Sujet Précédent Sujet Suivant

Rapport hijack this

Fermé
efra - 9 févr. 2008 à 00:43
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 13 févr. 2008 à 20:41
Bonjour,
voici le rapport hijack this. quelle est la prochaine etape?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:40:04, on 9/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Video Add-on\icmntr.exe
C:\Acer\Empowering Technology\EDSMSNFIX.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WinAnonymous\GDC.exe
C:\Program Files\Common Files\WinAnonymous\stm.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\WinAnonymous\data\GDCW.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Users\usuario\AppData\Local\bdhswbfrui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\svchost.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://es.rd.yahoo.com/customize/ycomp/defaults/sp/*https://es.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://es.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://es.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://es.rd.yahoo.com/customize/ycomp/defaults/su/*https://es.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: TSToolbarBHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\Video Add-on\isfmdl.dll
O2 - BHO: e404mgr Class - {F10587E9-0E47-4CBE-ABCD-7DD20B862223} - C:\Program Files\Helper\1202361573.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: IE Custom Tools - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - C:\Program Files\Video Add-on\ictmdl.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinAnonymous] C:\Program Files\WinAnonymous\GDC.exe
O4 - HKLM\..\Run: [gdcw] C:\Program Files\WinAnonymous\data\GDCW.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAnonymous\stm.exe" dm=http://winanonymous.com ad=http://winanonymous.com sd=http://ilp.winanonymous.com
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [bdhswbfrui] c:\users\usuario\appdata\local\bdhswbfrui.exe bdhswbfrui
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Portafolios de HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Selección inteligente de HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/fr-fr/wlscctrl2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-be.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/fr/TSEasyInstallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SpyHunter3 Service - Enigma Software Group, Inc. - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

17 réponses

Réponse 1 / 17
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
9 févr. 2008 à 00:56
salut,

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

@+
0
efra
9 févr. 2008 à 04:29
salut g!rly! voila finalement j'ai reussi à faire fonctionner combofix, voici le rapport! je suis en espagne donc il y a quelques details en espagnol, mais rien qui pose probleme à la compréhension du rapport je pense! ;-) Que dois-je faire ensuite?



ComboFix 08-02.05.3 - usuario 2008-02-09 4:05:31.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.34.3082.18.760 [GMT 1:00]
Se ejecuta desde: C:\Users\usuario\Desktop\ComboFix.exe
* Creado un nuevo punto de restauración
.
[color=purple]The following files were disabled during the run:[/color]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Helper
C:\Program Files\internetgamebox
C:\Program Files\internetgamebox\Conditions générales.url
C:\Program Files\internetgamebox\Confidentialité.url
C:\Program Files\internetgamebox\InternetGameBox.exe
C:\Program Files\internetgamebox\language
C:\Program Files\internetgamebox\ressources\AttenteOff.html
C:\Program Files\internetgamebox\ressources\AttenteOn.html
C:\Program Files\internetgamebox\ressources\configv2_en.xml
C:\Program Files\internetgamebox\ressources\configv2_es.xml
C:\Program Files\internetgamebox\ressources\configv2_fr.xml
C:\Program Files\internetgamebox\ressources\favoris\defaultv2.swf
C:\Program Files\internetgamebox\skins\skinv2.skn
C:\Program Files\internetgamebox\uninst.exe
C:\Program Files\internetgamebox\Website.url
C:\Program Files\Video Add-on
C:\Program Files\Video Add-on\icmntr.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\ictmdl.dll
C:\Program Files\Video Add-on\isfmdl.dll
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Conditions générales.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Confidentialité.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\InternetGameBox.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Website.lnk
c:\Users\usuario\AppData\Local\bdhswbfrui.dat
c:\users\usuario\appdata\local\bdhswbfrui.exe
c:\Users\usuario\AppData\Local\bdhswbfrui_navps.dat
C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InternetGameBox
C:\Users\usuario\Desktop\internetgamebox.lnk
C:\Windows\system32\AutoRun.inf
C:\Windows\system32\nvs2.inf

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com
.
(((((((((((((((((( Archivos creados desde 2008-01-09 - 2008-02-09 )))))))))))))))))))))))))))))))))
.

2008-02-09 02:02 . 2008-02-09 02:02 <DIR> d-------- C:\Users\usuario\AppData\Roaming\AntiSpyware
2008-02-09 00:26 . 2008-02-09 00:26 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
2008-02-09 00:26 . 2008-02-09 00:26 <DIR> d-------- C:\ProgramData\Yahoo! Companion
2008-02-08 23:56 . 2008-02-08 23:57 <DIR> d-------- C:\Program Files\CCleaner
2008-02-08 23:31 . 2008-02-08 23:36 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-02-08 23:26 . 2008-02-08 23:33 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-02-08 22:43 . 2008-02-08 22:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-08 00:36 . 2008-02-08 00:36 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-07 08:32 . 2008-02-07 08:32 <DIR> d-------- C:\Windows\LocalSSL
2008-02-07 08:03 . 2008-02-07 08:03 543,232 --a------ C:\Windows\System32\FWPUCLNT.DLL
2008-02-07 08:03 . 2008-02-07 08:03 416,768 --a------ C:\Windows\System32\IKEEXT.DLL
2008-02-07 08:03 . 2008-02-07 08:03 317,440 --a------ C:\Windows\System32\BFE.DLL
2008-02-07 08:03 . 2008-02-07 08:03 84,992 --a------ C:\Windows\System32\drivers\FWPKCLNT.SYS
2008-02-07 07:52 . 2008-02-07 07:52 <DIR> d-------- C:\Users\usuario\AppData\Roaming\WinAnonymous
2008-02-07 07:47 . 2008-02-07 07:47 <DIR> d-------- C:\Users\All Users\WinAnonymous
2008-02-07 07:47 . 2008-02-07 07:47 <DIR> d-------- C:\ProgramData\WinAnonymous
2008-02-07 07:47 . 2008-02-07 07:52 <DIR> d-------- C:\Program Files\WinAnonymous
2008-02-07 07:47 . 2008-02-07 07:47 <DIR> d-------- C:\Program Files\Common Files\WinAnonymous
2008-02-07 07:47 . 2007-02-13 08:09 388,126 --a------ C:\Windows\System32\sqlite3.dll
2008-02-07 07:47 . 2008-02-07 07:46 205,064 --a------ C:\Users\usuario\AppData\Roaming\installer_en[1].exe
2008-02-07 06:46 . 2008-02-08 21:19 <DIR> d-a------ C:\Users\All Users\TEMP
2008-02-07 06:46 . 2008-02-08 21:19 <DIR> d-a------ C:\ProgramData\TEMP
2008-02-07 06:37 . 2008-02-07 07:17 <DIR> d-------- C:\Program Files\AntiSpywareShield
2008-02-07 06:19 . 2008-02-07 10:33 <DIR> d-------- C:\Program Files\Sotfone
2008-02-07 00:42 . 2008-02-07 00:43 <DIR> d-------- C:\Users\usuario\AppData\Roaming\HP
2008-02-07 00:36 . 2008-02-07 00:36 <DIR> d-------- C:\Users\All Users\WEBREG
2008-02-07 00:36 . 2008-02-07 00:36 <DIR> d-------- C:\ProgramData\WEBREG
2008-02-07 00:31 . 2008-02-07 00:31 <DIR> d-------- C:\Users\All Users\Hewlett-Packard
2008-02-07 00:31 . 2008-02-07 00:31 <DIR> d-------- C:\ProgramData\Hewlett-Packard
2008-02-07 00:28 . 2008-02-07 00:28 <DIR> d-------- C:\Users\usuario\AppData\Roaming\HPAppData
2008-02-07 00:28 . 2008-02-07 00:28 <DIR> d-------- C:\Users\All Users\HPSSUPPLY
2008-02-07 00:28 . 2008-02-07 00:28 <DIR> d-------- C:\ProgramData\HPSSUPPLY
2008-02-07 00:27 . 2008-02-07 00:27 <DIR> d-------- C:\Users\All Users\HP Product Assistant
2008-02-07 00:27 . 2008-02-07 00:27 <DIR> d-------- C:\ProgramData\HP Product Assistant
2008-02-07 00:26 . 2008-02-07 00:26 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-02-07 00:26 . 2008-02-07 00:26 <DIR> d-------- C:\Program Files\Common Files\HP
2008-02-07 00:25 . 2008-02-07 00:25 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-02-07 00:23 . 2007-03-17 17:11 675,840 --a------ C:\Windows\System32\hpowiax3.dll
2008-02-07 00:23 . 2007-03-17 17:11 569,344 --a------ C:\Windows\System32\hpotscl3.dll
2008-02-07 00:23 . 2007-03-08 05:20 364,544 --a------ C:\Windows\System32\hppldcoi.dll
2008-02-07 00:23 . 2007-03-08 05:20 309,760 --a------ C:\Windows\System32\difxapi.dll
2008-02-07 00:23 . 2007-03-17 17:11 303,104 --a------ C:\Windows\System32\hpovst10.dll
2008-02-07 00:23 . 2007-03-30 16:07 267,864 --a------ C:\Windows\System32\hpzids01.dll
2008-02-07 00:23 . 2007-03-28 14:01 117,760 --a------ C:\Windows\System32\hpzll5ha.dll
2008-02-07 00:22 . 2008-02-07 00:28 <DIR> d-------- C:\Program Files\HP
2008-02-07 00:21 . 2008-02-07 00:31 159,490 --a------ C:\Windows\hpoins14.dat
2008-02-07 00:21 . 2007-06-06 00:07 2,000 --------- C:\Windows\hpomdl14.dat
2008-02-07 00:20 . 2008-02-07 00:31 <DIR> d-------- C:\Users\All Users\HP
2008-02-07 00:20 . 2008-02-07 00:31 <DIR> d-------- C:\ProgramData\HP
2008-02-05 04:52 . 2008-02-05 04:52 <DIR> d-------- C:\Program Files\Easiestutils
2008-01-10 03:04 . 2008-01-10 03:04 804,352 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-10 03:04 . 2008-01-10 03:04 217,272 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-10 03:04 . 2008-01-10 03:04 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-10 03:04 . 2008-01-10 03:04 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-10 03:04 . 2008-01-10 03:04 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-10 03:02 . 2008-01-10 03:02 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-10 03:02 . 2008-01-10 03:02 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-10 03:02 . 2008-01-10 03:02 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-10 03:02 . 2008-01-10 03:02 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-10 03:02 . 2008-01-10 03:02 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-10 03:02 . 2008-01-10 03:02 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-10 03:02 . 2008-01-10 03:02 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-10 03:02 . 2008-01-10 03:02 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-10 03:02 . 2008-01-10 03:02 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-01-10 03:01 . 2008-01-10 03:01 11,776 --a------ C:\Windows\System32\sbunattend.exe

