Se connecter avec
S'enregistrer | Connectez-vous

PC qui rame,scan hijack a analyser

Dernière réponse : dans Sécurité

bonjour a vous tous,depuis quelques jours mon ordi rame et je ne comprends pas pourquoi. si quelqu un peut analyser mon rapport hijackthis pour voir si il ya un probleme quelque part...
merci d avance.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:47:25, on 15/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Users\ri\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homep...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8895 bytes

Autres pages sur : rame scan hijack analyser

Lassé par la pub ? Créez un compte

Bonjour,

Petite infection.

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    bonjour Angeldark,merci de m aider a résoudre mon probleme...
    ci-joint le rapport de combofix.

    ComboFix 08-03-14.4 - ri 2008-03-15 20:06:57.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.831 [GMT 1:00]
    Endroit: C:\Users\ri\Documents\Mes téléchargements\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-15 to 2008-03-15 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-08 16:23 . 2008-03-08 16:23 <REP> d-------- C:\Windows\Sun
    2008-03-08 16:20 . 2008-03-08 16:21 <REP> d-------- C:\Program Files\Java
    2008-03-08 16:16 . 2008-03-08 16:16 <REP> d-------- C:\Program Files\Common Files\Java
    2008-03-03 17:44 . 2008-03-03 17:44 <REP> d-------- C:\Program Files\Common Files\Adobe
    2008-03-03 12:10 . 2008-03-15 20:04 <REP> d-------- C:\Users\ri\AppData\Roaming\Spyware Terminator
    2008-03-01 11:35 . 2008-03-02 12:03 138,752 --a------ C:\Windows\System32\drivers\sp_rsdrv2.sys
    2008-02-23 12:45 . 2008-02-23 12:45 <REP> d-------- C:\Users\ri\Roaming
    2008-02-23 12:45 . 2008-02-23 12:45 <REP> d-------- C:\Users\ri\AppData\Roaming\MySpace
    2008-02-23 12:45 . 2008-02-23 12:45 <REP> d-------- C:\Users\Default\Roaming
    2008-02-23 12:45 . 2008-02-23 12:45 <REP> d-------- C:\Program Files\MySpace
    2008-02-21 19:47 . 2008-02-21 19:47 <REP> d-------- C:\Users\All Users\eMule
    2008-02-21 19:47 . 2008-02-21 19:47 <REP> d-------- C:\ProgramData\eMule
    2008-02-21 19:45 . 2008-02-21 19:46 <REP> d-------- C:\Program Files\eMule
    2008-02-17 18:01 . 2008-02-17 18:02 <REP> d-------- C:\Program Files\Picasa2
    2008-02-17 17:57 . 2008-02-17 17:57 <REP> d-------- C:\Program Files\VideoLAN
    2008-02-17 17:56 . 2008-02-17 17:56 <REP> d-------- C:\Users\All Users\Google Updater
    2008-02-17 17:56 . 2008-02-17 17:56 <REP> d-------- C:\ProgramData\Google Updater
    2008-02-15 07:18 . 2008-01-10 06:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-14 18:28 --------- d-----w C:\Program Files\Spyware Terminator
    2008-03-13 19:38 --------- d-----w C:\ProgramData\Spyware Terminator
    2008-03-12 19:02 --------- d-----w C:\ProgramData\Microsoft Help
    2008-02-17 16:56 --------- d-----w C:\Program Files\Google
    2008-02-14 05:48 194,560 ----a-w C:\Windows\System32\WebClnt.dll
    2008-02-14 05:48 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
    2008-02-14 05:44 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
    2008-02-14 05:44 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-02-14 05:44 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-02-14 05:44 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
    2008-02-14 05:44 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
    2008-02-14 05:44 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
    2008-02-14 05:44 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
    2008-02-14 05:43 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-02-14 05:43 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-02-14 05:43 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-02-14 05:43 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-02-14 05:43 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-02-14 05:43 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-02-14 05:43 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-02-14 05:43 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-02-14 05:43 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-02-14 05:43 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-02-14 05:43 1,686,528 ----a-w C:\Windows\System32\gameux.dll
    2008-02-14 05:40 824,832 ----a-w C:\Windows\System32\wininet.dll
    2008-02-14 05:40 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-14 05:40 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-14 05:40 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-10 19:51 --------- d-----w C:\Program Files\Navilog1
    2008-02-10 17:50 --------- d-----w C:\Program Files\CCleaner
    2008-02-10 10:05 --------- d-----w C:\Users\ri\AppData\Roaming\Application Data
    2008-02-10 09:52 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
    2008-02-10 09:38 --------- d-----w C:\ProgramData\Avira
    2008-02-10 09:38 --------- d-----w C:\Program Files\Avira
    2008-02-10 09:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-10 09:01 38,968 ----a-w C:\Windows\system32\drivers\ShlDrv51.sys
    2008-02-10 09:01 178,872 ----a-w C:\Windows\system32\drivers\PavProc.sys
    2008-02-10 08:57 --------- d-----w C:\ProgramData\sentinel
    2008-02-06 21:34 --------- d-----w C:\ProgramData\Lavasoft
    2008-02-06 21:34 --------- d-----w C:\Program Files\Lavasoft
    2008-02-06 21:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-03 22:32 --------- d-----w C:\Program Files\Yahoo!
    2008-02-03 22:32 --------- d-----w C:\Program Files\Common Files\Scanner
    2008-02-03 22:16 --------- d---a-w C:\ProgramData\TEMP
    2008-02-03 21:51 --------- d-----w C:\ProgramData\Symantec
    2008-02-03 11:14 --------- d-----w C:\Program Files\Trend Micro
    2008-02-02 09:11 --------- d-----w C:\Program Files\Alwil Software
    2008-01-29 07:31 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
    2008-01-29 07:31 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
    2008-01-28 22:53 --------- d-----w C:\ProgramData\Grisoft
    2008-01-28 06:24 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-01-27 19:19 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-01-27 19:12 --------- d-----w C:\ProgramData\WLInstaller
    2008-01-27 17:24 --------- d-----w C:\Users\ri\AppData\Roaming\Todae
    2008-01-26 22:22 --------- d-----w C:\Program Files\Acer GameZone
    2008-01-26 22:21 --------- d-----w C:\Program Files\Common Files\Oberon Media
    2008-01-26 21:15 27,050 ----a-w C:\Users\ri\AppData\Roaming\nvModes.dat
    2008-01-26 18:51 --------- d-----w C:\Program Files\BoontyGames
    2008-01-25 18:45 --------- d-----w C:\Program Files\3B-Editions
    2008-01-22 19:21 --------- d-----w C:\ProgramData\BVRP Software
    2008-01-22 19:21 --------- d-----w C:\Program Files\Avanquest update
    2008-01-22 18:53 --------- d-----w C:\ProgramData\Sony Ericsson
    2008-01-22 18:53 --------- d-----w C:\Program Files\Sony Ericsson
    2008-01-22 18:52 --------- d-----w C:\Users\ri\AppData\Roaming\InstallShield
    2008-01-22 17:09 --------- d-----w C:\ProgramData\Yahoo! Companion
    2008-01-22 12:47 174 --sha-w C:\Program Files\desktop.ini
    2008-01-22 12:42 --------- d-----w C:\Program Files\Windows Sidebar
