Rapport hijack this

efra -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,
voici le rapport hijack this. quelle est la prochaine etape?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:40:04, on 9/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Video Add-on\icmntr.exe
C:\Acer\Empowering Technology\EDSMSNFIX.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WinAnonymous\GDC.exe
C:\Program Files\Common Files\WinAnonymous\stm.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\WinAnonymous\data\GDCW.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Users\usuario\AppData\Local\bdhswbfrui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\svchost.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://es.rd.yahoo.com/customize/ycomp/defaults/sp/*https://es.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://es.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://es.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://es.rd.yahoo.com/customize/ycomp/defaults/su/*https://es.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: TSToolbarBHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\Video Add-on\isfmdl.dll
O2 - BHO: e404mgr Class - {F10587E9-0E47-4CBE-ABCD-7DD20B862223} - C:\Program Files\Helper\1202361573.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: IE Custom Tools - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - C:\Program Files\Video Add-on\ictmdl.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinAnonymous] C:\Program Files\WinAnonymous\GDC.exe
O4 - HKLM\..\Run: [gdcw] C:\Program Files\WinAnonymous\data\GDCW.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAnonymous\stm.exe" dm=http://winanonymous.com ad=http://winanonymous.com sd=http://ilp.winanonymous.com
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [bdhswbfrui] c:\users\usuario\appdata\local\bdhswbfrui.exe bdhswbfrui
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Portafolios de HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Selección inteligente de HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/fr-fr/wlscctrl2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-be.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/fr/TSEasyInstallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SpyHunter3 Service - Enigma Software Group, Inc. - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 15779 bytes
Configuration: Windows Vista
Firefox 2.0.0.12

17 réponses

  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut,

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    @+
    0
    1. efra
       
      salut g!rly! voila finalement j'ai reussi à faire fonctionner combofix, voici le rapport! je suis en espagne donc il y a quelques details en espagnol, mais rien qui pose probleme à la compréhension du rapport je pense! ;-) Que dois-je faire ensuite?



      ComboFix 08-02.05.3 - usuario 2008-02-09 4:05:31.1 - NTFSx86
      Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.34.3082.18.760 [GMT 1:00]
      Se ejecuta desde: C:\Users\usuario\Desktop\ComboFix.exe
      * Creado un nuevo punto de restauración
      .
      [color=purple]The following files were disabled during the run:[/color]
      C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


      (((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Program Files\Helper
      C:\Program Files\internetgamebox
      C:\Program Files\internetgamebox\Conditions générales.url
      C:\Program Files\internetgamebox\Confidentialité.url
      C:\Program Files\internetgamebox\InternetGameBox.exe
      C:\Program Files\internetgamebox\language
      C:\Program Files\internetgamebox\ressources\AttenteOff.html
      C:\Program Files\internetgamebox\ressources\AttenteOn.html
      C:\Program Files\internetgamebox\ressources\configv2_en.xml
      C:\Program Files\internetgamebox\ressources\configv2_es.xml
      C:\Program Files\internetgamebox\ressources\configv2_fr.xml
      C:\Program Files\internetgamebox\ressources\favoris\defaultv2.swf
      C:\Program Files\internetgamebox\skins\skinv2.skn
      C:\Program Files\internetgamebox\uninst.exe
      C:\Program Files\internetgamebox\Website.url
      C:\Program Files\Video Add-on
      C:\Program Files\Video Add-on\icmntr.exe
      C:\Program Files\Video Add-on\icthis.exe
      C:\Program Files\Video Add-on\ictmdl.dll
      C:\Program Files\Video Add-on\isfmdl.dll
      C:\Program Files\Video Add-on\isfmm.exe
      C:\Program Files\Video Add-on\isfmntr.exe
      C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
      C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Conditions générales.lnk
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Confidentialité.lnk
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\InternetGameBox.lnk
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Website.lnk
      c:\Users\usuario\AppData\Local\bdhswbfrui.dat
      c:\users\usuario\appdata\local\bdhswbfrui.exe
      c:\Users\usuario\AppData\Local\bdhswbfrui_navps.dat
      C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InternetGameBox
      C:\Users\usuario\Desktop\internetgamebox.lnk
      C:\Windows\system32\AutoRun.inf
      C:\Windows\system32\nvs2.inf

      ----- BITS: Possible infected sites -----

      hxxp://www.download.windowsupdate.com
      .
      (((((((((((((((((( Archivos creados desde 2008-01-09 - 2008-02-09 )))))))))))))))))))))))))))))))))
      .

      2008-02-09 02:02 . 2008-02-09 02:02 <DIR> d-------- C:\Users\usuario\AppData\Roaming\AntiSpyware
      2008-02-09 00:26 . 2008-02-09 00:26 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
      2008-02-09 00:26 . 2008-02-09 00:26 <DIR> d-------- C:\ProgramData\Yahoo! Companion
      2008-02-08 23:56 . 2008-02-08 23:57 <DIR> d-------- C:\Program Files\CCleaner
      2008-02-08 23:31 . 2008-02-08 23:36 <DIR> d----c--- C:\Windows\System32\DRVSTORE
      2008-02-08 23:26 . 2008-02-08 23:33 <DIR> d-------- C:\Program Files\Windows Live Safety Center
      2008-02-08 22:43 . 2008-02-08 22:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
      2008-02-08 00:36 . 2008-02-08 00:36 <DIR> d-------- C:\Program Files\Enigma Software Group
      2008-02-07 08:32 . 2008-02-07 08:32 <DIR> d-------- C:\Windows\LocalSSL
      2008-02-07 08:03 . 2008-02-07 08:03 543,232 --a------ C:\Windows\System32\FWPUCLNT.DLL
      2008-02-07 08:03 . 2008-02-07 08:03 416,768 --a------ C:\Windows\System32\IKEEXT.DLL
      2008-02-07 08:03 . 2008-02-07 08:03 317,440 --a------ C:\Windows\System32\BFE.DLL
      2008-02-07 08:03 . 2008-02-07 08:03 84,992 --a------ C:\Windows\System32\drivers\FWPKCLNT.SYS
      2008-02-07 07:52 . 2008-02-07 07:52 <DIR> d-------- C:\Users\usuario\AppData\Roaming\WinAnonymous
      2008-02-07 07:47 . 2008-02-07 07:47 <DIR> d-------- C:\Users\All Users\WinAnonymous
      2008-02-07 07:47 . 2008-02-07 07:47 <DIR> d-------- C:\ProgramData\WinAnonymous
      2008-02-07 07:47 . 2008-02-07 07:52 <DIR> d-------- C:\Program Files\WinAnonymous
      2008-02-07 07:47 . 2008-02-07 07:47 <DIR> d-------- C:\Program Files\Common Files\WinAnonymous
      2008-02-07 07:47 . 2007-02-13 08:09 388,126 --a------ C:\Windows\System32\sqlite3.dll
      2008-02-07 07:47 . 2008-02-07 07:46 205,064 --a------ C:\Users\usuario\AppData\Roaming\installer_en[1].exe
      2008-02-07 06:46 . 2008-02-08 21:19 <DIR> d-a------ C:\Users\All Users\TEMP
      2008-02-07 06:46 . 2008-02-08 21:19 <DIR> d-a------ C:\ProgramData\TEMP
      2008-02-07 06:37 . 2008-02-07 07:17 <DIR> d-------- C:\Program Files\AntiSpywareShield
      2008-02-07 06:19 . 2008-02-07 10:33 <DIR> d-------- C:\Program Files\Sotfone
      2008-02-07 00:42 . 2008-02-07 00:43 <DIR> d-------- C:\Users\usuario\AppData\Roaming\HP
      2008-02-07 00:36 . 2008-02-07 00:36 <DIR> d-------- C:\Users\All Users\WEBREG
      2008-02-07 00:36 . 2008-02-07 00:36 <DIR> d-------- C:\ProgramData\WEBREG
      2008-02-07 00:31 . 2008-02-07 00:31 <DIR> d-------- C:\Users\All Users\Hewlett-Packard
      2008-02-07 00:31 . 2008-02-07 00:31 <DIR> d-------- C:\ProgramData\Hewlett-Packard
      2008-02-07 00:28 . 2008-02-07 00:28 <DIR> d-------- C:\Users\usuario\AppData\Roaming\HPAppData
      2008-02-07 00:28 . 2008-02-07 00:28 <DIR> d-------- C:\Users\All Users\HPSSUPPLY
      2008-02-07 00:28 . 2008-02-07 00:28 <DIR> d-------- C:\ProgramData\HPSSUPPLY
      2008-02-07 00:27 . 2008-02-07 00:27 <DIR> d-------- C:\Users\All Users\HP Product Assistant
      2008-02-07 00:27 . 2008-02-07 00:27 <DIR> d-------- C:\ProgramData\HP Product Assistant
      2008-02-07 00:26 . 2008-02-07 00:26 <DIR> d-------- C:\Program Files\Hewlett-Packard
      2008-02-07 00:26 . 2008-02-07 00:26 <DIR> d-------- C:\Program Files\Common Files\HP
      2008-02-07 00:25 . 2008-02-07 00:25 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
      2008-02-07 00:23 . 2007-03-17 17:11 675,840 --a------ C:\Windows\System32\hpowiax3.dll
      2008-02-07 00:23 . 2007-03-17 17:11 569,344 --a------ C:\Windows\System32\hpotscl3.dll
      2008-02-07 00:23 . 2007-03-08 05:20 364,544 --a------ C:\Windows\System32\hppldcoi.dll
      2008-02-07 00:23 . 2007-03-08 05:20 309,760 --a------ C:\Windows\System32\difxapi.dll
      2008-02-07 00:23 . 2007-03-17 17:11 303,104 --a------ C:\Windows\System32\hpovst10.dll
      2008-02-07 00:23 . 2007-03-30 16:07 267,864 --a------ C:\Windows\System32\hpzids01.dll
      2008-02-07 00:23 . 2007-03-28 14:01 117,760 --a------ C:\Windows\System32\hpzll5ha.dll
      2008-02-07 00:22 . 2008-02-07 00:28 <DIR> d-------- C:\Program Files\HP
      2008-02-07 00:21 . 2008-02-07 00:31 159,490 --a------ C:\Windows\hpoins14.dat
      2008-02-07 00:21 . 2007-06-06 00:07 2,000 --------- C:\Windows\hpomdl14.dat
      2008-02-07 00:20 . 2008-02-07 00:31 <DIR> d-------- C:\Users\All Users\HP
      2008-02-07 00:20 . 2008-02-07 00:31 <DIR> d-------- C:\ProgramData\HP
      2008-02-05 04:52 . 2008-02-05 04:52 <DIR> d-------- C:\Program Files\Easiestutils
      2008-01-10 03:04 . 2008-01-10 03:04 804,352 --a------ C:\Windows\System32\drivers\tcpip.sys
      2008-01-10 03:04 . 2008-01-10 03:04 217,272 --a------ C:\Windows\System32\drivers\netio.sys
      2008-01-10 03:04 . 2008-01-10 03:04 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
      2008-01-10 03:04 . 2008-01-10 03:04 24,064 --a------ C:\Windows\System32\netcfg.exe
      2008-01-10 03:04 . 2008-01-10 03:04 22,016 --a------ C:\Windows\System32\netiougc.exe
      2008-01-10 03:02 . 2008-01-10 03:02 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
      2008-01-10 03:02 . 2008-01-10 03:02 1,686,016 --a------ C:\Windows\System32\gameux.dll
      2008-01-10 03:02 . 2008-01-10 03:02 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
      2008-01-10 03:02 . 2008-01-10 03:02 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
      2008-01-10 03:02 . 2008-01-10 03:02 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
      2008-01-10 03:02 . 2008-01-10 03:02 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
      2008-01-10 03:02 . 2008-01-10 03:02 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
      2008-01-10 03:02 . 2008-01-10 03:02 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
      2008-01-10 03:02 . 2008-01-10 03:02 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
      2008-01-10 03:01 . 2008-01-10 03:01 11,776 --a------ C:\Windows\System32\sbunattend.exe