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-09 03:07 --------- d-----w C:\Users\usuario\AppData\Roaming\uTorrent
2008-02-09 02:51 --------- d-----w C:\Users\usuario\AppData\Roaming\Skype
2008-02-08 23:36 --------- d-----w C:\Program Files\Trend Micro
2008-02-07 08:31 --------- d-----w C:\ProgramData\Trend Micro
2008-02-07 06:27 --------- d-----w C:\Program Files\AskTBar
2008-01-10 05:02 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-10 05:02 --------- d-----w C:\Program Files\Windows Mail
2008-01-10 02:02 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-10 02:02 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-10 02:02 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-10 02:02 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-08 01:44 --------- d-----w C:\Program Files\PacificPoker4
2008-01-06 12:15 --------- d-----w C:\Users\usuario\AppData\Roaming\foobar2000
2008-01-06 10:21 --------- d-----w C:\Program Files\foobar2000
2007-12-30 08:27 --------- d-----w C:\Program Files\SecondLife
2007-12-30 08:25 --------- d-----w C:\Users\usuario\AppData\Roaming\SecondLife
2007-12-20 01:13 --------- d-----w C:\ProgramData\mcache
2007-12-18 00:46 --------- d-----w C:\Program Files\KWMUSIC
2007-12-12 05:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-12 02:05 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-12 02:04 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 02:04 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 02:03 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-12 02:03 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-12 02:03 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-12 02:03 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-12 02:03 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-12 02:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-12 02:03 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-12 02:03 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-12 02:01 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-12 02:01 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-10 06:24 --------- d-----w C:\Program Files\MSECache
2007-11-25 02:03 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-25 02:03 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-25 02:03 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-25 02:03 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-25 02:03 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-25 02:03 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-25 02:03 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-25 02:03 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-25 02:03 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-25 02:03 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-25 02:01 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-09-03 13:08 174 --sha-w C:\Program Files\desktop.ini
2007-07-26 14:32 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-07-26 14:32 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-07-26 14:32 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
2007-03-02 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-ABCD-7DD20B862223}]
C:\Program Files\Helper\1202361573.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}
{8113B5DE-F7EB-4154-A311-497FB80D8BD0}
{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}

[HKEY_CLASSES_ROOT\clsid\{8113b5de-f7eb-4154-a311-497fb80d8bd0}]

[HKEY_CLASSES_ROOT\clsid\{e7620c98-fccc-40e5-92ec-c7685d2e1e40}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{8113B5DE-F7EB-4154-A311-497FB80D8BD0}"= C:\Program Files\Video Add-on\ictmdl.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{8113b5de-f7eb-4154-a311-497fb80d8bd0}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 03:01 1232896]
"????r"="" []
"?????????"="??????????????e" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 14:30 249856]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 16:43 4670704]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03 152872]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24 167368]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"AntiSpywareShield"="C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe" [2008-02-07 06:37 441344]
"TrendSecure Remote File Lock"="C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe" [2007-10-31 17:47 435536]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2007-11-06 10:47 492808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-05 02:12 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 16:07 4390912 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Windows\system32\SysMonitor.exe" [2006-11-23 15:24 319488]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48 57344]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 07:26 453120]
"eRecoveryService"="" []
"eDSMSNfix"="C:\Acer\Empowering Technology\eDSMSNfix.exe" [2007-02-09 00:40 13312]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
"WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" [ ]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-11 21:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-11 21:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-11 21:28 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"WinAnonymous"="C:\Program Files\WinAnonymous\GDC.exe" [2008-01-24 16:20 1825280]
"gdcw"="C:\Program Files\WinAnonymous\data\GDCW.exe" [2007-12-25 16:07 81920]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-11-06 10:47 1393928]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe" [2008-01-23 14:48 344064]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-26 15:30:13 528384]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
C:\Program Files\AdVantage\AdVantage.exe

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2006-11-10 14:10]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2006-11-10 14:21]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2006-11-08 15:11]
R0 UBHelper;UBHelper;C:\Windows\system32\drivers\UBHelper.sys [2006-08-29 03:30]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\system32\DRIVERS\tmlwf.sys [2007-11-06 10:47]
R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 17:12]
R2 SpyHunter3 Service;SpyHunter3 Service;"C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe" [2008-01-23 14:48]
R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\system32\DRIVERS\tmwfp.sys [2007-11-06 10:47]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-09 02:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\Auto\command - AdobeR.exe e
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce43aacc-81b0-11dc-8495-0019215aed5d}]
\shell\AutoRun\command - J:\Setupx.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-09 04:08:33
Windows 6.0.6000 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

**************************************************************************
.
--------------------- DLLs cargados bajo los procesos en ejecución ---------------------

PROCESS: C:\Windows\system32\winlogon.exe [6.00.6000.16386]
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

PROCESS: C:\Windows\system32\lsass.exe [6.00.6000.16386]
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
.
Tiempo completado: 2008-02-09 4:09:43
ComboFix-quarantined-files.txt 2008-02-09 03:09:40
.
2008-01-10 02:05:00 --- E O F ---
0
Réponse 2 / 17
efra
9 févr. 2008 à 03:16
salut, lorsque je double click sur combofix, une fenetre bleu et vide s'ouvre, et trend micro internet security en ouvre une aussi en me disant qu'il a detecté un virus et l'a mit en quarantaine. et si je tape sur la touche 1 il ne se passe absolument rien. dois je enlever trend micro ? merci d'avance.
0
Réponse 3 / 17
efra
9 févr. 2008 à 04:32
voici le rapport combofix:


ComboFix 08-02.05.3 - usuario 2008-02-09 4:05:31.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.34.3082.18.760 [GMT 1:00]
Se ejecuta desde: C:\Users\usuario\Desktop\ComboFix.exe
* Creado un nuevo punto de restauración
.
[color=purple]The following files were disabled during the run:[/color]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Helper
C:\Program Files\internetgamebox
C:\Program Files\internetgamebox\Conditions générales.url
C:\Program Files\internetgamebox\Confidentialité.url
C:\Program Files\internetgamebox\InternetGameBox.exe
C:\Program Files\internetgamebox\language
C:\Program Files\internetgamebox\ressources\AttenteOff.html
C:\Program Files\internetgamebox\ressources\AttenteOn.html
C:\Program Files\internetgamebox\ressources\configv2_en.xml
C:\Program Files\internetgamebox\ressources\configv2_es.xml
C:\Program Files\internetgamebox\ressources\configv2_fr.xml
C:\Program Files\internetgamebox\ressources\favoris\defaultv2.swf
C:\Program Files\internetgamebox\skins\skinv2.skn
C:\Program Files\internetgamebox\uninst.exe
C:\Program Files\internetgamebox\Website.url
C:\Program Files\Video Add-on
C:\Program Files\Video Add-on\icmntr.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\ictmdl.dll
C:\Program Files\Video Add-on\isfmdl.dll
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Conditions générales.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Confidentialité.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\InternetGameBox.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Website.lnk
c:\Users\usuario\AppData\Local\bdhswbfrui.dat
c:\users\usuario\appdata\local\bdhswbfrui.exe
c:\Users\usuario\AppData\Local\bdhswbfrui_navps.dat
C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InternetGameBox
C:\Users\usuario\Desktop\internetgamebox.lnk
C:\Windows\system32\AutoRun.inf
C:\Windows\system32\nvs2.inf

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com
.
(((((((((((((((((( Archivos creados desde 2008-01-09 - 2008-02-09 )))))))))))))))))))))))))))))))))
.

2008-02-09 02:02 . 2008-02-09 02:02 <DIR> d-------- C:\Users\usuario\AppData\Roaming\AntiSpyware
2008-02-09 00:26 . 2008-02-09 00:26 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
2008-02-09 00:26 . 2008-02-09 00:26 <DIR> d-------- C:\ProgramData\Yahoo! Companion
2008-02-08 23:56 . 2008-02-08 23:57 <DIR> d-------- C:\Program Files\CCleaner
2008-02-08 23:31 . 2008-02-08 23:36 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-02-08 23:26 . 2008-02-08 23:33 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-02-08 22:43 . 2008-02-08 22:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-08 00:36 . 2008-02-08 00:36 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-07 08:32 . 2008-02-07 08:32 <DIR> d-------- C:\Windows\LocalSSL
2008-02-07 08:03 . 2008-02-07 08:03 543,232 --a------ C:\Windows\System32\FWPUCLNT.DLL
2008-02-07 08:03 . 2008-02-07 08:03 416,768 --a------ C:\Windows\System32\IKEEXT.DLL
2008-02-07 08:03 . 2008-02-07 08:03 317,440 --a------ C:\Windows\System32\BFE.DLL
2008-02-07 08:03 . 2008-02-07 08:03 84,992 --a------ C:\Windows\System32\drivers\FWPKCLNT.SYS
2008-02-07 07:52 . 2008-02-07 07:52 <DIR> d-------- C:\Users\usuario\AppData\Roaming\WinAnonymous
2008-02-07 07:47 . 2008-02-07 07:47 <DIR> d-------- C:\Users\All Users\WinAnonymous
2008-02-07 07:47 . 2008-02-07 07:47 <DIR> d-------- C:\ProgramData\WinAnonymous
2008-02-07 07:47 . 2008-02-07 07:52 <DIR> d-------- C:\Program Files\WinAnonymous
2008-02-07 07:47 . 2008-02-07 07:47 <DIR> d-------- C:\Program Files\Common Files\WinAnonymous
2008-02-07 07:47 . 2007-02-13 08:09 388,126 --a------ C:\Windows\System32\sqlite3.dll
2008-02-07 07:47 . 2008-02-07 07:46 205,064 --a------ C:\Users\usuario\AppData\Roaming\installer_en[1].exe
2008-02-07 06:46 . 2008-02-08 21:19 <DIR> d-a------ C:\Users\All Users\TEMP
2008-02-07 06:46 . 2008-02-08 21:19 <DIR> d-a------ C:\ProgramData\TEMP
2008-02-07 06:37 . 2008-02-07 07:17 <DIR> d-------- C:\Program Files\AntiSpywareShield
2008-02-07 06:19 . 2008-02-07 10:33 <DIR> d-------- C:\Program Files\Sotfone
2008-02-07 00:42 . 2008-02-07 00:43 <DIR> d-------- C:\Users\usuario\AppData\Roaming\HP
2008-02-07 00:36 . 2008-02-07 00:36 <DIR> d-------- C:\Users\All Users\WEBREG
2008-02-07 00:36 . 2008-02-07 00:36 <DIR> d-------- C:\ProgramData\WEBREG
2008-02-07 00:31 . 2008-02-07 00:31 <DIR> d-------- C:\Users\All Users\Hewlett-Packard
2008-02-07 00:31 . 2008-02-07 00:31 <DIR> d-------- C:\ProgramData\Hewlett-Packard
2008-02-07 00:28 . 2008-02-07 00:28 <DIR> d-------- C:\Users\usuario\AppData\Roaming\HPAppData
2008-02-07 00:28 . 2008-02-07 00:28 <DIR> d-------- C:\Users\All Users\HPSSUPPLY
2008-02-07 00:28 . 2008-02-07 00:28 <DIR> d-------- C:\ProgramData\HPSSUPPLY
2008-02-07 00:27 . 2008-02-07 00:27 <DIR> d-------- C:\Users\All Users\HP Product Assistant
2008-02-07 00:27 . 2008-02-07 00:27 <DIR> d-------- C:\ProgramData\HP Product Assistant
2008-02-07 00:26 . 2008-02-07 00:26 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-02-07 00:26 . 2008-02-07 00:26 <DIR> d-------- C:\Program Files\Common Files\HP
2008-02-07 00:25 . 2008-02-07 00:25 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-02-07 00:23 . 2007-03-17 17:11 675,840 --a------ C:\Windows\System32\hpowiax3.dll
2008-02-07 00:23 . 2007-03-17 17:11 569,344 --a------ C:\Windows\System32\hpotscl3.dll
2008-02-07 00:23 . 2007-03-08 05:20 364,544 --a------ C:\Windows\System32\hppldcoi.dll
2008-02-07 00:23 . 2007-03-08 05:20 309,760 --a------ C:\Windows\System32\difxapi.dll
2008-02-07 00:23 . 2007-03-17 17:11 303,104 --a------ C:\Windows\System32\hpovst10.dll
2008-02-07 00:23 . 2007-03-30 16:07 267,864 --a------ C:\Windows\System32\hpzids01.dll
2008-02-07 00:23 . 2007-03-28 14:01 117,760 --a------ C:\Windows\System32\hpzll5ha.dll
2008-02-07 00:22 . 2008-02-07 00:28 <DIR> d-------- C:\Program Files\HP
2008-02-07 00:21 . 2008-02-07 00:31 159,490 --a------ C:\Windows\hpoins14.dat
2008-02-07 00:21 . 2007-06-06 00:07 2,000 --------- C:\Windows\hpomdl14.dat
2008-02-07 00:20 . 2008-02-07 00:31 <DIR> d-------- C:\Users\All Users\HP
2008-02-07 00:20 . 2008-02-07 00:31 <DIR> d-------- C:\ProgramData\HP
2008-02-05 04:52 . 2008-02-05 04:52 <DIR> d-------- C:\Program Files\Easiestutils
2008-01-10 03:04 . 2008-01-10 03:04 804,352 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-10 03:04 . 2008-01-10 03:04 217,272 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-10 03:04 . 2008-01-10 03:04 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-10 03:04 . 2008-01-10 03:04 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-10 03:04 . 2008-01-10 03:04 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-10 03:02 . 2008-01-10 03:02 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-10 03:02 . 2008-01-10 03:02 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-10 03:02 . 2008-01-10 03:02 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-10 03:02 . 2008-01-10 03:02 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-10 03:02 . 2008-01-10 03:02 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-10 03:02 . 2008-01-10 03:02 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-10 03:02 . 2008-01-10 03:02 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-10 03:02 . 2008-01-10 03:02 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-10 03:02 . 2008-01-10 03:02 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-01-10 03:01 . 2008-01-10 03:01 11,776 --a------ C:\Windows\System32\sbunattend.exe

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-09 03:07 --------- d-----w C:\Users\usuario\AppData\Roaming\uTorrent
2008-02-09 02:51 --------- d-----w C:\Users\usuario\AppData\Roaming\Skype
2008-02-08 23:36 --------- d-----w C:\Program Files\Trend Micro
2008-02-07 08:31 --------- d-----w C:\ProgramData\Trend Micro
2008-02-07 06:27 --------- d-----w C:\Program Files\AskTBar
2008-01-10 05:02 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-10 05:02 --------- d-----w C:\Program Files\Windows Mail
2008-01-10 02:02 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-10 02:02 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-10 02:02 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-10 02:02 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-08 01:44 --------- d-----w C:\Program Files\PacificPoker4
2008-01-06 12:15 --------- d-----w C:\Users\usuario\AppData\Roaming\foobar2000
2008-01-06 10:21 --------- d-----w C:\Program Files\foobar2000
2007-12-30 08:27 --------- d-----w C:\Program Files\SecondLife
2007-12-30 08:25 --------- d-----w C:\Users\usuario\AppData\Roaming\SecondLife
2007-12-20 01:13 --------- d-----w C:\ProgramData\mcache
2007-12-18 00:46 --------- d-----w C:\Program Files\KWMUSIC
2007-12-12 05:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-12 02:05 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-12 02:04 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 02:04 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 02:03 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-12 02:03 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-12 02:03 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-12 02:03 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-12 02:03 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-12 02:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-12 02:03 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-12 02:03 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-12 02:01 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-12 02:01 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-10 06:24 --------- d-----w C:\Program Files\MSECache
2007-11-25 02:03 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-25 02:03 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-25 02:03 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-25 02:03 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-25 02:03 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-25 02:03 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-25 02:03 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-25 02:03 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-25 02:03 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-25 02:03 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-25 02:01 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-09-03 13:08 174 --sha-w C:\Program Files\desktop.ini
2007-07-26 14:32 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-07-26 14:32 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-07-26 14:32 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
2007-03-02 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-ABCD-7DD20B862223}]
C:\Program Files\Helper\1202361573.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}
{8113B5DE-F7EB-4154-A311-497FB80D8BD0}
{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}

[HKEY_CLASSES_ROOT\clsid\{8113b5de-f7eb-4154-a311-497fb80d8bd0}]

[HKEY_CLASSES_ROOT\clsid\{e7620c98-fccc-40e5-92ec-c7685d2e1e40}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{8113B5DE-F7EB-4154-A311-497FB80D8BD0}"= C:\Program Files\Video Add-on\ictmdl.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{8113b5de-f7eb-4154-a311-497fb80d8bd0}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 03:01 1232896]
"????r"="" []
"?????????"="??????????????e" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 14:30 249856]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 16:43 4670704]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03 152872]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24 167368]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"AntiSpywareShield"="C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe" [2008-02-07 06:37 441344]
"TrendSecure Remote File Lock"="C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe" [2007-10-31 17:47 435536]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2007-11-06 10:47 492808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-05 02:12 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 16:07 4390912 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Windows\system32\SysMonitor.exe" [2006-11-23 15:24 319488]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48 57344]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 07:26 453120]
"eRecoveryService"="" []
"eDSMSNfix"="C:\Acer\Empowering Technology\eDSMSNfix.exe" [2007-02-09 00:40 13312]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
"WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" [ ]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-11 21:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-11 21:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-11 21:28 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"WinAnonymous"="C:\Program Files\WinAnonymous\GDC.exe" [2008-01-24 16:20 1825280]
"gdcw"="C:\Program Files\WinAnonymous\data\GDCW.exe" [2007-12-25 16:07 81920]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-11-06 10:47 1393928]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe" [2008-01-23 14:48 344064]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-26 15:30:13 528384]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
C:\Program Files\AdVantage\AdVantage.exe

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2006-11-10 14:10]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2006-11-10 14:21]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2006-11-08 15:11]
R0 UBHelper;UBHelper;C:\Windows\system32\drivers\UBHelper.sys [2006-08-29 03:30]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\system32\DRIVERS\tmlwf.sys [2007-11-06 10:47]
R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 17:12]
R2 SpyHunter3 Service;SpyHunter3 Service;"C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe" [2008-01-23 14:48]
R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\system32\DRIVERS\tmwfp.sys [2007-11-06 10:47]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-09 02:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\Auto\command - AdobeR.exe e
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce43aacc-81b0-11dc-8495-0019215aed5d}]
\shell\AutoRun\command - J:\Setupx.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-09 04:08:33
Windows 6.0.6000 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

**************************************************************************
.
--------------------- DLLs cargados bajo los procesos en ejecución ---------------------

PROCESS: C:\Windows\system32\winlogon.exe [6.00.6000.16386]
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

PROCESS: C:\Windows\system32\lsass.exe [6.00.6000.16386]
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
.
Tiempo completado: 2008-02-09 4:09:43
ComboFix-quarantined-files.txt 2008-02-09 03:09:40
.
2008-01-10 02:05:00 --- E O F ---
0
Réponse 4 / 17
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
9 févr. 2008 à 12:03
Salut efra,

Oui bien joué ;-)

C´est pas mal en espagnol aussi ;-)

Post un nouveau hijack this, por favor.

@+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 17
efra
9 févr. 2008 à 22:56
Hola g!rly! ;-) je n'ai plus de symptomes d'infections depuis combofix et mon antivirus ne detecte plus de menaces! merci pour ton aide!!! voici le rapport hijacks this! serait-il trop tôt pour crier victoire?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:40:04, on 9/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Video Add-on\icmntr.exe
C:\Acer\Empowering Technology\EDSMSNFIX.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WinAnonymous\GDC.exe
C:\Program Files\Common Files\WinAnonymous\stm.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\WinAnonymous\data\GDCW.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Users\usuario\AppData\Local\bdhswbfrui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\svchost.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://es.rd.yahoo.com/customize/ycomp/defaults/sp/*https://es.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://es.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://es.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://es.rd.yahoo.com/customize/ycomp/defaults/su/*https://es.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: TSToolbarBHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\Video Add-on\isfmdl.dll
O2 - BHO: e404mgr Class - {F10587E9-0E47-4CBE-ABCD-7DD20B862223} - C:\Program Files\Helper\1202361573.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: IE Custom Tools - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - C:\Program Files\Video Add-on\ictmdl.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinAnonymous] C:\Program Files\WinAnonymous\GDC.exe
O4 - HKLM\..\Run: [gdcw] C:\Program Files\WinAnonymous\data\GDCW.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAnonymous\stm.exe" dm=http://winanonymous.com ad=http://winanonymous.com sd=http://ilp.winanonymous.com
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [bdhswbfrui] c:\users\usuario\appdata\local\bdhswbfrui.exe bdhswbfrui
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Portafolios de HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Selección inteligente de HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/fr-fr/wlscctrl2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-be.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/fr/TSEasyInstallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SpyHunter3 Service - Enigma Software Group, Inc. - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
0
Réponse 6 / 17
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
10 févr. 2008 à 17:54
Hola efra,

y reste pas mal de saloperies dans ton pc...

Copie le texte ci-dessous :

File::
C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
J:\Setupx.exe

Folder::
C:\Program Files\Common Files\Symantec
C:\Program Files\AntiSpywareShield
C:\Program Files\WinAnonymous
C:\Program Files\AskTBar
C:\Program Files\Helper
C:\Program Files\Video Add-on
C:\Program Files\AdVantage

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-ABCD-7DD20B862223}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{8113B5DE-F7EB-4154-A311-497FB80D8BD0}"=-
[-HKEY_CLASSES_ROOT\clsid\{8113b5de-f7eb-4154-a311-497fb80d8bd0}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"=-
"?????????"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"=-
"WinAnonymous"=-
"gdcw"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce43aa cc-81b0-11dc-8495-0019215aed5d}]

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+
0
Réponse 7 / 17
efra
10 févr. 2008 à 23:02
Salt g!rly, ça va? voici le rapport combofix:


ComboFix 08-02.05.3 - usuario 2008-02-10 22:40:59.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.34.3082.18.886 [GMT 1:00]
Se ejecuta desde: C:\Users\usuario\Desktop\ComboFix.exe
Command switches used :: C:\Users\usuario\Desktop\CFScript.txt.txt
* Creado un nuevo punto de restauración

FILE
C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
J:\Setupx.exe
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

J:\Setupx.exe
C:\Program Files\AskTBar
C:\Program Files\AskTBar\bar\Cache\[u]0/u0769E63
C:\Program Files\AskTBar\bar\Cache\[u]0/u076A41D
C:\Program Files\AskTBar\bar\Cache\[u]0/u076A823.bin
C:\Program Files\AskTBar\bar\Cache\[u]0/u076AC95.bin
C:\Program Files\AskTBar\bar\Cache\[u]0/u076B01E.bin
C:\Program Files\AskTBar\bar\Cache\[u]0/u076B240.bin
C:\Program Files\AskTBar\bar\Cache\[u]0/u076B5C9.bin
C:\Program Files\AskTBar\bar\Cache\files.ini
C:\Program Files\AskTBar\bar\History\search2
C:\Program Files\AskTBar\bar\Settings\prevcfg2.htm
C:\Program Files\AskTBar\PopSwatr\History\allowed
C:\Program Files\AskTBar\PopSwatr\History\notallow
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
J:\Setupx.exe

.
(((((((((((((((((( Archivos creados desde 2008-01-10 - 2008-02-10 )))))))))))))))))))))))))))))))))
.

2008-02-09 06:04 . 2008-02-09 06:06 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-02-09 06:04 . 2008-02-09 06:06 <DIR> d-------- C:\ProgramData\Lavasoft
2008-02-09 06:04 . 2008-02-09 06:04 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-09 02:56 . 2006-11-02 10:44 320,000 --a------ C:\kmd.exe
2008-02-09 02:02 . 2008-02-09 02:02 <DIR> d-------- C:\Users\usuario\AppData\Roaming\AntiSpyware
2008-02-09 00:26 . 2008-02-09 00:26 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
2008-02-09 00:26 . 2008-02-09 00:26 <DIR> d-------- C:\ProgramData\Yahoo! Companion
2008-02-08 23:56 . 2008-02-08 23:57 <DIR> d-------- C:\Program Files\CCleaner
2008-02-08 23:31 . 2008-02-08 23:36 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-02-08 23:26 . 2008-02-08 23:33 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-02-08 22:43 . 2008-02-09 06:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-07 08:32 . 2008-02-07 08:32 <DIR> d-------- C:\Windows\LocalSSL
2008-02-07 08:03 . 2008-02-07 08:03 543,232 --a------ C:\Windows\System32\FWPUCLNT.DLL
2008-02-07 08:03 . 2008-02-07 08:03 416,768 --a------ C:\Windows\System32\IKEEXT.DLL
2008-02-07 08:03 . 2008-02-07 08:03 317,440 --a------ C:\Windows\System32\BFE.DLL
2008-02-07 08:03 . 2008-02-07 08:03 84,992 --a------ C:\Windows\System32\drivers\FWPKCLNT.SYS
2008-02-07 07:52 . 2008-02-07 07:52 <DIR> d-------- C:\Users\usuario\AppData\Roaming\WinAnonymous
2008-02-07 07:47 . 2008-02-07 07:47 <DIR> d-------- C:\Users\All Users\WinAnonymous
2008-02-07 07:47 . 2008-02-07 07:47 <DIR> d-------- C:\ProgramData\WinAnonymous
2008-02-07 07:47 . 2008-02-07 07:47 <DIR> d-------- C:\Program Files\Common Files\WinAnonymous
2008-02-07 07:47 . 2008-02-07 07:46 205,064 --a------ C:\Users\usuario\AppData\Roaming\installer_en[1].exe
2008-02-07 06:46 . 2008-02-08 21:19 <DIR> d-a------ C:\Users\All Users\TEMP
2008-02-07 06:46 . 2008-02-08 21:19 <DIR> d-a------ C:\ProgramData\TEMP
2008-02-07 06:19 . 2008-02-07 10:33 <DIR> d-------- C:\Program Files\Sotfone
2008-02-07 00:42 . 2008-02-07 00:43 <DIR> d-------- C:\Users\usuario\AppData\Roaming\HP
2008-02-07 00:36 . 2008-02-07 00:36 <DIR> d-------- C:\Users\All Users\WEBREG
2008-02-07 00:36 . 2008-02-07 00:36 <DIR> d-------- C:\ProgramData\WEBREG
2008-02-07 00:31 . 2008-02-07 00:31 <DIR> d-------- C:\Users\All Users\Hewlett-Packard
2008-02-07 00:31 . 2008-02-07 00:31 <DIR> d-------- C:\ProgramData\Hewlett-Packard
2008-02-07 00:28 . 2008-02-07 00:28 <DIR> d-------- C:\Users\usuario\AppData\Roaming\HPAppData
2008-02-07 00:28 . 2008-02-07 00:28 <DIR> d-------- C:\Users\All Users\HPSSUPPLY
2008-02-07 00:28 . 2008-02-07 00:28 <DIR> d-------- C:\ProgramData\HPSSUPPLY
2008-02-07 00:27 . 2008-02-07 00:27 <DIR> d-------- C:\Users\All Users\HP Product Assistant
2008-02-07 00:27 . 2008-02-07 00:27 <DIR> d-------- C:\ProgramData\HP Product Assistant
2008-02-07 00:26 . 2008-02-07 00:26 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-02-07 00:26 . 2008-02-07 00:26 <DIR> d-------- C:\Program Files\Common Files\HP
2008-02-07 00:25 . 2008-02-07 00:25 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-02-07 00:23 . 2007-03-17 17:11 675,840 --a------ C:\Windows\System32\hpowiax3.dll
2008-02-07 00:23 . 2007-03-17 17:11 569,344 --a------ C:\Windows\System32\hpotscl3.dll
2008-02-07 00:23 . 2007-03-08 05:20 364,544 --a------ C:\Windows\System32\hppldcoi.dll
2008-02-07 00:23 . 2007-03-08 05:20 309,760 --a------ C:\Windows\System32\difxapi.dll
2008-02-07 00:23 . 2007-03-17 17:11 303,104 --a------ C:\Windows\System32\hpovst10.dll
2008-02-07 00:23 . 2007-03-30 16:07 267,864 --a------ C:\Windows\System32\hpzids01.dll
2008-02-07 00:23 . 2007-03-28 14:01 117,760 --a------ C:\Windows\System32\hpzll5ha.dll
2008-02-07 00:22 . 2008-02-07 00:28 <DIR> d-------- C:\Program Files\HP
2008-02-07 00:21 . 2008-02-07 00:31 159,490 --a------ C:\Windows\hpoins14.dat
2008-02-07 00:21 . 2007-06-06 00:07 2,000 --------- C:\Windows\hpomdl14.dat
2008-02-07 00:20 . 2008-02-07 00:31 <DIR> d-------- C:\Users\All Users\HP
2008-02-07 00:20 . 2008-02-07 00:31 <DIR> d-------- C:\ProgramData\HP
2008-02-05 04:52 . 2008-02-05 04:52 <DIR> d-------- C:\Program Files\Easiestutils
2008-01-10 03:04 . 2008-01-10 03:04 804,352 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-10 03:04 . 2008-01-10 03:04 217,272 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-10 03:04 . 2008-01-10 03:04 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-10 03:04 . 2008-01-10 03:04 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-10 03:04 . 2008-01-10 03:04 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-10 03:02 . 2008-01-10 03:02 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-10 03:02 . 2008-01-10 03:02 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-10 03:02 . 2008-01-10 03:02 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-10 03:02 . 2008-01-10 03:02 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-10 03:02 . 2008-01-10 03:02 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-10 03:02 . 2008-01-10 03:02 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-10 03:02 . 2008-01-10 03:02 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-10 03:02 . 2008-01-10 03:02 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-10 03:02 . 2008-01-10 03:02 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-01-10 03:01 . 2008-01-10 03:01 11,776 --a------ C:\Windows\System32\sbunattend.exe

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 21:51 --------- d-----w C:\Users\usuario\AppData\Roaming\Skype
2008-02-09 10:48 --------- d-----w C:\ProgramData\mcache
2008-02-09 04:52 --------- d-----w C:\Program Files\Winamp
2008-02-09 03:15 --------- d-----w C:\Users\usuario\AppData\Roaming\uTorrent
2008-02-08 23:36 --------- d-----w C:\Program Files\Trend Micro
2008-02-07 08:31 --------- d-----w C:\ProgramData\Trend Micro
2008-01-10 05:02 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-10 05:02 --------- d-----w C:\Program Files\Windows Mail
2008-01-10 02:02 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-10 02:02 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-10 02:02 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-10 02:02 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-08 01:44 --------- d-----w C:\Program Files\PacificPoker4
2008-01-06 12:15 --------- d-----w C:\Users\usuario\AppData\Roaming\foobar2000
2008-01-06 10:21 --------- d-----w C:\Program Files\foobar2000
2007-12-30 08:27 --------- d-----w C:\Program Files\SecondLife
2007-12-30 08:25 --------- d-----w C:\Users\usuario\AppData\Roaming\SecondLife
2007-12-18 00:46 --------- d-----w C:\Program Files\KWMUSIC
2007-12-14 10:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2007-12-12 05:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-12 02:05 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-12 02:04 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 02:04 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 02:03 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-12 02:03 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-12 02:03 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-12 02:03 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-12 02:03 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-12 02:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-12 02:03 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-12 02:03 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-12 02:01 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-12 02:01 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-10 06:24 --------- d-----w C:\Program Files\MSECache
2007-11-25 02:03 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-25 02:03 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-25 02:03 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-25 02:03 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-25 02:03 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-25 02:03 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-25 02:03 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-25 02:03 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-25 02:03 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-25 02:03 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-25 02:01 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-09-03 13:08 174 --sha-w C:\Program Files\desktop.ini
2007-07-26 14:32 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-07-26 14:32 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-07-26 14:32 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
2007-03-02 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}
{8113B5DE-F7EB-4154-A311-497FB80D8BD0}
{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}

[HKEY_CLASSES_ROOT\clsid\{e7620c98-fccc-40e5-92ec-c7685d2e1e40}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 03:01 1232896]
"????r"="" []
"?????????"="??????????????e" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 14:30 249856]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 16:43 4670704]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03 152872]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24 167368]
"AntiSpywareShield"="C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe" [ ]
"TrendSecure Remote File Lock"="C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe" [2007-10-31 17:47 435536]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2007-11-06 10:47 492808]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-05 02:12 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 16:07 4390912 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Windows\system32\SysMonitor.exe" [2006-11-23 15:24 319488]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48 57344]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 07:26 453120]
"eRecoveryService"="" []
"eDSMSNfix"="C:\Acer\Empowering Technology\eDSMSNfix.exe" [2007-02-09 00:40 13312]
"WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" [ ]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-11 21:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-11 21:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-11 21:28 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-11-06 10:47 1393928]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-26 15:30:13 528384]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2006-11-10 14:10]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2006-11-10 14:21]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2006-11-08 15:11]
R0 UBHelper;UBHelper;C:\Windows\system32\drivers\UBHelper.sys [2006-08-29 03:30]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\system32\DRIVERS\tmlwf.sys [2007-11-06 10:47]
R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 17:12]
R2 Programador de LiveUpdate automático;Programador de LiveUpdate automático;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-01-11 16:23]
R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\system32\DRIVERS\tmwfp.sys [2007-11-06 10:47]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-09 02:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce43aacc-81b0-11dc-8495-0019215aed5d}]
\shell\AutoRun\command - J:\Setupx.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 22:51:30
Windows 6.0.6000 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Tiempo completado: 2008-02-10 22:53:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-10 21:53:40
ComboFix2.txt 2008-02-09 03:09:44
.
2008-01-10 02:05:00 --- E O F ---
0
Réponse 8 / 17
efra
10 févr. 2008 à 23:11
et voici le rapport hijackthis! c'est mieux? en tout cas merci pour ton aide et tes explications très claires, c'est du bon boulot! ;-)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:40:04, on 9/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Video Add-on\icmntr.exe
C:\Acer\Empowering Technology\EDSMSNFIX.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WinAnonymous\GDC.exe
C:\Program Files\Common Files\WinAnonymous\stm.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\WinAnonymous\data\GDCW.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Users\usuario\AppData\Local\bdhswbfrui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\svchost.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://es.rd.yahoo.com/customize/ycomp/defaults/sp/*https://es.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://es.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://es.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://es.rd.yahoo.com/customize/ycomp/defaults/su/*https://es.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: TSToolbarBHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\Video Add-on\isfmdl.dll
O2 - BHO: e404mgr Class - {F10587E9-0E47-4CBE-ABCD-7DD20B862223} - C:\Program Files\Helper\1202361573.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: IE Custom Tools - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - C:\Program Files\Video Add-on\ictmdl.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinAnonymous] C:\Program Files\WinAnonymous\GDC.exe
O4 - HKLM\..\Run: [gdcw] C:\Program Files\WinAnonymous\data\GDCW.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAnonymous\stm.exe" dm=http://winanonymous.com ad=http://winanonymous.com sd=http://ilp.winanonymous.com
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [bdhswbfrui] c:\users\usuario\appdata\local\bdhswbfrui.exe bdhswbfrui
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Portafolios de HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Selección inteligente de HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/fr-fr/wlscctrl2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-be.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/fr/TSEasyInstallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SpyHunter3 Service - Enigma Software Group, Inc. - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
0
Réponse 9 / 17
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
10 févr. 2008 à 23:26
re,

Je voie qu´il reste encore quelques bricoles

Le hijack this que tu m´as envoyé date du > Scan saved at 0:40:04, on 9/02/2008

fais en un nouveau et post le ici stp

@+
0
Réponse 10 / 17
efra
11 févr. 2008 à 17:47
salut, voici ce qui se passe lorsque je tente de refaire un scan hijack:

for some reason your system denied write to te Hosts file. If any hijacked domains are in this file, Hijack This may NOT be able to fix this.
If that happens, you need to edit the file yourself. To do this, click Start, Run and type:
notepad C:\Windows\System32\drivers\etc\hosts
and press Enter. Find the lines(s) Hijack This reports and delete them.
Save the file as 'hosts.' (with quotes), and reboot.
For Vista: simply, quit HijackThis, right click on the HijackThis icon, choose'Run as administrator'.

et lorsque je ferme cette fenetre ou clique sur accepter, il me sort un scan du 9/02/2008 à 00:40:04 !!! apparement cela doit etre fait manuellement. comment faire? merci d'avance! (et voici tout de meme un rapport hijack que je viens de refaire)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:40:04, on 9/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Video Add-on\icmntr.exe
C:\Acer\Empowering Technology\EDSMSNFIX.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WinAnonymous\GDC.exe
C:\Program Files\Common Files\WinAnonymous\stm.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\WinAnonymous\data\GDCW.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Users\usuario\AppData\Local\bdhswbfrui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\svchost.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://es.rd.yahoo.com/customize/ycomp/defaults/sp/*https://es.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://es.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://es.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://es.rd.yahoo.com/customize/ycomp/defaults/su/*https://es.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: TSToolbarBHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\Video Add-on\isfmdl.dll
O2 - BHO: e404mgr Class - {F10587E9-0E47-4CBE-ABCD-7DD20B862223} - C:\Program Files\Helper\1202361573.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: IE Custom Tools - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - C:\Program Files\Video Add-on\ictmdl.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinAnonymous] C:\Program Files\WinAnonymous\GDC.exe
O4 - HKLM\..\Run: [gdcw] C:\Program Files\WinAnonymous\data\GDCW.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAnonymous\stm.exe" dm=http://winanonymous.com ad=http://winanonymous.com sd=http://ilp.winanonymous.com
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [bdhswbfrui] c:\users\usuario\appdata\local\bdhswbfrui.exe bdhswbfrui
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Portafolios de HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Selección inteligente de HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/fr-fr/wlscctrl2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-be.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/fr/TSEasyInstallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SpyHunter3 Service - Enigma Software Group, Inc. - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
0
Réponse 11 / 17
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
11 févr. 2008 à 18:23
Salut,

fais le en temps qu´administrateur.

tu click droit sur l´icone de hijack this et choisie executer en temps qu´administarteur

@+
0
Réponse 12 / 17
efra
11 févr. 2008 à 20:45
voila! merci. c mieux?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:45:16, on 11/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\EDSMSNFIX.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://es.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://es.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://es.rd.yahoo.com/customize/ycomp/defaults/su/*https://es.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TSToolbarBHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - (no file)
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Portafolios de HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Selección inteligente de HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/fr-fr/wlscctrl2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-be.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/fr/TSEasyInstallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
0
Réponse 13 / 17
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
11 févr. 2008 à 21:04
Oui c´est mieux ;-)

Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton bureau

Double clique sur le OAD pour le lancer

- nom de fichier à rechercher tape ou fais un copier coller de :

??????????????e

- Type de recherche : sélectionne l'option 6 puis valide

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ait terminé.
Le rapport de recherche s'affichera automatiquement à l’écran dès qu'il aura terminé.

- Fais un copier / coller de ce rapport dans ton prochain post.

Note importante : Suivant la taille des disques durs cette recherche peut prendre plusieurs minutes. Sois patient

@+
0
Réponse 14 / 17
efra
12 févr. 2008 à 04:46
salut g!rly, OAD ne trouve rien, il signale: resultat.txt non trouvé et il me demande si je veux créer un nouveau fichier. pui apparaît une page du bloc note vide. que dois-je faire maintenant? ce fichier "??????????????e " représente-t-il une menace? merci d'avance. A+
0
Réponse 15 / 17
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
12 févr. 2008 à 14:40
Salut efra.

Bon on va faire avec...

Oui comme tu le voie il est "crypté"

fais ceci :

A l´aide de hijack this coche et fix ceci :

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O3 - Toolbar: (no name) - {8113B5DE-F7EB-4154-A311-497FB80D8BD0} - (no file)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/fr-fr/wlscctrl2.cab

comment fixer:

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/demohijack.htm

Copie le texte ci-dessous :

Folder::
C:\Program Files\AntiSpywareShield
C:\Program Files\Symantec
C:\Program Files\Common Files\Symantec

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"=-
"?????????"=-
"AntiSpywareShield"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

Peux tu me confirmer que ton anti virus fonctionne?!

@+
0
Réponse 16 / 17
efra
13 févr. 2008 à 06:53
salut g!rly! j'ai bien suivi toutes les instructions. oui mon antivirus fonctionne parfaitement. voici le rapport combofix suivi du rapport hijackthis. Un grand merci pour ton aide précieuse!


ComboFix 08-02.05.3 - usuario 2008-02-13 6:30:01.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.34.3082.18.1042 [GMT 1:00]
Se ejecuta desde: C:\Users\usuario\Desktop\ComboFix.exe
Command switches used :: C:\Users\usuario\Desktop\CFScript.txt
* Creado un nuevo punto de restauración
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Symantec
C:\Program Files\Symantec\LiveUpdate\1.Settings.Default.LiveUpdate
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFYRES.DLL
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvcRes.dll
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATERES.DLL
C:\Program Files\Symantec\LiveUpdate\Leame.txt
C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE
C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
C:\Program Files\Symantec\LiveUpdate\LUALLRES.DLL
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LUCheck.exe
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
C:\Program Files\Symantec\LiveUpdate\LuConfig.EXE
C:\Program Files\Symantec\LiveUpdate\ludirloc.dat
C:\Program Files\Symantec\LiveUpdate\LUINFO.INF
C:\Program Files\Symantec\LiveUpdate\LUInit.exe
C:\Program Files\Symantec\LiveUpdate\LUInit.ini
C:\Program Files\Symantec\LiveUpdate\LUINSDLL.DLL
C:\Program Files\Symantec\LiveUpdate\LuInsRes.dll
C:\Program Files\Symantec\LiveUpdate\LuPreCon.DLL
C:\Program Files\Symantec\LiveUpdate\LuResult.txt
C:\Program Files\Symantec\LiveUpdate\LUSETUP.EXE
C:\Program Files\Symantec\LiveUpdate\LUUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\MFC71.DLL
C:\Program Files\Symantec\LiveUpdate\MSVCP71.DLL
C:\Program Files\Symantec\LiveUpdate\MSVCR71.DLL
C:\Program Files\Symantec\LiveUpdate\NetDetectController_3_2.DLL
C:\Program Files\Symantec\LiveUpdate\NotifyHA.exe
C:\Program Files\Symantec\LiveUpdate\ProductRegCom_3_2.DLL
C:\Program Files\Symantec\LiveUpdate\ResLuComServer_3_2.DLL
C:\Program Files\Symantec\LiveUpdate\S32LIVE1.DLL
C:\Program Files\Symantec\LiveUpdate\S32LUCP1RES.DLL
C:\Program Files\Symantec\LiveUpdate\S32LUCP2.CPL
C:\Program Files\Symantec\LiveUpdate\S32LUIS1.DLL
C:\Program Files\Symantec\LiveUpdate\S32LUWI1.DLL
C:\Program Files\Symantec\LiveUpdate\Settings.Default.LiveUpdate
C:\Program Files\Symantec\LiveUpdate\SETUPRES.DLL
C:\Program Files\Symantec\LiveUpdate\SymantecRootInstaller.exe
C:\Program Files\Symantec\LiveUpdate\SymantecRootInstaller.log
C:\Program Files\Symantec\LiveUpdate\SymantecRootInstallerRes.dll
C:\Program Files\Symantec\LiveUpdate\UNRAR.DLL

.
(((((((((((((((((( Archivos creados desde 2008-01-13 - 2008-02-13 )))))))))))))))))))))))))))))))))
.

2008-02-13 03:09 . 2008-02-13 03:09 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-13 03:09 . 2008-02-13 03:09 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-13 03:04 . 2008-02-13 03:04 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-09 06:04 . 2008-02-09 06:06 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-02-09 06:04 . 2008-02-09 06:06 <DIR> d-------- C:\ProgramData\Lavasoft
2008-02-09 06:04 . 2008-02-09 06:04 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-09 04:55 . 2006-11-02 10:44 320,000 --a------ C:\kmd.exe
2008-02-09 02:02 . 2008-02-09 02:02 <DIR> d-------- C:\Users\usuario\AppData\Roaming\AntiSpyware
2008-02-09 00:26 . 2008-02-09 00:26 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
2008-02-09 00:26 . 2008-02-09 00:26 <DIR> d-------- C:\ProgramData\Yahoo! Companion
2008-02-08 23:56 . 2008-02-08 23:57 <DIR> d-------- C:\Program Files\CCleaner
2008-02-08 23:31 . 2008-02-08 23:36 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-02-08 23:26 . 2008-02-08 23:33 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-02-08 22:43 . 2008-02-09 06:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-07 08:32 . 2008-02-07 08:32 <DIR> d-------- C:\Windows\LocalSSL
2008-02-07 08:03 . 2008-02-07 08:03 543,232 --a------ C:\Windows\System32\FWPUCLNT.DLL
2008-02-07 08:03 . 2008-02-07 08:03 416,768 --a------ C:\Windows\System32\IKEEXT.DLL
2008-02-07 08:03 . 2008-02-07 08:03 317,440 --a------ C:\Windows\System32\BFE.DLL
2008-02-07 08:03 . 2008-02-07 08:03 84,992 --a------ C:\Windows\System32\drivers\FWPKCLNT.SYS
2008-02-07 07:52 . 2008-02-07 07:52 <DIR> d-------- C:\Users\usuario\AppData\Roaming\WinAnonymous
2008-02-07 07:47 . 2008-02-07 07:47 <DIR> d-------- C:\Users\All Users\WinAnonymous
2008-02-07 07:47 . 2008-02-07 07:47 <DIR> d-------- C:\ProgramData\WinAnonymous
2008-02-07 07:47 . 2008-02-07 07:47 <DIR> d-------- C:\Program Files\Common Files\WinAnonymous
2008-02-07 07:47 . 2008-02-07 07:46 205,064 --a------ C:\Users\usuario\AppData\Roaming\installer_en[1].exe
2008-02-07 06:46 . 2008-02-08 21:19 <DIR> d-a------ C:\Users\All Users\TEMP
2008-02-07 06:46 . 2008-02-08 21:19 <DIR> d-a------ C:\ProgramData\TEMP
2008-02-07 06:19 . 2008-02-07 10:33 <DIR> d-------- C:\Program Files\Sotfone
2008-02-07 00:42 . 2008-02-07 00:43 <DIR> d-------- C:\Users\usuario\AppData\Roaming\HP
2008-02-07 00:36 . 2008-02-07 00:36 <DIR> d-------- C:\Users\All Users\WEBREG
2008-02-07 00:36 . 2008-02-07 00:36 <DIR> d-------- C:\ProgramData\WEBREG
2008-02-07 00:31 . 2008-02-07 00:31 <DIR> d-------- C:\Users\All Users\Hewlett-Packard
2008-02-07 00:31 . 2008-02-07 00:31 <DIR> d-------- C:\ProgramData\Hewlett-Packard
2008-02-07 00:28 . 2008-02-07 00:28 <DIR> d-------- C:\Users\usuario\AppData\Roaming\HPAppData
2008-02-07 00:28 . 2008-02-07 00:28 <DIR> d-------- C:\Users\All Users\HPSSUPPLY
2008-02-07 00:28 . 2008-02-07 00:28 <DIR> d-------- C:\ProgramData\HPSSUPPLY
2008-02-07 00:27 . 2008-02-07 00:27 <DIR> d-------- C:\Users\All Users\HP Product Assistant
2008-02-07 00:27 . 2008-02-07 00:27 <DIR> d-------- C:\ProgramData\HP Product Assistant
2008-02-07 00:26 . 2008-02-07 00:26 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-02-07 00:26 . 2008-02-07 00:26 <DIR> d-------- C:\Program Files\Common Files\HP
2008-02-07 00:25 . 2008-02-07 00:25 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-02-07 00:23 . 2007-03-17 17:11 675,840 --a------ C:\Windows\System32\hpowiax3.dll
2008-02-07 00:23 . 2007-03-17 17:11 569,344 --a------ C:\Windows\System32\hpotscl3.dll
2008-02-07 00:23 . 2007-03-08 05:20 364,544 --a------ C:\Windows\System32\hppldcoi.dll
2008-02-07 00:23 . 2007-03-08 05:20 309,760 --a------ C:\Windows\System32\difxapi.dll
2008-02-07 00:23 . 2007-03-17 17:11 303,104 --a------ C:\Windows\System32\hpovst10.dll
2008-02-07 00:23 . 2007-03-30 16:07 267,864 --a------ C:\Windows\System32\hpzids01.dll
2008-02-07 00:23 . 2007-03-28 14:01 117,760 --a------ C:\Windows\System32\hpzll5ha.dll
2008-02-07 00:22 . 2008-02-07 00:28 <DIR> d-------- C:\Program Files\HP
2008-02-07 00:21 . 2008-02-07 00:31 159,490 --a------ C:\Windows\hpoins14.dat
2008-02-07 00:21 . 2007-06-06 00:07 2,000 --------- C:\Windows\hpomdl14.dat
2008-02-07 00:20 . 2008-02-07 00:31 <DIR> d-------- C:\Users\All Users\HP
2008-02-07 00:20 . 2008-02-07 00:31 <DIR> d-------- C:\ProgramData\HP
2008-02-05 04:52 . 2008-02-05 04:52 <DIR> d-------- C:\Program Files\Easiestutils

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 05:19 --------- d-----w C:\Users\usuario\AppData\Roaming\Skype
2008-02-13 02:07 943,800 ----a-w C:\Windows\System32\winload.exe
2008-02-13 02:07 905,400 ----a-w C:\Windows\System32\winresume.exe
2008-02-13 02:07 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-13 02:07 613,888 ----a-w C:\Windows\System32\wpd_ci.dll
2008-02-13 02:07 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-13 02:07 595,456 ----a-w C:\Windows\System32\schedsvc.dll
2008-02-13 02:07 558,080 ----a-w C:\Windows\System32\oleaut32.dll
2008-02-13 02:07 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-13 02:07 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-13 02:07 39,424 ----a-w C:\Windows\System32\lodctr.exe
2008-02-13 02:07 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-13 02:07 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-13 02:07 35,328 ----a-w C:\Windows\System32\dispci.dll
2008-02-13 02:07 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-13 02:07 32,256 ----a-w C:\Windows\System32\unlodctr.exe
2008-02-13 02:07 260,096 ----a-w C:\Windows\System32\dpx.dll
2008-02-13 02:07 23,552 ----a-w C:\Windows\System32\nshhttp.dll
2008-02-13 02:07 224,824 ----a-w C:\Windows\System32\clfs.sys
2008-02-13 02:07 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll
2008-02-13 02:07 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-13 02:07 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll
2008-02-13 02:07 17,408 ----a-w C:\Windows\System32\prflbmsg.dll
2008-02-13 02:07 12,800 ----a-w C:\Windows\System32\batt.dll
2008-02-13 02:07 115,200 ----a-w C:\Windows\System32\loadperf.dll
2008-02-13 02:07 101,888 ----a-w C:\Windows\System32\drvinst.exe
2008-02-13 02:07 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-02-13 02:04 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 02:04 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 02:04 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 02:04 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 02:04 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 02:04 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 02:04 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 02:04 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 02:04 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 02:04 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 02:04 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 02:04 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 02:04 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 02:04 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 02:04 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-13 02:04 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 02:04 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-13 02:01 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 02:01 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 02:01 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 02:01 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-09 10:48 --------- d-----w C:\ProgramData\mcache
2008-02-09 04:52 --------- d-----w C:\Program Files\Winamp
2008-02-09 03:15 --------- d-----w C:\Users\usuario\AppData\Roaming\uTorrent
2008-02-08 23:36 --------- d-----w C:\Program Files\Trend Micro
2008-02-07 08:31 --------- d-----w C:\ProgramData\Trend Micro
2008-01-10 05:02 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-10 05:02 --------- d-----w C:\Program Files\Windows Mail
2008-01-10 02:02 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-10 02:02 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-10 02:01 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-08 01:44 --------- d-----w C:\Program Files\PacificPoker4
2008-01-06 12:15 --------- d-----w C:\Users\usuario\AppData\Roaming\foobar2000
2008-01-06 10:21 --------- d-----w C:\Program Files\foobar2000
2007-12-30 08:27 --------- d-----w C:\Program Files\SecondLife
2007-12-30 08:25 --------- d-----w C:\Users\usuario\AppData\Roaming\SecondLife
2007-12-18 00:46 --------- d-----w C:\Program Files\KWMUSIC
2007-12-14 10:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2007-12-12 02:05 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-12 02:04 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 02:04 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-11-25 02:03 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-25 02:03 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-25 02:03 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-25 02:03 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-25 02:03 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-25 02:03 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-25 02:03 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-25 02:03 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-25 02:03 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-25 02:03 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-25 02:01 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-09-03 13:08 174 --sha-w C:\Program Files\desktop.ini
2007-07-26 14:32 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-07-26 14:32 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-07-26 14:32 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
2007-03-02 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}
{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}

[HKEY_CLASSES_ROOT\clsid\{e7620c98-fccc-40e5-92ec-c7685d2e1e40}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 03:01 1232896]
"????r"="" []
"?????????"="??????????????e" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 14:30 249856]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 16:43 4670704]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03 152872]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31 22880040]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24 167368]
"TrendSecure Remote File Lock"="C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe" [2007-10-31 17:47 435536]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2007-11-06 10:47 492808]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-05 02:12 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 16:07 4390912 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Windows\system32\SysMonitor.exe" [2006-11-23 15:24 319488]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48 57344]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 07:26 453120]
"eRecoveryService"="" []
"eDSMSNfix"="C:\Acer\Empowering Technology\eDSMSNfix.exe" [2007-02-09 00:40 13312]
"WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" [ ]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-11 21:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-11 21:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-11 21:28 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-11-06 10:47 1393928]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-26 15:30:13 528384]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2006-11-10 14:10]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2006-11-10 14:21]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2006-11-08 15:11]
R0 UBHelper;UBHelper;C:\Windows\system32\drivers\UBHelper.sys [2006-08-29 03:30]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\system32\DRIVERS\tmlwf.sys [2007-11-06 10:47]
R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 17:12]
R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\system32\DRIVERS\tmwfp.sys [2007-11-06 10:47]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-09 02:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce43aacc-81b0-11dc-8495-0019215aed5d}]
\shell\AutoRun\command - J:\Setupx.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 06:33:00
Windows 6.0.6000 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

**************************************************************************
.
Tiempo completado: 2008-02-13 6:34:05
ComboFix-quarantined-files.txt 2008-02-13 05:34:02
ComboFix2.txt 2008-02-10 21:53:45
ComboFix3.txt 2008-02-09 03:09:44
.
2008-02-13 02:09:35 --- E O F ---


et voici le rapport hijackthis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:48:41, on 13/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\EDSMSNFIX.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://es.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://es.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://es.rd.yahoo.com/customize/ycomp/defaults/su/*https://es.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TSToolbarBHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Portafolios de HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Selección inteligente de HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-be.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/fr/TSEasyInstallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Programador de LiveUpdate automático - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
0
Réponse 17 / 17
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
13 févr. 2008 à 20:41
Salut efra,

c´est mieux mais il reste toujours cette entrée inconnue.

O4 - HKCU\..\Run: [?????????] ??????????????e

il va faloire que tu m´aides un peu...

fais ceci appuie sur la touche windows et sur "r" en meme temps, ca va ouvrir la boite executer, dans cette boite tu tape :

msconfig et valide par ok, dans cette nouvelle fenetre tu devrais avoir un onglet "demarrage"

dis moi dans la fentre de l´onglet demarrage si tu voie quelque chose qui ressemble a ceci :

[?????????] ??????????????e et surtout si tu y voies des infos supplémentaires dessus.

ps : assures toi que ton antivirus est bien activé.

@+
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
1fichier.com et bloqueur de pub
anthea1309 -
Patoche12 -

60 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
Accés au cloud
Dadou1968 -
loisou17 -

3 réponses