    2008-01-22 12:42 --------- d-----w C:\Program Files\Windows Mail
    2008-01-22 12:42 --------- d-----w C:\Program Files\Windows Calendar
    2008-01-22 11:33 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
    2008-01-22 11:30 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
    2008-01-22 11:30 7,680 ----a-w C:\Windows\System32\spwmp.dll
    2008-01-22 11:30 4,096 ----a-w C:\Windows\System32\dxmasf.dll
    2008-01-22 11:30 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
    2008-01-22 11:27 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
    2008-01-22 11:26 8,704 ----a-w C:\Windows\System32\hcrstco.dll
    2008-01-22 11:26 8,704 ----a-w C:\Windows\System32\hccoin.dll
    2008-01-22 11:26 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
    2008-01-22 11:26 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
    2008-01-22 11:26 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
    2008-01-22 11:26 193,536 ----a-w C:\Windows\system32\drivers\usbhub.sys
    2008-01-22 11:26 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
    2008-01-22 11:25 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2008-01-22 11:24 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2008-01-22 11:24 223,232 ----a-w C:\Windows\System32\WMASF.DLL
    2008-01-22 11:23 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
    2008-01-22 11:21 84,480 ----a-w C:\Windows\System32\INETRES.dll
    2008-01-22 11:21 737,792 ----a-w C:\Windows\System32\inetcomm.dll
    2008-01-22 11:21 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2008-01-22 11:18 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
    2008-01-22 11:18 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
    2008-01-22 11:18 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
    2008-01-22 11:18 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
    2008-01-22 11:18 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
    2008-01-22 11:17 --------- d-----w C:\Program Files\MSXML 4.0
    2008-01-22 11:16 750,080 ----a-w C:\Windows\System32\qmgr.dll
    2008-01-21 20:44 53,080 ----a-w C:\Windows\System32\wuauclt.exe
    2008-01-21 20:44 43,352 ----a-w C:\Windows\System32\wups2.dll
    2008-01-21 20:44 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
    2008-01-21 20:44 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-22 12:21 1232896]
    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-26 02:46 1006264]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 04:06 4669440 C:\Windows\RtHDVCpl.exe]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 15:33 457216]
    "eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 13:54 1286144]
    "Acer Tour"="" []
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 13:53 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 13:53 8433664]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 13:53 81920]
    "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-08-15 10:21 772616]
    "eRecoveryService"="" []
    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552]
    "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-10 10:40 249896]
    "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-02 12:03 2957824]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 09:06 159744]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-07-26 03:17:00 535336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Outil de mise à jour Google.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Outil de mise à jour Google.lnk
    backup=C:\Windows\pss\Outil de mise à jour Google.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    --a------ 2007-06-06 09:06 159744 C:\Program Files\Apoint2K\Apoint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    --a------ 2007-10-23 22:18 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
    --------- 2007-05-24 13:38 206952 C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    --a------ 2007-11-20 15:29 360448 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{C0B4CECA-9415-4C07-B5D9-AFA36EF6EFCA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{5B8A61E7-A297-4725-86E2-940DDAD57A48}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{59DE5281-D76E-4158-8705-CF329C4E4652}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
    "{F7BE5145-CFB9-4EF6-B59F-1DE503F9CE8D}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
    "{C86DBA55-A3E3-4F9D-96E7-A08610EB6934}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
    "{C65B0CFD-D277-4C74-BB3B-50A605A73447}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:D V Wizard
    "{1BB06E06-6118-4A32-93E0-F96B5CF655CA}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:D VDivine
    "{4AFD5128-56ED-41C0-B6D2-1D7B90005C9C}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:p lay Movie
    "{7B9DCB10-108E-45FC-90DF-AFA9690F7AC3}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:p lay Movie Resident Program
    "{C0D2017D-0285-4A82-945B-164148380A07}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{C92C7EF6-8FEC-47BE-AA46-44F680E06897}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{F580227D-4B74-40BF-A399-F675B3246A1C}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{309AF87A-556B-48AD-ADD1-9E8255A5B23E}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{1D42CD2A-324F-47A1-9D94-B93DC00A07C1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{7C66179D-BA1B-448F-AC94-0923B389D0A1}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{B0AD2B2C-6FEF-4DD7-9618-42636B82C194}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 15:34]
    R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 15:34]
    R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 15:34]
    R1 ShldDrv;Panda File Shield Driver;C:\Windows\system32\DRIVERS\ShlDrv51.sys [2008-02-10 10:01]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Windows\system32\drivers\sp_rsdrv2.sys [2008-03-02 12:03]
    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 16:51]
    R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 13:24]
    R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 15:34]
    R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 15:54]
    R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 17:50]
    R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57]
    R2 PavProc;Panda Process Protection Driver;C:\Windows\system32\DRIVERS\PavProc.sys [2008-02-10 10:01]
    R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-09-14 14:32]
    R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-17 01:46]
    R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 11:03]
    R3 Cam5607;Acer Crystal Eye webcam;C:\Windows\system32\Drivers\BisonC07.sys [2007-05-28 06:57]
    R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-05-16 13:47]
    R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-05-17 02:05]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-05 17:34:44 C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
    - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-15 20:08:28
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-15 20:09:15
    .
    2008-03-13 17:08:38 --- E O F ---

