Infection win32/rustock.q
nhaundar
-
Narco!4 Messages postés 2446 Statut Contributeur -
Narco!4 Messages postés 2446 Statut Contributeur -
Bonjour,
Mon ordinateur est apparemment infecté par le virus dit win32/rustock.q malheureusement mon anti-vrus ne veut pas me le supprimer. Pourriez-vous me venir en aide svp. Merci d avance j attend votre aide avec impatience
Mon ordinateur est apparemment infecté par le virus dit win32/rustock.q malheureusement mon anti-vrus ne veut pas me le supprimer. Pourriez-vous me venir en aide svp. Merci d avance j attend votre aide avec impatience
A voir également:
- Infection win32/rustock.q
- Puabundler win32 candyopen - Forum Virus
- Puabundler win32 rostpay ✓ - Forum Antivirus
- Puadimanager win32/offercore ✓ - Forum Virus
- Trojan win32 - Forum Virus
- PUADlManager:Win32/OfferCore ✓ - Forum Virus
36 réponses
j'ai eu l'écran qui se lance et une autre fenetre je te fait un screen
http://img4.imageshack.us/img4/5228/screenmc.jpg.
Que dois-je faire
http://img4.imageshack.us/img4/5228/screenmc.jpg.
Que dois-je faire
je relink l'image car le lien marche pas
http://img30.imageshack.us/img30/9352/screenby.jpg
c'est la fenetre d'erreur en haut a droite
http://img30.imageshack.us/img30/9352/screenby.jpg
c'est la fenetre d'erreur en haut a droite
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ComboFix 09-09-08.09 - maison 09/09/2009 19:33.2.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.3327.2116 [GMT 2:00]
Lancé depuis: c:\users\maison\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\maison\Desktop\CFScript.txt.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\windows\system32\drivers\xtevctkzrfpsw.sys"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\str.sys
c:\windows\system32\drivers\xtevctkzrfpsw.sys
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_LTYVGMNEEULGJT
((((((((((((((((((((((((((((( Fichiers créés du 2009-08-09 au 2009-09-09 ))))))))))))))))))))))))))))))))))))
.
2009-09-09 17:40 . 2009-09-09 17:40 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-09 17:40 . 2009-09-09 17:40 -------- d-----w- c:\users\maison\AppData\Local\temp
2009-09-09 17:40 . 2009-09-09 17:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-09 16:45 . 2009-09-09 16:49 -------- d-----w- C:\UsbFix
2009-09-09 14:17 . 2009-09-09 14:17 -------- d-----w- c:\users\maison\AppData\Roaming\Ubisoft
2009-09-09 14:11 . 2009-09-09 14:11 -------- d-----w- c:\programdata\Ubisoft
2009-09-09 13:56 . 2009-09-09 13:56 -------- d-----w- c:\program files\Ubisoft
2009-09-09 13:56 . 2009-09-09 13:56 -------- d-----w- c:\users\maison\AppData\Roaming\InstallShield
2009-09-09 07:25 . 2009-09-09 07:26 -------- d-----w- c:\program files\trend micro
2009-09-09 07:15 . 2009-09-09 07:15 -------- d-----w- c:\programdata\Downloaded Installations
2009-09-09 07:13 . 2009-09-09 07:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-09-09 07:13 . 2009-09-09 07:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-09 07:13 . 2009-09-09 07:13 -------- d-----w- c:\users\maison\AppData\Roaming\SUPERAntiSpyware.com
2009-09-09 07:12 . 2009-09-09 07:12 -------- d-----w- c:\program files\AVG
2009-09-09 06:31 . 2009-09-09 06:38 -------- d-----w- c:\program files\[Choose you FEAR 2 installation path]
2009-09-08 19:57 . 2007-12-11 23:06 307200 ----a-w- c:\windows\system32\nvexpbar.dll
2009-09-08 19:54 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-09-08 19:50 . 2009-09-08 19:50 -------- d-----w- c:\users\maison\AppData\Roaming\AdobeUM
2009-09-08 16:12 . 2009-09-08 16:13 -------- d-----w- c:\users\maison\AppData\Roaming\vlc
2009-09-08 16:11 . 2009-09-08 16:11 -------- d-----w- c:\program files\VideoLAN
2009-09-08 11:24 . 2009-09-08 11:48 -------- d-----w- c:\users\maison\AppData\Local\Microsoft Games
2009-09-06 11:08 . 2009-09-06 11:08 -------- d-----w- c:\program files\directx
2009-09-06 11:08 . 2009-09-06 11:08 280 ----a-w- c:\windows\PowerReg.dat
2009-09-06 11:07 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-09-05 15:37 . 2009-09-05 15:37 -------- d-----w- c:\program files\uTorrent
2009-09-05 15:08 . 2009-09-09 17:40 -------- d-----w- c:\users\maison\AppData\Roaming\uTorrent
2009-09-05 15:00 . 2009-09-05 15:00 0 ----a-w- c:\windows\nsreg.dat
2009-09-05 15:00 . 2009-09-05 15:00 -------- d-----w- c:\users\maison\AppData\Local\Mozilla
2009-09-05 14:52 . 2009-09-05 14:52 2048 ----a-w- c:\windows\system32\tzres.dll
2009-09-05 14:51 . 2009-09-05 14:51 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-09-05 14:51 . 2009-09-05 14:51 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-09-05 14:51 . 2009-09-05 14:51 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-09-05 14:51 . 2009-09-05 14:51 272896 ----a-w- c:\windows\system32\polstore.dll
