Infecter troyan

Fermé

carhaix Messages postés 10 Date d'inscription jeudi 10 avril 2008 Statut Membre Dernière intervention 18 avril 2008 - 10 avril 2008 à 18:49
carhaix Messages postés 10 Date d'inscription jeudi 10 avril 2008 Statut Membre Dernière intervention 18 avril 2008 - 10 avril 2008 à 20:20

Bonjour, j'expose mon probléme
un petit troyan sur mon pc qui, quand j'ouvre IE se dirige vers un lien... (pub,...)

avec un URL de ce type "83.149.115.142/index.php?cmp=ghrnc&uid=51BCFDBC067011DDA706152174CFFFFF&guid=7D4D153F87BF49B9922D1EE01B61273F&affid=152174&lid=http&z=de"

J'ai eus au demarrage de windows un message qui me disé qu'il avait supprimé "Vundo"

Voici le raport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:56, on 10/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\jvkoymov\xkhclyhg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\johan\Desktop\Sanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [jvkoymov] C:\ProgramData\jvkoymov\xkhclyhg.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\johan\AppData\Local\Temp\geBspPJy.dll,c
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\MediaServer.exe

A voir également:

Infecter troyan
Troyan remover - Télécharger - Antivirus & Antimalwares
Infecter par virus et malware - Forum Virus
Registre infecter par trojan/spyware ✓ - Forum Virus
Laptop infecter par VirTool:Win32/ExcludeProd.D ✓ - Forum Virus
Infecter par not-a-virus: HEUR:Adware.win32.Yotoon.heur - Forum Virus

1 réponse

Réponse 1 / 1

theyellow29 Messages postés 538 Date d'inscription vendredi 17 août 2007 Statut Membre Dernière intervention 16 août 2009 51
10 avril 2008 à 18:55

salut

essai Combofix sUBs

http://bibou0007.com/outils-specifiques-f78/tutorial-combofix-t121.htm

carhaix Messages postés 10 Date d'inscription jeudi 10 avril 2008 Statut Membre Dernière intervention 18 avril 2008 1
10 avril 2008 à 19:21

Merci Je viens de relancer mon PC et en lançant Internet explorer ou même mozilla firefox les pub n'apparaisse plus.

J'ai suivi les indication du lien que tu ma donné et voici le rapport

ComboFix 08-04-09.9 - johan 2008-04-10 19:08:02.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2091 [GMT 2:00]
Endroit: C:\Users\johan\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\johan\Desktopblackbird.jpg
C:\Users\johan\DesktopEditorFKWP1.5.exe
C:\Users\johan\DesktopEditorFKWP2.0.exe
C:\Users\johan\Desktopfilemanagerclient.exe
C:\Users\johan\Desktopfkwp1.5.exe
C:\Users\johan\Desktopfkwp2.0.exe
C:\Users\johan\Desktopfwebd.exe
C:\Users\johan\DesktopFWebdEditor.exe
C:\Users\johan\DesktopTrojan.Win32.BlackBird.exe
C:\Users\johan\Desktopvirii