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\Windows\system32\ActiveToolBand.dll


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

    j ai bien fait ce que tu m as dit mais au moment de faire glisser le CFScript.txt dans le combofix,il s affiche un message d erreur:" u cannot rename combofix as combofix" et du coup rien ne se passe.

    la je suis perdu,je ne sais pas quoi faire

    je te joint quand meme un rapport combofix et un hijackthis que je viens de faire. mais je pense que ce n est pas ce que tu demandais.désolé si ce ne sont pas les bons.


    ComboFix 08-03-14.4 - ri 2008-03-15 21:48:35.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.830 [GMT 1:00]
    Endroit: C:\Users\ri\Documents\Mes téléchargements\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-15 to 2008-03-15 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-08 16:23 . 2008-03-08 16:23 <REP> d-------- C:\Windows\Sun
    2008-03-08 16:20 . 2008-03-08 16:21 <REP> d-------- C:\Program Files\Java
    2008-03-08 16:16 . 2008-03-08 16:16 <REP> d-------- C:\Program Files\Common Files\Java
    2008-03-03 17:44 . 2008-03-03 17:44 <REP> d-------- C:\Program Files\Common Files\Adobe
    2008-03-03 12:10 . 2008-03-15 20:04 <REP> d-------- C:\Users\ri\AppData\Roaming\Spyware Terminator
    2008-03-01 11:35 . 2008-03-02 12:03 138,752 --a------ C:\Windows\System32\drivers\sp_rsdrv2.sys
    2008-02-23 12:45 . 2008-02-23 12:45 <REP> d-------- C:\Users\ri\Roaming
    2008-02-23 12:45 . 2008-02-23 12:45 <REP> d-------- C:\Users\ri\AppData\Roaming\MySpace
    2008-02-23 12:45 . 2008-02-23 12:45 <REP> d-------- C:\Users\Default\Roaming
    2008-02-23 12:45 . 2008-02-23 12:45 <REP> d-------- C:\Program Files\MySpace
    2008-02-21 19:47 . 2008-02-21 19:47 <REP> d-------- C:\Users\All Users\eMule
    2008-02-21 19:47 . 2008-02-21 19:47 <REP> d-------- C:\ProgramData\eMule
    2008-02-21 19:45 . 2008-02-21 19:46 <REP> d-------- C:\Program Files\eMule
    2008-02-17 18:01 . 2008-02-17 18:02 <REP> d-------- C:\Program Files\Picasa2
    2008-02-17 17:57 . 2008-02-17 17:57 <REP> d-------- C:\Program Files\VideoLAN
    2008-02-17 17:56 . 2008-02-17 17:56 <REP> d-------- C:\Users\All Users\Google Updater
    2008-02-17 17:56 . 2008-02-17 17:56 <REP> d-------- C:\ProgramData\Google Updater
    2008-02-15 07:18 . 2008-01-10 06:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-14 18:28 --------- d-----w C:\Program Files\Spyware Terminator
    2008-03-13 19:38 --------- d-----w C:\ProgramData\Spyware Terminator
    2008-03-12 19:02 --------- d-----w C:\ProgramData\Microsoft Help
    2008-02-17 16:56 --------- d-----w C:\Program Files\Google
    2008-02-14 05:48 194,560 ----a-w C:\Windows\System32\WebClnt.dll
    2008-02-14 05:48 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
    2008-02-14 05:44 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
    2008-02-14 05:44 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-02-14 05:44 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-02-14 05:44 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
    2008-02-14 05:44 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
    2008-02-14 05:44 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
    2008-02-14 05:44 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
    2008-02-14 05:43 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-02-14 05:43 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-02-14 05:43 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-02-14 05:43 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-02-14 05:43 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-02-14 05:43 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-02-14 05:43 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-02-14 05:43 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-02-14 05:43 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-02-14 05:43 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-02-14 05:43 1,686,528 ----a-w C:\Windows\System32\gameux.dll
    2008-02-14 05:40 824,832 ----a-w C:\Windows\System32\wininet.dll
    2008-02-14 05:40 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-14 05:40 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-14 05:40 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-10 19:51 --------- d-----w C:\Program Files\Navilog1
    2008-02-10 17:50 --------- d-----w C:\Program Files\CCleaner
    2008-02-10 10:05 --------- d-----w C:\Users\ri\AppData\Roaming\Application Data
    2008-02-10 09:52 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
    2008-02-10 09:38 --------- d-----w C:\ProgramData\Avira
    2008-02-10 09:38 --------- d-----w C:\Program Files\Avira
    2008-02-10 09:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-10 09:01 38,968 ----a-w C:\Windows\system32\drivers\ShlDrv51.sys
    2008-02-10 09:01 178,872 ----a-w C:\Windows\system32\drivers\PavProc.sys
    2008-02-10 08:57 --------- d-----w C:\ProgramData\sentinel
    2008-02-06 21:34 --------- d-----w C:\ProgramData\Lavasoft
    2008-02-06 21:34 --------- d-----w C:\Program Files\Lavasoft
    2008-02-06 21:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-03 22:32 --------- d-----w C:\Program Files\Yahoo!
    2008-02-03 22:32 --------- d-----w C:\Program Files\Common Files\Scanner
    2008-02-03 22:16 --------- d---a-w C:\ProgramData\TEMP
    2008-02-03 21:51 --------- d-----w C:\ProgramData\Symantec
    2008-02-03 11:14 --------- d-----w C:\Program Files\Trend Micro
    2008-02-02 09:11 --------- d-----w C:\Program Files\Alwil Software
    2008-01-29 07:31 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
    2008-01-29 07:31 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
    2008-01-28 22:53 --------- d-----w C:\ProgramData\Grisoft
    2008-01-28 06:24 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-01-27 19:19 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-01-27 19:12 --------- d-----w C:\ProgramData\WLInstaller
    2008-01-27 17:24 --------- d-----w C:\Users\ri\AppData\Roaming\Todae
    2008-01-26 22:22 --------- d-----w C:\Program Files\Acer GameZone
    2008-01-26 22:21 --------- d-----w C:\Program Files\Common Files\Oberon Media
    2008-01-26 21:15 27,050 ----a-w C:\Users\ri\AppData\Roaming\nvModes.dat
    2008-01-26 18:51 --------- d-----w C:\Program Files\BoontyGames
    2008-01-25 18:45 --------- d-----w C:\Program Files\3B-Editions
    2008-01-22 19:21 --------- d-----w C:\ProgramData\BVRP Software
    2008-01-22 19:21 --------- d-----w C:\Program Files\Avanquest update
    2008-01-22 18:53 --------- d-----w C:\ProgramData\Sony Ericsson
    2008-01-22 18:53 --------- d-----w C:\Program Files\Sony Ericsson
    2008-01-22 18:52 --------- d-----w C:\Users\ri\AppData\Roaming\InstallShield
    2008-01-22 17:09 --------- d-----w C:\ProgramData\Yahoo! Companion
    2008-01-22 12:47 174 --sha-w C:\Program Files\desktop.ini
    2008-01-22 12:42 --------- d-----w C:\Program Files\Windows Sidebar
    2008-01-22 12:42 --------- d-----w C:\Program Files\Windows Mail
    2008-01-22 12:42 --------- d-----w C:\Program Files\Windows Calendar
    2008-01-22 11:33 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
    2008-01-22 11:30 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
    2008-01-22 11:30 7,680 ----a-w C:\Windows\System32\spwmp.dll
    2008-01-22 11:30 4,096 ----a-w C:\Windows\System32\dxmasf.dll
    2008-01-22 11:30 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
