plus

Bonjour,
Ce dernier rapport est propre.
Il te reste à supprimer les outils inutiles à conserver.
Lance OTMoveIt.exe et tu cliques sur le bouton Cleanup (en bleu).
Puis dans le popup Cleanup list download successful. Begin cleanup process ?, accepte par Yes

Pour Malwarebytes, conserves-le et pense à le mettre à jour avant de faire une analyse en cas de besoin.

@+

PS clique sur l'image de ma signature et lis l'article qui s'ouvre.

Forum-vista : Entraide et dépannage Windows Vista et Windows Seven

problem entrée manquante

problem entrée manquante

Re: problem entrée manquante

Re: problem entrée manquante

Re: problem entrée manquante

Re: problem entrée manquante

Re: problem entrée manquante

Re: problem entrée manquante

Re: problem entrée manquante