Votre question

infecté par le virus Win32:TratBHO [Trj (Résolu)

Tags :
  • Acer
  • Sécurité
Dernière réponse : dans Sécurité et virus
9 Janvier 2008 10:30:49

Bonjour

Etant nouveau sur ce forum,

je suis à la recherche d'une aide pour me débarasser du cheval de troie win32. -Win32:TratBHO [Trj

J'ai Avast comme antivirus et un pare-feu Windows.

Quelqu'un peut il m'aider


je vous met ici mon rapport HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:34:27, on 8/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\System32\rundll32.exe
C:\Windows\BR040286.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\rundll32.exe
C:\Users\JEANCL~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\JEANCL~1\AppData\Local\Temp\ddcdb.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10302 bytes

Autres pages sur : infecte virus win32 tratbho trj resolu

a b 8 Sécurité
9 Janvier 2008 13:32:40

Bonjour,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    9 Janvier 2008 14:41:56

    merci,
    Voila le resulta de combofix

    ComboFix 08-01-09.2 - Jean Claude 2008-01-09 14:34:10.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1135 [GMT 1:00]
    Running from: C:\Users\Jean Claude\Desktop\ComboFix.exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\Tuner\Liteon\Resources\_desktop.ini
    C:\DRV\Tuner\Yuan\Resources\_desktop.ini
    C:\Windows\system32\x64

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-09 to 2008-01-09 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-09 14:33 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
    2008-01-08 23:22 . 2008-01-08 23:22 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
    2008-01-08 23:22 . 2008-01-08 23:22 216,760 --a------ C:\Windows\System32\drivers\netio.sys
    2008-01-08 23:22 . 2008-01-08 23:22 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
    2008-01-08 23:22 . 2008-01-08 23:22 24,064 --a------ C:\Windows\System32\netcfg.exe
    2008-01-08 23:22 . 2008-01-08 23:22 22,016 --a------ C:\Windows\System32\netiougc.exe
    2008-01-08 23:21 . 2008-01-08 23:21 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-01-08 23:21 . 2008-01-08 23:21 1,686,016 --a------ C:\Windows\System32\gameux.dll
    2008-01-08 23:21 . 2008-01-08 23:21 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
    2008-01-08 23:21 . 2008-01-08 23:21 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
    2008-01-08 23:21 . 2008-01-08 23:21 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
    2008-01-08 23:21 . 2008-01-08 23:21 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
    2008-01-08 23:21 . 2008-01-08 23:21 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
    2008-01-08 23:21 . 2008-01-08 23:21 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
    2008-01-08 23:21 . 2008-01-08 23:21 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
    2008-01-08 23:21 . 2008-01-08 23:21 11,776 --a------ C:\Windows\System32\sbunattend.exe
    2008-01-08 21:33 . 2008-01-08 21:33 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-05 12:31 . 2008-01-05 12:31 <REP> d-------- C:\adaptec
    2008-01-05 12:24 . 2008-01-05 12:34 <REP> d-------- C:\Program Files\InterVideo
    2008-01-05 12:24 . 2000-11-24 12:26 1,392,640 --a------ C:\Windows\System32\ivimci32.dll
    2008-01-05 12:24 . 2000-11-14 16:49 25,264 --a------ C:\Windows\System32\ivimci.drv
    2008-01-05 12:21 . 1998-11-13 13:16 308,224 --a------ C:\Windows\IsUn040c.exe
    2008-01-03 19:00 . 2008-01-03 19:00 <REP> d-------- C:\Program Files\CDex
    2007-12-29 22:33 . 2007-12-29 22:33 <REP> d-------- C:\Program Files\CCleaner
    2007-12-28 15:18 . 2007-12-28 15:18 <REP> d-------- C:\Program Files\Toshiba
    2007-12-28 14:08 . 2008-01-09 10:42 12 --a------ C:\Windows\bthservsdp.dat
    2007-12-25 14:47 . 2007-12-25 14:48 <REP> d-------- C:\Program Files\PC Connectivity Solution
    2007-12-25 13:15 . 2007-12-25 13:15 <REP> d-------- C:\Users\All Users\PC Suite
    2007-12-25 13:15 . 2007-12-25 13:15 <REP> d-------- C:\ProgramData\PC Suite
    2007-12-25 13:14 . 2007-12-25 13:15 <REP> d-------- C:\Users\Jean Claude\AppData\Roaming\Nokia
    2007-12-25 13:13 . 2007-12-25 13:13 <REP> d-------- C:\Program Files\DIFX
    2007-12-25 13:12 . 2007-12-25 13:15 <REP> d-------- C:\Users\Jean Claude\AppData\Roaming\PC Suite
    2007-12-25 13:11 . 2007-02-22 10:15 90,624 --a------ C:\Windows\System32\nmwcdcls.dll
    2007-12-25 00:39 . 2007-12-25 14:44 <REP> d-------- C:\Users\All Users\Installations
    2007-12-25 00:39 . 2007-12-25 14:44 <REP> d-------- C:\ProgramData\Installations
    2007-12-23 22:24 . 2007-12-28 22:14 <REP> d-------- C:\Program Files\El Juky
    2007-12-23 22:24 . 2004-02-01 22:54 569,368 --a------ C:\Windows\System32\olelib.tlb
    2007-12-23 22:24 . 2004-03-09 00:00 224,016 --a------ C:\Windows\System32\Tabctl32.ocx
    2007-12-23 22:24 . 2004-03-09 00:00 212,240 --a------ C:\Windows\System32\Richtx32.ocx
    2007-12-23 22:24 . 2004-03-09 00:00 152,848 --a------ C:\Windows\System32\comdlg32.ocx
    2007-12-23 18:21 . 2007-12-23 18:31 <REP> d-------- C:\Program Files\VirtualDJ
    2007-12-23 18:17 . 2007-12-23 18:17 <REP> d-------- C:\Users\All Users\ALM
    2007-12-23 18:17 . 2007-12-23 18:17 <REP> d-------- C:\ProgramData\ALM
    2007-12-23 18:11 . 2007-12-23 18:11 <REP> d-------- C:\Program Files\Common Files\Control Panels
    2007-12-23 18:03 . 2007-12-23 18:03 <REP> d-------- C:\Program Files\QuickTime
    2007-12-23 18:03 . 2007-02-20 16:04 2,463,976 --a------ C:\Windows\System32\NPSWF32.dll
    2007-12-23 18:03 . 2007-02-20 16:04 190,696 --a------ C:\Windows\System32\NPSWF32_FlashUtil.exe
    2007-12-23 17:51 . 2007-12-23 17:51 <REP> d-------- C:\Users\All Users\FLEXnet
    2007-12-23 17:51 . 2007-12-23 17:51 <REP> d-------- C:\ProgramData\FLEXnet
    2007-12-23 17:48 . 2007-12-23 17:48 <REP> d-------- C:\Program Files\Bonjour
    2007-12-23 17:39 . 2007-12-23 17:39 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
    2007-12-23 12:56 . 2007-12-23 12:56 <REP> d-------- C:\Users\All Users\Pinnacle
    2007-12-23 12:56 . 2007-12-23 12:56 <REP> d-------- C:\ProgramData\Pinnacle
    2007-12-23 12:54 . 1998-10-29 16:45 306,688 --a------ C:\Windows\IsUninst.exe
    2007-12-23 12:53 . 2007-12-23 13:09 <REP> d-------- C:\Program Files\Steinberg
    2007-12-22 13:05 . 2007-12-22 13:05 <REP> d-------- C:\Users\Jean Claude\AppData\Roaming\vlc
    2007-12-19 18:18 . 2007-12-19 18:18 <REP> d-------- C:\Users\All Users\Forge of Games
    2007-12-19 18:18 . 2007-12-19 18:18 <REP> d-------- C:\ProgramData\Forge of Games
    2007-12-18 19:39 . 2007-12-18 19:39 <REP> d-------- C:\Program Files\Xvid
    2007-12-18 19:39 . 2006-11-01 14:52 765,952 --a------ C:\Windows\System32\xvidcore.dll
    2007-12-18 19:39 . 2006-11-01 14:54 180,224 --a------ C:\Windows\System32\xvidvfw.dll
    2007-12-18 19:39 . 2006-11-01 15:26 77,824 --a------ C:\Windows\System32\xvid.ax
    2007-12-18 19:38 . 2007-12-18 19:38 <REP> d-------- C:\Program Files\Ripp-It Codec Pack
    2007-12-17 22:59 . 2008-01-08 21:00 <REP> d-a------ C:\Users\All Users\TEMP
    2007-12-17 22:59 . 2008-01-08 21:00 <REP> d-a------ C:\ProgramData\TEMP
    2007-12-16 20:21 . 2007-12-17 21:42 <REP> d-------- C:\Users\Jean Claude\AppData\Roaming\Winamp
    2007-12-16 20:21 . 2007-12-16 20:22 <REP> d-------- C:\Program Files\Winamp
    2007-12-16 20:21 . 2007-03-08 00:51 129,784 --------- C:\Windows\System32\pxafs.dll
    2007-12-16 20:04 . 2007-12-16 20:06 1,065 --a------ C:\Windows\winamp.ini
    2007-12-16 19:26 . 2007-12-16 19:26 <REP> d-------- C:\Users\Jean Claude\AppData\Roaming\PeerNetworking
    2007-12-16 19:20 . 2007-12-16 19:20 <REP> d-------- C:\Users\All Users\Sony Ericsson
    2007-12-16 19:20 . 2007-12-16 19:20 <REP> d-------- C:\ProgramData\Sony Ericsson
    2007-12-16 19:20 . 2007-12-16 19:20 <REP> d-------- C:\Program Files\Sony Ericsson
    2007-12-16 13:59 . 2007-12-16 13:59 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-12-16 13:46 . 2007-12-16 13:55 <REP> d-------- C:\Program Files\Windows Live Toolbar
    2007-12-16 13:38 . 2007-12-16 13:44 <REP> d-------- C:\Program Files\Windows Live
    2007-12-16 13:38 . 2007-12-16 13:44 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
    2007-12-12 06:31 . 2007-12-12 06:31 1,327,104 --a------ C:\Windows\System32\quartz.dll
    2007-12-12 06:29 . 2007-12-12 06:29 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
    2007-12-12 06:29 . 2007-12-12 06:29 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
    2007-12-12 06:29 . 2007-12-12 06:29 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
    2007-12-12 06:29 . 2007-12-12 06:29 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
    2007-12-12 06:28 . 2007-12-12 06:28 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
    2007-12-12 06:28 . 2007-12-12 06:28 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
    2007-12-12 06:28 . 2007-12-12 06:28 2,048 --a------ C:\Windows\System32\tzres.dll
    2007-12-11 21:19 . 2007-12-16 13:38 <REP> d-------- C:\Users\All Users\WLInstaller
    2007-12-11 21:19 . 2007-12-16 13:38 <REP> d-------- C:\ProgramData\WLInstaller
    2007-12-11 21:11 . 2007-12-11 21:11 <REP> d-------- C:\Users\Jean Claude\AppData\Roaming\ArcSoft
    2007-12-11 21:10 . 2007-12-11 21:10 <REP> d-------- C:\Program Files\Common Files\ArcSoft
    2007-12-11 21:10 . 2005-02-23 14:58 11,776 --a------ C:\Windows\System32\drivers\afc.sys
    2007-12-11 21:08 . 2007-12-11 21:08 <REP> d-------- C:\Program Files\ArcSoft
    2007-12-11 21:08 . 2003-03-18 22:14 499,712 -ra------ C:\Windows\System32\msvcp71.dll
    2007-12-11 21:08 . 2003-02-21 04:42 348,160 --a------ C:\Windows\System32\msvcr71.dll
    2007-12-11 21:08 . 2004-12-07 10:11 258,352 --a------ C:\Windows\System32\unicows.dll
    2007-12-11 21:08 . 1995-08-01 04:44 212,480 --a------ C:\Windows\PCDLIB32.DLL
    2007-12-11 20:48 . 2007-12-11 20:48 <REP> d-------- C:\Program Files\USB video device
    2007-12-11 19:52 . 2007-12-11 19:52 <REP> d-------- C:\Users\Jean Claude\AppData\Roaming\AdobeUM
    2007-12-11 11:46 . 2000-11-16 14:16 270,336 --a------ C:\Windows\System32\xaudio.dll
    2007-12-11 11:46 . 1999-05-21 21:10 115,200 --a------ C:\Windows\System32\Unzdll.dll
    2007-12-11 11:46 . 1997-12-22 01:30 99,840 --a------ C:\Windows\System32\ZIPDLL.DLL

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-08 22:26 --------- d-----w C:\Program Files\Windows Sidebar
    2008-01-08 22:26 --------- d-----w C:\Program Files\Windows Mail
    2008-01-08 22:21 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-01-08 22:21 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-01-08 22:21 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-01-08 22:21 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-01-07 20:57 27,905 ----a-w C:\Users\Jean Claude\AppData\Roaming\nvModes.dat
    2008-01-05 12:15 --------- d-----w C:\ProgramData\CyberLink
    2008-01-05 12:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-05 12:07 --------- d-----w C:\Program Files\CyberLink
    2007-12-23 17:11 --------- d-----w C:\Program Files\Common Files\Adobe
    2007-12-20 13:17 --------- d-----w C:\ProgramData\Microsoft Help
    2007-12-12 05:30 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2007-12-12 05:30 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2007-12-12 05:30 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2007-12-12 05:30 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2007-12-12 05:30 223,232 ----a-w C:\Windows\System32\WMASF.DLL
    2007-12-08 13:02 --------- d-----w C:\ProgramData\LightScribe
    2007-12-08 12:57 --------- d-----w C:\ProgramData\Macrovision
    2007-12-08 12:57 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
    2007-12-08 12:49 --------- d-----w C:\Users\Jean Claude\AppData\Roaming\Nero
    2007-12-08 12:48 --------- d-----w C:\Program Files\Common Files\Nero
    2007-12-08 12:47 --------- d-----w C:\ProgramData\Nero
    2007-12-08 12:47 --------- d-----w C:\Program Files\Nero
    2007-12-08 12:36 174 --sha-w C:\Program Files\desktop.ini
    2007-12-08 12:33 --------- d-----w C:\Program Files\Windows Calendar
    2007-12-08 12:31 8,192 ----a-w C:\Windows\System32\riched32.dll
    2007-12-08 12:31 77,824 ----a-w C:\Windows\System32\rascfg.dll
    2007-12-08 12:31 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
    2007-12-08 12:31 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
    2007-12-08 12:31 694,784 ----a-w C:\Windows\System32\localspl.dll
    2007-12-08 12:31 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
    2007-12-08 12:31 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
    2007-12-08 12:31 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
    2007-12-08 12:31 542,720 ----a-w C:\Windows\System32\sysmain.dll
    2007-12-08 12:31 52,736 ----a-w C:\Windows\System32\rasdiag.dll
    2007-12-08 12:31 502,784 ----a-w C:\Windows\System32\wlansvc.dll
    2007-12-08 12:31 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
    2007-12-08 12:31 47,104 ----a-w C:\Windows\System32\wlanapi.dll
    2007-12-08 12:31 384,000 ----a-w C:\Windows\System32\netcfgx.dll
    2007-12-08 12:31 36,864 ----a-w C:\Windows\System32\cdd.dll
    2007-12-08 12:31 33,280 ----a-w C:\Windows\System32\traffic.dll
    2007-12-08 12:31 32,768 ----a-w C:\Windows\System32\rasmxs.dll
    2007-12-08 12:31 297,984 ----a-w C:\Windows\System32\wlansec.dll
    2007-12-08 12:31 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
    2007-12-08 12:31 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
    2007-12-08 12:31 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
    2007-12-08 12:31 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
    2007-12-08 12:31 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
    2007-12-08 12:31 22,016 ----a-w C:\Windows\System32\rasser.dll
    2007-12-08 12:31 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
    2007-12-08 12:31 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
    2007-12-08 12:31 2,923,520 ----a-w C:\Windows\explorer.exe
    2007-12-08 12:31 2,027,008 ----a-w C:\Windows\System32\win32k.sys
    2007-12-08 12:31 15,360 ----a-w C:\Windows\System32\pacerprf.dll
    2007-12-08 12:31 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
    2007-12-08 12:31 134,656 ----a-w C:\Windows\System32\dps.dll
    2007-12-08 12:31 13,824 ----a-w C:\Windows\System32\wshqos.dll
    2007-12-08 12:31 13,824 ----a-w C:\Windows\System32\icsunattend.exe
    2007-12-08 12:31 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
    2007-12-08 12:28 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
    2007-12-08 12:28 7,680 ----a-w C:\Windows\System32\spwmp.dll
    2007-12-08 12:28 4,096 ----a-w C:\Windows\System32\dxmasf.dll
    2007-12-08 12:28 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
    2007-12-08 12:27 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
    2007-12-08 12:25 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
    2007-12-08 12:25 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
    2007-12-08 12:24 88,576 ----a-w C:\Windows\System32\avifil32.dll
    2007-12-08 12:24 84,480 ----a-w C:\Windows\System32\INETRES.dll
    2007-12-08 12:24 82,944 ----a-w C:\Windows\System32\mciavi32.dll
    2007-12-08 12:24 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
    2007-12-08 12:24 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
    2007-12-08 12:24 750,080 ----a-w C:\Windows\System32\qmgr.dll
    2007-12-08 12:24 737,792 ----a-w C:\Windows\System32\inetcomm.dll
    2007-12-08 12:24 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
    2007-12-08 12:24 69,632 ----a-w C:\Windows\System32\sendmail.dll
    2007-12-08 12:24 65,024 ----a-w C:\Windows\System32\avicap32.dll
    2007-12-08 12:24 61,440 ----a-w C:\Windows\System32\ntprint.exe
    2007-12-08 12:24 31,232 ----a-w C:\Windows\System32\msvidc32.dll
    2007-12-08 12:24 269,824 ----a-w C:\Windows\System32\schannel.dll
    2007-12-08 12:24 220,160 ----a-w C:\Windows\System32\ntprint.dll
    2007-12-08 12:24 123,904 ----a-w C:\Windows\System32\msvfw32.dll
    2007-12-08 12:24 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
    2007-12-08 12:24 12,800 ----a-w C:\Windows\System32\msrle32.dll
    2007-12-08 12:24 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
    2007-12-08 12:24 1,984,512 ----a-w C:\Windows\System32\authui.dll
    2007-12-08 12:24 --------- d-----w C:\Program Files\MSXML 4.0
    2007-12-08 12:18 --------- d-----w C:\Program Files\MSBuild
    2007-12-08 12:11 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
    2007-12-08 12:08 --------- d-----w C:\Program Files\DAEMON Tools
    2007-12-08 12:05 639,224 ----a-w C:\Windows\system32\drivers\sptd.sys
    2007-12-08 12:04 --------- d-----w C:\Program Files\Yahoo!
    2007-12-08 12:00 --------- d-----w C:\Program Files\Common Files\Macromedia
    2007-12-08 11:59 --------- d-----w C:\Program Files\Macromedia
    2007-12-07 15:07 --------- d-----w C:\Program Files\Ant Movie Catalog
    2007-12-07 12:10 --------- d-----w C:\Program Files\Alwil Software
    2007-12-07 11:43 80,896 ----a-w C:\Windows\System32\wudriver.dll
    2007-12-07 11:43 549,720 ----a-w C:\Windows\System32\wuapi.dll
    2007-12-07 11:43 53,080 ----a-w C:\Windows\System32\wuauclt.exe
    2007-12-07 11:43 43,352 ----a-w C:\Windows\System32\wups2.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-08 23:21 1232896]
    "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
    "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-10 07:58 1006264]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [ ]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [ ]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [ ]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 04:06 4669440 C:\Windows\RtHDVCpl.exe]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 15:33 457216]
    "Acer Tour"="" []
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 03:38 40048]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 16:39 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 16:39 8470528]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 16:39 81920]
    "BisonInst0402"="C:\Windows\BR040286.exe" [2007-05-08 20:48 53248]
    "SetPanel"="C:\Acer\APanel\APanel.cmd" [ ]
    "eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 14:54 1286144]
    "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-06-27 10:15 752136]
    "PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 13:38 206952]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 13:00 174872]
    "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 09:06 159744]
    "eRecoveryService"="" []
    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
    "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 22:26 68640]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17 52256]
    "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-08 13:54:27]
    Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-18 14:48:42]
    Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-10 08:29:07]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=eNetHook.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 15:34]
    R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 15:34]
    R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 15:34]
    R1 DritekPortIO;Dritek General Port I/O;C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 14:27]
    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 16:51]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
    R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 15:34]
    R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 14:00]
    R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 13:05]
    R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 18:12]
    R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57]
    R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-10-31 22:40]
    R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-09-14 14:32]
    R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 06:23]
    R3 Cam5607;Acer Crystal Eye webcam;C:\Windows\system32\Drivers\BisonC07.sys [2007-07-26 17:25]
    R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 09:26]
    R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-08-08 01:26]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 09:57]
    S3 NETw3v32;Pilote de carte Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 08:30]
    S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 16:47]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
    bthsvcs REG_MULTI_SZ BthServ