2009-09-05 14:50 . 2009-09-05 14:50 87040 ----a-w- c:\windows\system32\msoert2.dll
2009-09-05 14:50 . 2009-09-05 14:50 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2009-09-05 14:50 . 2009-09-05 14:50 205824 ----a-w- c:\windows\system32\msoeacct.dll
2009-09-05 14:49 . 2009-09-05 14:49 194560 ----a-w- c:\windows\system32\WebClnt.dll
2009-09-05 14:49 . 2009-09-05 14:49 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-09-05 14:48 . 2009-09-05 14:48 2028032 ----a-w- c:\windows\system32\win32k.sys
2009-09-05 14:47 . 2009-09-05 14:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-09-05 14:47 . 2009-09-05 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-09-05 14:47 . 2009-09-05 14:47 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-09-05 14:47 . 2009-09-05 14:47 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-09-05 14:47 . 2009-09-05 14:47 24064 ----a-w- c:\windows\system32\lpk.dll
2009-09-05 14:47 . 2009-09-05 14:47 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-09-05 14:46 . 2009-09-05 14:46 49664 ----a-w- c:\windows\system32\csrsrv.dll
2009-09-05 14:46 . 2009-09-05 14:46 376320 ----a-w- c:\windows\system32\winsrv.dll
2009-09-05 14:45 . 2009-09-05 14:45 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-09-05 14:44 . 2009-09-05 14:44 71680 ----a-w- c:\windows\system32\atl.dll
2009-09-05 14:43 . 2009-09-05 14:43 297472 ----a-w- c:\windows\system32\gdi32.dll
2009-09-05 14:42 . 2009-09-05 14:42 211456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-09-05 14:41 . 2009-09-05 14:41 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-09-05 14:41 . 2009-09-05 14:41 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2009-09-05 14:41 . 2009-09-05 14:41 30208 ----a-w- c:\windows\system32\xolehlp.dll
2009-09-05 14:40 . 2009-09-05 14:40 156160 ----a-w- c:\windows\system32\wkssvc.dll
2009-09-05 14:39 . 2009-09-05 14:39 36352 ----a-w- c:\windows\system32\tsgqec.dll
2009-09-05 14:39 . 2009-09-05 14:39 1871872 ----a-w- c:\windows\system32\mstscax.dll
2009-09-05 14:39 . 2009-09-05 14:39 116736 ----a-w- c:\windows\system32\aaclient.dll
2009-09-05 14:38 . 2009-09-05 14:38 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-09-05 14:37 . 2009-09-05 14:37 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-09-05 14:37 . 2009-09-05 14:37 1194496 ----a-w- c:\windows\system32\msxml3.dll
2009-09-05 14:36 . 2009-09-05 14:36 414208 ----a-w- c:\windows\system32\msscp.dll
2009-09-05 14:36 . 2009-09-05 14:36 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2009-09-05 14:36 . 2009-09-05 14:36 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2009-09-05 14:36 . 2009-09-05 14:36 86016 ----a-w- c:\windows\system32\icfupgd.dll
2009-09-05 14:36 . 2009-09-05 14:36 61952 ----a-w- c:\windows\system32\cmifw.dll
2009-09-05 14:36 . 2009-09-05 14:36 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2009-09-05 14:36 . 2009-09-05 14:36 23040 ----a-w- c:\windows\system32\drivers\tunnel.sys
2009-09-05 14:36 . 2009-09-05 14:36 178688 ----a-w- c:\windows\system32\iphlpsvc.dll
2009-09-05 14:36 . 2009-09-05 14:36 16896 ----a-w- c:\windows\system32\wfapigp.dll
2009-09-05 14:36 . 2009-09-05 14:36 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2009-09-05 14:33 . 2009-09-05 14:33 696832 ----a-w- c:\windows\system32\localspl.dll
2009-09-05 14:32 . 2009-09-05 14:32 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-09-05 14:32 . 2009-09-05 14:32 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-09-05 14:32 . 2009-09-05 14:32 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-09-05 14:32 . 2009-09-05 14:32 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-09-05 14:32 . 2009-09-05 14:32 12800 ----a-w- c:\windows\system32\msrle32.dll
2009-09-05 14:32 . 2009-09-05 14:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-09-05 14:31 . 2009-09-05 14:31 2923520 ----a-w- c:\windows\explorer.exe
2009-09-05 14:29 . 2009-09-05 14:29 494592 ----a-w- c:\windows\system32\kerberos.dll
2009-09-05 14:29 . 2009-09-05 14:29 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-05 14:29 . 2009-09-05 14:29 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-05 14:29 . 2009-09-05 14:29 7680 ----a-w- c:\windows\system32\lsass.exe
2009-09-05 14:29 . 2009-09-05 14:29 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-05 14:29 . 2009-09-05 14:29 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-05 14:29 . 2009-09-05 14:29 272384 ----a-w- c:\windows\system32\schannel.dll
2009-09-05 14:29 . 2009-09-05 14:29 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-05 14:28 . 2009-09-05 14:28 24064 ----a-w- c:\windows\system32\netcfg.exe
2009-09-05 14:28 . 2009-09-05 14:28 22016 ----a-w- c:\windows\system32\netiougc.exe
2009-09-05 14:28 . 2009-09-05 14:28 216632 ----a-w- c:\windows\system32\drivers\netio.sys
2009-09-05 14:28 . 2009-09-05 14:28 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-09-05 14:28 . 2009-09-05 14:28 803328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-05 14:24 . 2009-09-05 14:24 1585664 ----a-w- c:\windows\system32\setupapi.dll
2009-09-05 14:22 . 2009-09-05 14:22 549888 ----a-w- c:\windows\system32\rpcss.dll
2009-09-05 14:22 . 2009-09-05 14:22 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-05 14:22 . 2009-09-05 14:22 3505120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-09-05 14:22 . 2009-09-05 14:22 3471328 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-09-05 14:22 . 2009-09-05 14:22 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-05 14:22 . 2009-09-05 14:22 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2009-09-05 14:22 . 2009-09-05 14:22 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-09-05 14:22 . 2009-09-05 14:22 53248 ----a-w- c:\windows\system32\iasads.dll
2009-09-05 14:22 . 2009-09-05 14:22 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2009-09-05 14:22 . 2009-09-05 14:22 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2009-09-05 14:22 . 2009-09-05 14:22 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2009-09-05 14:22 . 2009-09-05 14:22 158720 ----a-w- c:\windows\system32\sdohlp.dll
2009-09-05 14:22 . 2009-09-05 14:22 97280 ----a-w- c:\windows\system32\iasrecst.dll
2009-09-05 14:21 . 2009-09-05 14:21 9728 ----a-w- c:\windows\system32\LAPRXY.DLL
2009-09-05 14:21 . 2009-09-05 14:21 223232 ----a-w- c:\windows\system32\WMASF.DLL
2009-09-05 14:21 . 2009-09-05 14:21 2048 ----a-w- c:\windows\system32\asferror.dll
2009-09-05 14:20 . 2009-09-05 14:20 25600 ----a-w- c:\windows\system32\amxread.dll
2009-09-05 14:20 . 2009-09-05 14:20 14848 ----a-w- c:\windows\system32\apilogen.dll
2009-09-05 14:18 . 2009-09-05 14:18 441856 ----a-w- c:\windows\system32\win32spl.dll
2009-09-05 14:18 . 2009-09-05 14:18 37376 ----a-w- c:\windows\system32\printcom.dll
2009-09-05 14:17 . 2009-09-05 14:17 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-09-05 14:17 . 2009-09-05 14:17 14848 ----a-w- c:\windows\system32\wshrm.dll
2009-09-05 14:16 . 2009-09-05 14:16 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-05 14:16 . 2009-09-05 14:16 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-09-05 14:16 . 2009-09-05 14:16 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-09-05 14:16 . 2009-09-05 14:16 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-09-05 14:16 . 2009-09-05 14:16 11776 ----a-w- c:\windows\system32\sbunattend.exe
2009-09-05 14:14 . 2009-09-05 14:14 290304 ----a-w- c:\windows\system32\drivers\srv.sys
2009-09-05 14:14 . 2009-09-05 14:14 83968 ----a-w- c:\windows\system32\dnsrslvr.dll
2009-09-05 14:14 . 2009-09-05 14:14 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2009-09-05 14:07 . 2009-09-05 14:07 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-09-05 14:07 . 2009-09-05 14:07 622080 ----a-w- c:\windows\system32\icardagt.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-09 17:14 . 2006-11-02 15:48 690594 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-09 17:14 . 2006-11-02 15:48 117366 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-09 13:56 . 2007-04-24 12:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-08 19:16 . 2009-09-05 14:58 32974 ----a-w- c:\programdata\nvModes.dat
2009-09-08 17:57 . 2009-09-06 10:23 -------- d-----w- c:\program files\Infogrames
2009-09-06 10:23 . 2009-09-05 17:55 -------- d-----w- c:\users\maison\AppData\Roaming\DAEMON Tools Lite
2009-09-06 10:20 . 2009-09-06 10:20 268800 ----a-w- c:\windows\system32\es.dll
2009-09-05 21:05 . 2009-09-05 21:05 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-09-05 21:05 . 2009-09-05 21:05 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-09-05 18:22 . 2009-09-05 18:22 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-09-05 18:11 . 2009-09-05 18:11 -------- d-----w- c:\users\maison\AppData\Roaming\TuneUp Software
2009-09-05 18:11 . 2009-09-05 18:11 -------- d-----w- c:\programdata\TuneUp Software
2009-09-05 17:57 . 2007-04-24 13:02 -------- d-----w- c:\program files\eSobi
2009-09-05 17:55 . 2009-09-05 17:55 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-09-05 14:53 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-05 14:53 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-05 14:24 . 2009-09-05 14:24 40960 ----a-w- c:\windows\system32\srclient.dll
2009-09-05 14:12 . 2009-09-05 13:10 -------- d-----w- c:\program files\Yahoo!
2009-09-05 13:37 . 2007-04-24 12:33 -------- d-----w- c:\programdata\Microsoft Help
2009-09-05 13:36 . 2007-04-24 12:37 -------- d-----w- c:\program files\Microsoft Works
2009-09-05 13:31 . 2007-04-24 12:21 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-05 13:28 . 2007-04-24 12:21 -------- d-----w- c:\programdata\Symantec
2009-09-05 13:23 . 2009-09-05 13:09 680 ----a-w- c:\users\maison\AppData\Local\d3d9caps.dat
2009-09-05 13:10 . 2007-04-24 20:58 1275 ----a-w- c:\windows\CLEANUP.CMD
2009-09-05 13:07 . 2009-09-05 13:07 -------- d-sh--we c:\programdata\Modèles
2009-09-05 13:07 . 2009-09-05 13:07 -------- d-sh--we c:\programdata\Menu Démarrer
2009-08-16 22:57 . 2009-08-16 22:57 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-07-21 21:52 . 2009-09-08 19:55 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-09-08 19:55 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-09-08 19:55 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-09-08 19:55 133632 ----a-w- c:\windows\system32\ieUnatt.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-09-05 1232896]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-09-05 288560]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-02 1004136]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-01-24 319488]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-11 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-11 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-11 81920]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-4-24 528384]
PCM Media Sharing.lnk - c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-4-24 200812]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"UacDisableNotify"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acer Tour"=
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F95798C9-BF0A-4D20-BD7C-6B38E7FF9FEE}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{A5333138-7820-4A45-A0F8-9FD93BB4D627}"= c:\program files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{D585109C-A3E9-47A0-B1F8-BEF827E9F6D7}"= c:\program files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{31A60708-F002-42F4-9908-B33BD16550DD}"= c:\program files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{932D4E56-6D5F-4909-A913-8B5947834283}"= c:\program files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{B4E3A7E7-6249-4309-B05F-B68B9B030828}"= c:\program files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{383C1570-BA3C-4015-8188-2C4B6D3284C4}"= c:\program files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{96FB5B8F-6D95-4F7A-809C-7952FC936ACB}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{4FF06BD9-4370-4B76-ACF7-40542F1CF716}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{A3545E1B-C746-447F-9041-B38D5406AB1D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B27F2B2A-F1C3-4E65-8725-F857C07B7BEF}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{370A15D1-45F0-4A05-ACC7-C595AD203127}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{2F8AE326-173A-466D-9025-C6D3BCAAE2BB}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{CA68EA15-28F2-4A9C-9CBB-38040A756104}c:\\program files\\infogrames\\grand prix 4\\gp4.exe"= UDP:c:\program files\infogrames\grand prix 4\gp4.exe:GP4
"UDP Query User{C89E8061-16C3-4894-9967-3FDA05E266BC}c:\\program files\\infogrames\\grand prix 4\\gp4.exe"= TCP:c:\program files\infogrames\grand prix 4\gp4.exe:GP4
"{0F1663F4-5FE7-409F-8F9B-5ADEEDFE9233}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{9007B2BE-7EF4-45FE-A509-83EC24486B68}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{A8460876-751F-4361-BB85-776E758CAA8E}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{6E974A07-3D84-47D7-BA20-3494F6AF65A3}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{9B7F6634-7024-416E-9877-ADE6069DAA8B}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{DAF63CF2-48C7-438C-BF49-525CC589F677}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [03/09/2009 15:22 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [03/09/2009 15:22 74480]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [24/04/2007 14:32 266343]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [17/08/2009 01:32 239648]
S2 AcerAcerMemUsageCheckService;Acer HomeMedia Connect Service AcerAcerMemUsageCheckService;c:\windows\TEMP\vyeyrpcydf.exe service --> c:\windows\TEMP\vyeyrpcydf.exe service [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [03/09/2009 15:22 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mWindow Title =
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
FF - ProfilePath - c:\users\maison\AppData\Roaming\Mozilla\Firefox\Profiles\b5qo68fr.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHELINS SUPPRIMES - - - -
AddRemove-HijackThis - c:\genproc\outil\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-09 19:43
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\windows\TEMP\TMP0000002CB9DF8EAC8734FB7E 524288 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(3332)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\nvvsvc.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Heure de fin: 2009-09-09 19:44 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-09-09 17:44
ComboFix2.txt 2009-09-09 13:49
Avant-CF: 6 959 620 096 octets libres
Après-CF: 6 935 859 200 octets libres
313 --- E O F --- 2009-09-09 07:16
voici le log de combofix
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.3327.2116 [GMT 2:00]
Lancé depuis: c:\users\maison\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\maison\Desktop\CFScript.txt.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\windows\system32\drivers\xtevctkzrfpsw.sys"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\str.sys
c:\windows\system32\drivers\xtevctkzrfpsw.sys
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_LTYVGMNEEULGJT
((((((((((((((((((((((((((((( Fichiers créés du 2009-08-09 au 2009-09-09 ))))))))))))))))))))))))))))))))))))
.