    2008-01-22 11:27 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
    2008-01-22 11:26 8,704 ----a-w C:\Windows\System32\hcrstco.dll
    2008-01-22 11:26 8,704 ----a-w C:\Windows\System32\hccoin.dll
    2008-01-22 11:26 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
    2008-01-22 11:26 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
    2008-01-22 11:26 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
    2008-01-22 11:26 193,536 ----a-w C:\Windows\system32\drivers\usbhub.sys
    2008-01-22 11:26 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
    2008-01-22 11:25 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2008-01-22 11:24 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2008-01-22 11:24 223,232 ----a-w C:\Windows\System32\WMASF.DLL
    2008-01-22 11:23 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
    2008-01-22 11:21 84,480 ----a-w C:\Windows\System32\INETRES.dll
    2008-01-22 11:21 737,792 ----a-w C:\Windows\System32\inetcomm.dll
    2008-01-22 11:21 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2008-01-22 11:18 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
    2008-01-22 11:18 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
    2008-01-22 11:18 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
    2008-01-22 11:18 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
    2008-01-22 11:18 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
    2008-01-22 11:17 --------- d-----w C:\Program Files\MSXML 4.0
    2008-01-22 11:16 750,080 ----a-w C:\Windows\System32\qmgr.dll
    2008-01-21 20:44 53,080 ----a-w C:\Windows\System32\wuauclt.exe
    2008-01-21 20:44 43,352 ----a-w C:\Windows\System32\wups2.dll
    2008-01-21 20:44 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
    2008-01-21 20:44 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-15_20.08.52,38 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-03-15 18:15:30 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
    + 2008-03-15 20:15:29 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
    - 2008-03-15 01:17:30 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
    + 2008-03-15 20:01:22 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
    - 2008-03-14 19:09:46 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-03-15 19:09:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-03-14 19:09:46 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-03-15 19:09:44 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-03-14 19:09:46 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-03-15 19:09:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-22 12:21 1232896]
    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-26 02:46 1006264]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 04:06 4669440 C:\Windows\RtHDVCpl.exe]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 15:33 457216]
    "eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 13:54 1286144]
    "Acer Tour"="" []
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 13:53 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 13:53 8433664]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 13:53 81920]
    "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-08-15 10:21 772616]
    "eRecoveryService"="" []
    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552]
    "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-10 10:40 249896]
    "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-02 12:03 2957824]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 09:06 159744]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-07-26 03:17:00 535336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Outil de mise à jour Google.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Outil de mise à jour Google.lnk
    backup=C:\Windows\pss\Outil de mise à jour Google.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    --a------ 2007-06-06 09:06 159744 C:\Program Files\Apoint2K\Apoint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    --a------ 2007-10-23 22:18 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
    --------- 2007-05-24 13:38 206952 C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    --a------ 2007-11-20 15:29 360448 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{C0B4CECA-9415-4C07-B5D9-AFA36EF6EFCA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{5B8A61E7-A297-4725-86E2-940DDAD57A48}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{59DE5281-D76E-4158-8705-CF329C4E4652}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
    "{F7BE5145-CFB9-4EF6-B59F-1DE503F9CE8D}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
    "{C86DBA55-A3E3-4F9D-96E7-A08610EB6934}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
    "{C65B0CFD-D277-4C74-BB3B-50A605A73447}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:D V Wizard
    "{1BB06E06-6118-4A32-93E0-F96B5CF655CA}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:D VDivine
    "{4AFD5128-56ED-41C0-B6D2-1D7B90005C9C}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:p lay Movie
    "{7B9DCB10-108E-45FC-90DF-AFA9690F7AC3}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:p lay Movie Resident Program
    "{C0D2017D-0285-4A82-945B-164148380A07}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{C92C7EF6-8FEC-47BE-AA46-44F680E06897}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{F580227D-4B74-40BF-A399-F675B3246A1C}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{309AF87A-556B-48AD-ADD1-9E8255A5B23E}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{1D42CD2A-324F-47A1-9D94-B93DC00A07C1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{7C66179D-BA1B-448F-AC94-0923B389D0A1}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{B0AD2B2C-6FEF-4DD7-9618-42636B82C194}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 15:34]
    R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 15:34]
    R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 15:34]
    R1 ShldDrv;Panda File Shield Driver;C:\Windows\system32\DRIVERS\ShlDrv51.sys [2008-02-10 10:01]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Windows\system32\drivers\sp_rsdrv2.sys [2008-03-02 12:03]
    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 16:51]
    R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 13:24]
    R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 15:34]
    R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 15:54]
    R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 17:50]
    R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57]
    R2 PavProc;Panda Process Protection Driver;C:\Windows\system32\DRIVERS\PavProc.sys [2008-02-10 10:01]
    R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-09-14 14:32]
    R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-17 01:46]
    R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 11:03]
    R3 Cam5607;Acer Crystal Eye webcam;C:\Windows\system32\Drivers\BisonC07.sys [2007-05-28 06:57]
    R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-05-16 13:47]
    R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-05-17 02:05]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-05 17:34:44 C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
    - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-15 21:49:49
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-15 21:50:32
    ComboFix2.txt 2008-03-15 19:09:16
    .
    2008-03-13 17:08:38 --- E O F ---







    le rapport hijacthis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:54:42, on 15/03/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\WINDOWS\SYSTEM32\taskeng.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Windows\system32\conime.exe
    C:\Windows\Explorer.exe
    C:\Windows\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homep...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 8377 bytes

    non j ai simplement copié dans le bloc notes ce que tu m as demandé de copier,enregistré le fichier sous le nom CFScript.txt et ensuite j ai fais glissé et l ordi a fait comme pour un redemarrage et ce message d erreur est arrivé.

    désolé si je te fais perdre ton temps mais la je comprends plus grand chose... donc j ai recommencé et le résultat est le meme,dès que je fais glisser le fichier CFScript dans combofix,combofix charge et les icones du bureau disparaissent un 1/4 de seconde puis le message d erreur reapparrait: "u cannot rename combofix as combofix,please enter another name" alors qu en aucun cas je n ai essayé de renommer combofix...

    je me suis apercu qu un pare feu n était pas desactivé,et donc j ai retenté le glissage dans combofix et il me semble que ca a fonctionné,enfin j espère.(désolé mes compétences en informatique sont limitées,enfin tu le sais déjà.....)

    alors voila les rapports combofix et hijack:


    COMBOFIX:

    ComboFix 08-03-14.4 - ri 2008-03-15 22:39:48.3 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.886 [GMT 1:00]
    Endroit: C:\Users\ri\Documents\Mes téléchargements\ComboFix.exe
    Command switches used :: C:\Users\ri\Desktop\CFScript.txt.txt
    * Création d'un nouveau point de restauration