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 17:05 --------- d-----w C:\ProgramData\ATI
2008-04-10 16:20 --------- d-----w C:\Program Files\Windows Mail
2008-04-10 16:20 --------- d-----w C:\Program Files\Google
2008-04-10 16:09 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-10 16:01 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-09 20:00 --------- d-----w C:\ProgramData\xynivyfc
2008-04-09 20:00 --------- d-----w C:\ProgramData\jvkoymov
2008-04-09 18:50 --------- d-----w C:\Program Files\CARTEL's EUROS 3000
2008-04-09 18:49 74,752 ----a-w C:\Windows\ST6UNST.EXE
2008-04-09 18:49 253,952 ------w C:\Windows\Setup1.exe
2008-04-09 16:15 --------- d-----w C:\Program Files\Steam
2008-04-08 17:57 --------- d-----w C:\Program Files\ATI Technologies
2008-04-07 21:46 --------- d-----w C:\Users\johan\AppData\Roaming\Mp3tag
2008-04-07 21:44 --------- d-----w C:\Program Files\Mp3tag
2008-04-07 18:22 --------- d-----w C:\Users\johan\AppData\Roaming\LimeWire
2008-04-06 17:16 --------- d-----w C:\Users\johan\AppData\Roaming\Azureus
2008-04-05 13:09 --------- d-----w C:\Program Files\ffdshow
2008-04-05 12:37 --------- d-----w C:\Program Files\DivX
2008-04-05 12:37 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-04-05 12:12 --------- d-----w C:\Program Files\Java
2008-04-04 23:50 --------- d-----w C:\Users\johan\AppData\Roaming\Winamp
2008-04-04 23:15 --------- d-----w C:\ProgramData\OrbNetworks
2008-04-04 23:08 --------- d-----w C:\Program Files\Winamp Remote
2008-04-04 22:58 --------- d-----w C:\Program Files\Winamp
2008-04-04 15:42 --------- d-----w C:\Users\johan\AppData\Roaming\teamspeak2
2008-04-04 15:42 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-04-04 15:00 --------- d-----w C:\Program Files\World of Warcraft
2008-04-04 14:59 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-04-04 12:05 --------- d-----w C:\ProgramData\Azureus
2008-04-04 12:04 --------- d-----w C:\Program Files\Azureus
2008-04-04 12:01 --------- d-----w C:\Program Files\LimeWire
2008-04-04 12:00 --------- d-----w C:\Program Files\Common Files\Java
2008-04-03 18:01 --------- d-----w C:\Program Files\Common Files\Steam
2008-04-03 16:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-03 16:13 --------- d-----w C:\Program Files\Alwil Software
2008-04-03 16:12 --------- d-----w C:\ProgramData\Symantec
2008-04-02 20:51 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-02 20:37 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-04-02 20:34 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-02 20:34 --------- d-----w C:\Program Files\Windows Live
2008-04-02 20:29 --------- d-----w C:\ProgramData\WLInstaller
2008-04-02 19:00 --------- d-----w C:\Program Files\TVersity Codec Pack
2008-04-02 16:46 --------- d-----w C:\Program Files\EA GAMES
2008-04-02 16:32 --------- d-----w C:\Program Files\Bethesda Softworks
2008-04-02 16:13 --------- d-----w C:\ProgramData\eSobi
2008-04-01 23:04 --------- d-----w C:\Program Files\Vista Anti-Lag
2008-04-01 22:58 174 --sha-w C:\Program Files\desktop.ini
2008-04-01 22:53 --------- d-----w C:\Program Files\Windows Defender
2008-04-01 22:53 --------- d-----w C:\Program Files\Windows Calendar
2008-04-01 22:52 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-01 22:46 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-04-01 22:46 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-04-01 22:46 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-04-01 22:46 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-04-01 22:46 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-04-01 22:45 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-04-01 22:45 2,923,520 ----a-w C:\Windows\explorer.exe
2008-04-01 22:43 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-04-01 22:41 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-04-01 22:41 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-04-01 22:41 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-04-01 22:41 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-04-01 22:41 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-04-01 22:41 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-04-01 22:41 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-04-01 22:41 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-04-01 22:38 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-04-01 22:38 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-04-01 22:36 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-04-01 22:36 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-04-01 22:36 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-04-01 22:35 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-04-01 22:35 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-04-01 22:35 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-04-01 22:35 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-04-01 22:35 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-04-01 22:35 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-04-01 22:34 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-04-01 22:34 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-04-01 22:34 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-04-01 22:34 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-04-01 22:34 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-04-01 22:34 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-04-01 22:34 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-04-01 22:34 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2008-04-01 22:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-04-01 22:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-04-01 22:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-04-01 22:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-04-01 22:29 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-04-01 22:29 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-04-01 22:29 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-04-01 22:29 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-04-01 22:28 12,800 ----a-w C:\Windows\system32\drivers\fs_rec.sys