2009-09-09 17:40 . 2009-09-09 17:40 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-09 17:40 . 2009-09-09 17:40 -------- d-----w- c:\users\maison\AppData\Local\temp
2009-09-09 17:40 . 2009-09-09 17:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-09 16:45 . 2009-09-09 16:49 -------- d-----w- C:\UsbFix
2009-09-09 14:17 . 2009-09-09 14:17 -------- d-----w- c:\users\maison\AppData\Roaming\Ubisoft
2009-09-09 14:11 . 2009-09-09 14:11 -------- d-----w- c:\programdata\Ubisoft
2009-09-09 13:56 . 2009-09-09 13:56 -------- d-----w- c:\program files\Ubisoft
2009-09-09 13:56 . 2009-09-09 13:56 -------- d-----w- c:\users\maison\AppData\Roaming\InstallShield
2009-09-09 07:25 . 2009-09-09 07:26 -------- d-----w- c:\program files\trend micro
2009-09-09 07:15 . 2009-09-09 07:15 -------- d-----w- c:\programdata\Downloaded Installations
2009-09-09 07:13 . 2009-09-09 07:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-09-09 07:13 . 2009-09-09 07:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-09 07:13 . 2009-09-09 07:13 -------- d-----w- c:\users\maison\AppData\Roaming\SUPERAntiSpyware.com
2009-09-09 07:12 . 2009-09-09 07:12 -------- d-----w- c:\program files\AVG
2009-09-09 06:31 . 2009-09-09 06:38 -------- d-----w- c:\program files\[Choose you FEAR 2 installation path]
2009-09-08 19:57 . 2007-12-11 23:06 307200 ----a-w- c:\windows\system32\nvexpbar.dll
2009-09-08 19:54 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-09-08 19:50 . 2009-09-08 19:50 -------- d-----w- c:\users\maison\AppData\Roaming\AdobeUM
2009-09-08 16:12 . 2009-09-08 16:13 -------- d-----w- c:\users\maison\AppData\Roaming\vlc
2009-09-08 16:11 . 2009-09-08 16:11 -------- d-----w- c:\program files\VideoLAN
2009-09-08 11:24 . 2009-09-08 11:48 -------- d-----w- c:\users\maison\AppData\Local\Microsoft Games
2009-09-06 11:08 . 2009-09-06 11:08 -------- d-----w- c:\program files\directx
2009-09-06 11:08 . 2009-09-06 11:08 280 ----a-w- c:\windows\PowerReg.dat
2009-09-06 11:07 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-09-05 15:37 . 2009-09-05 15:37 -------- d-----w- c:\program files\uTorrent
2009-09-05 15:08 . 2009-09-09 17:40 -------- d-----w- c:\users\maison\AppData\Roaming\uTorrent
2009-09-05 15:00 . 2009-09-05 15:00 0 ----a-w- c:\windows\nsreg.dat
2009-09-05 15:00 . 2009-09-05 15:00 -------- d-----w- c:\users\maison\AppData\Local\Mozilla
2009-09-05 14:52 . 2009-09-05 14:52 2048 ----a-w- c:\windows\system32\tzres.dll
2009-09-05 14:51 . 2009-09-05 14:51 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-09-05 14:51 . 2009-09-05 14:51 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-09-05 14:51 . 2009-09-05 14:51 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-09-05 14:51 . 2009-09-05 14:51 272896 ----a-w- c:\windows\system32\polstore.dll
2009-09-05 14:50 . 2009-09-05 14:50 87040 ----a-w- c:\windows\system32\msoert2.dll
2009-09-05 14:50 . 2009-09-05 14:50 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2009-09-05 14:50 . 2009-09-05 14:50 205824 ----a-w- c:\windows\system32\msoeacct.dll
2009-09-05 14:49 . 2009-09-05 14:49 194560 ----a-w- c:\windows\system32\WebClnt.dll
2009-09-05 14:49 . 2009-09-05 14:49 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-09-05 14:48 . 2009-09-05 14:48 2028032 ----a-w- c:\windows\system32\win32k.sys
2009-09-05 14:47 . 2009-09-05 14:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-09-05 14:47 . 2009-09-05 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-09-05 14:47 . 2009-09-05 14:47 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-09-05 14:47 . 2009-09-05 14:47 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-09-05 14:47 . 2009-09-05 14:47 24064 ----a-w- c:\windows\system32\lpk.dll
2009-09-05 14:47 . 2009-09-05 14:47 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-09-05 14:46 . 2009-09-05 14:46 49664 ----a-w- c:\windows\system32\csrsrv.dll
2009-09-05 14:46 . 2009-09-05 14:46 376320 ----a-w- c:\windows\system32\winsrv.dll
2009-09-05 14:45 . 2009-09-05 14:45 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-09-05 14:44 . 2009-09-05 14:44 71680 ----a-w- c:\windows\system32\atl.dll
2009-09-05 14:43 . 2009-09-05 14:43 297472 ----a-w- c:\windows\system32\gdi32.dll
2009-09-05 14:42 . 2009-09-05 14:42 211456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-09-05 14:41 . 2009-09-05 14:41 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-09-05 14:41 . 2009-09-05 14:41 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2009-09-05 14:41 . 2009-09-05 14:41 30208 ----a-w- c:\windows\system32\xolehlp.dll
2009-09-05 14:40 . 2009-09-05 14:40 156160 ----a-w- c:\windows\system32\wkssvc.dll
2009-09-05 14:39 . 2009-09-05 14:39 36352 ----a-w- c:\windows\system32\tsgqec.dll
2009-09-05 14:39 . 2009-09-05 14:39 1871872 ----a-w- c:\windows\system32\mstscax.dll
2009-09-05 14:39 . 2009-09-05 14:39 116736 ----a-w- c:\windows\system32\aaclient.dll
2009-09-05 14:38 . 2009-09-05 14:38 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-09-05 14:37 . 2009-09-05 14:37 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-09-05 14:37 . 2009-09-05 14:37 1194496 ----a-w- c:\windows\system32\msxml3.dll
2009-09-05 14:36 . 2009-09-05 14:36 414208 ----a-w- c:\windows\system32\msscp.dll
2009-09-05 14:36 . 2009-09-05 14:36 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2009-09-05 14:36 . 2009-09-05 14:36 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2009-09-05 14:36 . 2009-09-05 14:36 86016 ----a-w- c:\windows\system32\icfupgd.dll
2009-09-05 14:36 . 2009-09-05 14:36 61952 ----a-w- c:\windows\system32\cmifw.dll
2009-09-05 14:36 . 2009-09-05 14:36 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2009-09-05 14:36 . 2009-09-05 14:36 23040 ----a-w- c:\windows\system32\drivers\tunnel.sys
2009-09-05 14:36 . 2009-09-05 14:36 178688 ----a-w- c:\windows\system32\iphlpsvc.dll
2009-09-05 14:36 . 2009-09-05 14:36 16896 ----a-w- c:\windows\system32\wfapigp.dll
2009-09-05 14:36 . 2009-09-05 14:36 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2009-09-05 14:33 . 2009-09-05 14:33 696832 ----a-w- c:\windows\system32\localspl.dll
2009-09-05 14:32 . 2009-09-05 14:32 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-09-05 14:32 . 2009-09-05 14:32 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-09-05 14:32 . 2009-09-05 14:32 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-09-05 14:32 . 2009-09-05 14:32 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-09-05 14:32 . 2009-09-05 14:32 12800 ----a-w- c:\windows\system32\msrle32.dll
2009-09-05 14:32 . 2009-09-05 14:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-09-05 14:31 . 2009-09-05 14:31 2923520 ----a-w- c:\windows\explorer.exe
2009-09-05 14:29 . 2009-09-05 14:29 494592 ----a-w- c:\windows\system32\kerberos.dll
2009-09-05 14:29 . 2009-09-05 14:29 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-05 14:29 . 2009-09-05 14:29 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-05 14:29 . 2009-09-05 14:29 7680 ----a-w- c:\windows\system32\lsass.exe
2009-09-05 14:29 . 2009-09-05 14:29 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-05 14:29 . 2009-09-05 14:29 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-05 14:29 . 2009-09-05 14:29 272384 ----a-w- c:\windows\system32\schannel.dll
2009-09-05 14:29 . 2009-09-05 14:29 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-05 14:28 . 2009-09-05 14:28 24064 ----a-w- c:\windows\system32\netcfg.exe
2009-09-05 14:28 . 2009-09-05 14:28 22016 ----a-w- c:\windows\system32\netiougc.exe
2009-09-05 14:28 . 2009-09-05 14:28 216632 ----a-w- c:\windows\system32\drivers\netio.sys
2009-09-05 14:28 . 2009-09-05 14:28 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-09-05 14:28 . 2009-09-05 14:28 803328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-05 14:24 . 2009-09-05 14:24 1585664 ----a-w- c:\windows\system32\setupapi.dll
2009-09-05 14:22 . 2009-09-05 14:22 549888 ----a-w- c:\windows\system32\rpcss.dll
2009-09-05 14:22 . 2009-09-05 14:22 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-05 14:22 . 2009-09-05 14:22 3505120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-09-05 14:22 . 2009-09-05 14:22 3471328 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-09-05 14:22 . 2009-09-05 14:22 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-05 14:22 . 2009-09-05 14:22 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2009-09-05 14:22 . 2009-09-05 14:22 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-09-05 14:22 . 2009-09-05 14:22 53248 ----a-w- c:\windows\system32\iasads.dll
2009-09-05 14:22 . 2009-09-05 14:22 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2009-09-05 14:22 . 2009-09-05 14:22 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2009-09-05 14:22 . 2009-09-05 14:22 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2009-09-05 14:22 . 2009-09-05 14:22 158720 ----a-w- c:\windows\system32\sdohlp.dll
2009-09-05 14:22 . 2009-09-05 14:22 97280 ----a-w- c:\windows\system32\iasrecst.dll
2009-09-05 14:21 . 2009-09-05 14:21 9728 ----a-w- c:\windows\system32\LAPRXY.DLL
2009-09-05 14:21 . 2009-09-05 14:21 223232 ----a-w- c:\windows\system32\WMASF.DLL
2009-09-05 14:21 . 2009-09-05 14:21 2048 ----a-w- c:\windows\system32\asferror.dll
2009-09-05 14:20 . 2009-09-05 14:20 25600 ----a-w- c:\windows\system32\amxread.dll
2009-09-05 14:20 . 2009-09-05 14:20 14848 ----a-w- c:\windows\system32\apilogen.dll
2009-09-05 14:18 . 2009-09-05 14:18 441856 ----a-w- c:\windows\system32\win32spl.dll
2009-09-05 14:18 . 2009-09-05 14:18 37376 ----a-w- c:\windows\system32\printcom.dll
2009-09-05 14:17 . 2009-09-05 14:17 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-09-05 14:17 . 2009-09-05 14:17 14848 ----a-w- c:\windows\system32\wshrm.dll
2009-09-05 14:16 . 2009-09-05 14:16 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-05 14:16 . 2009-09-05 14:16 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-09-05 14:16 . 2009-09-05 14:16 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-09-05 14:16 . 2009-09-05 14:16 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-09-05 14:16 . 2009-09-05 14:16 11776 ----a-w- c:\windows\system32\sbunattend.exe
2009-09-05 14:14 . 2009-09-05 14:14 290304 ----a-w- c:\windows\system32\drivers\srv.sys
2009-09-05 14:14 . 2009-09-05 14:14 83968 ----a-w- c:\windows\system32\dnsrslvr.dll
2009-09-05 14:14 . 2009-09-05 14:14 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2009-09-05 14:07 . 2009-09-05 14:07 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-09-05 14:07 . 2009-09-05 14:07 622080 ----a-w- c:\windows\system32\icardagt.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-09 17:14 . 2006-11-02 15:48 690594 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-09 17:14 . 2006-11-02 15:48 117366 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-09 13:56 . 2007-04-24 12:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-08 19:16 . 2009-09-05 14:58 32974 ----a-w- c:\programdata\nvModes.dat
2009-09-08 17:57 . 2009-09-06 10:23 -------- d-----w- c:\program files\Infogrames
2009-09-06 10:23 . 2009-09-05 17:55 -------- d-----w- c:\users\maison\AppData\Roaming\DAEMON Tools Lite
2009-09-06 10:20 . 2009-09-06 10:20 268800 ----a-w- c:\windows\system32\es.dll
2009-09-05 21:05 . 2009-09-05 21:05 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-09-05 21:05 . 2009-09-05 21:05 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-09-05 18:22 . 2009-09-05 18:22 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-09-05 18:11 . 2009-09-05 18:11 -------- d-----w- c:\users\maison\AppData\Roaming\TuneUp Software
2009-09-05 18:11 . 2009-09-05 18:11 -------- d-----w- c:\programdata\TuneUp Software
2009-09-05 17:57 . 2007-04-24 13:02 -------- d-----w- c:\program files\eSobi
2009-09-05 17:55 . 2009-09-05 17:55 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-09-05 14:53 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-05 14:53 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-05 14:24 . 2009-09-05 14:24 40960 ----a-w- c:\windows\system32\srclient.dll
2009-09-05 14:12 . 2009-09-05 13:10 -------- d-----w- c:\program files\Yahoo!
2009-09-05 13:37 . 2007-04-24 12:33 -------- d-----w- c:\programdata\Microsoft Help
2009-09-05 13:36 . 2007-04-24 12:37 -------- d-----w- c:\program files\Microsoft Works
2009-09-05 13:31 . 2007-04-24 12:21 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-05 13:28 . 2007-04-24 12:21 -------- d-----w- c:\programdata\Symantec
2009-09-05 13:23 . 2009-09-05 13:09 680 ----a-w- c:\users\maison\AppData\Local\d3d9caps.dat
2009-09-05 13:10 . 2007-04-24 20:58 1275 ----a-w- c:\windows\CLEANUP.CMD
2009-09-05 13:07 . 2009-09-05 13:07 -------- d-sh--we c:\programdata\Modèles
2009-09-05 13:07 . 2009-09-05 13:07 -------- d-sh--we c:\programdata\Menu Démarrer
2009-08-16 22:57 . 2009-08-16 22:57 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-07-21 21:52 . 2009-09-08 19:55 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-09-08 19:55 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-09-08 19:55 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-09-08 19:55 133632 ----a-w- c:\windows\system32\ieUnatt.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-09-05 1232896]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-09-05 288560]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-02 1004136]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-01-24 319488]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-11 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-11 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-11 81920]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-01 4390912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-4-24 528384]
PCM Media Sharing.lnk - c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-4-24 200812]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"UacDisableNotify"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acer Tour"=
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F95798C9-BF0A-4D20-BD7C-6B38E7FF9FEE}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{A5333138-7820-4A45-A0F8-9FD93BB4D627}"= c:\program files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{D585109C-A3E9-47A0-B1F8-BEF827E9F6D7}"= c:\program files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{31A60708-F002-42F4-9908-B33BD16550DD}"= c:\program files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{932D4E56-6D5F-4909-A913-8B5947834283}"= c:\program files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{B4E3A7E7-6249-4309-B05F-B68B9B030828}"= c:\program files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{383C1570-BA3C-4015-8188-2C4B6D3284C4}"= c:\program files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{96FB5B8F-6D95-4F7A-809C-7952FC936ACB}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{4FF06BD9-4370-4B76-ACF7-40542F1CF716}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{A3545E1B-C746-447F-9041-B38D5406AB1D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B27F2B2A-F1C3-4E65-8725-F857C07B7BEF}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{370A15D1-45F0-4A05-ACC7-C595AD203127}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{2F8AE326-173A-466D-9025-C6D3BCAAE2BB}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{CA68EA15-28F2-4A9C-9CBB-38040A756104}c:\\program files\\infogrames\\grand prix 4\\gp4.exe"= UDP:c:\program files\infogrames\grand prix 4\gp4.exe:GP4
"UDP Query User{C89E8061-16C3-4894-9967-3FDA05E266BC}c:\\program files\\infogrames\\grand prix 4\\gp4.exe"= TCP:c:\program files\infogrames\grand prix 4\gp4.exe:GP4
"{0F1663F4-5FE7-409F-8F9B-5ADEEDFE9233}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{9007B2BE-7EF4-45FE-A509-83EC24486B68}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{A8460876-751F-4361-BB85-776E758CAA8E}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{6E974A07-3D84-47D7-BA20-3494F6AF65A3}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{9B7F6634-7024-416E-9877-ADE6069DAA8B}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{DAF63CF2-48C7-438C-BF49-525CC589F677}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [03/09/2009 15:22 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [03/09/2009 15:22 74480]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [24/04/2007 14:32 266343]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [17/08/2009 01:32 239648]
S2 AcerAcerMemUsageCheckService;Acer HomeMedia Connect Service AcerAcerMemUsageCheckService;c:\windows\TEMP\vyeyrpcydf.exe service --> c:\windows\TEMP\vyeyrpcydf.exe service [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [03/09/2009 15:22 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mWindow Title =
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
FF - ProfilePath - c:\users\maison\AppData\Roaming\Mozilla\Firefox\Profiles\b5qo68fr.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHELINS SUPPRIMES - - - -
AddRemove-HijackThis - c:\genproc\outil\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-09 19:43
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\windows\TEMP\TMP0000002CB9DF8EAC8734FB7E 524288 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(3332)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\nvvsvc.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Heure de fin: 2009-09-09 19:44 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-09-09 17:44
ComboFix2.txt 2009-09-09 13:49
Avant-CF: 6 959 620 096 octets libres
Après-CF: 6 935 859 200 octets libres
313 --- E O F --- 2009-09-09 07:16
voici le log de combofix
je vais partir au boulot la merci en tout cas pour ton aide je te recontact demain en espérant que tu seras là car j'ai une autre question ensuite a te poser si sa ne te dérange pas.
Rapport GenProc 2.625 [1] - 09/09/2009 à 19:56:13
@ Windows Vista - Mode normal
@ Internet Explorer (8.0.6001.18813) [Navigateur par défaut]
~~ "C:\Windows\sed.exe" a été renommé sed.exe_RenameGenProc ~~
~~ "C:\Windows\grep.exe" a été renommé grep.exe_RenameGenProc ~~
GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :
Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
C:\Program Files\EsetOnlineScanner\log.txt
~~~~ INFORMATION COMPLEMENTAIRE ~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:58:08, on 09/09/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\cmd.exe
C:\GenProc\outil\maison_GenProc.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Acer HomeMedia Connect Service AcerAcerMemUsageCheckService (AcerAcerMemUsageCheckService) - Unknown owner - C:\Windows\TEMP\vyeyrpcydf.exe (file missing)
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
@ Windows Vista - Mode normal
@ Internet Explorer (8.0.6001.18813) [Navigateur par défaut]
~~ "C:\Windows\sed.exe" a été renommé sed.exe_RenameGenProc ~~
~~ "C:\Windows\grep.exe" a été renommé grep.exe_RenameGenProc ~~
GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :
Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
C:\Program Files\EsetOnlineScanner\log.txt
~~~~ INFORMATION COMPLEMENTAIRE ~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:58:08, on 09/09/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\cmd.exe
C:\GenProc\outil\maison_GenProc.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Acer HomeMedia Connect Service AcerAcerMemUsageCheckService (AcerAcerMemUsageCheckService) - Unknown owner - C:\Windows\TEMP\vyeyrpcydf.exe (file missing)
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
tu ferra ça
Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
C:\Program Files\EsetOnlineScanner\log.txt
bon taf ;)
Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
C:\Program Files\EsetOnlineScanner\log.txt
bon taf ;)
ESETSmartInstaller@High as downloader log:
all ok
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=984eed2488d069418075a8c7d9bc428d
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-09-10 07:40:26
# local_time=2009-09-10 09:40:26 (+0100, Paris, Madrid (heure d'été))
# country="France"
# lang=1036
# osver=6.0.6000 NT
# compatibility_mode=5889 61 66 100 900975508874628
# scanned=97625
# found=3
# cleaned=3
# scan_time=2521
C:\Qoobox\Quarantine\C\Windows\System32\drivers\xtevctkzrfpsw.sys.vir Win32/Rustock.NKY cheval de troie (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\System32\drivers\_kbiwkmcfqeiinu_.sys.zip une variante de Win32/Olmarik.LR cheval de troie (supprimé - mis en quarantaine) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\System32\drivers\_kbiwkmtbrftprm_.sys.zip une variante de Win32/Olmarik.LR cheval de troie (supprimé - mis en quarantaine) 00000000000000000000000000000000 C
all ok
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=984eed2488d069418075a8c7d9bc428d
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-09-10 07:40:26
# local_time=2009-09-10 09:40:26 (+0100, Paris, Madrid (heure d'été))
# country="France"
# lang=1036
# osver=6.0.6000 NT
# compatibility_mode=5889 61 66 100 900975508874628
# scanned=97625
# found=3
# cleaned=3
# scan_time=2521
C:\Qoobox\Quarantine\C\Windows\System32\drivers\xtevctkzrfpsw.sys.vir Win32/Rustock.NKY cheval de troie (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\System32\drivers\_kbiwkmcfqeiinu_.sys.zip une variante de Win32/Olmarik.LR cheval de troie (supprimé - mis en quarantaine) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\System32\drivers\_kbiwkmtbrftprm_.sys.zip une variante de Win32/Olmarik.LR cheval de troie (supprimé - mis en quarantaine) 00000000000000000000000000000000 C
Pour le virus je te tiens au courant j'ai mon anti-virus qui scan sinon j'aurais une autre question concernant un soucis sur mon pc si tu as encore un peu de temps à me consacrer.
J'ai formater l autre jour mon pc et en fait tu sais quand tu reinstalle window tu peux virer l'ancienne installe window et ensuite recreer une partition sur ton disque dur. Le soucis vient du fait que mon disque dur fait initialement 500go et il etait en deux partie, une partie c: et une partie d:. En fait j'ai supprimer lors de la réinstalle les deux partitions et j'ai merdé du coup mon disque n'est plus qu'en une seule partie le c: et de plus au lieu de faire 500 go il affiche que 127go sa craint ;).
merci de ton aide pour le virus sa a l air d'aller et également merci d avance pour ce nouveau soucis auquel je te confronte.
merci de ton aide pour le virus sa a l air d'aller et également merci d avance pour ce nouveau soucis auquel je te confronte.
