Trojan win32:vundo.gen!C [Resolu]

Bonjour à tous,

Voila Windows Defender me trouve un virus mais il n'arrive pas a me le supprimé, j'ai étais voir sur plusieurs topics mais je trouve pas mon bonheur.
J'ai aussi fais l'analyse avec VundoFix mais il ne me trouve rien et quand je lance avast il n'arrive pas a me le supprimé.

Donc si quelqu'un pourrait m'aidé car j'en est vraiment besoin.

(Je suis nul en informatique)

Merci.

Bonjour,

Télécharger sur le bureau Malwarebyte's Anti-Malware

=> double-clic sur mbam-setup pour lancer l'installation
=> Installer simplement sans rien modifier
=> Quand le programme lancé ==> cocher Exécuter un examen complet
=> Clic Rechercher
=> Eventuellement décocher les disque à ne pas analyser
=> Clic Lancer l'examen
=> En fin de scan , si infection trouvée
==> Clic Afficher résultat
=> Fermer vos applications en cours
=> Vérifier si tout est coché et clic Supprimer la sélection

=> un rapport s'ouvre le copier et le coller dans la réponse

+

Après Malwarebyte's:

Télécharge sur le bureau Hijackthis
=> Double-clic dessus
=> Clic Do a system scan and save the log
=> Copier le rapport, le coller dans la réponse

Voila je sais pas si j'ai réussi m'enfin bon

Malwarebytes' Anti-Malware 1.19
Version de la base de données: 907
Windows 6.0.6000

16:55:37 30/06/2008
mbam-log-6-30-2008 (16-55-37).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 112840
Temps écoulé: 28 minute(s), 21 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 29
Valeur(s) du Registre infectée(s): 9
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 12
Fichier(s) infecté(s): 86

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Windows\System32\tuVmmKdc.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2414e23a-c29b-4d32-a78a-124f9fbf7278} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{2414e23a-c29b-4d32-a78a-124f9fbf7278} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0e64e841-2463-47c9-8797-daf2810bbf61} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\navigationtool.pornpro_bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\navigationtool.pornpro_bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4eb29a50684e23f4e9d65186fa814342 (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8baf7ca6202db60478328f0ee1eef1ee (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8f92bca0d10d5ad42ac7b8a272b92649 (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\a7a85540b6b4ac64db79ab454d0c0f9c (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\a7e6f91d09bbe2742b9c465f33f87790 (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\a94987f586a451142994114d5fdc1d00 (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\d722d4cbe0a53d44c975cf912bb7deba (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\7c673a5b871b8cd419f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7c673a5b871b8cd419f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\navigationtool (Trojan.BHO) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\antispywarebotsrv (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\antispywarebotsrv (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\antispywarebotsrv (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AntispywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (AdWare.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{0e64e841-2463-47c9-8797-daf2810bbf61} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\AntispywareBot\ (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\AntispywareBot\FilterDrv\ (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntispywareBot\ (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiSpywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\98e83a53 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM9bdb09cf (Trojan.Agent) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvmmkdc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvmmkdc -> Delete on reboot.

Dossier(s) infecté(s):
C:\Program Files\NavigationTool (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Roaming\AntispywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Roaming\AntispywareBot\Log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Roaming\AntispywareBot\Settings (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot\FilterDrv (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiSpywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Windows\System32\tuVmmKdc.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\cdKmmVut.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\cdKmmVut.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\jkkHAqNg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\efcdEwUM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\d.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\jgkpt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\mxuxc.exe (Backdoor.Rustock) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\number.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\80N9G10Y\dsuper[1].htm (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMT914VX\mzznre[1].htm (Backdoor.Rustock) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EMT914VX\plmzrevwn[1].txt (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\ddcBTNDW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\ddcYoLDS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\ddcYppmn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\efcCtqpM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\efcDSKbA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\geBqOiGa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\hgGxYOFv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\mlJAtSij.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\mlJAtTlj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\nnnoMdaB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\pmnOeBSJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\qoMcyVMd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\tem69DC.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\temA25C.tmp.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\temBDD5.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\temEF23.tmp.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\tmp0000fc38 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\tmp0000fdfd (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\tmp00010424 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\tmp00010666 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\tmp0001078e (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\tmp00010897 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\tmp000109a0 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\tmp00010f5b (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\tmp00010fa9 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\tmp00011e1a (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\tmp00011f42 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\tmp00012e11 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\tmp00012f68 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\tmp000cdf18 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\updDB12.tmp.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\wvUmmMff.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\17PHolmes1535.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Windows\System32\byXQGwUn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\Temp\TMP0000002153B7B4C84235343A (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\NavigationTool\NavigationTool-3.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\NavigationTool\NavigationTool.dat (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\NavigationTool\pcre3.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\NavigationTool\uninstall.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Roaming\AntispywareBot\DataBaseNew.ref (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Roaming\AntispywareBot\rs.dat (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Roaming\AntispywareBot\Log\2008 Jun 30 - 03_20_41 PM_237.log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Roaming\AntispywareBot\Log\2008 Jun 30 - 03_21_30 PM_229.log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Roaming\AntispywareBot\Log\2008 Jun 30 - 03_27_42 PM_687.log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Roaming\AntispywareBot\Log\2008 Jun 30 - 03_44_13 PM_575.log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Roaming\AntispywareBot\Log\2008 Jun 30 - 03_55_21 PM_876.log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot\AntispywareBot.exe (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot\AntispywareBot.srv.exe (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot\AntispywareBot.url (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot\DataBase.ref (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot\Difxapi.dll (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot\SpyCleaner.dll (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot\TCL.dll (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot\vistaCPtasks.xml (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot\zlib.dll (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot\FilterDrv\AntispywareBot.amd64.sys (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot\FilterDrv\AntispywareBot.cat (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot\FilterDrv\AntispywareBot.inf (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareBot\FilterDrv\AntispywareBot.x86.sys (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiSpywareBot\AntispywareBot on the Web.lnk (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiSpywareBot\AntispywareBot.lnk (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Windows\Tasks\AntispywareBot Scheduled Scan.job (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\tteysbfq.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Alex\AppData\Local\Temp\snyoqxvw.dll (Trojan.Agent) -> Delete on reboot.
C:\d1.exe (Trojan.Agent) -> Quarantined and deleted successfully.

ensuite avec Hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:50, on 30/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\Alex\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Alex\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {2414E23A-C29B-4D32-A78A-124F9FBF7278} - C:\Windows\system32\tuVmmKdc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BM9bdb09cf] Rundll32.exe "C:\Users\Alex\AppData\Local\Temp\snyoqxvw.dll",s
O4 - Startup: ENJOY Plus!.lnk = C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9763 bytes

Télécharger et enregistrer sur le bureau Combofix

=> Double-clic sur Combofix
=> Presser 1 quand demandé
=> Attendre la fermeture de l’outil ( 5 à 10 mn)
=> Copier/coller le rapport dans la réponse
=> Un rapport dans C:\Combofix.txt à mettre dans la réponse
=> Qoobox dans C:\ à supprimer

+

Un nouveau log Hijack

ComboFix 08-06-20.4 - Alex 2008-06-30 17:13:19.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6000.0.1252.1.1036.18.1044 [GMT 2:00]
Endroit: C:\Users\Alex\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\ACER.exe
C:\Windows\system32\tuVmmKdc.dll
C:\Windows\system32\x64

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-28 to 2008-06-30 ))))))))))))))))))))))))))))))))))))
.

2008-06-30 17:11 . 2008-06-30 17:12 <REP> d-------- C:\327882R2FWJFW
2008-06-30 16:23 . 2008-06-30 16:23 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-06-30 16:23 . 2008-06-30 16:23 <REP> d-------- C:\Users\Alex\AppData\Roaming\Malwarebytes
2008-06-30 16:23 . 2008-06-30 16:23 <REP> d-------- C:\ProgramData\Malwarebytes
2008-06-30 16:23 . 2008-06-30 16:23 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-30 16:23 . 2008-06-28 14:16 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-06-30 16:23 . 2008-06-28 14:16 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-06-30 01:21 . 2008-06-30 01:21 <REP> d-------- C:\VundoFix Backups
2008-06-26 14:42 . 2008-06-26 14:42 <REP> d-------- C:\Users\Alex\AppData\Roaming\dvdcss
2008-06-24 15:17 . 2008-06-24 15:17 <REP> d-------- C:\Program Files\Alwil Software
2008-06-24 15:17 . 2008-05-16 01:18 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-06-24 15:07 . 2008-06-24 15:07 109,056 --a------ C:\Windows\System32\lkaje3ewrkj.exe
2008-06-24 15:07 . 2008-06-24 15:07 20,225 --a------ C:\jfcjr.exe
2008-06-24 15:07 . 2008-06-24 15:07 14,336 --a------ C:\Windows\System32\ldskjf2w.exe
2008-06-24 15:07 . 2008-06-24 15:07 2 --a------ C:\-1729611012
2008-06-24 11:08 . 2008-06-24 11:08 <REP> d-------- C:\Windows\Sun
2008-06-20 03:37 . 2008-06-20 22:24 <REP> d-------- C:\Program Files\Aurore
2008-06-15 22:41 . 2008-06-20 01:32 <REP> d-------- C:\Users\Alex\AppData\Roaming\teamspeak2
2008-06-15 22:40 . 2008-06-15 22:41 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2008-06-15 22:40 . 2008-06-15 22:40 34,064 --a------ C:\Windows\System32\lhacm.acm
2008-06-13 15:34 . 2008-06-13 15:34 <REP> d-------- C:\Users\All Users\ENJOY Plus!
2008-06-13 15:34 . 2008-06-13 15:34 <REP> d-------- C:\Users\Alex\AppData\Roaming\ENJOY Plus!
2008-06-13 15:34 . 2008-06-13 15:34 <REP> d-------- C:\ProgramData\ENJOY Plus!
2008-06-13 15:33 . 2008-06-13 15:33 <REP> d-------- C:\Program Files\ENJOY Plus!
2008-06-11 12:03 . 2008-04-26 10:02 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-06-11 12:03 . 2008-05-10 03:21 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-11 12:03 . 2008-05-10 05:30 14,848 --a------ C:\Windows\System32\wshrm.dll
2008-06-11 00:32 . 2008-06-11 00:32 <REP> d-------- C:\Users\Alex\AppData\Roaming\DivX
2008-06-11 00:27 . 2008-06-11 00:28 <REP> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-06-11 00:26 . 2008-06-11 00:30 <REP> d-------- C:\Program Files\DivX
2008-05-30 19:22 . 2008-05-30 19:22 3,596,288 --a------ C:\Windows\System32\qt-dx331.dll
2008-05-30 19:22 . 2008-05-30 19:22 524,288 --a------ C:\Windows\System32\DivXsm.exe
2008-05-30 19:22 . 2008-05-30 19:22 9,878 --a------ C:\Windows\System32\dsm_fr.qm
2008-05-30 19:22 . 2008-05-30 19:22 4,816 --a------ C:\Windows\System32\divxsm.tlb
2008-05-30 19:19 . 2008-05-30 19:19 1,044,480 --a------ C:\Windows\System32\libdivx.dll
2008-05-30 19:19 . 2008-05-30 19:19 200,704 --a------ C:\Windows\System32\ssldivx.dll
2008-05-28 10:22 . 2008-03-08 02:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 10:22 . 2008-03-08 06:30 1,686,528 --a------ C:\Windows\System32\gameux.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 02:37 --------- d-----w C:\Users\Alex\AppData\Roaming\Skype
2008-06-25 22:03 --------- d-----w C:\Users\Alex\AppData\Roaming\skypePM
2008-06-25 08:12 --------- d-----w C:\Users\Alex\AppData\Roaming\uTorrent
2008-06-24 13:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-24 13:02 --------- d-----w C:\ProgramData\Symantec
2008-06-24 13:02 --------- d-----w C:\Program Files\Symantec
2008-06-23 00:53 --------- d-----w C:\Program Files\HeavenAngelsDestinys
2008-06-20 23:45 669 ----a-w C:\Users\Alex\AppData\Roaming\waver_2.95.dat
2008-06-17 09:53 --------- d-----w C:\ProgramData\TrackMania
2008-06-12 09:44 --------- d-----w C:\Program Files\Windows Mail
2008-06-11 09:58 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-29 20:02 --------- d-----w C:\Program Files\FlashGet
2008-05-20 20:43 --------- d-----w C:\Program Files\Audacity
2008-04-30 13:22 --------- d-----w C:\ProgramData\Skype
2008-04-30 13:22 --------- d-----w C:\Program Files\Skype
2008-04-30 13:21 --------- d-----w C:\Program Files\Common Files\Skype
2008-04-30 12:24 --------- d-----w C:\Program Files\uTorrent
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-14 08:45 174 --sha-w C:\Program Files\desktop.ini
2008-04-11 08:57 2,923,520 ----a-w C:\Windows\explorer.exe
2008-03-08 04:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 00:22 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-11 10:39 1232896]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-22 14:04 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2007-06-21 18:25 155648]
"Acer Tour"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 04:38 40048]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-05-25 04:31 142104]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-05-25 04:31 154392]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-05-25 04:31 138008]
"PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 14:47 45056]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-07-16 07:51 768520]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 10:06 159744]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"SetPanel"="C:\Acer\APanel\APanel.cmd" [ ]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-06-28 14:16 1171064]

C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ENJOY Plus!.lnk - C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe [2008-06-13 15:33:55 1323520]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-07-31 02:54:55 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALaunch]
C:\Acer\ALaunch\AlaunchClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-04-23 17:45 22058792 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2AFADD2E-1964-482C-B846-F474F5447B8A}"= C:\Program Files\Acer\Acer Arcade\PowerCinema.exe:CyberLink PowerCinema
"{C41120CC-5E1D-44D4-AB03-B5AE35A016E0}"= C:\Program Files\Acer\Acer Arcade\PCMService.exe:CyberLink PowerCinema Resident Program
"{DE0C5AC4-009A-4E93-BA24-2D64E3349E29}"= C:\Program Files\Acer\Acer Arcade\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{B577784C-77D8-4133-B61C-BB58AC879A21}"= C:\Program Files\Acer\Acer Arcade\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{EAAE8550-9048-48E5-A166-A12FF9D72138}"= C:\Program Files\Acer\HomeMedia\HomeMedia.exe:HomeMedia
"{400B637C-A1F6-434A-8EBE-69603DAE3A9E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{73B48228-393B-49B8-8780-34177D1D8D45}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1F2A369A-F69B-4CE9-B05F-AC9902F79F20}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BDB21221-7B3C-46FA-8CFF-FCEFB8753445}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{55663C84-8DD9-40B7-A0FA-055034BDD034}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{4F75E419-1399-41CB-88BC-40532EA21616}"= C:\Program Files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 14:24]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 10:57]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-05-22 06:28]
S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 17:47]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 17:19:17
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\conime.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\System32\igfxsrvc.exe
C:\Windows\System32\igfxext.exe
C:\Windows\System32\igfxsrvc.exe
C:\Acer\Empowering Technology\eNet\eNMTray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Users\Alex\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Windows\System32\dllhost.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-30 17:24:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-30 15:23:50

Pre-Run: 26,731,802,624 octets libres
Post-Run: 37,348,306,944 octets libres

218 --- E O F --- 2008-06-12 09:41:54


Hijackthis



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:25:36, on 30/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\Alex\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.exe
C:\Users\Alex\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: ENJOY Plus!.lnk = C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8952 bytes

Encore des souci?

Bin on dirais que tout est bon

En cas de soucis je vous recontacte et merci ichigo =)

Si plus de souci pense à mettre en résolu, et supprimer hijackthis et combofix + Qoobox dans C:\