2008-04-01 22:28 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-01 21:53 --------- d-----w C:\Program Files\Neuf
2008-03-29 17:35 20,560 ----a-w C:\Windows\system32\drivers\aswFsBlk.sys
2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-03-29 17:31 75,856 ----a-w C:\Windows\system32\drivers\aswSP.sys
2008-03-29 17:29 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7AE1D1A-0D33-417F-A7C4-93CD0B19BE29}]
2008-04-09 22:05 270336 --a------ C:\Users\johan\AppData\Local\Temp\geBspPJy.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-02 00:29 1232896]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-10 17:57 171448]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"jvkoymov"="C:\ProgramData\jvkoymov\xkhclyhg.exe" [2008-04-09 22:00 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-04-02 00:39 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 09:38 4390912 C:\Windows\RtHDVCpl.exe]
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"Acer Tour"="" []
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"Apanel"="C:\ACERSW\config\NewSetApanel.cmd" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-24 14:53:40 528384]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-04-24 14:32:04 200812]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F95798C9-BF0A-4D20-BD7C-6B38E7FF9FEE}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{A5333138-7820-4A45-A0F8-9FD93BB4D627}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{D585109C-A3E9-47A0-B1F8-BEF827E9F6D7}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{31A60708-F002-42F4-9908-B33BD16550DD}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{932D4E56-6D5F-4909-A913-8B5947834283}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{B4E3A7E7-6249-4309-B05F-B68B9B030828}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{383C1570-BA3C-4015-8188-2C4B6D3284C4}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{96FB5B8F-6D95-4F7A-809C-7952FC936ACB}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{4FF06BD9-4370-4B76-ACF7-40542F1CF716}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{A3545E1B-C746-447F-9041-B38D5406AB1D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B27F2B2A-F1C3-4E65-8725-F857C07B7BEF}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{6A70B4E0-6290-4A36-BCEA-F075D570EBA2}C:\\program files\\steam\\steamapps\\chico_62\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\chico_62\counter-strike source\hl2.exe:hl2
"UDP Query User{156676AD-7D38-437A-B6DA-CD41B6122257}C:\\program files\\steam\\steamapps\\chico_62\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\chico_62\counter-strike source\hl2.exe:hl2
"{B7F44902-2260-4587-ACA8-7EF1D0DCA769}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A1B2555C-92BE-4745-947A-3507769B0906}C:\\program files\\steam\\steamapps\\chico_62\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\chico_62\counter-strike source\hl2.exe:hl2
"UDP Query User{18F7D670-7BC9-43E5-BA32-E471BDC95592}C:\\program files\\steam\\steamapps\\chico_62\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\chico_62\counter-strike source\hl2.exe:hl2
"{E73766ED-4EFC-4583-B30F-C7768C42CE30}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{94E72EBC-9554-4455-BA26-58762CD37CC7}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{EE582F98-5239-451F-8A65-13C9F129782D}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{D5E5C818-61E7-43F5-9070-EB7575DFF46B}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{F60E5E6B-7E0E-402B-912C-2B38574E1F6B}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{27EC9EB6-2BCF-4599-9B16-253228D26E45}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{56DD113E-0466-4D86-9DAB-66926EB86EA8}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{D49425E3-BC56-43B5-95FB-BFC691CF7C0F}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"TCP Query User{4B49298C-7347-4CD0-96A0-B78F9B5D1EC3}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{3481CD0E-0839-4079-9A76-22005F38872D}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{E7639178-3AE4-4EC9-85C1-C5FADAE4D4E5}"= UDP:C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\TVersity.exe:TVersity Media Server
"{7BE884FE-C1C8-434F-98AA-DB9B8516C046}"= TCP:C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\TVersity.exe:TVersity Media Server
"{1CC56AA8-310F-469E-B2DF-74A304388494}"= UDP:C:\Program Files\Windows Media Player\wmplayer.exe:wmplayer
"{D58E688A-135D-4C90-8101-F2BABA80BB54}"= TCP:C:\Program Files\Windows Media Player\wmplayer.exe:wmplayer
"TCP Query User{4FEC81E8-31FD-473D-9FE5-E1A7853A3268}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{7BB5E3D4-8D5B-44AF-94BF-BF09F3EE7A50}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 18:54]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-14 00:07]
R3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\Windows\system32\DRIVERS\WlanUIG.sys [2004-09-17 12:56]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-14 00:07]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-02 20:56]
S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 16:47]

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 19:15:23
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\MediaServer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\conime.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-10 19:17:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-10 17:17:27
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
.
2008-04-10 16:09:06 --- E O F ---

carhaix Messages postés 10 Date d'inscription jeudi 10 avril 2008 Statut Membre Dernière intervention 18 avril 2008 1 > carhaix Messages postés 10 Date d'inscription jeudi 10 avril 2008 Statut Membre Dernière intervention 18 avril 2008
10 avril 2008 à 20:20

j'ais encore de message d'antispyware qui aparaissent, des message douteux.

Et il m'est impossible de faire une restauration, j'ai esseyé sur plusieur jour et il me marque que la restauration
a eu un probléme.

Discussions similaires

infecter par crossrider

infecter par Hidden.ADS

infecter avec cyber security

infecter par Trojan.Win32.Agent.abt

Infecter par Keylogger FUD

Discussions similaires

Newsletters