      .
      (((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-09 03:07 --------- d-----w C:\Users\usuario\AppData\Roaming\uTorrent
      2008-02-09 02:51 --------- d-----w C:\Users\usuario\AppData\Roaming\Skype
      2008-02-08 23:36 --------- d-----w C:\Program Files\Trend Micro
      2008-02-07 08:31 --------- d-----w C:\ProgramData\Trend Micro
      2008-02-07 06:27 --------- d-----w C:\Program Files\AskTBar
      2008-01-10 05:02 --------- d-----w C:\Program Files\Windows Sidebar
      2008-01-10 05:02 --------- d-----w C:\Program Files\Windows Mail
      2008-01-10 02:02 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
      2008-01-10 02:02 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
      2008-01-10 02:02 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
      2008-01-10 02:02 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
      2008-01-08 01:44 --------- d-----w C:\Program Files\PacificPoker4
      2008-01-06 12:15 --------- d-----w C:\Users\usuario\AppData\Roaming\foobar2000
      2008-01-06 10:21 --------- d-----w C:\Program Files\foobar2000
      2007-12-30 08:27 --------- d-----w C:\Program Files\SecondLife
      2007-12-30 08:25 --------- d-----w C:\Users\usuario\AppData\Roaming\SecondLife
      2007-12-20 01:13 --------- d-----w C:\ProgramData\mcache
      2007-12-18 00:46 --------- d-----w C:\Program Files\KWMUSIC
      2007-12-12 05:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2007-12-12 02:05 1,327,104 ----a-w C:\Windows\System32\quartz.dll
      2007-12-12 02:04 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
      2007-12-12 02:04 223,232 ----a-w C:\Windows\System32\WMASF.DLL
      2007-12-12 02:03 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
      2007-12-12 02:03 824,832 ----a-w C:\Windows\System32\wininet.dll
      2007-12-12 02:03 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
      2007-12-12 02:03 56,320 ----a-w C:\Windows\System32\iesetup.dll
      2007-12-12 02:03 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
      2007-12-12 02:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
      2007-12-12 02:03 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
      2007-12-12 02:03 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
      2007-12-12 02:01 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
      2007-12-12 02:01 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
      2007-12-10 06:24 --------- d-----w C:\Program Files\MSECache
      2007-11-25 02:03 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
      2007-11-25 02:03 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
      2007-11-25 02:03 542,720 ----a-w C:\Windows\System32\sysmain.dll
      2007-11-25 02:03 502,784 ----a-w C:\Windows\System32\wlansvc.dll
      2007-11-25 02:03 47,104 ----a-w C:\Windows\System32\wlanapi.dll
      2007-11-25 02:03 297,984 ----a-w C:\Windows\System32\wlansec.dll
      2007-11-25 02:03 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
      2007-11-25 02:03 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
      2007-11-25 02:03 2,923,520 ----a-w C:\Windows\explorer.exe
      2007-11-25 02:03 2,027,008 ----a-w C:\Windows\System32\win32k.sys
      2007-11-25 02:01 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
      2007-09-03 13:08 174 --sha-w C:\Program Files\desktop.ini
      2007-07-26 14:32 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      2007-07-26 14:32 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      2007-07-26 14:32 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      .

      ((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
      2007-03-02 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-ABCD-7DD20B862223}]
      C:\Program Files\Helper\1202361573.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      {5CBE3B7C-1E47-477E-A7DD-396DB0476E29}
      {8113B5DE-F7EB-4154-A311-497FB80D8BD0}
      {E7620C98-FCCC-40E5-92EC-C7685D2E1E40}
      {EF99BD32-C1FB-11D2-892F-0090271D4F88}

      [HKEY_CLASSES_ROOT\clsid\{8113b5de-f7eb-4154-a311-497fb80d8bd0}]

      [HKEY_CLASSES_ROOT\clsid\{e7620c98-fccc-40e5-92ec-c7685d2e1e40}]
      [HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]
      [HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]
      [HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
      "{8113B5DE-F7EB-4154-A311-497FB80D8BD0}"= C:\Program Files\Video Add-on\ictmdl.dll [ ]

      [HKEY_CLASSES_ROOT\clsid\{8113b5de-f7eb-4154-a311-497fb80d8bd0}]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 03:01 1232896]
      "????r"="" []
      "?????????"="??????????????e" []
      "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
      "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 14:30 249856]
      "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
      "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 16:43 4670704]
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03 152872]
      "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040]
      "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24 167368]
      "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
      "AntiSpywareShield"="C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe" [2008-02-07 06:37 441344]
      "TrendSecure Remote File Lock"="C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe" [2007-10-31 17:47 435536]
      "OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2007-11-06 10:47 492808]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-05 02:12 1006264]
      "RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 16:07 4390912 C:\Windows\RtHDVCpl.exe]
      "Acer Tour"="" []
      "Acer Empowering Technology Monitor"="C:\Windows\system32\SysMonitor.exe" [2006-11-23 15:24 319488]
      "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48 57344]
      "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 07:26 453120]
      "eRecoveryService"="" []
      "eDSMSNfix"="C:\Acer\Empowering Technology\eDSMSNfix.exe" [2007-02-09 00:40 13312]
      "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
      "WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" [ ]
      "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
      "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
      "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-11 21:28 86016]
      "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-11 21:28 8497696]
      "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-11 21:28 81920]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
      "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
      "WinAnonymous"="C:\Program Files\WinAnonymous\GDC.exe" [2008-01-24 16:20 1825280]
      "gdcw"="C:\Program Files\WinAnonymous\data\GDCW.exe" [2007-12-25 16:07 81920]
      "UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-11-06 10:47 1393928]
      "SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe" [2008-01-23 14:48 344064]

      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
      Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
      Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-26 15:30:13 528384]
      HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
      C:\Program Files\AdVantage\AdVantage.exe

      R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2006-11-10 14:10]
      R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2006-11-10 14:21]
      R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2006-11-08 15:11]
      R0 UBHelper;UBHelper;C:\Windows\system32\drivers\UBHelper.sys [2006-08-29 03:30]
      R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\system32\DRIVERS\tmlwf.sys [2007-11-06 10:47]
      R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 17:12]
      R2 SpyHunter3 Service;SpyHunter3 Service;"C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe" [2008-01-23 14:48]
      R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\system32\DRIVERS\tmwfp.sys [2007-11-06 10:47]
      R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-09 02:52]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
      \shell\Auto\command - AdobeR.exe e
      \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce43aacc-81b0-11dc-8495-0019215aed5d}]
      \shell\AutoRun\command - J:\Setupx.exe

      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-09 04:08:33
      Windows 6.0.6000 NTFS

      escaneando procesos ocultos ...

      escaneando entradas ocultas de autostart ...

      escaneando archivos ocultos ...

      el escaneo se completo con exito
      archivos ocultos: 0

      **************************************************************************
      .
      --------------------- DLLs cargados bajo los procesos en ejecución ---------------------

      PROCESS: C:\Windows\system32\winlogon.exe [6.00.6000.16386]
      -> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

      PROCESS: C:\Windows\system32\lsass.exe [6.00.6000.16386]
      -> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
      .
      Tiempo completado: 2008-02-09 4:09:43
      ComboFix-quarantined-files.txt 2008-02-09 03:09:40
      .
      2008-01-10 02:05:00 --- E O F ---
      0
  2. efra
     
    salut, lorsque je double click sur combofix, une fenetre bleu et vide s'ouvre, et trend micro internet security en ouvre une aussi en me disant qu'il a detecté un virus et l'a mit en quarantaine. et si je tape sur la touche 1 il ne se passe absolument rien. dois je enlever trend micro ? merci d'avance.
    0
  3. efra
     
    voici le rapport combofix:

    ComboFix 08-02.05.3 - usuario 2008-02-09 4:05:31.1 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.34.3082.18.760 [GMT 1:00]
    Se ejecuta desde: C:\Users\usuario\Desktop\ComboFix.exe
    * Creado un nuevo punto de restauración
    .
    [color=purple]The following files were disabled during the run:[/color]
    C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

    (((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Helper
    C:\Program Files\internetgamebox
    C:\Program Files\internetgamebox\Conditions générales.url
    C:\Program Files\internetgamebox\Confidentialité.url
    C:\Program Files\internetgamebox\InternetGameBox.exe
    C:\Program Files\internetgamebox\language
    C:\Program Files\internetgamebox\ressources\AttenteOff.html
    C:\Program Files\internetgamebox\ressources\AttenteOn.html
    C:\Program Files\internetgamebox\ressources\configv2_en.xml
    C:\Program Files\internetgamebox\ressources\configv2_es.xml
    C:\Program Files\internetgamebox\ressources\configv2_fr.xml
    C:\Program Files\internetgamebox\ressources\favoris\defaultv2.swf
    C:\Program Files\internetgamebox\skins\skinv2.skn
    C:\Program Files\internetgamebox\uninst.exe
    C:\Program Files\internetgamebox\Website.url
    C:\Program Files\Video Add-on
    C:\Program Files\Video Add-on\icmntr.exe
    C:\Program Files\Video Add-on\icthis.exe
    C:\Program Files\Video Add-on\ictmdl.dll
    C:\Program Files\Video Add-on\isfmdl.dll
    C:\Program Files\Video Add-on\isfmm.exe
    C:\Program Files\Video Add-on\isfmntr.exe
    C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
    C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Conditions générales.lnk
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Confidentialité.lnk
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\InternetGameBox.lnk
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Website.lnk
    c:\Users\usuario\AppData\Local\bdhswbfrui.dat
    c:\users\usuario\appdata\local\bdhswbfrui.exe
    c:\Users\usuario\AppData\Local\bdhswbfrui_navps.dat
    C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InternetGameBox
    C:\Users\usuario\Desktop\internetgamebox.lnk
    C:\Windows\system32\AutoRun.inf
    C:\Windows\system32\nvs2.inf

    ----- BITS: Possible infected sites -----

    hxxp://www.download.windowsupdate.com
    .
    (((((((((((((((((( Archivos creados desde 2008-01-09 - 2008-02-09 )))))))))))))))))))))))))))))))))
    .

    2008-02-09 02:02 . 2008-02-09 02:02 <DIR> d-------- C:\Users\usuario\AppData\Roaming\AntiSpyware
    2008-02-09 00:26 . 2008-02-09 00:26 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
    2008-02-09 00:26 . 2008-02-09 00:26 <DIR> d-------- C:\ProgramData\Yahoo! Companion
    2008-02-08 23:56 . 2008-02-08 23:57 <DIR> d-------- C:\Program Files\CCleaner
    2008-02-08 23:31 . 2008-02-08 23:36 <DIR> d----c--- C:\Windows\System32\DRVSTORE
    2008-02-08 23:26 . 2008-02-08 23:33 <DIR> d-------- C:\Program Files\Windows Live Safety Center
    2008-02-08 22:43 . 2008-02-08 22:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-08 00:36 . 2008-02-08 00:36 <DIR> d-------- C:\Program Files\Enigma Software Group
    2008-02-07 08:32 . 2008-02-07 08:32 <DIR> d-------- C:\Windows\LocalSSL
    2008-02-07 08:03 . 2008-02-07 08:03 543,232 --a------ C:\Windows\System32\FWPUCLNT.DLL
    2008-02-07 08:03 . 2008-02-07 08:03 416,768 --a------ C:\Windows\System32\IKEEXT.DLL
    2008-02-07 08:03 . 2008-02-07 08:03 317,440 --a------ C:\Windows\System32\BFE.DLL
    2008-02-07 08:03 . 2008-02-07 08:03 84,992 --a------ C:\Windows\System32\drivers\FWPKCLNT.SYS
    2008-02-07 07:52 . 2008-02-07 07:52 <DIR> d-------- C:\Users\usuario\AppData\Roaming\WinAnonymous
    2008-02-07 07:47 . 2008-02-07 07:47 <DIR> d-------- C:\Users\All Users\WinAnonymous
    2008-02-07 07:47 . 2008-02-07 07:47 <DIR> d-------- C:\ProgramData\WinAnonymous
    2008-02-07 07:47 . 2008-02-07 07:52 <DIR> d-------- C:\Program Files\WinAnonymous
    2008-02-07 07:47 . 2008-02-07 07:47 <DIR> d-------- C:\Program Files\Common Files\WinAnonymous
    2008-02-07 07:47 . 2007-02-13 08:09 388,126 --a------ C:\Windows\System32\sqlite3.dll
    2008-02-07 07:47 . 2008-02-07 07:46 205,064 --a------ C:\Users\usuario\AppData\Roaming\installer_en[1].exe
    2008-02-07 06:46 . 2008-02-08 21:19 <DIR> d-a------ C:\Users\All Users\TEMP
    2008-02-07 06:46 . 2008-02-08 21:19 <DIR> d-a------ C:\ProgramData\TEMP
    2008-02-07 06:37 . 2008-02-07 07:17 <DIR> d-------- C:\Program Files\AntiSpywareShield
    2008-02-07 06:19 . 2008-02-07 10:33 <DIR> d-------- C:\Program Files\Sotfone
    2008-02-07 00:42 . 2008-02-07 00:43 <DIR> d-------- C:\Users\usuario\AppData\Roaming\HP
    2008-02-07 00:36 . 2008-02-07 00:36 <DIR> d-------- C:\Users\All Users\WEBREG
    2008-02-07 00:36 . 2008-02-07 00:36 <DIR> d-------- C:\ProgramData\WEBREG
    2008-02-07 00:31 . 2008-02-07 00:31 <DIR> d-------- C:\Users\All Users\Hewlett-Packard
    2008-02-07 00:31 . 2008-02-07 00:31 <DIR> d-------- C:\ProgramData\Hewlett-Packard
    2008-02-07 00:28 . 2008-02-07 00:28 <DIR> d-------- C:\Users\usuario\AppData\Roaming\HPAppData
    2008-02-07 00:28 . 2008-02-07 00:28 <DIR> d-------- C:\Users\All Users\HPSSUPPLY
    2008-02-07 00:28 . 2008-02-07 00:28 <DIR> d-------- C:\ProgramData\HPSSUPPLY
    2008-02-07 00:27 . 2008-02-07 00:27 <DIR> d-------- C:\Users\All Users\HP Product Assistant
    2008-02-07 00:27 . 2008-02-07 00:27 <DIR> d-------- C:\ProgramData\HP Product Assistant
    2008-02-07 00:26 . 2008-02-07 00:26 <DIR> d-------- C:\Program Files\Hewlett-Packard
    2008-02-07 00:26 . 2008-02-07 00:26 <DIR> d-------- C:\Program Files\Common Files\HP
    2008-02-07 00:25 . 2008-02-07 00:25 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
    2008-02-07 00:23 . 2007-03-17 17:11 675,840 --a------ C:\Windows\System32\hpowiax3.dll
    2008-02-07 00:23 . 2007-03-17 17:11 569,344 --a------ C:\Windows\System32\hpotscl3.dll
    2008-02-07 00:23 . 2007-03-08 05:20 364,544 --a------ C:\Windows\System32\hppldcoi.dll
    2008-02-07 00:23 . 2007-03-08 05:20 309,760 --a------ C:\Windows\System32\difxapi.dll
    2008-02-07 00:23 . 2007-03-17 17:11 303,104 --a------ C:\Windows\System32\hpovst10.dll
    2008-02-07 00:23 . 2007-03-30 16:07 267,864 --a------ C:\Windows\System32\hpzids01.dll
    2008-02-07 00:23 . 2007-03-28 14:01 117,760 --a------ C:\Windows\System32\hpzll5ha.dll
    2008-02-07 00:22 . 2008-02-07 00:28 <DIR> d-------- C:\Program Files\HP
    2008-02-07 00:21 . 2008-02-07 00:31 159,490 --a------ C:\Windows\hpoins14.dat
    2008-02-07 00:21 . 2007-06-06 00:07 2,000 --------- C:\Windows\hpomdl14.dat
    2008-02-07 00:20 . 2008-02-07 00:31 <DIR> d-------- C:\Users\All Users\HP
    2008-02-07 00:20 . 2008-02-07 00:31 <DIR> d-------- C:\ProgramData\HP
    2008-02-05 04:52 . 2008-02-05 04:52 <DIR> d-------- C:\Program Files\Easiestutils
    2008-01-10 03:04 . 2008-01-10 03:04 804,352 --a------ C:\Windows\System32\drivers\tcpip.sys
    2008-01-10 03:04 . 2008-01-10 03:04 217,272 --a------ C:\Windows\System32\drivers\netio.sys
    2008-01-10 03:04 . 2008-01-10 03:04 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
    2008-01-10 03:04 . 2008-01-10 03:04 24,064 --a------ C:\Windows\System32\netcfg.exe
    2008-01-10 03:04 . 2008-01-10 03:04 22,016 --a------ C:\Windows\System32\netiougc.exe
    2008-01-10 03:02 . 2008-01-10 03:02 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-01-10 03:02 . 2008-01-10 03:02 1,686,016 --a------ C:\Windows\System32\gameux.dll
    2008-01-10 03:02 . 2008-01-10 03:02 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
    2008-01-10 03:02 . 2008-01-10 03:02 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
    2008-01-10 03:02 . 2008-01-10 03:02 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
    2008-01-10 03:02 . 2008-01-10 03:02 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
    2008-01-10 03:02 . 2008-01-10 03:02 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
    2008-01-10 03:02 . 2008-01-10 03:02 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
    2008-01-10 03:02 . 2008-01-10 03:02 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
    2008-01-10 03:01 . 2008-01-10 03:01 11,776 --a------ C:\Windows\System32\sbunattend.exe

    .
    (((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-09 03:07 --------- d-----w C:\Users\usuario\AppData\Roaming\uTorrent
    2008-02-09 02:51 --------- d-----w C:\Users\usuario\AppData\Roaming\Skype
    2008-02-08 23:36 --------- d-----w C:\Program Files\Trend Micro
    2008-02-07 08:31 --------- d-----w C:\ProgramData\Trend Micro
    2008-02-07 06:27 --------- d-----w C:\Program Files\AskTBar
    2008-01-10 05:02 --------- d-----w C:\Program Files\Windows Sidebar
    2008-01-10 05:02 --------- d-----w C:\Program Files\Windows Mail
    2008-01-10 02:02 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-01-10 02:02 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-01-10 02:02 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-01-10 02:02 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-01-08 01:44 --------- d-----w C:\Program Files\PacificPoker4
    2008-01-06 12:15 --------- d-----w C:\Users\usuario\AppData\Roaming\foobar2000
    2008-01-06 10:21 --------- d-----w C:\Program Files\foobar2000
    2007-12-30 08:27 --------- d-----w C:\Program Files\SecondLife
    2007-12-30 08:25 --------- d-----w C:\Users\usuario\AppData\Roaming\SecondLife
    2007-12-20 01:13 --------- d-----w C:\ProgramData\mcache
    2007-12-18 00:46 --------- d-----w C:\Program Files\KWMUSIC
    2007-12-12 05:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-12 02:05 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2007-12-12 02:04 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2007-12-12 02:04 223,232 ----a-w C:\Windows\System32\WMASF.DLL
    2007-12-12 02:03 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
    2007-12-12 02:03 824,832 ----a-w C:\Windows\System32\wininet.dll
    2007-12-12 02:03 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
    2007-12-12 02:03 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2007-12-12 02:03 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2007-12-12 02:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2007-12-12 02:03 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
    2007-12-12 02:03 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
    2007-12-12 02:01 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2007-12-12 02:01 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
    2007-12-10 06:24 --------- d-----w C:\Program Files\MSECache
    2007-11-25 02:03 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
    2007-11-25 02:03 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
    2007-11-25 02:03 542,720 ----a-w C:\Windows\System32\sysmain.dll
    2007-11-25 02:03 502,784 ----a-w C:\Windows\System32\wlansvc.dll
    2007-11-25 02:03 47,104 ----a-w C:\Windows\System32\wlanapi.dll
    2007-11-25 02:03 297,984 ----a-w C:\Windows\System32\wlansec.dll
    2007-11-25 02:03 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
    2007-11-25 02:03 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
    2007-11-25 02:03 2,923,520 ----a-w C:\Windows\explorer.exe
    2007-11-25 02:03 2,027,008 ----a-w C:\Windows\System32\win32k.sys
    2007-11-25 02:01 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
    2007-09-03 13:08 174 --sha-w C:\Program Files\desktop.ini
    2007-07-26 14:32 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2007-07-26 14:32 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2007-07-26 14:32 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .

    ((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
    2007-03-02 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-ABCD-7DD20B862223}]
    C:\Program Files\Helper\1202361573.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {5CBE3B7C-1E47-477E-A7DD-396DB0476E29}
    {8113B5DE-F7EB-4154-A311-497FB80D8BD0}
    {E7620C98-FCCC-40E5-92EC-C7685D2E1E40}
    {EF99BD32-C1FB-11D2-892F-0090271D4F88}

    [HKEY_CLASSES_ROOT\clsid\{8113b5de-f7eb-4154-a311-497fb80d8bd0}]

    [HKEY_CLASSES_ROOT\clsid\{e7620c98-fccc-40e5-92ec-c7685d2e1e40}]
    [HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]
    [HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{8113B5DE-F7EB-4154-A311-497FB80D8BD0}"= C:\Program Files\Video Add-on\ictmdl.dll [ ]

    [HKEY_CLASSES_ROOT\clsid\{8113b5de-f7eb-4154-a311-497fb80d8bd0}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 03:01 1232896]
    "????r"="" []
    "?????????"="??????????????e" []
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 14:30 249856]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 16:43 4670704]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03 152872]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24 167368]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
    "AntiSpywareShield"="C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe" [2008-02-07 06:37 441344]
    "TrendSecure Remote File Lock"="C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe" [2007-10-31 17:47 435536]
    "OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2007-11-06 10:47 492808]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-05 02:12 1006264]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 16:07 4390912 C:\Windows\RtHDVCpl.exe]
    "Acer Tour"="" []
    "Acer Empowering Technology Monitor"="C:\Windows\system32\SysMonitor.exe" [2006-11-23 15:24 319488]
    "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48 57344]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 07:26 453120]
    "eRecoveryService"="" []
    "eDSMSNfix"="C:\Acer\Empowering Technology\eDSMSNfix.exe" [2007-02-09 00:40 13312]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
    "WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" [ ]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-11 21:28 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-11 21:28 8497696]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-11 21:28 81920]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
    "WinAnonymous"="C:\Program Files\WinAnonymous\GDC.exe" [2008-01-24 16:20 1825280]
    "gdcw"="C:\Program Files\WinAnonymous\data\GDCW.exe" [2007-12-25 16:07 81920]
    "UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-11-06 10:47 1393928]
    "SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe" [2008-01-23 14:48 344064]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
    Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-26 15:30:13 528384]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
    C:\Program Files\AdVantage\AdVantage.exe

    R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2006-11-10 14:10]
    R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2006-11-10 14:21]
    R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2006-11-08 15:11]
    R0 UBHelper;UBHelper;C:\Windows\system32\drivers\UBHelper.sys [2006-08-29 03:30]
    R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\system32\DRIVERS\tmlwf.sys [2007-11-06 10:47]
    R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 17:12]
    R2 SpyHunter3 Service;SpyHunter3 Service;"C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe" [2008-01-23 14:48]
    R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\system32\DRIVERS\tmwfp.sys [2007-11-06 10:47]
    R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-09 02:52]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
    \shell\Auto\command - AdobeR.exe e
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce43aacc-81b0-11dc-8495-0019215aed5d}]
    \shell\AutoRun\command - J:\Setupx.exe

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-09 04:08:33
    Windows 6.0.6000 NTFS

    escaneando procesos ocultos ...

    escaneando entradas ocultas de autostart ...

    escaneando archivos ocultos ...

    el escaneo se completo con exito
    archivos ocultos: 0

    **************************************************************************
    .
    --------------------- DLLs cargados bajo los procesos en ejecución ---------------------

    PROCESS: C:\Windows\system32\winlogon.exe [6.00.6000.16386]
    -> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

    PROCESS: C:\Windows\system32\lsass.exe [6.00.6000.16386]
    -> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
    .
    Tiempo completado: 2008-02-09 4:09:43
    ComboFix-quarantined-files.txt 2008-02-09 03:09:40
    .
    2008-01-10 02:05:00 --- E O F ---
    0
  4. g!rly Messages postés 18462 Statut Contributeur 407
     
    Salut efra,

    Oui bien joué ;-)

    C´est pas mal en espagnol aussi ;-)

    Post un nouveau hijack this, por favor.

    @+
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. efra
     
    Hola g!rly! ;-) je n'ai plus de symptomes d'infections depuis combofix et mon antivirus ne detecte plus de menaces! merci pour ton aide!!! voici le rapport hijacks this! serait-il trop tôt pour crier victoire?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 0:40:04, on 9/02/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16575)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe
    C:\Program Files\Video Add-on\icthis.exe
    C:\Program Files\Video Add-on\isfmntr.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
    C:\Windows\System32\SysMonitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Video Add-on\icmntr.exe
    C:\Acer\Empowering Technology\EDSMSNFIX.EXE
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Video Add-on\isfmm.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\WinAnonymous\GDC.exe
    C:\Program Files\Common Files\WinAnonymous\stm.exe
    C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
    C:\Program Files\WinAnonymous\data\GDCW.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Users\usuario\AppData\Local\bdhswbfrui.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
    C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
    C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Windows\System32\svchost.exe
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
    C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
    C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Video Add-on\isfmm.exe
    C:\Program Files\Video Add-on\isfmm.exe
    C:\Program Files\Video Add-on\isfmm.exe
    C:\Program Files\CCleaner\CCleaner.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://es.rd.yahoo.com/customize/ycomp/defaults/sp/*https://es.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://es.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://es.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://es.rd.yahoo.com/customize/ycomp/defaults/su/*https://es.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: TSToolbarBHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
    O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\Video Add-on\isfmdl.dll
    O2 - BHO: e404mgr Class - {F10587E9-0E47-4CBE-ABCD-7DD20B862223} - C:\Program Files\Helper\1202361573.dll (file missing)
    O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
    O3 - Toolbar: IE Custom Tools - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - C:\Program Files\Video Add-on\ictmdl.dll
    O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
    O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [WinAnonymous] C:\Program Files\WinAnonymous\GDC.exe
    O4 - HKLM\..\Run: [gdcw] C:\Program Files\WinAnonymous\data\GDCW.exe
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAnonymous\stm.exe" dm=http://winanonymous.com ad=http://winanonymous.com sd=http://ilp.winanonymous.com
    O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
    O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [?????????] ??????????????e
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [bdhswbfrui] c:\users\usuario\appdata\local\bdhswbfrui.exe bdhswbfrui
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
    O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
    O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
    O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
    O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Portafolios de HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Selección inteligente de HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/fr-fr/wlscctrl2.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-be.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/fr/TSEasyInstallX.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    O23 - Service: SpyHunter3 Service - Enigma Software Group, Inc. - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
    O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
    0
  7. g!rly Messages postés 18462 Statut Contributeur 407
     
    Hola efra,

    y reste pas mal de saloperies dans ton pc...

    Copie le texte ci-dessous :

    File::
    C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
    J:\Setupx.exe

    Folder::
    C:\Program Files\Common Files\Symantec
    C:\Program Files\AntiSpywareShield
    C:\Program Files\WinAnonymous
    C:\Program Files\AskTBar
    C:\Program Files\Helper
    C:\Program Files\Video Add-on
    C:\Program Files\AdVantage

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-ABCD-7DD20B862223}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{8113B5DE-F7EB-4154-A311-497FB80D8BD0}"=-
    [-HKEY_CLASSES_ROOT\clsid\{8113b5de-f7eb-4154-a311-497fb80d8bd0}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "????r"=-
    "?????????"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Symantec PIF AlertEng"=-
    "WinAnonymous"=-
    "gdcw"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce43aa cc-81b0-11dc-8495-0019215aed5d}]

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    @+
    0
  8. efra
     
    Salt g!rly, ça va? voici le rapport combofix:

    ComboFix 08-02.05.3 - usuario 2008-02-10 22:40:59.2 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.34.3082.18.886 [GMT 1:00]
    Se ejecuta desde: C:\Users\usuario\Desktop\ComboFix.exe
    Command switches used :: C:\Users\usuario\Desktop\CFScript.txt.txt
    * Creado un nuevo punto de restauración

    FILE
    C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
    J:\Setupx.exe
    .

    (((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    J:\Setupx.exe
    C:\Program Files\AskTBar
    C:\Program Files\AskTBar\bar\Cache\[u]0/u0769E63
    C:\Program Files\AskTBar\bar\Cache\[u]0/u076A41D
    C:\Program Files\AskTBar\bar\Cache\[u]0/u076A823.bin
    C:\Program Files\AskTBar\bar\Cache\[u]0/u076AC95.bin
    C:\Program Files\AskTBar\bar\Cache\[u]0/u076B01E.bin
    C:\Program Files\AskTBar\bar\Cache\[u]0/u076B240.bin
    C:\Program Files\AskTBar\bar\Cache\[u]0/u076B5C9.bin
    C:\Program Files\AskTBar\bar\Cache\files.ini
    C:\Program Files\AskTBar\bar\History\search2
    C:\Program Files\AskTBar\bar\Settings\prevcfg2.htm
    C:\Program Files\AskTBar\PopSwatr\History\allowed
    C:\Program Files\AskTBar\PopSwatr\History\notallow
    C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    J:\Setupx.exe

    .
    (((((((((((((((((( Archivos creados desde 2008-01-10 - 2008-02-10 )))))))))))))))))))))))))))))))))
    .

    2008-02-09 06:04 . 2008-02-09 06:06 <DIR> d-------- C:\Users\All Users\Lavasoft
    2008-02-09 06:04 . 2008-02-09 06:06 <DIR> d-------- C:\ProgramData\Lavasoft
    2008-02-09 06:04 . 2008-02-09 06:04 <DIR> d-------- C:\Program Files\Lavasoft
    2008-02-09 02:56 . 2006-11-02 10:44 320,000 --a------ C:\kmd.exe
    2008-02-09 02:02 . 2008-02-09 02:02 <DIR> d-------- C:\Users\usuario\AppData\Roaming\AntiSpyware
    2008-02-09 00:26 . 2008-02-09 00:26 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
    2008-02-09 00:26 . 2008-02-09 00:26 <DIR> d-------- C:\ProgramData\Yahoo! Companion
    2008-02-08 23:56 . 2008-02-08 23:57 <DIR> d-------- C:\Program Files\CCleaner
    2008-02-08 23:31 . 2008-02-08 23:36 <DIR> d----c--- C:\Windows\System32\DRVSTORE
    2008-02-08 23:26 . 2008-02-08 23:33 <DIR> d-------- C:\Program Files\Windows Live Safety Center
    2008-02-08 22:43 . 2008-02-09 06:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-07 08:32 . 2008-02-07 08:32 <DIR> d-------- C:\Windows\LocalSSL
    2008-02-07 08:03 . 2008-02-07 08:03 543,232 --a------ C:\Windows\System32\FWPUCLNT.DLL
    2008-02-07 08:03 . 2008-02-07 08:03 416,768 --a------ C:\Windows\System32\IKEEXT.DLL
    2008-02-07 08:03 . 2008-02-07 08:03 317,440 --a------ C:\Windows\System32\BFE.DLL
    2008-02-07 08:03 . 2008-02-07 08:03 84,992 --a------ C:\Windows\System32\drivers\FWPKCLNT.SYS
    2008-02-07 07:52 . 2008-02-07 07:52 <DIR> d-------- C:\Users\usuario\AppData\Roaming\WinAnonymous
    2008-02-07 07:47 . 2008-02-07 07:47 <DIR> d-------- C:\Users\All Users\WinAnonymous
    2008-02-07 07:47 . 2008-02-07 07:47 <DIR> d-------- C:\ProgramData\WinAnonymous
    2008-02-07 07:47 . 2008-02-07 07:47 <DIR> d-------- C:\Program Files\Common Files\WinAnonymous
    2008-02-07 07:47 . 2008-02-07 07:46 205,064 --a------ C:\Users\usuario\AppData\Roaming\installer_en[1].exe
    2008-02-07 06:46 . 2008-02-08 21:19 <DIR> d-a------ C:\Users\All Users\TEMP
    2008-02-07 06:46 . 2008-02-08 21:19 <DIR> d-a------ C:\ProgramData\TEMP
    2008-02-07 06:19 . 2008-02-07 10:33 <DIR> d-------- C:\Program Files\Sotfone
    2008-02-07 00:42 . 2008-02-07 00:43 <DIR> d-------- C:\Users\usuario\AppData\Roaming\HP
    2008-02-07 00:36 . 2008-02-07 00:36 <DIR> d-------- C:\Users\All Users\WEBREG
    2008-02-07 00:36 . 2008-02-07 00:36 <DIR> d-------- C:\ProgramData\WEBREG
    2008-02-07 00:31 . 2008-02-07 00:31 <DIR> d-------- C:\Users\All Users\Hewlett-Packard
    2008-02-07 00:31 . 2008-02-07 00:31 <DIR> d-------- C:\ProgramData\Hewlett-Packard
    2008-02-07 00:28 . 2008-02-07 00:28 <DIR> d-------- C:\Users\usuario\AppData\Roaming\HPAppData
    2008-02-07 00:28 . 2008-02-07 00:28 <DIR> d-------- C:\Users\All Users\HPSSUPPLY
    2008-02-07 00:28 . 2008-02-07 00:28 <DIR> d-------- C:\ProgramData\HPSSUPPLY
    2008-02-07 00:27 . 2008-02-07 00:27 <DIR> d-------- C:\Users\All Users\HP Product Assistant
    2008-02-07 00:27 . 2008-02-07 00:27 <DIR> d-------- C:\ProgramData\HP Product Assistant
    2008-02-07 00:26 . 2008-02-07 00:26 <DIR> d-------- C:\Program Files\Hewlett-Packard
    2008-02-07 00:26 . 2008-02-07 00:26 <DIR> d-------- C:\Program Files\Common Files\HP
    2008-02-07 00:25 . 2008-02-07 00:25 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
    2008-02-07 00:23 . 2007-03-17 17:11 675,840 --a------ C:\Windows\System32\hpowiax3.dll
    2008-02-07 00:23 . 2007-03-17 17:11 569,344 --a------ C:\Windows\System32\hpotscl3.dll
    2008-02-07 00:23 . 2007-03-08 05:20 364,544 --a------ C:\Windows\System32\hppldcoi.dll
    2008-02-07 00:23 . 2007-03-08 05:20 309,760 --a------ C:\Windows\System32\difxapi.dll
    2008-02-07 00:23 . 2007-03-17 17:11 303,104 --a------ C:\Windows\System32\hpovst10.dll
    2008-02-07 00:23 . 2007-03-30 16:07 267,864 --a------ C:\Windows\System32\hpzids01.dll
    2008-02-07 00:23 . 2007-03-28 14:01 117,760 --a------ C:\Windows\System32\hpzll5ha.dll
    2008-02-07 00:22 . 2008-02-07 00:28 <DIR> d-------- C:\Program Files\HP
    2008-02-07 00:21 . 2008-02-07 00:31 159,490 --a------ C:\Windows\hpoins14.dat
    2008-02-07 00:21 . 2007-06-06 00:07 2,000 --------- C:\Windows\hpomdl14.dat
    2008-02-07 00:20 . 2008-02-07 00:31 <DIR> d-------- C:\Users\All Users\HP
    2008-02-07 00:20 . 2008-02-07 00:31 <DIR> d-------- C:\ProgramData\HP
    2008-02-05 04:52 . 2008-02-05 04:52 <DIR> d-------- C:\Program Files\Easiestutils
    2008-01-10 03:04 . 2008-01-10 03:04 804,352 --a------ C:\Windows\System32\drivers\tcpip.sys
    2008-01-10 03:04 . 2008-01-10 03:04 217,272 --a------ C:\Windows\System32\drivers\netio.sys
    2008-01-10 03:04 . 2008-01-10 03:04 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
    2008-01-10 03:04 . 2008-01-10 03:04 24,064 --a------ C:\Windows\System32\netcfg.exe
    2008-01-10 03:04 . 2008-01-10 03:04 22,016 --a------ C:\Windows\System32\netiougc.exe
    2008-01-10 03:02 . 2008-01-10 03:02 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-01-10 03:02 . 2008-01-10 03:02 1,686,016 --a------ C:\Windows\System32\gameux.dll
    2008-01-10 03:02 . 2008-01-10 03:02 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
    2008-01-10 03:02 . 2008-01-10 03:02 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
    2008-01-10 03:02 . 2008-01-10 03:02 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
    2008-01-10 03:02 . 2008-01-10 03:02 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
    2008-01-10 03:02 . 2008-01-10 03:02 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
    2008-01-10 03:02 . 2008-01-10 03:02 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
    2008-01-10 03:02 . 2008-01-10 03:02 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
    2008-01-10 03:01 . 2008-01-10 03:01 11,776 --a------ C:\Windows\System32\sbunattend.exe

    .
    (((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-10 21:51 --------- d-----w C:\Users\usuario\AppData\Roaming\Skype
    2008-02-09 10:48 --------- d-----w C:\ProgramData\mcache
    2008-02-09 04:52 --------- d-----w C:\Program Files\Winamp
    2008-02-09 03:15 --------- d-----w C:\Users\usuario\AppData\Roaming\uTorrent
    2008-02-08 23:36 --------- d-----w C:\Program Files\Trend Micro
    2008-02-07 08:31 --------- d-----w C:\ProgramData\Trend Micro
    2008-01-10 05:02 --------- d-----w C:\Program Files\Windows Sidebar
    2008-01-10 05:02 --------- d-----w C:\Program Files\Windows Mail
    2008-01-10 02:02 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-01-10 02:02 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-01-10 02:02 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-01-10 02:02 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-01-08 01:44 --------- d-----w C:\Program Files\PacificPoker4
    2008-01-06 12:15 --------- d-----w C:\Users\usuario\AppData\Roaming\foobar2000
    2008-01-06 10:21 --------- d-----w C:\Program Files\foobar2000
    2007-12-30 08:27 --------- d-----w C:\Program Files\SecondLife
    2007-12-30 08:25 --------- d-----w C:\Users\usuario\AppData\Roaming\SecondLife
    2007-12-18 00:46 --------- d-----w C:\Program Files\KWMUSIC
    2007-12-14 10:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe
    2007-12-12 05:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-12 02:05 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2007-12-12 02:04 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2007-12-12 02:04 223,232 ----a-w C:\Windows\System32\WMASF.DLL
    2007-12-12 02:03 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
    2007-12-12 02:03 824,832 ----a-w C:\Windows\System32\wininet.dll
    2007-12-12 02:03 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
    2007-12-12 02:03 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2007-12-12 02:03 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2007-12-12 02:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2007-12-12 02:03 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
    2007-12-12 02:03 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
    2007-12-12 02:01 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2007-12-12 02:01 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
    2007-12-10 06:24 --------- d-----w C:\Program Files\MSECache
    2007-11-25 02:03 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
    2007-11-25 02:03 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
    2007-11-25 02:03 542,720 ----a-w C:\Windows\System32\sysmain.dll
    2007-11-25 02:03 502,784 ----a-w C:\Windows\System32\wlansvc.dll
    2007-11-25 02:03 47,104 ----a-w C:\Windows\System32\wlanapi.dll
    2007-11-25 02:03 297,984 ----a-w C:\Windows\System32\wlansec.dll
    2007-11-25 02:03 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
    2007-11-25 02:03 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
    2007-11-25 02:03 2,923,520 ----a-w C:\Windows\explorer.exe
    2007-11-25 02:03 2,027,008 ----a-w C:\Windows\System32\win32k.sys
    2007-11-25 02:01 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
    2007-09-03 13:08 174 --sha-w C:\Program Files\desktop.ini
    2007-07-26 14:32 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2007-07-26 14:32 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2007-07-26 14:32 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .

    ((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
    2007-03-02 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {5CBE3B7C-1E47-477E-A7DD-396DB0476E29}
    {8113B5DE-F7EB-4154-A311-497FB80D8BD0}
    {E7620C98-FCCC-40E5-92EC-C7685D2E1E40}
    {EF99BD32-C1FB-11D2-892F-0090271D4F88}

    [HKEY_CLASSES_ROOT\clsid\{e7620c98-fccc-40e5-92ec-c7685d2e1e40}]
    [HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]
    [HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 03:01 1232896]
    "????r"="" []
    "?????????"="??????????????e" []
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 14:30 249856]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 16:43 4670704]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03 152872]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24 167368]
    "AntiSpywareShield"="C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe" [ ]
    "TrendSecure Remote File Lock"="C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe" [2007-10-31 17:47 435536]
    "OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2007-11-06 10:47 492808]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-05 02:12 1006264]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 16:07 4390912 C:\Windows\RtHDVCpl.exe]
    "Acer Tour"="" []
    "Acer Empowering Technology Monitor"="C:\Windows\system32\SysMonitor.exe" [2006-11-23 15:24 319488]
    "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48 57344]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 07:26 453120]
    "eRecoveryService"="" []
    "eDSMSNfix"="C:\Acer\Empowering Technology\eDSMSNfix.exe" [2007-02-09 00:40 13312]
    "WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" [ ]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-11 21:28 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-11 21:28 8497696]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-11 21:28 81920]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
    "UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-11-06 10:47 1393928]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
    Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-26 15:30:13 528384]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

    R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2006-11-10 14:10]
    R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2006-11-10 14:21]
    R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2006-11-08 15:11]
    R0 UBHelper;UBHelper;C:\Windows\system32\drivers\UBHelper.sys [2006-08-29 03:30]
    R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\system32\DRIVERS\tmlwf.sys [2007-11-06 10:47]
    R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 17:12]
    R2 Programador de LiveUpdate automático;Programador de LiveUpdate automático;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-01-11 16:23]
    R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\system32\DRIVERS\tmwfp.sys [2007-11-06 10:47]
    R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-09 02:52]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce43aacc-81b0-11dc-8495-0019215aed5d}]
    \shell\AutoRun\command - J:\Setupx.exe

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-10 22:51:30
    Windows 6.0.6000 NTFS

    escaneando procesos ocultos ...

    escaneando entradas ocultas de autostart ...

    escaneando archivos ocultos ...

    el escaneo se completo con exito
    archivos ocultos: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    .
    **************************************************************************
    .
    Tiempo completado: 2008-02-10 22:53:45 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-10 21:53:40
    ComboFix2.txt 2008-02-09 03:09:44
    .
    2008-01-10 02:05:00 --- E O F ---
    0
  9. efra
     
    et voici le rapport hijackthis! c'est mieux? en tout cas merci pour ton aide et tes explications très claires, c'est du bon boulot! ;-)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 0:40:04, on 9/02/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16575)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe
    C:\Program Files\Video Add-on\icthis.exe
    C:\Program Files\Video Add-on\isfmntr.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
    C:\Windows\System32\SysMonitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Video Add-on\icmntr.exe
    C:\Acer\Empowering Technology\EDSMSNFIX.EXE
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Video Add-on\isfmm.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\WinAnonymous\GDC.exe
    C:\Program Files\Common Files\WinAnonymous\stm.exe
    C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
    C:\Program Files\WinAnonymous\data\GDCW.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Users\usuario\AppData\Local\bdhswbfrui.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
    C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
    C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Windows\System32\svchost.exe
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
    C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
    C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Video Add-on\isfmm.exe
    C:\Program Files\Video Add-on\isfmm.exe
    C:\Program Files\Video Add-on\isfmm.exe
    C:\Program Files\CCleaner\CCleaner.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://es.rd.yahoo.com/customize/ycomp/defaults/sp/*https://es.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://es.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://es.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://es.rd.yahoo.com/customize/ycomp/defaults/su/*https://es.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: TSToolbarBHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
    O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\Video Add-on\isfmdl.dll
    O2 - BHO: e404mgr Class - {F10587E9-0E47-4CBE-ABCD-7DD20B862223} - C:\Program Files\Helper\1202361573.dll (file missing)
    O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
    O3 - Toolbar: IE Custom Tools - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - C:\Program Files\Video Add-on\ictmdl.dll
    O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
    O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [WinAnonymous] C:\Program Files\WinAnonymous\GDC.exe
    O4 - HKLM\..\Run: [gdcw] C:\Program Files\WinAnonymous\data\GDCW.exe
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAnonymous\stm.exe" dm=http://winanonymous.com ad=http://winanonymous.com sd=http://ilp.winanonymous.com
    O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
    O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [?????????] ??????????????e
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [bdhswbfrui] c:\users\usuario\appdata\local\bdhswbfrui.exe bdhswbfrui
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
    O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
    O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
    O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
    O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Portafolios de HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Selección inteligente de HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/fr-fr/wlscctrl2.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-be.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/fr/TSEasyInstallX.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    O23 - Service: SpyHunter3 Service - Enigma Software Group, Inc. - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
    O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
    0
  10. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    Je voie qu´il reste encore quelques bricoles

    Le hijack this que tu m´as envoyé date du > Scan saved at 0:40:04, on 9/02/2008

    fais en un nouveau et post le ici stp

    @+
    0
  11. efra
     
    salut, voici ce qui se passe lorsque je tente de refaire un scan hijack:

    for some reason your system denied write to te Hosts file. If any hijacked domains are in this file, Hijack This may NOT be able to fix this.
    If that happens, you need to edit the file yourself. To do this, click Start, Run and type:
    notepad C:\Windows\System32\drivers\etc\hosts
    and press Enter. Find the lines(s) Hijack This reports and delete them.
    Save the file as 'hosts.' (with quotes), and reboot.
    For Vista: simply, quit HijackThis, right click on the HijackThis icon, choose'Run as administrator'.

    et lorsque je ferme cette fenetre ou clique sur accepter, il me sort un scan du 9/02/2008 à 00:40:04 !!! apparement cela doit etre fait manuellement. comment faire? merci d'avance! (et voici tout de meme un rapport hijack que je viens de refaire)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 0:40:04, on 9/02/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16575)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe
    C:\Program Files\Video Add-on\icthis.exe
    C:\Program Files\Video Add-on\isfmntr.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
    C:\Windows\System32\SysMonitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Video Add-on\icmntr.exe
    C:\Acer\Empowering Technology\EDSMSNFIX.EXE
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Video Add-on\isfmm.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\WinAnonymous\GDC.exe
    C:\Program Files\Common Files\WinAnonymous\stm.exe
    C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
    C:\Program Files\WinAnonymous\data\GDCW.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Users\usuario\AppData\Local\bdhswbfrui.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
    C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
    C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Windows\System32\svchost.exe
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
    C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
    C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Video Add-on\isfmm.exe
    C:\Program Files\Video Add-on\isfmm.exe
    C:\Program Files\Video Add-on\isfmm.exe
    C:\Program Files\CCleaner\CCleaner.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://es.rd.yahoo.com/customize/ycomp/defaults/sp/*https://es.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://es.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://es.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://es.rd.yahoo.com/customize/ycomp/defaults/su/*https://es.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: TSToolbarBHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
    O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\Video Add-on\isfmdl.dll
    O2 - BHO: e404mgr Class - {F10587E9-0E47-4CBE-ABCD-7DD20B862223} - C:\Program Files\Helper\1202361573.dll (file missing)
    O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
    O3 - Toolbar: IE Custom Tools - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - C:\Program Files\Video Add-on\ictmdl.dll
    O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
    O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [WinAnonymous] C:\Program Files\WinAnonymous\GDC.exe
    O4 - HKLM\..\Run: [gdcw] C:\Program Files\WinAnonymous\data\GDCW.exe
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAnonymous\stm.exe" dm=http://winanonymous.com ad=http://winanonymous.com sd=http://ilp.winanonymous.com
    O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
    O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [?????????] ??????????????e
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [bdhswbfrui] c:\users\usuario\appdata\local\bdhswbfrui.exe bdhswbfrui
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
    O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
    O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
    O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
    O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Portafolios de HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Selección inteligente de HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/fr-fr/wlscctrl2.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-be.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/fr/TSEasyInstallX.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    O23 - Service: SpyHunter3 Service - Enigma Software Group, Inc. - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
    O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
    0
  12. g!rly Messages postés 18462 Statut Contributeur 407
     
    Salut,

    fais le en temps qu´administrateur.

    tu click droit sur l´icone de hijack this et choisie executer en temps qu´administarteur

    @+
    0
  13. efra
     
    voila! merci. c mieux?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:45:16, on 11/02/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16575)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\SysMonitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Acer\Empowering Technology\EDSMSNFIX.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://es.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://es.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://es.rd.yahoo.com/customize/ycomp/defaults/su/*https://es.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: TSToolbarBHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: (no name) - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - (no file)
    O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
    O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [?????????] ??????????????e
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
    O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
    O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Portafolios de HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Selección inteligente de HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/fr-fr/wlscctrl2.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-be.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/fr/TSEasyInstallX.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
    0
  14. g!rly Messages postés 18462 Statut Contributeur 407
     
    Oui c´est mieux ;-)

    Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
    - Enregistre le sur ton bureau

    Double clique sur le OAD pour le lancer

    - nom de fichier à rechercher tape ou fais un copier coller de :

    ??????????????e

    - Type de recherche : sélectionne l'option 6 puis valide

    OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ait terminé.
    Le rapport de recherche s'affichera automatiquement à l’écran dès qu'il aura terminé.