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e205ebec-a414-11dc-85b9-001cbf0f3cdc}]
    \shell\AutoRun\command - F:\LaunchU3.exe -a

    *Newly Created Service* - PROCEXP90
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-01-08 22:18:08 C:\Windows\Tasks\User_Feed_Synchronization-{D8983852-EC7E-4091-B19E-72035406F7B2}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-09 14:38:46
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-09 14:39:34
    ComboFix-quarantined-files.txt 2008-01-09 13:39:31
    .
    2008-01-08 22:22:52 --- E O F ---
    Contenus similaires
    a b 8 Sécurité
    9 Janvier 2008 14:43:53

    Reposte un rapport Hijackthis.
    9 Janvier 2008 14:50:09

    voila le resultat

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:46:44, on 9/01/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16575)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Windows\BR040286.exe
    C:\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Users\JEANCL~1\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Windows\system32\conime.exe
    C:\Windows\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe
    O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
    O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O20 - AppInit_DLLs: eNetHook.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 10030 bytes
    a b 8 Sécurité
    9 Janvier 2008 15:02:06

    Mieux ?
    9 Janvier 2008 17:11:04

    Apparemment jusque maintenant, ca va,
    J'ai du partir, j'ai relancé le pc, on verra, dans quelques heures

    Merci


    9 Janvier 2008 17:33:32

    moi aussi avast détecte un Win32:TratBHO [Trj...
    a b 8 Sécurité
    9 Janvier 2008 18:06:51

    Tiens-moi au courant.
    9 Janvier 2008 18:50:28

    OK, demain, si tout va bien, je referme le dossier

    Merci Angeldark, et toutes l'equipe
    10 Janvier 2008 12:21:24

    Plus de virus, tous va bien

    Merci a toutes l'equipes
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS