Se connecter / S'enregistrer
Votre question

Virus et Trojan

Tags :
  • Acer
  • Sécurité
Dernière réponse : dans Sécurité et virus
31 Mai 2008 17:59:44

Bonjour à tous.

Je vous explique mon problème:
Depuis 3 jours j'ai des pubs et des fenetre qui s'ouvre parfois de façon infinie !
Mon antivirus détecte 3 menaces, ces menaces ce trouvent dans le dossier internet temporary files auquel je n'arrive pas a acceder manuellement car mon antivirus n'arive pas a les supprimer.
J'ai executé Ccleaner et voici le log de Hijack, j'espere que vous pourrez m'aider!

Logfile of HijackThis v1.99.1
Scan saved at 17:54:24, on 31/05/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\SysMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\mobsync.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Wanadoo\TaskBarIcon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Windows\explorer.exe
C:\Users\Eric\AppData\Local\Temp\Rar$EX00.789\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [NetFxUpdate_v1.1.4322] "C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID
O4 - HKLM\..\RunServices: [FTRTSVC] C:\Windows\System32\FTRTSVC.exe
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Eric\AppData\Local\Temp\geBuUkif.dll,#1
O4 - HKCU\..\Run: [BM77322860] Rundll32.exe "C:\Users\Eric\AppData\Local\Temp\njiresgk.dll",s
O4 - HKCU\..\Run: [74011bfc] rundll32.exe "C:\Users\Eric\AppData\Local\Temp\ocxbuxpm.dll",b
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Eric\AppData\Local\Temp\ljJAQHyY.dll,c
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/cert...
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_ac...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB150540-7459-451F-BE4E-392551A5C409}: NameServer = 81.253.149.1,80.10.246.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Autres pages sur : virus trojan

31 Mai 2008 21:30:14

Bonsoir,

Ton prochain rapport, tu le posteras avec la plus récente version d'HijackThis stp.

Télécharge ComboFix (de sUBs) sur ton Bureau.

  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Double clique sur ComboFix.exe.
  • Accepte la licence en cliquant sur Oui.
  • Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    Aide : Comment utiliser ComboFix.
    1 Juin 2008 23:25:46

    Voici le rapport de ComboFix sachant qu'après l'avoir executé mon antivirus m'indiquait une erreur impossible a réparer et que ma connexion internet etait désesperement inactive malgré que j'ai chercher a la réactiver par tous les moyens, j'ai donc fait une restauration du système au point créé par ComboFix.
    Voici le rapport:

    ComboFix 08-05-29.1 - Eric 2008-06-01 19:50:42.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1237 [GMT 2:00]
    Endroit: C:\Users\Eric\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\webmediaplayer
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Website.lnk
    C:\Users\Eric\AppData\Local\mqecgmj.dat
    C:\Users\Eric\AppData\Local\mqecgmj_nav.dat
    C:\Users\Eric\AppData\Local\mqecgmj_navps.dat
    C:\Users\Eric\AppData\Local\mqecgmj_navup.dat
    C:\Windows\pack.epk
    C:\Windows\system32\nvs2.inf

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-05-01 to 2008-06-01 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier créé dans cet espace de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-01 17:46 1,948,397 ----a-w C:\Users\Eric\ComboFix.exe
    2008-06-01 12:22 --------- d-----w C:\Program Files\WinTV
    2008-06-01 12:22 --------- d-----w C:\Program Files\Wanadoo
    2008-05-31 17:45 --------- d---a-w C:\ProgramData\TEMP
    2008-05-31 17:06 --------- d-----w C:\Users\Eric\AppData\Roaming\Malwarebytes
    2008-05-31 17:06 --------- d-----w C:\ProgramData\Malwarebytes
    2008-05-31 17:06 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-31 15:29 --------- d-----w C:\Program Files\CCleaner
    2008-05-30 16:18 --------- d-----w C:\Program Files\Activision
    2008-05-30 15:59 --------- d-----w C:\Program Files\GameSpy
    2008-05-30 15:45 --------- d-----w C:\Program Files\GameSpy Arcade
    2008-05-29 23:06 34,296 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
    2008-05-29 23:06 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys
    2008-05-29 17:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-28 18:39 --------- d-----w C:\Program Files\DAEMON Tools Lite
    2008-05-28 18:36 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
    2008-05-28 18:35 --------- d-----w C:\Users\Eric\AppData\Roaming\DAEMON Tools
    2008-05-27 20:56 --------- d-----w C:\Users\Eric\AppData\Roaming\Azureus
    2008-05-27 20:38 --------- d-----w C:\Program Files\VstPlugins
    2008-05-22 12:30 --------- d-----w C:\Program Files\Safari
    2008-05-22 12:27 --------- d-----w C:\Program Files\Apple Software Update
    2008-05-20 13:26 --------- d-----w C:\Users\Eric\AppData\Roaming\Sony
    2008-05-20 13:23 --------- d-----w C:\Users\Eric\AppData\Roaming\Publish Providers
    2008-05-20 13:23 --------- d-----w C:\Users\Eric\AppData\Roaming\NetMedia Providers
    2008-05-20 13:14 --------- d-----w C:\Program Files\Outsim
    2008-05-13 22:21 --------- d-----w C:\Program Files\Windows Mail
    2008-05-01 21:36 --------- d-----w C:\Users\Eric\AppData\Roaming\Wireshark
    2008-04-23 23:14 --------- d-----w C:\Program Files\Azureus
    2008-04-16 16:02 --------- d-----w C:\Users\Eric\AppData\Roaming\Nokia
    2008-04-16 16:01 --------- d-----w C:\ProgramData\Installations
    2008-04-11 23:17 --------- d-----w C:\Users\Eric\AppData\Roaming\PC Suite
    2008-04-11 22:57 --------- d-----w C:\Program Files\Nokia
    2008-04-11 22:57 --------- d-----w C:\Program Files\Common Files\PCSuite
    2008-04-11 22:57 --------- d-----w C:\Program Files\Common Files\Nokia
    2008-04-11 22:43 --------- d-----w C:\Program Files\DIFX
    2008-04-11 22:42 --------- d-----w C:\Program Files\PC Connectivity Solution
    2008-04-11 22:22 --------- d-----w C:\Users\Eric\AppData\Roaming\Nokia Multimedia Player
    2008-04-10 18:35 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
    2008-04-10 18:34 --------- d-----w C:\ProgramData\Nokia
    2008-04-09 21:57 --------- d-----w C:\Users\Eric\AppData\Roaming\NSeries
    2008-04-09 21:40 --------- d-----w C:\ProgramData\PC Suite
    2008-04-09 18:57 --------- d-----w C:\Program Files\iTunes
    2008-04-09 18:57 --------- d-----w C:\Program Files\iPod
    2008-04-09 18:56 --------- d-----w C:\Program Files\QuickTime
    2008-03-08 04:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-03-08 04:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-03-08 04:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-03-08 04:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-03-08 04:30 1,686,528 ----a-w C:\Windows\System32\gameux.dll
    2008-03-08 00:37 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-03-08 00:22 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
    2007-10-03 19:26 22,328 ----a-w C:\Users\Eric\AppData\Roaming\PnkBstrK.sys
    2007-08-30 16:04 174 --sha-w C:\Program Files\desktop.ini
    2007-07-26 20:21 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
    2007-06-14 15:21 275 ----a-w C:\Users\Incomplete\downloads.dat
    2007-05-12 12:22 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2007-05-12 12:22 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2007-05-12 12:22 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
    .

    ------- Sigcheck -------

    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "????r"="" []
    "?????????"="??????????????e" []
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acer Tour"="" []
    "eRecoveryService"="" []
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
    "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 04:57 3784704 C:\Windows\RtHDVCpl.exe]
    "osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 06:30 22696]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
    "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
    "Acer Empowering Technology Monitor"="C:\Windows\system32\SysMonitor.exe" [2006-11-23 16:24 319488]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 13:15 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 13:15 8466432]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 13:15 81920]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
    "NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 14:44 3100672]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "FTRTSVC"="C:\Windows\System32\FTRTSVC.exe" [2004-08-23 14:49 40960]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-11 17:38:14 113664]
    Le temps d'ex‚cution du script a ‚t‚ d‚pass‚ pour le script "C:\ComboFix\lnkread.vbs".
    L'ex‚cution du script a pris fin.

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.mkdmp3enc"= C:\PROGRA~1\ACERZO~1\ACERZO~2\Kernel\Burner\MKDMP3Enc.ACM
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{CBA664D7-7845-4748-A78F-A801EA076BBF}"= UDP:C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
    "{88ECF735-BA95-4C4C-B1DD-F8A0505D0210}"= TCP:C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
    "{BDE6C266-D4E0-412E-8BDC-137FDAFD962D}"= UDP:C:\Program Files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
    "{95A589C8-AC04-4F93-BBA6-CFE965C0573A}"= TCP:C:\Program Files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
    "{9357837E-EEB8-4804-AEE7-FBB2A61280F4}"= UDP:C:\Program Files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
    "{6539D799-7174-4EA6-AFEC-7E368AF33207}"= TCP:C:\Program Files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
    "{3644AAC3-5A91-49CD-AFF0-3574437F4077}"= UDP:C:\Program Files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
    "{BDD9BF01-7BE7-4893-B26C-DBF76962231A}"= TCP:C:\Program Files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
    "{D107C740-DFB4-4E00-9C4E-0465AC8388A5}"= UDP:C:\Program Files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
    "{E2EC3638-EB6F-463F-AD0E-8C6100D6E4DD}"= TCP:C:\Program Files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
    "{29F98374-1E2D-49E2-9D31-883CD6AC7C02}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{1BFB53A0-C003-4119-98A1-0BE45851B344}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{19F28344-0E60-47EF-A69F-26E515A7D95A}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
    "{CE2A2FB9-FB4B-49C8-85A7-AEF09D5ECBBC}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
    "{A0AE2196-2802-4ACA-874C-8CB0BB9DC690}"= UDP:C:\Program Files\Sierra\FEAR\FEARMP.exe:FEAR
    "{B3598079-6873-44BC-AEE6-ED784B7E38AF}"= TCP:C:\Program Files\Sierra\FEAR\FEARMP.exe:FEAR
    "{592EDECE-5F81-4F26-BFDE-8183395C8A40}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{FA1A7D1A-F4BF-41C6-AD7D-A8FDFFF89C7E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{DED93D37-6A43-429E-B8FC-406D67F721B4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{61326365-92D1-4D60-AD14-C0BCCA3AE154}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{2CF4E0B0-73E3-4DD1-A072-B80FA017A04B}"= UDP:C:\Windows\System32\PnkBstrA.exe:p nkBstrA
    "{E753D07C-8F8D-4149-8A37-AE82074BD673}"= TCP:C:\Windows\System32\PnkBstrA.exe:p nkBstrA
    "{55BE41BD-2CC1-4FDB-A2BD-2C3C3B9575B3}"= UDP:C:\Windows\System32\PnkBstrB.exe:p nkBstrB
    "{3CB19E6A-0612-43F2-A02D-C94C593942AC}"= TCP:C:\Windows\System32\PnkBstrB.exe:p nkBstrB
    "{4DC9406D-FEBD-48A5-8C4A-C80A432606B6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{23D483BE-F0F5-428D-8040-3B1135E16D8A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{B6D5D896-9CFC-4C82-979D-25882FCCA285}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{50C7A2AC-CE01-4F04-ADA3-73F6325DFC89}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{D4C1EF58-0186-4670-A1E6-5694C3CF1853}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
    "C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
    "C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:D ecryption
    "C:\\Program Files\\WINSOS\\winsos.exe"= C:\Program Files\WINSOS\winsos.exe:*:Enabled:Winsos
    "C:\\Program Files\\WINSOS\\anti-spy.exe"= C:\Program Files\WINSOS\anti-spy.exe:*:Enabled:anti-spy Winsos
    "C:\\Program Files\\WINSOS\\help.exe"= C:\Program Files\WINSOS\help.exe:*:Enabled:Winsos Help

    R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
    R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
    R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
    R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080530.001\IDSvix86.sys [2008-02-13 18:18]
    R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
    R2 EPGService;EPGService;C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [2006-11-28 17:17]
    R2 Vcs;Vcs support;C:\Windows\system32\Drivers\Vcs.sys [2002-12-10 09:11]
    R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;C:\Windows\system32\Drivers\hcw95bda.sys [2007-04-04 20:45]
    R3 hcw95rc;Hauppauge MOD7700 IR Driver;C:\Windows\system32\DRIVERS\hcw95rc.sys [2007-04-04 20:48]
    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 20:55]
    R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-09 03:52]
    S3 HauppaugeTVServer;HauppaugeTVServer;C:\PROGRA~1\WinTV\HCWTVS~1.EXE [2007-02-20 15:11]
    S3 MBAMCatchMe;MBAMCatchMe;C:\Windows\system32\drivers\mbamcatchme.sys [2008-05-30 01:06]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsu.sys [2008-02-01 15:17]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 15:17]
    S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
    S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-25 07:46]
    S3 upperdev;upperdev;C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
    S3 UsbserFilt;UsbserFilt;C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{166521af-38e3-11dc-bb9a-001921e2e05a}]
    \shell\AutoRun\command - J:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b82ed85-2ce5-11dd-871a-001921e2e05a}]
    \shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
    \shell\dinstall\command - F:\Directx\dxsetup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78f1a67e-b86c-11dc-9d20-001921e2e05a}]
    \shell\AutoRun\command - J:\InstallTomTomHOME.exe

    *Newly Created Service* - CATCHME
    *Newly Created Service* - COMHOST
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-05-30 18:58:45 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - Eric.job"
    - c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
    "2008-06-01 01:19:08 C:\Windows\Tasks\User_Feed_Synchronization-{0D3D5CB2-E903-43FD-B293-CE5279010549}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-01 20:46:14
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-01 21:16:33
    ComboFix-quarantined-files.txt 2008-06-01 19:13:42

    Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
    Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

    231 --- E O F --- 2008-05-31 10:10:36
    3 Juin 2008 10:38:17

    Tu as bien désactivé tes protections résidentes comme demandé ? ^^

    Reposte un HijackTHis.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS