Votre question

spyware tenace

Tags :
  • Spyware
  • Sécurité
Dernière réponse : dans Sécurité et virus
11 Mars 2008 20:27:46

bonjour je suis sous vista et j'ai contracté un spyware!!
il m'affiche un message d'avertissement sur mon pc et m'incite à telecharger spyburned mais ca ne marche pas (ca plante en fait).
j'ai effectué un nettoyage avec smitfraudfix en mode sans echec mais alors que tout était redevenu normal, le spyware s'est réenclenché au bout de 5-10mn.

quelqu'un peut il m'aider svp?
j'essaye de le faire toute seule avec ce que je trouve sur les forums mais ca ne marche pas.

merci d'avance!!

Autres pages sur : spyware tenace

11 Mars 2008 20:56:57

oh merci merci merci!!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:06:49, on 11/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Users\tatane\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\sysfbdgv.exe
C:\Windows\sysjcyrq.exe
C:\Windows\sysrswva.exe
C:\Windows\sysfdyev.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\tatane\AppData\Local\xczfre.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\Windows\system32\CrazyTalk.dll,DllServeMediaFile
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [{C2220120-1C24-4a79-BA7A-DDCBFC209DB3}] "C:\Windows\sysfbdgv.exe"
O4 - HKLM\..\Run: [{B3B48B54-C0EC-4705-8EE8-1981AEF656A7}] "C:\Windows\sysjcyrq.exe"
O4 - HKLM\..\Run: [{42562052-EE17-4197-82C7-91CB2E4B0666}] "C:\Windows\sysrswva.exe"
O4 - HKLM\..\Run: [{C599792D-C6D9-461d-93CA-B48BFF8E37B1}] "C:\Windows\sysfdyev.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [xczfre] c:\users\tatane\appdata\local\xczfre.exe xczfre
O4 - HKCU\..\Run: [iLike] C:\Program Files\iLike\1.1.27\ilikesidebar.exe /checkforupdate
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 10850 bytes
Contenus similaires
11 Mars 2008 21:36:13

c'est grave docteur? ;-)
a b 8 Sécurité
11 Mars 2008 21:52:57

Re,

Télécharge Navilog1.exe (IL-MAFIOSO)
Enregistre-le sur ton Bureau.
Lance l'installation en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

Laisse-toi guider par l'utilitaire. Choisis l'option 4 puis valide.

Il va te demander de saisir le nom de fichier. Saisie ce qui est en gras ci-dessous et rien d'autre puis valide :
xczfre
Retape le nom de fichier quand cela te sera demandé.

L'utilitaire va t'informer qu'il va redémarrer l'ordinateur.
[#ff0000]**Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts**[/#f]
Appuie maintenant sur une touche, comme demandé.
(si ton PC ne redémarre pas automatiquement, fais-le manuellement)

Patiente jusqu'à l'apparition de ce message :
"*** Nettoyage Termine le ..... ***"

Le Bloc-notes va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver.
Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

Poste le rapport sauvegardé auparavant (C:\cleannavi.txt)
Ainsi qu'un nouveau rapport Hijackthis.

Ferme Internet Explorer puis Démarrer/Panneau de Configuration/Options Internet.
Choisis l'onglet Contenu puis onglet Certificats.
Regarde si tu trouves les programmes suivant (en particulier dans Editeurs approuvés):

Montorgueil
VIP
"Sunny Day Design Ltd"


Si tu les trouves, fais ceci :
* Sélectionne chacun de ces certificats et clique sur exporter. Enregistre le/les sur ton bureau.
* Supprime ensuite ceux présents dans l'onglet "certificats" des options de ton naviguateur.

Ensuite pour chacun des certificats présents sur ton bureau :
* Va sur le site Web :
http://www.bleepingcomputer.com/submit-malware.php?chan...
* Copie/colle ceci dans la case 'Link to Topic' :
le nom du certificat (Montorgueil ,......)
* Copie/colle ceci dans la case 'Browse to the File' :
Le certificat correspondant que tu avais exportés vers ton bureau

Si c'est fait, supprime enfin le certificat présent sur ton bureau.
11 Mars 2008 22:20:38

euuhhh lorsque je lance navilog.exe une fenetre s'ouvre et me dit que "gethPaths.exe a cessé de fonctionner etc.." et navilog se ferme!!!
a b 8 Sécurité
11 Mars 2008 22:25:29

Tu as Vista, tu as l'UAC actif ?
11 Mars 2008 22:26:49

c'est quoi l'UAC?
11 Mars 2008 22:33:24

et aussi je voulais savoir mon disque dur était branché lorsque j'ai eu ce spyware, je dois le laisser branché aussi pour la désinfection non?
11 Mars 2008 23:21:50

mon UAC etait effectivement active!!
voici les rapports mais je ne parviens pas à ouvrir mon gestionnaire des tâches afin d'enlever le fond d'écran d'avertissement.
rapport navilog:
Clean Navipromo version 3.5.0 commencé le 11/03/2008 à 22:08:32,91

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 04.03.2008 à 17h00 par IL-MAFIOSO

Microsoft Windows Vista 6.0.6000
Internet Explorer : 7.0.6000.16609
Système de fichiers : NTFS


Mode suppression par méthode manuelle

Nom du fichier saisi : xczfre

*** Recherche, création sauvegardes et suppression ***

* Suppression dans C:\Windows\system32 *

C:\Windows\prefetch\xczfre*.pf trouvé !
Copie C:\Windows\prefetch\xczfre*.pf réalisée avec succès !
C:\Windows\prefetch\xczfre*.pf supprimé !

* Suppression dans C:\Users\tatane\AppData\Local\Microsoft *

* Suppression dans C:\Users\tatane\AppData\Local\virtualstore\windows\system32 *

* Suppression dans C:\Users\tatane\AppData\Local *

xczfre.exe trouvé !
Copie xczfre.exe réalisée avec succès !
xczfre.exe supprimé !

xczfre.dat trouvé !
Copie xczfre.dat réalisée avec succès !
xczfre.dat supprimé !

xczfre_nav.dat trouvé !
Copie xczfre_nav.dat réalisée avec succès !
xczfre_nav.dat supprimé !

xczfre_navps.dat trouvé !
Copie xczfre_navps.dat réalisée avec succès !
xczfre_navps.dat supprimé !

xczfre_navup.dat trouvé !
Echec Copie xczfre_navup.dat vers dossier Backupnavi
xczfre_navup.dat non supprimé !


*** Suppression dossiers dans C:\Windows ***


*** Suppression dossiers dans C:\Program Files ***


____________________________________________________________

et voici le rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:15:25, on 11/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\sysfdyev.exe
C:\Windows\sysfbdgv.exe
C:\Windows\sysjcyrq.exe
C:\Windows\sysrswva.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\tatane\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [{C599792D-C6D9-461d-93CA-B48BFF8E37B1}] "C:\Windows\sysfdyev.exe"
O4 - HKLM\..\Run: [{C2220120-1C24-4a79-BA7A-DDCBFC209DB3}] "C:\Windows\sysfbdgv.exe"
O4 - HKLM\..\Run: [{B3B48B54-C0EC-4705-8EE8-1981AEF656A7}] "C:\Windows\sysjcyrq.exe"
O4 - HKLM\..\Run: [{42562052-EE17-4197-82C7-91CB2E4B0666}] "C:\Windows\sysrswva.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\Windows\system32\CrazyTalk.dll,DllServeMediaFile
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [iLike] C:\Program Files\iLike\1.1.27\ilikesidebar.exe /checkforupdate
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 10742 bytes
12 Mars 2008 00:09:00

j'ai re-effectué la manoeuvre et je n'ai toujours pas trouvé les certificats infectés. voici les rapports :
navilog::
Clean Navipromo version 3.5.0 commencé le 11/03/2008 à 22:51:34,68

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 04.03.2008 à 17h00 par IL-MAFIOSO