    FILE ::
    C:\Windows\system32\ActiveToolBand.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Windows\system32\ActiveToolBand.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-15 to 2008-03-15 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-08 16:23 . 2008-03-08 16:23 <REP> d-------- C:\Windows\Sun
    2008-03-08 16:20 . 2008-03-08 16:21 <REP> d-------- C:\Program Files\Java
    2008-03-08 16:16 . 2008-03-08 16:16 <REP> d-------- C:\Program Files\Common Files\Java
    2008-03-03 17:44 . 2008-03-03 17:44 <REP> d-------- C:\Program Files\Common Files\Adobe
    2008-03-03 12:10 . 2008-03-15 20:04 <REP> d-------- C:\Users\ri\AppData\Roaming\Spyware Terminator
    2008-03-01 11:35 . 2008-03-02 12:03 138,752 --a------ C:\Windows\System32\drivers\sp_rsdrv2.sys
    2008-02-23 12:45 . 2008-02-23 12:45 <REP> d-------- C:\Users\ri\Roaming
    2008-02-23 12:45 . 2008-02-23 12:45 <REP> d-------- C:\Users\ri\AppData\Roaming\MySpace
    2008-02-23 12:45 . 2008-02-23 12:45 <REP> d-------- C:\Users\Default\Roaming
    2008-02-23 12:45 . 2008-02-23 12:45 <REP> d-------- C:\Program Files\MySpace
    2008-02-21 19:47 . 2008-02-21 19:47 <REP> d-------- C:\Users\All Users\eMule
    2008-02-21 19:47 . 2008-02-21 19:47 <REP> d-------- C:\ProgramData\eMule
    2008-02-21 19:45 . 2008-02-21 19:46 <REP> d-------- C:\Program Files\eMule
    2008-02-17 18:01 . 2008-02-17 18:02 <REP> d-------- C:\Program Files\Picasa2
    2008-02-17 17:57 . 2008-02-17 17:57 <REP> d-------- C:\Program Files\VideoLAN
    2008-02-17 17:56 . 2008-02-17 17:56 <REP> d-------- C:\Users\All Users\Google Updater
    2008-02-17 17:56 . 2008-02-17 17:56 <REP> d-------- C:\ProgramData\Google Updater
    2008-02-15 07:18 . 2008-01-10 06:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-14 18:28 --------- d-----w C:\Program Files\Spyware Terminator
    2008-03-13 19:38 --------- d-----w C:\ProgramData\Spyware Terminator
    2008-03-12 19:02 --------- d-----w C:\ProgramData\Microsoft Help
    2008-02-17 16:56 --------- d-----w C:\Program Files\Google
    2008-02-14 05:48 194,560 ----a-w C:\Windows\System32\WebClnt.dll
    2008-02-14 05:48 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
    2008-02-14 05:44 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
    2008-02-14 05:44 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-02-14 05:44 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-02-14 05:44 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
    2008-02-14 05:44 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
    2008-02-14 05:44 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
    2008-02-14 05:44 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
    2008-02-14 05:43 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-02-14 05:43 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-02-14 05:43 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-02-14 05:43 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-02-14 05:43 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-02-14 05:43 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-02-14 05:43 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-02-14 05:43 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-02-14 05:43 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-02-14 05:43 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-02-14 05:43 1,686,528 ----a-w C:\Windows\System32\gameux.dll
    2008-02-14 05:40 824,832 ----a-w C:\Windows\System32\wininet.dll
    2008-02-14 05:40 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-14 05:40 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-14 05:40 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-10 19:51 --------- d-----w C:\Program Files\Navilog1
    2008-02-10 17:50 --------- d-----w C:\Program Files\CCleaner
    2008-02-10 10:05 --------- d-----w C:\Users\ri\AppData\Roaming\Application Data
    2008-02-10 09:52 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
    2008-02-10 09:38 --------- d-----w C:\ProgramData\Avira
    2008-02-10 09:38 --------- d-----w C:\Program Files\Avira
    2008-02-10 09:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-10 09:01 38,968 ----a-w C:\Windows\system32\drivers\ShlDrv51.sys
    2008-02-10 09:01 178,872 ----a-w C:\Windows\system32\drivers\PavProc.sys
    2008-02-10 08:57 --------- d-----w C:\ProgramData\sentinel
    2008-02-06 21:34 --------- d-----w C:\ProgramData\Lavasoft
    2008-02-06 21:34 --------- d-----w C:\Program Files\Lavasoft
    2008-02-06 21:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-03 22:32 --------- d-----w C:\Program Files\Yahoo!
    2008-02-03 22:32 --------- d-----w C:\Program Files\Common Files\Scanner
    2008-02-03 22:16 --------- d---a-w C:\ProgramData\TEMP
    2008-02-03 21:51 --------- d-----w C:\ProgramData\Symantec
    2008-02-03 11:14 --------- d-----w C:\Program Files\Trend Micro
    2008-02-02 09:11 --------- d-----w C:\Program Files\Alwil Software
    2008-01-29 07:31 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
    2008-01-29 07:31 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
    2008-01-28 22:53 --------- d-----w C:\ProgramData\Grisoft
    2008-01-28 06:24 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-01-27 19:19 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-01-27 19:12 --------- d-----w C:\ProgramData\WLInstaller
    2008-01-27 17:24 --------- d-----w C:\Users\ri\AppData\Roaming\Todae
    2008-01-26 22:22 --------- d-----w C:\Program Files\Acer GameZone
    2008-01-26 22:21 --------- d-----w C:\Program Files\Common Files\Oberon Media
    2008-01-26 21:15 27,050 ----a-w C:\Users\ri\AppData\Roaming\nvModes.dat
    2008-01-26 18:51 --------- d-----w C:\Program Files\BoontyGames
    2008-01-25 18:45 --------- d-----w C:\Program Files\3B-Editions
    2008-01-22 19:21 --------- d-----w C:\ProgramData\BVRP Software
    2008-01-22 19:21 --------- d-----w C:\Program Files\Avanquest update
    2008-01-22 18:53 --------- d-----w C:\ProgramData\Sony Ericsson
    2008-01-22 18:53 --------- d-----w C:\Program Files\Sony Ericsson
    2008-01-22 18:52 --------- d-----w C:\Users\ri\AppData\Roaming\InstallShield
    2008-01-22 17:09 --------- d-----w C:\ProgramData\Yahoo! Companion
    2008-01-22 12:47 174 --sha-w C:\Program Files\desktop.ini
    2008-01-22 12:42 --------- d-----w C:\Program Files\Windows Sidebar
    2008-01-22 12:42 --------- d-----w C:\Program Files\Windows Mail
    2008-01-22 12:42 --------- d-----w C:\Program Files\Windows Calendar
    2008-01-22 11:33 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
    2008-01-22 11:30 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
    2008-01-22 11:30 7,680 ----a-w C:\Windows\System32\spwmp.dll
    2008-01-22 11:30 4,096 ----a-w C:\Windows\System32\dxmasf.dll
    2008-01-22 11:30 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
    2008-01-22 11:27 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
    2008-01-22 11:26 8,704 ----a-w C:\Windows\System32\hcrstco.dll
    2008-01-22 11:26 8,704 ----a-w C:\Windows\System32\hccoin.dll
    2008-01-22 11:26 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
    2008-01-22 11:26 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
    2008-01-22 11:26 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
    2008-01-22 11:26 193,536 ----a-w C:\Windows\system32\drivers\usbhub.sys
    2008-01-22 11:26 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
    2008-01-22 11:25 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2008-01-22 11:24 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2008-01-22 11:24 223,232 ----a-w C:\Windows\System32\WMASF.DLL
    2008-01-22 11:23 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
    2008-01-22 11:21 84,480 ----a-w C:\Windows\System32\INETRES.dll
    2008-01-22 11:21 737,792 ----a-w C:\Windows\System32\inetcomm.dll
    2008-01-22 11:21 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2008-01-22 11:18 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
    2008-01-22 11:18 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
    2008-01-22 11:18 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
    2008-01-22 11:18 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
    2008-01-22 11:18 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
    2008-01-22 11:17 --------- d-----w C:\Program Files\MSXML 4.0
    2008-01-22 11:16 750,080 ----a-w C:\Windows\System32\qmgr.dll
    2008-01-21 20:44 53,080 ----a-w C:\Windows\System32\wuauclt.exe
    2008-01-21 20:44 43,352 ----a-w C:\Windows\System32\wups2.dll
    2008-01-21 20:44 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
    2008-01-21 20:44 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-15_20.08.52,38 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-03-15 18:15:30 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
    + 2008-03-15 21:15:30 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
    - 2008-03-15 01:17:30 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
    + 2008-03-15 20:01:22 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
    - 2008-03-14 19:09:46 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-03-15 19:09:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-03-14 19:09:46 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-03-15 19:09:44 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-03-14 19:09:46 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-03-15 19:09:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-22 12:21 1232896]
    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-26 02:46 1006264]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 04:06 4669440 C:\Windows\RtHDVCpl.exe]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 15:33 457216]
    "eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 13:54 1286144]
    "Acer Tour"="" []
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 13:53 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 13:53 8433664]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 13:53 81920]
    "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-08-15 10:21 772616]
    "eRecoveryService"="" []
    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552]
    "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-10 10:40 249896]
    "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-02 12:03 2957824]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 09:06 159744]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-07-26 03:17:00 535336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Outil de mise à jour Google.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Outil de mise à jour Google.lnk
    backup=C:\Windows\pss\Outil de mise à jour Google.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    --a------ 2007-06-06 09:06 159744 C:\Program Files\Apoint2K\Apoint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    --a------ 2007-10-23 22:18 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
    --------- 2007-05-24 13:38 206952 C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    --a------ 2007-11-20 15:29 360448 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{C0B4CECA-9415-4C07-B5D9-AFA36EF6EFCA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{5B8A61E7-A297-4725-86E2-940DDAD57A48}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{59DE5281-D76E-4158-8705-CF329C4E4652}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
    "{F7BE5145-CFB9-4EF6-B59F-1DE503F9CE8D}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
    "{C86DBA55-A3E3-4F9D-96E7-A08610EB6934}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
    "{C65B0CFD-D277-4C74-BB3B-50A605A73447}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:D V Wizard
    "{1BB06E06-6118-4A32-93E0-F96B5CF655CA}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:D VDivine
    "{4AFD5128-56ED-41C0-B6D2-1D7B90005C9C}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:p lay Movie
    "{7B9DCB10-108E-45FC-90DF-AFA9690F7AC3}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:p lay Movie Resident Program
    "{C0D2017D-0285-4A82-945B-164148380A07}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{C92C7EF6-8FEC-47BE-AA46-44F680E06897}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{F580227D-4B74-40BF-A399-F675B3246A1C}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{309AF87A-556B-48AD-ADD1-9E8255A5B23E}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{1D42CD2A-324F-47A1-9D94-B93DC00A07C1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{7C66179D-BA1B-448F-AC94-0923B389D0A1}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{B0AD2B2C-6FEF-4DD7-9618-42636B82C194}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 15:34]
    R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 15:34]
    R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 15:34]
    R1 ShldDrv;Panda File Shield Driver;C:\Windows\system32\DRIVERS\ShlDrv51.sys [2008-02-10 10:01]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Windows\system32\drivers\sp_rsdrv2.sys [2008-03-02 12:03]
    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 16:51]
    R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 13:24]
    R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 15:34]
    R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 15:54]
    R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 17:50]
    R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57]
    R2 PavProc;Panda Process Protection Driver;C:\Windows\system32\DRIVERS\PavProc.sys [2008-02-10 10:01]
    R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-09-14 14:32]
    R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-17 01:46]
    R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 11:03]
    R3 Cam5607;Acer Crystal Eye webcam;C:\Windows\system32\Drivers\BisonC07.sys [2007-05-28 06:57]
    R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-05-16 13:47]
    R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-05-17 02:05]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-05 17:34:44 C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
    - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-15 22:40:56
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-15 22:41:40
    ComboFix-quarantined-files.txt 2008-03-15 21:41:38
    ComboFix2.txt 2008-03-15 20:50:33
    ComboFix3.txt 2008-03-15 19:09:16
    .
    2008-03-13 17:08:38 --- E O F ---



    et le rapport HIJACK THIS:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:47:08, on 15/03/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\WINDOWS\SYSTEM32\taskeng.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\conime.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homep...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 8166 bytes

    Bonne continuation :) 

  • Télécharge ToolsCleaner sur ton Bureau.
  • Clique sur Recherche et laisse le scan se terminer.
  • Clique sur Suppression pour finaliser.
  • Clique sur Quitter, pour que le rapport puisse se créer.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)

    Désactive puis réactive la restauration du système : Voir aide

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :

    Lassé par la pub ? Créez un compte

    Créer un nouveau sujet

    Tom's guide dans le monde