    - Fais un copier / coller de ce rapport dans ton prochain post.

    Note importante : Suivant la taille des disques durs cette recherche peut prendre plusieurs minutes. Sois patient

    @+
    0
  15. efra
     
    salut g!rly, OAD ne trouve rien, il signale: resultat.txt non trouvé et il me demande si je veux créer un nouveau fichier. pui apparaît une page du bloc note vide. que dois-je faire maintenant? ce fichier "??????????????e " représente-t-il une menace? merci d'avance. A+
    0
  16. g!rly Messages postés 18462 Statut Contributeur 407
     
    Salut efra.

    Bon on va faire avec...

    Oui comme tu le voie il est "crypté"

    fais ceci :

    A l´aide de hijack this coche et fix ceci :

    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
    O3 - Toolbar: (no name) - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - (no file)
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/fr-fr/wlscctrl2.cab

    comment fixer:

    Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

    -> http://pageperso.aol.fr/balltrap34/demohijack.htm

    Copie le texte ci-dessous :

    Folder::
    C:\Program Files\AntiSpywareShield
    C:\Program Files\Symantec
    C:\Program Files\Common Files\Symantec

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "????r"=-
    "?????????"=-
    "AntiSpywareShield"=-

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    Peux tu me confirmer que ton anti virus fonctionne?!

    @+
    0
  17. efra
     
    salut g!rly! j'ai bien suivi toutes les instructions. oui mon antivirus fonctionne parfaitement. voici le rapport combofix suivi du rapport hijackthis. Un grand merci pour ton aide précieuse!

    ComboFix 08-02.05.3 - usuario 2008-02-13 6:30:01.3 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.34.3082.18.1042 [GMT 1:00]
    Se ejecuta desde: C:\Users\usuario\Desktop\ComboFix.exe
    Command switches used :: C:\Users\usuario\Desktop\CFScript.txt
    * Creado un nuevo punto de restauración
    .

    (((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Symantec
    C:\Program Files\Symantec\LiveUpdate\1.Settings.Default.LiveUpdate
    C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUNOTIFYRES.DLL
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvcRes.dll
    C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
    C:\Program Files\Symantec\LiveUpdate\AUPDATERES.DLL
    C:\Program Files\Symantec\LiveUpdate\Leame.txt
    C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE
    C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
    C:\Program Files\Symantec\LiveUpdate\LUALLRES.DLL
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LUCheck.exe
    C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
    C:\Program Files\Symantec\LiveUpdate\LuConfig.EXE
    C:\Program Files\Symantec\LiveUpdate\ludirloc.dat
    C:\Program Files\Symantec\LiveUpdate\LUINFO.INF
    C:\Program Files\Symantec\LiveUpdate\LUInit.exe
    C:\Program Files\Symantec\LiveUpdate\LUInit.ini
    C:\Program Files\Symantec\LiveUpdate\LUINSDLL.DLL
    C:\Program Files\Symantec\LiveUpdate\LuInsRes.dll
    C:\Program Files\Symantec\LiveUpdate\LuPreCon.DLL
    C:\Program Files\Symantec\LiveUpdate\LuResult.txt
    C:\Program Files\Symantec\LiveUpdate\LUSETUP.EXE
    C:\Program Files\Symantec\LiveUpdate\LUUPDATE.EXE
    C:\Program Files\Symantec\LiveUpdate\MFC71.DLL
    C:\Program Files\Symantec\LiveUpdate\MSVCP71.DLL
    C:\Program Files\Symantec\LiveUpdate\MSVCR71.DLL
    C:\Program Files\Symantec\LiveUpdate\NetDetectController_3_2.DLL
    C:\Program Files\Symantec\LiveUpdate\NotifyHA.exe
    C:\Program Files\Symantec\LiveUpdate\ProductRegCom_3_2.DLL
    C:\Program Files\Symantec\LiveUpdate\ResLuComServer_3_2.DLL
    C:\Program Files\Symantec\LiveUpdate\S32LIVE1.DLL
    C:\Program Files\Symantec\LiveUpdate\S32LUCP1RES.DLL
    C:\Program Files\Symantec\LiveUpdate\S32LUCP2.CPL
    C:\Program Files\Symantec\LiveUpdate\S32LUIS1.DLL
    C:\Program Files\Symantec\LiveUpdate\S32LUWI1.DLL
    C:\Program Files\Symantec\LiveUpdate\Settings.Default.LiveUpdate
    C:\Program Files\Symantec\LiveUpdate\SETUPRES.DLL
    C:\Program Files\Symantec\LiveUpdate\SymantecRootInstaller.exe
    C:\Program Files\Symantec\LiveUpdate\SymantecRootInstaller.log
    C:\Program Files\Symantec\LiveUpdate\SymantecRootInstallerRes.dll
    C:\Program Files\Symantec\LiveUpdate\UNRAR.DLL

    .
    (((((((((((((((((( Archivos creados desde 2008-01-13 - 2008-02-13 )))))))))))))))))))))))))))))))))
    .

    2008-02-13 03:09 . 2008-02-13 03:09 194,560 --a------ C:\Windows\System32\WebClnt.dll
    2008-02-13 03:09 . 2008-02-13 03:09 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
    2008-02-13 03:04 . 2008-02-13 03:04 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-02-09 06:04 . 2008-02-09 06:06 <DIR> d-------- C:\Users\All Users\Lavasoft
    2008-02-09 06:04 . 2008-02-09 06:06 <DIR> d-------- C:\ProgramData\Lavasoft
    2008-02-09 06:04 . 2008-02-09 06:04 <DIR> d-------- C:\Program Files\Lavasoft
    2008-02-09 04:55 . 2006-11-02 10:44 320,000 --a------ C:\kmd.exe
    2008-02-09 02:02 . 2008-02-09 02:02 <DIR> d-------- C:\Users\usuario\AppData\Roaming\AntiSpyware
    2008-02-09 00:26 . 2008-02-09 00:26 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
    2008-02-09 00:26 . 2008-02-09 00:26 <DIR> d-------- C:\ProgramData\Yahoo! Companion
    2008-02-08 23:56 . 2008-02-08 23:57 <DIR> d-------- C:\Program Files\CCleaner
    2008-02-08 23:31 . 2008-02-08 23:36 <DIR> d----c--- C:\Windows\System32\DRVSTORE
    2008-02-08 23:26 . 2008-02-08 23:33 <DIR> d-------- C:\Program Files\Windows Live Safety Center
    2008-02-08 22:43 . 2008-02-09 06:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-02-07 08:32 . 2008-02-07 08:32 <DIR> d-------- C:\Windows\LocalSSL
    2008-02-07 08:03 . 2008-02-07 08:03 543,232 --a------ C:\Windows\System32\FWPUCLNT.DLL
    2008-02-07 08:03 . 2008-02-07 08:03 416,768 --a------ C:\Windows\System32\IKEEXT.DLL
    2008-02-07 08:03 . 2008-02-07 08:03 317,440 --a------ C:\Windows\System32\BFE.DLL
    2008-02-07 08:03 . 2008-02-07 08:03 84,992 --a------ C:\Windows\System32\drivers\FWPKCLNT.SYS
    2008-02-07 07:52 . 2008-02-07 07:52 <DIR> d-------- C:\Users\usuario\AppData\Roaming\WinAnonymous
    2008-02-07 07:47 . 2008-02-07 07:47 <DIR> d-------- C:\Users\All Users\WinAnonymous
    2008-02-07 07:47 . 2008-02-07 07:47 <DIR> d-------- C:\ProgramData\WinAnonymous
    2008-02-07 07:47 . 2008-02-07 07:47 <DIR> d-------- C:\Program Files\Common Files\WinAnonymous
    2008-02-07 07:47 . 2008-02-07 07:46 205,064 --a------ C:\Users\usuario\AppData\Roaming\installer_en[1].exe
    2008-02-07 06:46 . 2008-02-08 21:19 <DIR> d-a------ C:\Users\All Users\TEMP
    2008-02-07 06:46 . 2008-02-08 21:19 <DIR> d-a------ C:\ProgramData\TEMP
    2008-02-07 06:19 . 2008-02-07 10:33 <DIR> d-------- C:\Program Files\Sotfone
    2008-02-07 00:42 . 2008-02-07 00:43 <DIR> d-------- C:\Users\usuario\AppData\Roaming\HP
    2008-02-07 00:36 . 2008-02-07 00:36 <DIR> d-------- C:\Users\All Users\WEBREG
    2008-02-07 00:36 . 2008-02-07 00:36 <DIR> d-------- C:\ProgramData\WEBREG
    2008-02-07 00:31 . 2008-02-07 00:31 <DIR> d-------- C:\Users\All Users\Hewlett-Packard
    2008-02-07 00:31 . 2008-02-07 00:31 <DIR> d-------- C:\ProgramData\Hewlett-Packard
    2008-02-07 00:28 . 2008-02-07 00:28 <DIR> d-------- C:\Users\usuario\AppData\Roaming\HPAppData
    2008-02-07 00:28 . 2008-02-07 00:28 <DIR> d-------- C:\Users\All Users\HPSSUPPLY
    2008-02-07 00:28 . 2008-02-07 00:28 <DIR> d-------- C:\ProgramData\HPSSUPPLY
    2008-02-07 00:27 . 2008-02-07 00:27 <DIR> d-------- C:\Users\All Users\HP Product Assistant
    2008-02-07 00:27 . 2008-02-07 00:27 <DIR> d-------- C:\ProgramData\HP Product Assistant
    2008-02-07 00:26 . 2008-02-07 00:26 <DIR> d-------- C:\Program Files\Hewlett-Packard
    2008-02-07 00:26 . 2008-02-07 00:26 <DIR> d-------- C:\Program Files\Common Files\HP
    2008-02-07 00:25 . 2008-02-07 00:25 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
    2008-02-07 00:23 . 2007-03-17 17:11 675,840 --a------ C:\Windows\System32\hpowiax3.dll
    2008-02-07 00:23 . 2007-03-17 17:11 569,344 --a------ C:\Windows\System32\hpotscl3.dll
    2008-02-07 00:23 . 2007-03-08 05:20 364,544 --a------ C:\Windows\System32\hppldcoi.dll
    2008-02-07 00:23 . 2007-03-08 05:20 309,760 --a------ C:\Windows\System32\difxapi.dll
    2008-02-07 00:23 . 2007-03-17 17:11 303,104 --a------ C:\Windows\System32\hpovst10.dll
    2008-02-07 00:23 . 2007-03-30 16:07 267,864 --a------ C:\Windows\System32\hpzids01.dll
    2008-02-07 00:23 . 2007-03-28 14:01 117,760 --a------ C:\Windows\System32\hpzll5ha.dll
    2008-02-07 00:22 . 2008-02-07 00:28 <DIR> d-------- C:\Program Files\HP
    2008-02-07 00:21 . 2008-02-07 00:31 159,490 --a------ C:\Windows\hpoins14.dat
    2008-02-07 00:21 . 2007-06-06 00:07 2,000 --------- C:\Windows\hpomdl14.dat
    2008-02-07 00:20 . 2008-02-07 00:31 <DIR> d-------- C:\Users\All Users\HP
    2008-02-07 00:20 . 2008-02-07 00:31 <DIR> d-------- C:\ProgramData\HP
    2008-02-05 04:52 . 2008-02-05 04:52 <DIR> d-------- C:\Program Files\Easiestutils

    .
    (((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-13 05:19 --------- d-----w C:\Users\usuario\AppData\Roaming\Skype
    2008-02-13 02:07 943,800 ----a-w C:\Windows\System32\winload.exe
    2008-02-13 02:07 905,400 ----a-w C:\Windows\System32\winresume.exe
    2008-02-13 02:07 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
    2008-02-13 02:07 613,888 ----a-w C:\Windows\System32\wpd_ci.dll
    2008-02-13 02:07 6,656 ----a-w C:\Windows\System32\kbd106n.dll
    2008-02-13 02:07 595,456 ----a-w C:\Windows\System32\schedsvc.dll
    2008-02-13 02:07 558,080 ----a-w C:\Windows\System32\oleaut32.dll
    2008-02-13 02:07 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
    2008-02-13 02:07 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
    2008-02-13 02:07 39,424 ----a-w C:\Windows\System32\lodctr.exe
    2008-02-13 02:07 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
    2008-02-13 02:07 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
    2008-02-13 02:07 35,328 ----a-w C:\Windows\System32\dispci.dll
    2008-02-13 02:07 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
    2008-02-13 02:07 32,256 ----a-w C:\Windows\System32\unlodctr.exe
    2008-02-13 02:07 260,096 ----a-w C:\Windows\System32\dpx.dll
    2008-02-13 02:07 23,552 ----a-w C:\Windows\System32\nshhttp.dll
    2008-02-13 02:07 224,824 ----a-w C:\Windows\System32\clfs.sys
    2008-02-13 02:07 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll
    2008-02-13 02:07 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
    2008-02-13 02:07 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll
    2008-02-13 02:07 17,408 ----a-w C:\Windows\System32\prflbmsg.dll
    2008-02-13 02:07 12,800 ----a-w C:\Windows\System32\batt.dll
    2008-02-13 02:07 115,200 ----a-w C:\Windows\System32\loadperf.dll
    2008-02-13 02:07 101,888 ----a-w C:\Windows\System32\drvinst.exe
    2008-02-13 02:07 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
    2008-02-13 02:04 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-02-13 02:04 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-02-13 02:04 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
    2008-02-13 02:04 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-02-13 02:04 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-02-13 02:04 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-02-13 02:04 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-02-13 02:04 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-02-13 02:04 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-02-13 02:04 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
    2008-02-13 02:04 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-02-13 02:04 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-02-13 02:04 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-02-13 02:04 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
    2008-02-13 02:04 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
    2008-02-13 02:04 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
    2008-02-13 02:04 1,686,528 ----a-w C:\Windows\System32\gameux.dll
    2008-02-13 02:01 824,832 ----a-w C:\Windows\System32\wininet.dll
    2008-02-13 02:01 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-13 02:01 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-13 02:01 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-09 10:48 --------- d-----w C:\ProgramData\mcache
    2008-02-09 04:52 --------- d-----w C:\Program Files\Winamp
    2008-02-09 03:15 --------- d-----w C:\Users\usuario\AppData\Roaming\uTorrent
    2008-02-08 23:36 --------- d-----w C:\Program Files\Trend Micro
    2008-02-07 08:31 --------- d-----w C:\ProgramData\Trend Micro
    2008-01-10 05:02 --------- d-----w C:\Program Files\Windows Sidebar
    2008-01-10 05:02 --------- d-----w C:\Program Files\Windows Mail
    2008-01-10 02:02 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
    2008-01-10 02:02 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
    2008-01-10 02:01 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2008-01-08 01:44 --------- d-----w C:\Program Files\PacificPoker4
    2008-01-06 12:15 --------- d-----w C:\Users\usuario\AppData\Roaming\foobar2000
    2008-01-06 10:21 --------- d-----w C:\Program Files\foobar2000
    2007-12-30 08:27 --------- d-----w C:\Program Files\SecondLife
    2007-12-30 08:25 --------- d-----w C:\Users\usuario\AppData\Roaming\SecondLife
    2007-12-18 00:46 --------- d-----w C:\Program Files\KWMUSIC
    2007-12-14 10:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe
    2007-12-12 02:05 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2007-12-12 02:04 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2007-12-12 02:04 223,232 ----a-w C:\Windows\System32\WMASF.DLL
    2007-11-25 02:03 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
    2007-11-25 02:03 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
    2007-11-25 02:03 542,720 ----a-w C:\Windows\System32\sysmain.dll
    2007-11-25 02:03 502,784 ----a-w C:\Windows\System32\wlansvc.dll
    2007-11-25 02:03 47,104 ----a-w C:\Windows\System32\wlanapi.dll
    2007-11-25 02:03 297,984 ----a-w C:\Windows\System32\wlansec.dll
    2007-11-25 02:03 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
    2007-11-25 02:03 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
    2007-11-25 02:03 2,923,520 ----a-w C:\Windows\explorer.exe
    2007-11-25 02:03 2,027,008 ----a-w C:\Windows\System32\win32k.sys
    2007-11-25 02:01 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
    2007-09-03 13:08 174 --sha-w C:\Program Files\desktop.ini
    2007-07-26 14:32 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2007-07-26 14:32 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2007-07-26 14:32 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .

    ((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
    2007-03-02 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {5CBE3B7C-1E47-477E-A7DD-396DB0476E29}
    {E7620C98-FCCC-40E5-92EC-C7685D2E1E40}
    {EF99BD32-C1FB-11D2-892F-0090271D4F88}

    [HKEY_CLASSES_ROOT\clsid\{e7620c98-fccc-40e5-92ec-c7685d2e1e40}]
    [HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]
    [HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 03:01 1232896]
    "????r"="" []
    "?????????"="??????????????e" []
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 14:30 249856]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 16:43 4670704]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03 152872]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24 167368]
    "TrendSecure Remote File Lock"="C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe" [2007-10-31 17:47 435536]
    "OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2007-11-06 10:47 492808]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-05 02:12 1006264]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 16:07 4390912 C:\Windows\RtHDVCpl.exe]
    "Acer Tour"="" []
    "Acer Empowering Technology Monitor"="C:\Windows\system32\SysMonitor.exe" [2006-11-23 15:24 319488]
    "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48 57344]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 07:26 453120]
    "eRecoveryService"="" []
    "eDSMSNfix"="C:\Acer\Empowering Technology\eDSMSNfix.exe" [2007-02-09 00:40 13312]
    "WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" [ ]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-11 21:28 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-11 21:28 8497696]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-11 21:28 81920]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
    "UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-11-06 10:47 1393928]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
    Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-26 15:30:13 528384]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

    R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2006-11-10 14:10]
    R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2006-11-10 14:21]
    R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2006-11-08 15:11]
    R0 UBHelper;UBHelper;C:\Windows\system32\drivers\UBHelper.sys [2006-08-29 03:30]
    R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\system32\DRIVERS\tmlwf.sys [2007-11-06 10:47]
    R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 17:12]
    R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\system32\DRIVERS\tmwfp.sys [2007-11-06 10:47]
    R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-09 02:52]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce43aacc-81b0-11dc-8495-0019215aed5d}]
    \shell\AutoRun\command - J:\Setupx.exe

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-13 06:33:00
    Windows 6.0.6000 NTFS

    escaneando procesos ocultos ...

    escaneando entradas ocultas de autostart ...

    escaneando archivos ocultos ...

    el escaneo se completo con exito
    archivos ocultos: 0

    **************************************************************************
    .
    Tiempo completado: 2008-02-13 6:34:05
    ComboFix-quarantined-files.txt 2008-02-13 05:34:02
    ComboFix2.txt 2008-02-10 21:53:45
    ComboFix3.txt 2008-02-09 03:09:44
    .
    2008-02-13 02:09:35 --- E O F ---

    et voici le rapport hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:48:41, on 13/02/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\SysMonitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Acer\Empowering Technology\EDSMSNFIX.EXE
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
    C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://es.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://es.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://es.rd.yahoo.com/customize/ycomp/defaults/su/*https://es.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: TSToolbarBHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
    O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [?????????] ??????????????e
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
    O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Portafolios de HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Selección inteligente de HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-be.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/fr/TSEasyInstallX.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Programador de LiveUpdate automático - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
    0
  18. g!rly Messages postés 18462 Statut Contributeur 407
     
    Salut efra,

    c´est mieux mais il reste toujours cette entrée inconnue.

    O4 - HKCU\..\Run: [?????????] ??????????????e

    il va faloire que tu m´aides un peu...

    fais ceci appuie sur la touche windows et sur "r" en meme temps, ca va ouvrir la boite executer, dans cette boite tu tape :

    msconfig et valide par ok, dans cette nouvelle fenetre tu devrais avoir un onglet "demarrage"

    dis moi dans la fentre de l´onglet demarrage si tu voie quelque chose qui ressemble a ceci :

    [?????????] ??????????????e et surtout si tu y voies des infos supplémentaires dessus.

    ps : assures toi que ton antivirus est bien activé.

    @+
    0