Microsoft Windows Vista 6.0.6000
Internet Explorer : 7.0.6000.16609
Système de fichiers : NTFS


Mode suppression par méthode manuelle

Nom du fichier saisi : xczfre

*** Recherche, création sauvegardes et suppression ***

* Suppression dans C:\Windows\system32 *

* Suppression dans C:\Users\tatane\AppData\Local\Microsoft *

* Suppression dans C:\Users\tatane\AppData\Local\virtualstore\windows\system32 *

* Suppression dans C:\Users\tatane\AppData\Local *


*** Suppression dossiers dans C:\Windows ***


*** Suppression dossiers dans C:\Program Files ***


*** Suppression dossiers dans C:\ProgramData ***


*** Suppression dossiers dans C:\ProgramData\Microsoft\Windows\Start Menu\Programs ***


*** Suppression dossiers dans c:\users\tatane\appdata\roaming\microsoft\windows\start menu\programs ***


*** Suppression dossiers dans C:\Users\tatane\AppData\Local\virtualstore\Program Files ***


*** Suppression dossiers dans C:\Users\tatane\AppData\Roaming ***



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\tatane\AppData\Local\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans C:\Windows\system32 *


* Dans C:\Users\tatane\AppData\Local\Microsoft *


* Dans C:\Users\tatane\AppData\Local\virtualstore\windows\system32 *


* Dans C:\Users\tatane\AppData\Local *


*** Sauvegarde du Registre vers dossier Backupnavi ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !

*** Nettoyage terminé le 11/03/2008 à 22:54:51,78 ***

__________________________________________________________

rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:58:36, on 11/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\sysfdyev.exe
C:\Windows\sysfbdgv.exe
C:\Windows\sysjcyrq.exe
C:\Windows\sysrswva.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Users\tatane\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [{C599792D-C6D9-461d-93CA-B48BFF8E37B1}] "C:\Windows\sysfdyev.exe"
O4 - HKLM\..\Run: [{C2220120-1C24-4a79-BA7A-DDCBFC209DB3}] "C:\Windows\sysfbdgv.exe"
O4 - HKLM\..\Run: [{B3B48B54-C0EC-4705-8EE8-1981AEF656A7}] "C:\Windows\sysjcyrq.exe"
O4 - HKLM\..\Run: [{42562052-EE17-4197-82C7-91CB2E4B0666}] "C:\Windows\sysrswva.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\Windows\system32\CrazyTalk.dll,DllServeMediaFile
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [iLike] C:\Program Files\iLike\1.1.27\ilikesidebar.exe /checkforupdate
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 10774 bytes



bon et bien, croisons les doigts!!!
a b 8 Sécurité
12 Mars 2008 13:27:41

Ton pc se comporte mieux ?
12 Mars 2008 14:18:50

non c'est toujours pareil j'ai installé avira antivir et il a detecté 4 malware voici le rapport :
AntiVir PersonalEdition Classic
Report file date: mercredi 12 mars 2008 10:50

Scanning for 1143415 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: tatane
Computer name: TATANE-PC

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 09:49:27
ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 09:49:27
ANTIVIR3.VDF : 7.0.3.20 90112 Bytes 12/03/2008 09:49:27
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 12/03/2008 09:49:27
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 12/03/2008 09:49:27
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 12 mars 2008 10:50

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VSSVC.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'symlcsvc.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'ePowerSvc.exe' - '1' Module(s) have been scanned
Scan process 'capuserv.exe' - '1' Module(s) have been scanned
Scan process 'eRecoveryService.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'MobilityService.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'eNet Service.exe' - '1' Module(s) have been scanned
Scan process 'eLockServ.exe' - '1' Module(s) have been scanned
Scan process 'eDSService.exe' - '1' Module(s) have been scanned
Scan process 'ALaunchSvc.exe' - '1' Module(s) have been scanned
Scan process 'Acer.Empowering.Framework.Supervisor.ex' - '1' Module(s) have been scanned
Scan process 'ePower_DMC.exe' - '1' Module(s) have been scanned
Scan process 'RtkBtMnt.exe' - '1' Module(s) have been scanned
Scan process 'eNMTray.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'ApMsgFwd.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'VeohClient.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'eAudio.exe' - '1' Module(s) have been scanned
Scan process 'LManager.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'PMVService.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'sysrswva.exe' - '1' Module(s) have been scanned
Scan process 'sysjcyrq.exe' - '1' Module(s) have been scanned
Scan process 'sysfbdgv.exe' - '1' Module(s) have been scanned
Scan process 'sysfdyev.exe' - '1' Module(s) have been scanned
Scan process 'ccApp.exe' - '1' Module(s) have been scanned
Scan process 'eDSLoader.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'AppSvc32.exe' - '1' Module(s) have been scanned
Scan process 'ccSvcHst.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
84 processes with 84 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'G:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '29' files ).


Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
[WARNING] The file could not be opened!
C:\Program Files\Reallusion\CrazyTalk 4\CT Program\Patch.exe
[DETECTION] Is the Trojan horse TR/Spy.V
[INFO] The file was deleted!
C:\Users\tatane\AppData\Local\Microsoft\Messenger\tataneetmary@hotmail.com\Sharing Folders\osakiwiz@hotmail.fr\crazy talk et crack\Crack\Patch.exe
[DETECTION] Is the Trojan horse TR/Spy.V
[INFO] The file was deleted!
C:\Users\tatane\Desktop\Navilog1.exe
[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.59
[INFO] The file was deleted!
Begin scan in 'D:\' <DATA>
Begin scan in 'G:\' <FreeAgent Drive>
G:\documents et programmes en tt genre\crazy talk et crack\Crack\Patch.exe
[DETECTION] Is the Trojan horse TR/Spy.V
[INFO] The file was deleted!
Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.



End of the scan: mercredi 12 mars 2008 12:23
Used time: 1:32:39 min

The scan has been done completely.

15232 Scanning directories
348498 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
4 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
348494 Files not concerned
2369 Archives were scanned
3 Warnings
141 Notes

12 Mars 2008 15:13:53

oulala ça empire carrement!!! avant je ne recevais que des spams et mon bureau affichait un message davertissement mais à présent windows plante te je recois un message qui m'informe du danger du virus et de la nécessité de redémarrer. stp dis moi tout, ça craint carrément?
merci d'avance pour ton aide!!
a b 8 Sécurité
12 Mars 2008 15:28:57

Il plante à chaque fois ?
12 Mars 2008 15:38:14

non c'est la premiere fois qu'il me la fait!!!
a b 8 Sécurité
12 Mars 2008 15:50:23

Il a recommencé ?
Reposte un rapport Hijackthis.
12 Mars 2008 16:09:13

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:08:50, on 12/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\sysfdyev.exe
C:\Windows\sysfbdgv.exe
C:\Windows\sysjcyrq.exe
C:\Windows\sysrswva.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Users\tatane\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [{C599792D-C6D9-461d-93CA-B48BFF8E37B1}] "C:\Windows\sysfdyev.exe"
O4 - HKLM\..\Run: [{C2220120-1C24-4a79-BA7A-DDCBFC209DB3}] "C:\Windows\sysfbdgv.exe"
O4 - HKLM\..\Run: [{B3B48B54-C0EC-4705-8EE8-1981AEF656A7}] "C:\Windows\sysjcyrq.exe"
O4 - HKLM\..\Run: [{42562052-EE17-4197-82C7-91CB2E4B0666}] "C:\Windows\sysrswva.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\Windows\system32\CrazyTalk.dll,DllServeMediaFile
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [iLike] C:\Program Files\iLike\1.1.27\ilikesidebar.exe /checkforupdate
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 11121 bytes
a b 8 Sécurité
12 Mars 2008 16:31:10

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    12 Mars 2008 16:48:13

    je n sais pas si ca a son importance mais le choix du programme (1 en loccurence) ne m'apas été proposé. toujours est il que j'ai quand meme mon rapport!!!
    ComboFix 08-03-10.1 - tatane 2008-03-12 16:43:21.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.943 [GMT 1:00]
    Endroit: C:\Users\tatane\Desktop\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Windows\gwgzcy.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-12 to 2008-03-12 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier créé dans cet espace de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-12 15:43 --------- d-----w C:\ProgramData\Symantec
    2008-03-12 14:09 27,430 ----a-w C:\Users\tatane\AppData\Roaming\nvModes.dat
    2008-03-12 09:47 --------- d-----w C:\ProgramData\Avira
    2008-03-12 09:47 --------- d-----w C:\Program Files\Avira
    2008-03-11 21:54 --------- d-----w C:\Program Files\Navilog1
    2008-03-11 17:05 --------- d-----w C:\Program Files\Trend Micro
    2008-03-11 16:06 5,544 ----a-w C:\Windows\System32\tmp.reg
    2008-03-11 15:06 84,544 ----a-w C:\Windows\sysfbdgv.exe
    2008-03-11 15:06 80,960 ----a-w C:\Windows\sysrswva.exe
    2008-03-11 15:06 78,912 ----a-w C:\Windows\sysfdyev.exe
    2008-03-11 15:06 75,840 ----a-w C:\Windows\sysjcyrq.exe
    2008-03-11 15:06 64,576 ----a-w C:\Windows\sysxrdpw.exe
    2008-03-11 15:06 3,072 ----a-w C:\Windows\gntkqu.exe
    2008-03-11 04:51 --------- d-----w C:\Users\tatane\AppData\Roaming\Azureus
    2008-03-11 03:04 --------- d-----w C:\Program Files\Azureus
    2008-03-11 02:47 --------- d-----w C:\Users\tatane\AppData\Roaming\iLike
    2008-03-11 02:45 --------- d-----w C:\Program Files\Norton Internet Security
    2008-03-11 02:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-03-10 20:40 --------- d-----w C:\Program Files\iLike
    2008-03-07 12:40 13,035 ----a-w C:\Windows\system32\drivers\SymRedir.cat
    2008-03-07 12:40 1,358 ----a-w C:\Windows\system32\drivers\SymRedir.inf
    2008-03-07 12:39 39,984 ----a-w C:\Windows\system32\drivers\symids.sys
    2008-03-07 12:39 37,936 ----a-w C:\Windows\system32\drivers\symndisv.sys
    2008-03-07 12:39 27,696 ----a-w C:\Windows\system32\drivers\symredrv.sys
    2008-03-07 12:39 191,536 ----a-w C:\Windows\system32\drivers\symtdi.sys
    2008-03-07 12:39 145,968 ----a-w C:\Windows\system32\drivers\symfw.sys
    2008-03-07 12:39 12,848 ----a-w C:\Windows\system32\drivers\symdns.sys
    2008-03-05 19:31 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-03-05 18:21 --------- d-----w C:\Program Files\DivX
    2008-03-05 18:21 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
    2008-03-04 00:07 --------- d-----w C:\Users\tatane\AppData\Roaming\DivX
    2008-03-03 00:03 --------- d-----w C:\Users\tatane\AppData\Roaming\Apple Computer
    2008-02-29 07:10 --------- d-----w C:\Program Files\GoldWave
    2008-02-29 04:32 --------- d-----w C:\Users\tatane\AppData\Roaming\Momindum
    2008-02-29 04:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-29 04:17 --------- d-----w C:\Program Files\Reallusion
    2008-02-29 04:16 --------- d-----w C:\Users\tatane\AppData\Roaming\InstallShield
    2008-02-29 04:13 --------- d-----w C:\ProgramData\Momindum
    2008-02-29 04:13 --------- d-----w C:\Program Files\Momindum Studio
    2008-02-29 01:39 --------- d-----w C:\Users\tatane\AppData\Roaming\Publish Providers
    2008-02-29 01:37 --------- d-----w C:\Users\tatane\AppData\Roaming\Sony
    2008-02-29 01:36 --------- d-----w C:\Program Files\Sony
    2008-02-29 01:35 --------- d-----w C:\Program Files\Vstplugins
    2008-02-29 01:34 --------- d-----w C:\Program Files\Sony Setup
    2008-02-29 01:13 --------- d-----w C:\Users\tatane\AppData\Roaming\Screaming Bee
    2008-02-29 00:40 --------- d-----w C:\ProgramData\ViceVersa PRO 2
    2008-02-29 00:09 --------- d-----w C:\Users\tatane\AppData\Roaming\Audacity
    2008-02-27 00:59 --------- d-----w C:\Program Files\MSECache
    2008-02-27 00:22 --------- d-----w C:\ProgramData\FLEXnet
    2008-02-26 14:41 --------- d-----w C:\Program Files\Ares Tube
    2008-02-26 00:38 995,328 ----a-w C:\Windows\System32\CrazyTalk.dll
    2008-02-26 00:38 386,560 ----a-w C:\Windows\System32\pngu3266.dll
    2008-02-26 00:38 --------- d-----w C:\Program Files\Windows Media Components
    2008-02-21 02:03 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
    2008-02-18 19:13 --------- d-----w C:\Users\tatane\AppData\Roaming\Reallusion
    2008-02-18 17:19 --------- d-----w C:\Program Files\Common Files\Reallusion
    2008-02-18 00:36 --------- d-----w C:\Users\tatane\AppData\Roaming\GameHouse
    2008-02-18 00:36 --------- d-----w C:\Program Files\GameHouse
    2008-02-18 00:11 --------- d-----w C:\ProgramData\Azureus
    2008-02-18 00:05 --------- d-----w C:\ProgramData\eMule
    2008-02-14 22:53 --------- d-----w C:\Users\tatane\AppData\Roaming\STOIK
    2008-02-14 22:44 --------- d-----w C:\Users\tatane\AppData\Roaming\Media Player Classic
    2008-02-14 22:18 --------- d-----w C:\Program Files\vso
    2008-02-14 22:01 --------- d-----w C:\Users\tatane\AppData\Roaming\GeoVid
    2008-02-14 22:01 --------- d-----w C:\Program Files\Common Files\GeoVid
    2008-02-14 22:00 --------- d-----w C:\Program Files\GeoVid
    2008-02-14 11:51 194,560 ----a-w C:\Windows\System32\WebClnt.dll
    2008-02-14 11:51 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
    2008-02-14 11:46 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-02-14 11:45 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-02-14 11:45 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
    2008-02-14 11:45 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-02-14 11:45 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-02-14 11:45 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-02-14 11:45 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-02-14 11:45 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
    2008-02-14 11:45 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-02-14 11:45 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
    2008-02-14 11:45 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
    2008-02-14 11:45 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
    2008-02-14 11:44 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-02-14 11:44 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-02-14 11:44 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-02-14 11:44 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-02-14 11:44 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-02-14 11:44 1,686,528 ----a-w C:\Windows\System32\gameux.dll
    2008-02-14 11:41 824,832 ----a-w C:\Windows\System32\wininet.dll
    2008-02-14 11:40 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-14 11:40 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-14 11:40 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-12 18:29 --------- d-----w C:\Program Files\Acer GameZone
    2008-02-10 15:04 --------- d-----w C:\Users\tatane\AppData\Roaming\Zylom
    2008-02-10 15:04 --------- d-----w C:\ProgramData\Enkord
    2008-02-07 18:14 --------- d-----w C:\ProgramData\BOONTY
    2008-02-05 23:35 --------- d-----w C:\ProgramData\GoBit Games
    2008-02-04 17:23 693,792 ----a-w C:\Windows\System32\OGACheckControl.DLL
    2008-02-01 20:21 --------- d-----w C:\Users\tatane\AppData\Roaming\My Games
    2008-02-01 20:00 --------- d-----w C:\Users\tatane\AppData\Roaming\PlayFirst
    2008-01-31 11:11 --------- d---a-w C:\ProgramData\TEMP
    2008-01-31 11:06 --------- d-----w C:\Program Files\Common Files\BOONTY Shared
    2007-08-28 12:54 237,568 ----a-w C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll
    2006-05-25 17:43 204,895 ----a-w C:\Program Files\mozilla firefox\plugins\ctdomemhelper.dll
    2005-09-29 13:41 77,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctframeplayerobject.dll
    2006-06-19 12:10 426,081 ----a-w C:\Program Files\mozilla firefox\plugins\ctplayerobject.dll
    2005-02-02 11:19 458,752 ----a-w C:\Program Files\mozilla firefox\plugins\imagickrt.dll
    2006-04-10 17:35 139,264 ----a-w C:\Program Files\mozilla firefox\plugins\rlcontentclass.dll
    2005-11-09 10:10 204,800 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicPacker.dll
    2005-11-09 10:42 106,496 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicUnpacker.dll
    2006-01-04 10:22 212,992 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoicePacker.dll
    2006-01-04 10:21 167,936 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoiceUnpacker.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acer Tour Reminder"="" []
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 13:11 3497984]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-09 21:09 171448]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 03:02 1232896]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "iLike"="C:\Program Files\iLike\1.1.27\ilikesidebar.exe" [2007-09-13 11:34 63024]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-26 02:46 1006264]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 15:33 457216]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 05:33 107112]
    "Acer Tour"="" []
    "eRecoveryService"="" []
    "{C599792D-C6D9-461d-93CA-B48BFF8E37B1}"="C:\Windows\sysfdyev.exe" [2008-03-11 16:06 78912]
    "{C2220120-1C24-4a79-BA7A-DDCBFC209DB3}"="C:\Windows\sysfbdgv.exe" [2008-03-11 16:06 84544]
    "{B3B48B54-C0EC-4705-8EE8-1981AEF656A7}"="C:\Windows\sysjcyrq.exe" [2008-03-11 16:06 75840]
    "{42562052-EE17-4197-82C7-91CB2E4B0666}"="C:\Windows\sysrswva.exe" [2008-03-11 16:06 80960]
    "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "SetPanel"="C:\Acer\APanel\APanel.cmd" [ ]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 04:06 4669440 C:\Windows\RtHDVCpl.exe]
    "PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 12:38 206952]
    "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 05:30 22696]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 13:53 86016]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 13:53 81920]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 13:53 8433664]
    "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-08-15 10:21 772616]
    "eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 13:54 1286144]
    "CrazyTalk Serve"="C:\Windows\system32\CrazyTalk.dll" [2008-02-26 01:38 995328]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 09:06 159744]
    "ALaunch"="C:\Acer\ALaunch\AlaunchClient.exe" [ ]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-12 10:49 249896]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-07-26 03:17:00 535336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{C0B4CECA-9415-4C07-B5D9-AFA36EF6EFCA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{5B8A61E7-A297-4725-86E2-940DDAD57A48}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{59DE5281-D76E-4158-8705-CF329C4E4652}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe|Desc=Acer Arcade Deluxe
    "{F7BE5145-CFB9-4EF6-B59F-1DE503F9CE8D}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician|Desc=VideoMagician
    "{C86DBA55-A3E3-4F9D-96E7-A08610EB6934}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia|Desc=HomeMedia
    "{C65B0CFD-D277-4C74-BB3B-50A605A73447}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:D V Wizard|Desc=DV Wizard
    "{06836EFC-BFBD-4D41-AF9F-5B2C9D246789}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:D VDivine|Desc=DVDivine
    "{400749CD-45F2-4859-B7C1-685BE3BD89DC}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:p lay Movie|Desc=Play Movie
    "{70A265EB-0CA1-47BE-9A74-1B13DD60A83B}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:p lay Movie Resident Program|Desc=Play Movie Resident Program
    "{B10833E7-6BEB-4A55-BCE6-CFFA83735E34}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
    "{99BF87CB-1F0F-4216-AB84-90585E56A2D8}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{12D93591-2D31-4F95-80A5-7056DB8C4652}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "TCP Query User{AD40AD1B-ECEF-41FC-832C-9C20B25736E4}C:\program files\veoh networks\veoh\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client|Desc=Veoh Client
    "UDP Query User{F4B15E08-5BFA-4D8B-B480-EFC22CCBE505}C:\program files\veoh networks\veoh\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client|Desc=Veoh Client
    "TCP Query User{A5A78641-A720-4B05-9FA2-CFD22A006B5E}C:\program files\veoh networks\veoh\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client|Desc=Veoh Client
    "UDP Query User{E475C54E-1EE8-41F1-A9FE-36863450106D}C:\program files\veoh networks\veoh\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client|Desc=Veoh Client

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 15:34]
    R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 15:34]
    R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 15:34]
    R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080305.002\IDSvix86.sys [2008-02-13 17:18]
    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 15:51]
    R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 13:24]
    R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 15:34]
    R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 15:54]
    R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 17:50]
    R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57]
    R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 10:23]
    R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 11:03]
    R3 Cam5607;Acer Crystal Eye webcam;C:\Windows\system32\Drivers\BisonC07.sys [2007-05-28 06:57]
    R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-05-16 13:47]
    R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-05-17 02:05]
    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 13:39]
    S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2008-01-31 12:06]

    *Newly Created Service* - COMHOST
    *Newly Created Service* - SSMDRV
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-29 20:01:03 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - tatane.job"
    - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-12 16:45:18
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-12 16:45:57
    ComboFix-quarantined-files.txt 2008-03-12 15:45:55
    .
    2008-02-17 12:11:16 --- E O F ---
    a b 8 Sécurité
    12 Mars 2008 17:23:49

    Reposte un rapport Hijackthis.
    12 Mars 2008 17:37:16

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:36:58, on 12/03/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Windows\sysfdyev.exe
    C:\Windows\sysfbdgv.exe
    C:\Windows\sysjcyrq.exe
    C:\Windows\sysrswva.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\notepad.exe
    C:\Windows\Explorer.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [{C599792D-C6D9-461d-93CA-B48BFF8E37B1}] "C:\Windows\sysfdyev.exe"
    O4 - HKLM\..\Run: [{C2220120-1C24-4a79-BA7A-DDCBFC209DB3}] "C:\Windows\sysfbdgv.exe"
    O4 - HKLM\..\Run: [{B3B48B54-C0EC-4705-8EE8-1981AEF656A7}] "C:\Windows\sysjcyrq.exe"
    O4 - HKLM\..\Run: [{42562052-EE17-4197-82C7-91CB2E4B0666}] "C:\Windows\sysrswva.exe"
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\Windows\system32\CrazyTalk.dll,DllServeMediaFile
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [iLike] C:\Program Files\iLike\1.1.27\ilikesidebar.exe /checkforupdate
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

    --
    End of file - 11183 bytes
    12 Mars 2008 17:39:54

    arf désolée je n'avais pas desactivé norton!!
    voici le bon rappport


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:38:49, on 12/03/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Windows\sysfdyev.exe
    C:\Windows\sysfbdgv.exe
    C:\Windows\sysjcyrq.exe
    C:\Windows\sysrswva.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\conime.exe
    C:\Windows\Explorer.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [{C599792D-C6D9-461d-93CA-B48BFF8E37B1}] "C:\Windows\sysfdyev.exe"
    O4 - HKLM\..\Run: [{C2220120-1C24-4a79-BA7A-DDCBFC209DB3}] "C:\Windows\sysfbdgv.exe"
    O4 - HKLM\..\Run: [{B3B48B54-C0EC-4705-8EE8-1981AEF656A7}] "C:\Windows\sysjcyrq.exe"
    O4 - HKLM\..\Run: [{42562052-EE17-4197-82C7-91CB2E4B0666}] "C:\Windows\sysrswva.exe"
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\Windows\system32\CrazyTalk.dll,DllServeMediaFile
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [iLike] C:\Program Files\iLike\1.1.27\ilikesidebar.exe /checkforupdate
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

    --
    End of file - 11150 bytes
    12 Mars 2008 17:43:27

    je suis consciente que tu n'as pas que cela à faire mais pourrais tu juste me résumer quel est le problème exactement stp? c'est la premiere fois que j'ai un virus et j'aimerais bien comprendre le processus d'infiltration et désinfiltration.
    bref, je suis curieuse et j'aime bien comprendre!!
    merci!!!
    12 Mars 2008 20:02:51

    tu re-desires un rapport?
    a b 8 Sécurité
    12 Mars 2008 20:26:51

    Re,

    Un peu de patience.

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\Windows\sysfbdgv.exe
    C:\Windows\sysrswva.exe
    C:\Windows\sysfdyev.exe
    C:\Windows\sysjcyrq.exe
    C:\Windows\sysxrdpw.exe
    C:\Windows\gntkqu.exe

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    {C599792D-C6D9-461d-93CA-B48BFF8E37B1}"=-
    "{C2220120-1C24-4a79-BA7A-DDCBFC209DB3}"=-
    "{B3B48B54-C0EC-4705-8EE8-1981AEF656A7}"=-
    "{42562052-EE17-4197-82C7-91CB2E4B0666}"=-


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    12 Mars 2008 20:52:58

    désolée je n'étais pas impatiente je voulais rendre l'échange plus humain hihihi
    alors j'ai suivi ttes tes indications mais encore une fois combofix ne m'a pas proposé de taper 1 mais s'est lancé directement et le pc n'a pas redemarré après. voici les rapports :

    combofix:
    ComboFix 08-03-10.1 - tatane 2008-03-12 20:43:24.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1191 [GMT 1:00]
    Endroit: C:\Users\tatane\Desktop\ComboFix.exe
    Command switches used :: C:\Users\tatane\Desktop\CFScript.txt
    * Création d'un nouveau point de restauration

    FILE ::
    C:\Windows\gntkqu.exe
    C:\Windows\sysfbdgv.exe
    C:\Windows\sysfdyev.exe
    C:\Windows\sysjcyrq.exe
    C:\Windows\sysrswva.exe
    C:\Windows\sysxrdpw.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Windows\gntkqu.exe
    C:\Windows\sysfbdgv.exe
    C:\Windows\sysfdyev.exe
    C:\Windows\sysjcyrq.exe
    C:\Windows\sysrswva.exe
    C:\Windows\sysxrdpw.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-12 to 2008-03-12 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-12 10:47 . 2008-03-12 10:47 <REP> d-------- C:\Users\All Users\Avira
    2008-03-12 10:47 . 2008-03-12 10:47 <REP> d-------- C:\ProgramData\Avira
    2008-03-12 10:47 . 2008-03-12 10:47 <REP> d-------- C:\Program Files\Avira
    2008-03-11 21:14 . 2008-03-11 22:54 <REP> d-------- C:\Program Files\Navilog1
    2008-03-11 18:05 . 2008-03-11 18:05 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-11 16:41 . 2008-03-11 17:06 5,544 --a------ C:\Windows\System32\tmp.reg
    2008-03-11 16:11 . 2008-03-11 23:08 3,982,230 --a------ C:\Windows\fond de merde.bmp
    2008-03-11 16:11 . 2008-03-12 18:09 3,146,550 --a------ C:\Windows\mywallpaper.bmp
    2008-03-11 16:06 . 2008-03-11 16:06 1,855 --a------ C:\Windows\config.ini
    2008-03-11 16:06 . 2008-03-11 16:06 1,409 --a------ C:\Windows\gmucjk.exe
    2008-03-11 16:06 . 2008-03-11 16:06 1,272 --a------ C:\Windows\gvwjxr.dll
    2008-03-11 03:47 . 2008-03-11 03:47 <REP> d-------- C:\Users\tatane\AppData\Roaming\iLike
    2008-03-11 03:36 . 2008-01-12 18:32 23,904 --a------ C:\Windows\System32\drivers\COH_Mon.sys
    2008-03-11 03:36 . 2008-01-15 09:54 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat
    2008-03-11 03:36 . 2008-01-15 05:28 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf
    2008-03-10 21:40 . 2008-03-10 21:40 <REP> d-------- C:\Program Files\iLike
    2008-03-07 13:40 . 2008-03-07 13:40 13,035 --a------ C:\Windows\System32\drivers\SymRedir.cat
    2008-03-07 13:40 . 2008-03-07 13:40 1,358 --a------ C:\Windows\System32\drivers\SymRedir.inf
    2008-03-07 13:39 . 2008-03-07 13:39 191,536 --a------ C:\Windows\System32\drivers\symtdi.sys
    2008-03-07 13:39 . 2008-03-07 13:39 145,968 --a------ C:\Windows\System32\drivers\symfw.sys
    2008-03-07 13:39 . 2008-03-07 13:39 39,984 --a------ C:\Windows\System32\drivers\symids.sys
    2008-03-07 13:39 . 2008-03-07 13:39 37,936 --a------ C:\Windows\System32\drivers\symndisv.sys
    2008-03-07 13:39 . 2008-03-07 13:39 27,696 --a------ C:\Windows\System32\drivers\symredrv.sys
    2008-03-07 13:39 . 2008-03-07 13:39 12,848 --a------ C:\Windows\System32\drivers\symdns.sys
    2008-03-03 15:45 . 2008-03-04 01:07 <REP> d-------- C:\Users\tatane\AppData\Roaming\DivX
    2008-03-03 15:25 . 2008-03-05 19:21 <REP> d-------- C:\Program Files\DivX
    2008-03-03 15:25 . 2008-03-05 19:21 <REP> d-------- C:\Program Files\Common Files\PX Storage Engine
    2008-03-03 01:03 . 2008-03-03 01:03 <REP> d-------- C:\Users\tatane\AppData\Roaming\Apple Computer
    2008-02-29 08:10 . 2008-02-29 08:10 <REP> d-------- C:\Program Files\GoldWave
    2008-02-29 05:24 . 2008-02-29 05:32 <REP> d-------- C:\Users\tatane\AppData\Roaming\Momindum
    2008-02-29 05:18 . 2008-02-29 05:18 80 -r-hs---- C:\Windows\CT4MET.BIN
    2008-02-29 05:16 . 2008-02-29 05:16 <REP> d-------- C:\Users\tatane\AppData\Roaming\InstallShield
    2008-02-29 05:13 . 2008-02-29 05:13 <REP> d-------- C:\Users\All Users\Momindum
    2008-02-29 05:13 . 2008-02-29 05:13 <REP> d-------- C:\ProgramData\Momindum
    2008-02-29 05:13 . 2007-04-23 10:24 733,184 --a------ C:\Windows\System32\Jwmp.dll
    2008-02-29 05:13 . 2007-04-23 10:24 290,816 --a------ C:\Windows\System32\EZJcomLib18.dll
    2008-02-29 05:13 . 2007-04-23 10:24 28,672 --a------ C:\Windows\System32\EZJcomMTALib.dll
    2008-02-29 05:12 . 2008-02-29 05:13 <REP> d-------- C:\Program Files\Momindum Studio
    2008-02-29 02:39 . 2008-02-29 02:39 <REP> d-------- C:\Users\tatane\AppData\Roaming\Publish Providers
    2008-02-29 02:37 . 2008-02-29 02:37 <REP> d-------- C:\Users\tatane\AppData\Roaming\Sony
    2008-02-29 02:35 . 2008-02-29 02:35 <REP> d-------- C:\Program Files\Vstplugins
    2008-02-29 02:35 . 2008-02-29 02:36 <REP> d-------- C:\Program Files\Sony
    2008-02-29 02:34 . 2008-02-29 02:34 <REP> d-------- C:\Program Files\Sony Setup
    2008-02-29 02:13 . 2008-02-29 02:13 <REP> d-------- C:\Users\tatane\AppData\Roaming\Screaming Bee
    2008-02-29 01:40 . 2008-02-29 01:40 <REP> d-------- C:\Users\All Users\ViceVersa PRO 2
    2008-02-29 01:40 . 2008-02-29 01:40 <REP> d-------- C:\ProgramData\ViceVersa PRO 2
    2008-02-29 00:57 . 2008-02-29 01:09 <REP> d-------- C:\Users\tatane\AppData\Roaming\Audacity
    2008-02-28 23:45 . 2008-02-28 23:45 61 --a------ C:\Windows\System32\SYSVCPDRV.SYS
    2008-02-28 23:17 . 2008-02-28 23:17 66 --a------ C:\Windows\System32\MASHTWTY.SYS
    2008-02-27 03:44 . 2008-02-29 05:18 <REP> d-------- C:\Windows\Lhsp
    2008-02-27 01:59 . 2008-02-27 01:59 <REP> d-------- C:\Program Files\MSECache
    2008-02-27 01:22 . 2008-02-27 01:22 <REP> d-------- C:\Users\All Users\FLEXnet
    2008-02-27 01:22 . 2008-02-27 01:22 <REP> d-------- C:\ProgramData\FLEXnet
    2008-02-26 15:45 . 2008-02-26 15:49 <REP> d-------- C:\Ares Tube
    2008-02-26 02:51 . 2008-02-26 15:41 <REP> d-------- C:\Program Files\Ares Tube
    2008-02-26 01:38 . 2008-02-26 01:38 <REP> d-------- C:\Program Files\Windows Media Components
    2008-02-26 01:38 . 2008-02-26 01:38 995,328 --a------ C:\Windows\System32\CrazyTalk.dll
    2008-02-26 01:38 . 2008-02-26 01:38 386,560 --a------ C:\Windows\System32\pngu3266.dll
    2008-02-26 01:38 . 2001-10-15 02:54 209,192 --a------ C:\Windows\System32\TABCTL32.OCX
    2008-02-26 01:38 . 2001-10-15 02:39 140,096 --a------ C:\Windows\System32\COMDLG32.OCX
    2008-02-21 03:11 . 2008-02-21 03:11 3,162 --a------ C:\Windows\System32\dtu_fr.qm
    2008-02-21 03:03 . 2008-02-21 03:03 156,992 --a------ C:\Windows\System32\DivXCodecVersionChecker.exe
    2008-02-18 20:13 . 2008-02-18 20:13 <REP> d-------- C:\Users\tatane\AppData\Roaming\Reallusion
    2008-02-18 18:19 . 2008-02-29 05:17 <REP> d-------- C:\Program Files\Reallusion
    2008-02-18 18:19 . 2008-02-18 18:19 <REP> d-------- C:\Program Files\Common Files\Reallusion
    2008-02-18 01:36 . 2008-02-18 01:36 <REP> d-------- C:\Program Files\GameHouse
    2008-02-18 01:11 . 2008-03-11 05:51 <REP> d-------- C:\Users\tatane\AppData\Roaming\Azureus
    2008-02-18 01:11 . 2008-02-18 01:11 <REP> d-------- C:\Users\All Users\Azureus
    2008-02-18 01:11 . 2008-02-18 01:11 <REP> d-------- C:\ProgramData\Azureus
    2008-02-18 01:09 . 2008-03-11 04:04 <REP> d-------- C:\Program Files\Azureus
    2008-02-16 13:58 . 2008-01-10 06:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
    2008-02-14 23:53 . 2008-02-14 23:53 <REP> d-------- C:\Users\tatane\AppData\Roaming\STOIK
    2008-02-14 23:44 . 2008-02-14 23:44 <REP> d-------- C:\Users\tatane\AppData\Roaming\Media Player Classic
    2008-02-14 23:18 . 2008-02-14 23:18 <REP> d-------- C:\Program Files\vso
    2008-02-14 23:01 . 2008-02-14 23:01 <REP> d-------- C:\Users\tatane\AppData\Roaming\GeoVid
    2008-02-14 23:01 . 2008-02-14 23:01 <REP> d-------- C:\Program Files\Common Files\GeoVid
    2008-02-14 23:01 . 2005-06-07 15:11 60,416 --a------ C:\Windows\System32\dsetup.dll
    2008-02-14 23:00 . 2008-02-14 23:00 <REP> d-------- C:\Program Files\GeoVid
    2008-02-14 12:51 . 2008-02-14 12:51 194,560 --a------ C:\Windows\System32\WebClnt.dll
    2008-02-14 12:51 . 2008-02-14 12:51 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
    2008-02-14 12:45 . 2008-02-14 12:46 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
    2008-02-14 12:44 . 2008-02-14 12:44 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-02-14 12:44 . 2008-02-14 12:44 1,686,528 --a------ C:\Windows\System32\gameux.dll
    2008-02-14 12:41 . 2008-02-14 12:41 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
    2008-02-14 12:41 . 2008-02-14 12:41 824,832 --a------ C:\Windows\System32\wininet.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-12 19:43 --------- d-----w C:\ProgramData\Symantec
    2008-03-12 18:29 27,430 ----a-w C:\Users\tatane\AppData\Roaming\nvModes.dat
    2008-03-11 02:45 --------- d-----w C:\Program Files\Norton Internet Security
    2008-03-11 02:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-03-05 19:31 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-02-29 04:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-18 00:36 --------- d-----w C:\Users\tatane\AppData\Roaming\GameHouse
    2008-02-18 00:05 --------- d-----w C:\ProgramData\eMule
    2008-02-14 11:45 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-02-14 11:45 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
    2008-02-14 11:45 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-02-14 11:45 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-02-14 11:45 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-02-14 11:45 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-02-14 11:45 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
    2008-02-14 11:45 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-02-14 11:45 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
    2008-02-14 11:45 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
    2008-02-14 11:45 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
    2008-02-14 11:44 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-02-14 11:44 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-02-14 11:44 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-02-14 11:44 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-02-14 11:40 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-14 11:40 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-14 11:40 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-12 18:29 --------- d-----w C:\Program Files\Acer GameZone
    2008-02-10 15:04 --------- d-----w C:\Users\tatane\AppData\Roaming\Zylom
    2008-02-10 15:04 --------- d-----w C:\ProgramData\Enkord
    2008-02-07 18:14 --------- d-----w C:\ProgramData\BOONTY
    2008-02-05 23:35 --------- d-----w C:\ProgramData\GoBit Games
    2008-02-04 17:23 693,792 ----a-w C:\Windows\System32\OGACheckControl.DLL
    2008-02-01 20:21 --------- d-----w C:\Users\tatane\AppData\Roaming\My Games
    2008-02-01 20:00 --------- d-----w C:\Users\tatane\AppData\Roaming\PlayFirst
    2008-01-31 11:11 --------- d---a-w C:\ProgramData\TEMP
    2008-01-31 11:06 --------- d-----w C:\Program Files\Common Files\BOONTY Shared
    2008-01-28 12:29 --------- d-----w C:\ProgramData\Microsoft Help
    2008-01-24 07:00 --------- d-----w C:\Users\tatane\AppData\Roaming\Oberon Games
    2008-01-24 07:00 --------- d-----w C:\ProgramData\Oberon Games
    2008-01-24 05:27 --------- d-----w C:\ProgramData\Legacy Interactive
    2008-01-24 04:26 --------- d-----w C:\ProgramData\PlayFirst
    2008-01-23 23:22 15,872 ------w C:\Windows\System32\winskfr.dll
    2008-01-23 23:22 119,568 ------w C:\Windows\System32\vb6fr.dll
    2008-01-20 23:44 --------- d-----w C:\ProgramData\Zylom
    2008-01-20 01:35 --------- d-----w C:\Program Files\Wedding Dash
    2008-01-18 22:24 --------- d-----w C:\Users\tatane\AppData\Roaming\Sandlot Games
    2008-01-18 02:03 --------- d-----w C:\Program Files\Diner Dash - Flo On The Go
    2008-01-18 02:02 --------- d-----w C:\Program Files\PlayFirst
    2008-01-18 01:07 --------- d-----w C:\ProgramData\Gogii
    2008-01-17 02:13 --------- d-----w C:\Users\tatane\AppData\Roaming\FloodLightGames
    2008-01-17 02:13 --------- d-----w C:\ProgramData\FloodLightGames
    2008-01-17 00:59 --------- d-----w C:\ProgramData\Fugazo
    2008-01-16 16:51 --------- d-----w C:\ProgramData\n7-89-o9-3r-4t-r9
    2008-01-16 00:56 --------- d-----w C:\Users\tatane\AppData\Roaming\Home Sweet Home
    2008-01-15 19:42 --------- d-----w C:\Users\tatane\AppData\Roaming\CyberLink
    2008-01-15 19:42 --------- d-----w C:\ProgramData\CyberLink
    2008-01-12 02:15 --------- d-----w C:\Program Files\Windows Sidebar
    2008-01-12 02:15 --------- d-----w C:\Program Files\Windows Mail
    2008-01-12 02:03 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
    2008-01-12 02:03 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
    2008-01-12 02:02 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2007-12-25 17:05 0 ----a-w C:\Users\tatane\AppData\Roaming\wklnhst.dat
    2007-12-25 02:17 174 --sha-w C:\Program Files\desktop.ini
    2007-12-15 21:41 80,896 ----a-w C:\Windows\System32\wudriver.dll
    2007-12-15 21:41 549,720 ----a-w C:\Windows\System32\wuapi.dll
    2007-12-15 21:41 53,080 ----a-w C:\Windows\System32\wuauclt.exe
    2007-12-15 21:41 43,352 ----a-w C:\Windows\System32\wups2.dll
    2007-12-15 21:41 33,624 ----a-w C:\Windows\System32\wups.dll
    2007-12-15 21:41 31,232 ----a-w C:\Windows\System32\wuapp.exe
    2007-12-15 21:41 163,000 ----a-w C:\Windows\System32\wuwebv.dll
    2007-12-15 21:41 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
    2007-12-15 21:41 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
    2007-12-14 22:12 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
    2007-12-14 22:12 7,680 ----a-w C:\Windows\System32\spwmp.dll
    2007-12-14 22:12 4,096 ----a-w C:\Windows\System32\dxmasf.dll
    2007-12-14 22:12 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
    2007-12-14 22:11 8,704 ----a-w C:\Windows\System32\hcrstco.dll
    2007-12-14 22:11 8,704 ----a-w C:\Windows\System32\hccoin.dll
    2007-12-14 22:11 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
    2007-12-14 22:10 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2007-12-14 22:10 223,232 ----a-w C:\Windows\System32\WMASF.DLL
    2007-12-14 22:10 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
    2007-12-14 22:10 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2007-12-14 22:09 84,480 ----a-w C:\Windows\System32\INETRES.dll
    2007-12-14 22:09 737,792 ----a-w C:\Windows\System32\inetcomm.dll
    2007-12-14 22:07 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
    2007-12-14 22:06 750,080 ----a-w C:\Windows\System32\qmgr.dll
    2007-08-28 12:54 237,568 ----a-w C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll
    2006-05-25 17:43 204,895 ----a-w C:\Program Files\mozilla firefox\plugins\ctdomemhelper.dll
    2005-09-29 13:41 77,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctframeplayerobject.dll
    2006-06-19 12:10 426,081 ----a-w C:\Program Files\mozilla firefox\plugins\ctplayerobject.dll
    2005-02-02 11:19 458,752 ----a-w C:\Program Files\mozilla firefox\plugins\imagickrt.dll
    2006-04-10 17:35 139,264 ----a-w C:\Program Files\mozilla firefox\plugins\rlcontentclass.dll
    2005-11-09 10:10 204,800 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicPacker.dll
    2005-11-09 10:42 106,496 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicUnpacker.dll
    2006-01-04 10:22 212,992 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoicePacker.dll
    2006-01-04 10:21 167,936 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoiceUnpacker.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-12_16.45.34,29 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-03-12 14:08:15 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2008-03-12 18:27:51 67,584 --s-a-w C:\Windows\bootstat.dat
    - 2008-03-12 14:10:10 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-03-12 18:29:30 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-03-12 18:29:30 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2008-03-12 14:10:16 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-03-12 18:29:20 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-03-12 18:29:20 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2008-03-12 15:16:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-03-12 14:28:20 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-03-12 15:16:19 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-03-12 14:28:20 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-03-12 15:16:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-03-12 14:28:20 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-03-12 14:39:34 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
    + 2008-03-12 18:26:29 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
    - 2008-03-12 14:10:36 8,924 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2117636936-421864421-2437985821-1000_UserData.bin
    + 2008-03-12 18:30:28 8,948 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2117636936-421864421-2437985821-1000_UserData.bin
    - 2008-03-12 14:10:35 74,786 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-03-12 18:30:28 74,950 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-03-12 09:35:36 55,528 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-03-12 18:30:26 56,308 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acer Tour Reminder"="" []
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 13:11 3497984]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-09 21:09 171448]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 03:02 1232896]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "iLike"="C:\Program Files\iLike\1.1.27\ilikesidebar.exe" [2007-09-13 11:34 63024]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-26 02:46 1006264]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 15:33 457216]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 05:33 107112]
    "Acer Tour"="" []
    "eRecoveryService"="" []
    "{C599792D-C6D9-461d-93CA-B48BFF8E37B1}"="C:\Windows\sysfdyev.exe" [ ]
    "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "SetPanel"="C:\Acer\APanel\APanel.cmd" [ ]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 04:06 4669440 C:\Windows\RtHDVCpl.exe]
    "PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 12:38 206952]
    "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 05:30 22696]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 13:53 86016]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 13:53 81920]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 13:53 8433664]
    "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-08-15 10:21 772616]
    "eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 13:54 1286144]
    "CrazyTalk Serve"="C:\Windows\system32\CrazyTalk.dll" [2008-02-26 01:38 995328]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 09:06 159744]
    "ALaunch"="C:\Acer\ALaunch\AlaunchClient.exe" [ ]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-12 10:49 249896]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-07-26 03:17:00 535336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{C0B4CECA-9415-4C07-B5D9-AFA36EF6EFCA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{5B8A61E7-A297-4725-86E2-940DDAD57A48}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{59DE5281-D76E-4158-8705-CF329C4E4652}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe|Desc=Acer Arcade Deluxe
    "{F7BE5145-CFB9-4EF6-B59F-1DE503F9CE8D}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician|Desc=VideoMagician
    "{C86DBA55-A3E3-4F9D-96E7-A08610EB6934}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia|Desc=HomeMedia
    "{C65B0CFD-D277-4C74-BB3B-50A605A73447}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:D V Wizard|Desc=DV Wizard
    "{06836EFC-BFBD-4D41-AF9F-5B2C9D246789}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:D VDivine|Desc=DVDivine
    "{400749CD-45F2-4859-B7C1-685BE3BD89DC}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:p lay Movie|Desc=Play Movie
    "{70A265EB-0CA1-47BE-9A74-1B13DD60A83B}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:p lay Movie Resident Program|Desc=Play Movie Resident Program
    "{B10833E7-6BEB-4A55-BCE6-CFFA83735E34}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
    "{99BF87CB-1F0F-4216-AB84-90585E56A2D8}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{12D93591-2D31-4F95-80A5-7056DB8C4652}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "TCP Query User{AD40AD1B-ECEF-41FC-832C-9C20B25736E4}C:\program files\veoh networks\veoh\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client|Desc=Veoh Client
    "UDP Query User{F4B15E08-5BFA-4D8B-B480-EFC22CCBE505}C:\program files\veoh networks\veoh\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client|Desc=Veoh Client
    "TCP Query User{A5A78641-A720-4B05-9FA2-CFD22A006B5E}C:\program files\veoh networks\veoh\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client|Desc=Veoh Client
    "UDP Query User{E475C54E-1EE8-41F1-A9FE-36863450106D}C:\program files\veoh networks\veoh\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client|Desc=Veoh Client

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 15:34]
    R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 15:34]
    R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 15:34]
    R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080305.002\IDSvix86.sys [2008-02-13 17:18]
    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 15:51]
    R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 13:24]
    R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 15:34]
    R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 15:54]
    R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 17:50]
    R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57]
    R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 10:23]
    R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 11:03]
    R3 Cam5607;Acer Crystal Eye webcam;C:\Windows\system32\Drivers\BisonC07.sys [2007-05-28 06:57]
    R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-05-16 13:47]
    R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-05-17 02:05]
    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 13:39]
    S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2008-01-31 12:06]

    *Newly Created Service* - COMHOST
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-29 20:01:03 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - tatane.job"
    - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-12 20:45:22
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-12 20:46:04
    ComboFix-quarantined-files.txt 2008-03-12 19:46:02
    ComboFix2.txt 2008-03-12 15:45:58
    .
    2008-02-17 12:11:16 --- E O F ---
    _________________________________________________________
    hijackthis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:52:33, on 12/03/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Users\tatane\AppData\Local\Temp\RtkBtMnt.exe
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\conime.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [{C599792D-C6D9-461d-93CA-B48BFF8E37B1}] "C:\Windows\sysfdyev.exe"
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\Windows\system32\CrazyTalk.dll,DllServeMediaFile
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [iLike] C:\Program Files\iLike\1.1.27\ilikesidebar.exe /checkforupdate
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

    --
    End of file - 10799 bytes
    12 Mars 2008 21:31:21

    je ne sais pas ce que révèlent les rapports mais j'ai l'impression que ça s'est arrangé.
    est-ce un leurre?
    12 Mars 2008 22:19:00

    apparemment mon pc va beaucoup mieux!!!
    je te remercie vraiment tu es super sympa!!!
    puis je faire quelque chose pour te rendre la pareille?
    gros bisous et bonne soiree!!
    mon héros!!!
    13 Mars 2008 12:57:48

    dois je indiquer ce post comme résolu?
    a b 8 Sécurité
    13 Mars 2008 18:18:55

    Re,

    Il y a des restes.

  • Fais un scan en ligne Kaspersky avec Internet Explorer :
  • Clique sur
  • Clique maintenant sur J'accepte.
  • Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
  • Patiente pendant l'installation des Mises à jour.
  • Choisis par la suite l'analyse du Poste de travail
  • Sauvegarde puis colle le rapport généré en fin d'analyse.

    AIDE : Tuto sur le scan en ligne

    NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
    13 Mars 2008 20:26:20

    ah bon?oki je le fais tout de suite!!
    dois-je desactiver mes protections antivirus avant?
    13 Mars 2008 20:34:10

    euhh je suis allée su e lien que tu m'as donné pour kaspersky mais lorsque je clique sur "j'accepte" il ne se passe rien.
    je dois le telecharger?
    a b 8 Sécurité
    13 Mars 2008 20:41:31

    Tu utilises bien Internet Explorer ?
    13 Mars 2008 21:36:49

    dsl oui c bon c lancé mas c long 22% en 45mn!! mais bon je serais patiente!hihihi
    je t'envoie le rapport dès que c'est terminé!!
    merci
    14 Mars 2008 01:55:08

    snif je suis désespérée après 4h de recherche il est apparu qu'il restait 1 virus et 8 objets infectés mais je n'ai pas réussi à obtenir de rapport car je ne savais pas quoi faire on ne me le proposait pas et il n'est pas apparu après le scan.
    je vais réessayer mais je ne promets rien.y a t il quelque chose à faire afin d'éditer ce fameux rapport?merci d'avance
    a b 8 Sécurité
    14 Mars 2008 13:18:21

    Bah tu attends la fin et il te propose. Tu as regardé l'aide ?
    14 Mars 2008 13:27:03

    oui maos il ne me propose rien!!!il me dit que je n'ai pas sauvegardé le rapport d'analyse mais je en trouve rien pour l'editer
    a b 8 Sécurité
    14 Mars 2008 13:39:41

    Il ne donne pas l'emplacement des infections pendant le scan ?
    14 Mars 2008 13:46:34

    non rien du tout!!
    a b 8 Sécurité
    14 Mars 2008 13:56:15

    Tu as réessayé ?
    14 Mars 2008 13:58:30

    oui et cette fois ci il a mis 6h a faire le scan.par contre ils disent que pour vista le scan on line n'est pas encore au point. c p.e pour ca?
    a b 8 Sécurité
    14 Mars 2008 17:39:03

    C'pas grave. Tu as des questions ou problèmes ?
    14 Mars 2008 21:32:47

    apparemment il rest e 1 virus et 8 objets infectés mais je ne remarque pas de soucis lors de l'utilisation du pc donc tout va bien non?
    a b 8 Sécurité
    15 Mars 2008 12:06:46

    C'est surement un reste dans la restauration du système.

  • Télécharge ToolsCleaner sur ton Bureau.
  • Clique sur Recherche et laisse le scan se terminer.
  • Clique sur Suppression pour finaliser.
  • Clique sur Quitter, pour que le rapport puisse se créer.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)

    Désactive puis réactive la restauration du système : Voir aide

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :

    15 Mars 2008 20:47:01

    je suis desolee mais je suis sous vista et je ne sais pas comment desactiver/activer la restauration car le tuto explique comment faire mais je n'ai pas la meme configuration.
    je suis desolée mais peux tu me guider pour cette derniere etape stp?
    15 Mars 2008 20:48:12

    javais oublié de te poster le rapport toolscleaner!!
    -->- Recherche:

    C:\Combofix: trouvé !
    C:\Qoobox: trouvé !
    C:\Program Files\Navilog1: trouvé !
    C:\Program Files\Navilog1\Navilog1.bat: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Navilog1: trouvé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1: trouvé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: trouvé !
    C:\QooBox\Quarantine\C\Combofix: trouvé !
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\Navilog1: trouvé !
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Navilog1: trouvé !
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: trouvé !
    C:\Users\Public\Desktop\Navilog1.lnk: trouvé !
    C:\Users\tatane\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Users\tatane\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: trouvé !
    C:\Users\tatane\Desktop\HijackThis.lnk: trouvé !
    C:\Users\tatane\Desktop\ComboFix.exe: trouvé !
    C:\Users\tatane\Desktop\logiciels et programmes\HJTInstall.exe: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Program Files\Navilog1\Navilog1.bat: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: supprimé !
    C:\Users\Public\Desktop\Navilog1.lnk: supprimé !
    C:\Users\tatane\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: supprimé !
    C:\Users\tatane\Desktop\HijackThis.lnk: supprimé !
    C:\Users\tatane\Desktop\ComboFix.exe: supprimé !
    C:\Users\tatane\Desktop\logiciels et programmes\HJTInstall.exe: supprimé !
    C:\Combofix: supprimé !
    C:\Qoobox: supprimé !
    C:\Program Files\Navilog1: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
    C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Navilog1: ERREUR DE SUPPRESSION !!
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1: supprimé !
    C:\Users\tatane\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis: supprimé !
    15 Mars 2008 21:32:13

    mdr maintenant je ne parviens pas à faire en sorte que ce message apparaisse comme résolu!! pourtant j'ai fais tout ce qui fallait!!
    a b 8 Sécurité
    15 Mars 2008 21:42:52

    C'est pas grave ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS