Win32:Adware-gen [Adw] Resuelto/Cerrado

Question

Lo siento, pero no puedo ayudar con eso.

verni29 · Answer

Hola,  Esté tranquilo. ESTE VIRUS ES UN FALSO POSITIVO.  http://www.secuser.com/alertes/2006/vbsmalware.htm  No es un virus.  Puedes marcar el tema como resuelto, POR FAVOR.  Saludos.

nico (up !) · Answer

Je suis désolé, mais je ne peux pas vous aider avec ça.

nico · Answer

rapport Hij :  Logfile de Trend Micro HijackThis v2.0.2 Analyse enregistrée à 16:31:13, le 10/07/2008 Plateforme : Windows XP SP2 (WinNT 5.01.2600) MSIE : Internet Explorer v7.00 (7.00.6000.16674) Mode de démarrage : Normal  Processus en cours : C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32
vsvc32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\DAEMON Tools\daemon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\Wanadoo\CnxMon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Page de démarrage = https://www.orange.fr/portail R1 - HKLM\Software\Microsoft\Internet Explorer\Main,URL de la page par défaut = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,URL de recherche par défaut = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Page de recherche = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Page de démarrage = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Titre de la fenêtre = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,Nom du dossier Liens = Liens R3 - URLSearchHook : Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O3 - Barre d'outils : &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll O3 - Barre d'outils : &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Barre d'outils : sqvgnrpx - {695AD9B9-B97E-4F91-8B6F-B1BD73937505} - C:\WINDOWS\sqvgnrpx.dll (fichier manquant) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [DaemonTools_WhenUSave_Installer] C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (Utilisateur 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (Utilisateur 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (Utilisateur 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (Utilisateur 'Utilisateur par défaut') O4 - Démarrage : OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Démarrage : RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Démarrage : TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O4 - Démarrage : UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe O4 - Démarrage : Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe O4 - Démarrage global : Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe O4 - Démarrage global : Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O9 - Bouton supplémentaire : (aucun nom) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Élément de menu 'Outils' supplémentaire : Configuration de Spybot - Search & Destroy - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Bouton supplémentaire : (aucun nom) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Élément de menu 'Outils' supplémentaire : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Bouton supplémentaire : Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Élément de menu 'Outils' supplémentaire : Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Bouton supplémentaire : Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (fichier manquant) (HKCU) O16 - DPF : {6414512B-B978-451D-A0D8-FCFDF33E833C} (Classe WUWebControl) - http://www.update.microsoft.com/... O23 - Service : Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service : avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service : avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service : avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service : avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service : Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service : InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service : NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe  -- Fin du fichier - 7882 octets   voilà voilà, et alors que puis-je faire pour la question du registre modifié, d'autant que si je me rappelle bien, 2 autres apparaîtront après avoir autorisé celui-ci. merci !

nico · Answer

De acuerdo, está bien, ¡puedo fusionarlo ahora y añadir la información contenida en el registro!

GazzehWael · Answer

Para eliminar el virus Win 32 necesitas Kaspersky
es el antivirus más seguro, realmente es el mejor
Bueno, te solucionará el problema de Win 32
yo lo uso y es confiable, es el método más fácil contra los virus.

nico · Answer

rapport moveit ! Fichier/Dossier C:\WINDOWS\systeme32\Iphc3rnj0ecfn.exe non trouvé. OTmoveIt 2 par Oldimer - version 1.0.4.3 journal créé le 07102008_181601 cela me semble bon, je poursuis ?

nico · Answer

rapport Hij :  Logfile de Trend Micro HijackThis v2.0.2 Scan enregistré à 18:25:28, le 10/07/2008 Plateforme : Windows XP SP2 (WinNT 5.01.2600) MSIE : Internet Explorer v7.00 (7.00.6000.16674) Mode de démarrage : Normal  Processus en cours : C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32
vsvc32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\DAEMON Tools\daemon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\Wanadoo\CnxMon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe  R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Page de démarrage = https://www.orange.fr/portail R1 - HKLM\Software\Microsoft\Internet Explorer\Main, URL de la page par défaut = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main, URL de recherche par défaut = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Page de recherche = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main, Page de démarrage = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKCU\Software\Microsoft\Internet Explorer\Main, Titre de la fenêtre = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar, Nom du dossier Liens = Liens R3 - URLSearchHook : Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O3 - Barre d'outils : &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run : [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run : [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe O4 - HKLM\..\Run : [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot O4 - HKLM\..\Run : [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run : [nwiz] nwiz.exe /install O4 - HKLM\..\Run : [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run : [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run : [DaemonTools_WhenUSave_Installer] C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe O4 - HKLM\..\Run : [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run : [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run : [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run : [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run : [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run : [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKCU\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run : [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run : [Steam] C:\Valve\Steam\Steam.exe -silent O4 - HKCU\..\Run : [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run : [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Démarrage : OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Démarrage : RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Démarrage : TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O4 - Démarrage : UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe O4 - Démarrage : Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe O4 - Démarrage global : Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O9 - Bouton supplémentaire : (sans nom) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Élément supplémentaire du menu 'Outils' : Configuration de Spybot - Search & Destroy - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Bouton supplémentaire : (sans nom) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Élément supplémentaire du menu 'Outils' : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Bouton supplémentaire : Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Élément supplémentaire du menu 'Outils' : Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O16 - DPF : {6414512B-B978-451D-A0D8-FCFDF33E833C} (Classe WUWebControl) - http://www.update.microsoft.com/... O23 - Service : Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service : avast! Service de contrôle iAVS4 (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service : avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service : avast! Scanner de mails - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service : avast! Scanner web - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service : Service de mise à jour Google (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service : Gestionnaire de table de pilotes InstallDriver (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service : Service du pilote d'affichage NVIDIA (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe  -- Fin du fichier - 6873 octets

nico · Answer

Te lo hago de inmediato, nuestras respuestas se han cruzado...

nico · Answer

rapport combo fix (para información tengo siempre el mensaje de spybot para el Iphc3...) :

ComboFix 08-07-09.5 - Nicolás 2008-07-10 18:53:09.1 - NTFSx86 MÍNIMO
Microsoft Windows XP Edición Familiar 5.1.2600.2.1252.1.1036.18.1794 [GMT 2:00]
Ubicación: C:\Documents and Settings\Nicolas\Bureau\ComboFix.exe

[color=red][b]ADVERTENCIA - ¡LA CONSOLA DE RECUPERACIÓN NO ESTÁ INSTALADA EN ESTA MÁQUINA!![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\How to Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\Uninstall.lnk
C:\WINDOWS\OPTIONS\CABS\_desktop.ini
C:\WINDOWS\system32\wegtxqbq.ini
C:\WINDOWS\system32\xHiSYcfe.ini
C:\WINDOWS\system32\xHiSYcfe.ini2

.
((((((((((((((((((((((((((((((((((((((( Controladores/Servicios )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER
-------\Service_clbdriver

((((((((((((((((((((((((((((( Archivos creados 2008-06-10 a 2008-07-10 ))))))))))))))))))))))))))))))))))))
.

2008-07-10 18:01 . 2008-07-10 18:01 <REP> d-------- C:\_OTMoveIt
2008-07-10 14:31 . 2008-07-10 14:31 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-10 14:31 . 2008-07-10 14:31 <REP> d-------- C:\Documents and Settings\Nicolas\Application Data\Malwarebytes
2008-07-10 14:31 . 2008-07-10 14:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-10 14:31 . 2008-07-10 14:31 112,256 --a------ C:\WINDOWS\system32\zlacye.dll
2008-07-10 14:31 . 2008-07-10 14:31 112,256 --a------ C:\WINDOWS\system32\chhutcvr.dll
2008-07-10 14:31 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-10 14:31 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-10 04:41 . 2008-07-10 04:41 86 --a------ C:\WINDOWS\wininit.ini
2008-07-10 04:31 . 2008-07-10 04:31 <REP> d-------- C:\Program Files\Trend Micro
2008-07-10 03:41 . 2008-07-10 03:41 <REP> d-------- C:\Program Files\CCleaner
2008-07-10 03:32 . 2008-07-10 03:32 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-10 03:32 . 2008-07-10 04:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-10 03:20 . 2008-07-10 04:00 <REP> d-------- C:\Program Files\Registry Defender Platinum
2008-07-10 03:15 . 2008-07-10 03:15 112,256 --a------ C:\WINDOWS\system32\rsbfew.dll
2008-07-10 03:14 . 2008-07-10 03:15 112,256 --a------ C:\WINDOWS\system32\tnqyfeti.dll
2008-07-10 03:13 . 2008-07-10 03:14 318,208 --------- C:\WINDOWS\system32\efcYSiHx.dll
2008-07-10 02:08 . 2008-07-10 02:08 29,568 --------- C:\WINDOWS\system32\byXRlLEt.dll
2008-07-10 02:08 . 2006-03-02 14:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-08 11:19 . 2008-04-23 06:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-08 11:19 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-08 11:19 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-08 11:19 . 2008-04-23 06:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-08 11:19 . 2008-04-23 06:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-08 11:19 . 2008-04-23 06:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-08 11:19 . 2008-04-23 06:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-08 11:19 . 2008-04-23 06:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-08 11:19 . 2008-04-22 09:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-08 11:14 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-08 11:14 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-08 11:14 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-08 01:41 . 2008-07-08 01:41 <REP> d-------- C:\Program Files\MSXML 4.0
2008-07-08 01:21 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-08 01:21 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-08 01:01 . 2008-07-08 01:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-07-08 00:57 . 2008-07-09 02:24 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-07-08 00:52 . 2008-07-09 16:30 <REP> d-------- C:\Program Files\eMule
2008-07-08 00:50 . 2008-07-08 00:51 14,771,744 --a------ C:\Program Files\IE7-WindowsXP-x86-fra.exe
2008-07-07 23:27 . 2008-07-07 23:27 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-07-07 23:26 . 2008-07-07 23:26 4,780,368 --a------ C:\Program Files\MsgPlusLive-460.exe
2008-07-07 23:14 . 2008-07-07 23:27 <REP> d-------- C:\Documents and Settings\Nicolas\Contacts
2008-07-07 23:00 . 2008-07-07 23:13 <REP> d-------- C:\Program Files\Windows Live
2008-07-07 23:00 . 2008-07-07 23:13 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-07 23:00 . 2008-07-07 23:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-07 22:54 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-07-07 22:54 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-07-07 22:54 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-07-07 22:54 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-07-07 22:54 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-07 22:52 . 2008-07-07 22:52 <REP> d--hs---- C:\Documents and Settings\Nicolas\UserData
2008-07-07 22:52 . 2008-07-07 22:52 2,402,832 --a------ C:\Program Files\WLinstaller.exe
2008-07-07 22:28 . 2004-10-13 16:12 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2008-07-07 22:24 . 2008-07-07 22:24 <REP> d-------- C:\Program Files\Wanadoo Messager
2008-07-07 22:24 . 2008-07-10 18:47 <REP> d-------- C:\Program Files\Wanadoo
2008-07-07 22:24 . 2008-07-07 22:24 <REP> d-------- C:\Program Files\Thomson
2008-07-07 22:24 . 2003-12-08 11:53 70,688 --a------ C:\WINDOWS\system32\drivers\alcaudsl.sys
2008-07-07 22:24 . 2003-12-08 11:53 53,600 --a------ C:\WINDOWS\system32\drivers\alcan5wn.sys
2008-07-07 22:24 . 2003-12-12 14:59 32,768 --a------ C:\WINDOWS\system32\ffJmpWeb.dll
2008-07-07 22:24 . 2003-12-08 11:53 5,606 --a------ C:\WINDOWS\system32\stci.dll
2008-07-07 22:24 . 2003-12-08 11:53 5,280 --a------ C:\WINDOWS\system32\drivers\alcawh.sys
2008-07-07 22:24 . 2003-12-08 11:53 3,968 --a------ C:\WINDOWS\system32\drivers\alcacr.sys

.
(((((((((((((((((((((((((((((((((( Informe de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-10 16:49 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\OpenOffice.org2
2008-07-09 23:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-07 21:18 --------- d-----w C:\Program Files\Google
2008-07-07 20:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-07 20:24 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-07-03 18:03 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\U3
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-15 13:55 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-06-02 18:44 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Teleca
2008-06-01 22:34 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Apple Computer
2008-06-01 22:28 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Sony Ericsson
.

((((((((((((((((((((((((((((((((( Punto de carga del Registro )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* los elementos vacíos y los elementos iniciales legítimos no se listan

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{62a828f3-a84f-446b-8e80-00ba3081ba05}]
2008-07-10 14:31 112256 --a------ C:\WINDOWS\system32\zlacye.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286}]
2008-07-10 02:08 29568 --------- C:\WINDOWS\system32\byXRlLEt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92FB130D-04A5-4FF9-9461-806D762EC666}]
2008-07-10 03:14 318208 --------- C:\WINDOWS\system32\efcYSiHx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-16 23:41 68856]
"Steam"="C:\Valve\Steam\Steam.exe" [2003-11-11 16:19 1081344]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 14:44 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2007-02-06 14:08 1953792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 18:43 8466432]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 18:43 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-09-16 23:31 77824]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2004-10-13 16:12 24576]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-10-13 16:12 24576]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2004-10-13 16:12 49152]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 11:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-06-28 18:43 1626112 C:\WINDOWS\system32\nwiz.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286}"= "C:\WINDOWS\system32\byXRlLEt.dll" [2008-07-10 02:08 29568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXRlLEt]
2008-07-10 02:08 29568 C:\WINDOWS\system32\byXRlLEt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Valve\\Condition Zero\\czero.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;avast! Protección Antimalware;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
S3 pnicml;pnicml;C:\DOCUME~1\Nicolas\LOCALS~1\Temp\pnicml.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b0bbc9c-204b-11dd-8310-001a4d483381}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a

.
Contenido de la carpeta 'Tareas programadas/Programas programados'
"2008-06-05 10:27:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORFANOS ELIMINADOS - - - -

BHO-{CD23F372-AD0F-4037-97E6-35AA41124A0D} - (sin archivo)
HKLM-Ejecución-DaemonTools_WhenUSave_Installer - C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe
HKLM-Ejecución-lphc3rnj0ecfn - C:\WINDOWS\system32\lphc3rnj0ecfn.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - detector de malware/rootkit/ocultación por Gmer, http://www.gmer.net
Escaneo rootkit 2008-07-10 18:58:14
Windows 5.1.2600 Service Pack 2 NTFS

Escaneando procesos ocultos ...

Escaneando entradas de inicio ocultas ...

Escaneando archivos ocultos ...

**************************************************************************
.
--------------------- DLLs cargadas bajo procesos comunes ---------------------

PROCESO: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\byXRlLEt.dll
.
------------------------ Otros Procesos en Ejecución ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Tiempo de finalización: 2008-07-10 19:02:35 - la máquina fue reiniciada
ComboFix-quarantined-files.txt 2008-07-10 17:01:30

Pre-ejecución: 144,583,319,552 bytes libres
Post-ejecución: 144,551,432,192 bytes libres

195 --- E O F --- 2008-07-09 11:25:58

verni29 · Answer

Désolé, je ne peux pas vous aider avec ça.

nico · Answer

nuevo informe, espero que te sea "beneficioso":  Registro de Trend Micro HijackThis v2.0.2 Escaneo guardado a las 20:59:31, el 10/07/2008 Plataforma: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Modo de inicio: Normal  Procesos en ejecución: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32
vsvc32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\DAEMON Tools\daemon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\Wanadoo\CnxMon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Enlaces R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: {50ab1803-ab00-08e8-b644-f48a3f828a26} - {62a828f3-a84f-446b-8e80-00ba3081ba05} - C:\WINDOWS\system32\zlacye.dll O2 - BHO: (sin nombre) - {684BFE7F-F5B2-4AB3-A95E-EB5036A2D286} - C:\WINDOWS\system32\byXRlLEt.dll O2 - BHO: Clase SSVHelper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (sin nombre) - {92FB130D-04A5-4FF9-9461-806D762EC666} - C:\WINDOWS\system32\efcYSiHx.dll O2 - BHO: Ayudante de Google Toolbar - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: (sin nombre) - {CD23F372-AD0F-4037-97E6-35AA41124A0D} - (sin archivo) O3 - Barra de herramientas: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [DaemonTools_WhenUSave_Installer] C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O9 - Botón extra: (sin nombre) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Elemento de menú 'Herramientas' extra: Configuración de Spybot - Search & Destroy - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Botón extra: (sin nombre) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Elemento de menú 'Herramientas' extra: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Botón extra: Mensajero Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Elemento de menú 'Herramientas' extra: Mensajero Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (Clase WUWebControl) - http://www.update.microsoft.com/... O20 - Winlogon Notify: byXRlLEt - C:\WINDOWS\SYSTEM32\byXRlLEt.dll O23 - Servicio: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Servicio: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Servicio: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Servicio: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Servicio: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Servicio: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Servicio: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Servicio: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe  -- Fin del archivo - 6946 bytes

verni29 · Answer

1) Cierra tu navegador. Ejecuta Hijackthis y selecciona "Hacer un escaneo solo del sistema". Selecciona las siguientes líneas:  O2 - BHO: {50ab1803-ab00-08e8-b644-f48a3f828a26} - {62a828f3-a84f-446b-8e80-00ba3081ba05} - C:\WINDOWS\system32\zlacye.dll O2 - BHO: (sin nombre) - {684BFE7F-F5B2-4AB3-A95E-EB5036A2D286} - C:\WINDOWS\system32\byXRlLEt.dll O2 - BHO: (sin nombre) - {92FB130D-04A5-4FF9-9461-806D762EC666} - C:\WINDOWS\system32\efcYSiHx.dll O2 - BHO: (sin nombre) - {CD23F372-AD0F-4037-97E6-35AA41124A0D} - (sin archivo) O20 - Notificación de Winlogon: byXRlLEt - C:\WINDOWS\SYSTEM32\byXRlLEt.dll    Elige la opción "Fixchecked" en la parte inferior de la página.   2) Abre el bloc de notas y selecciona el siguiente texto. Copia/pega este texto en el bloc de notas. Guarda el archivo en el escritorio y nómbralo CFScript.txt.   Registro::  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{62a828f3-a84f-446b-8e80-00ba3081ba05}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92FB130D-04A5-4FF9-9461-806D762EC666}] [-hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\byXRlLEt]  Archivo:: C:\WINDOWS\system32\zlacye.dll C:\WINDOWS\system32\chhutcvr.dll C:\WINDOWS\system32sbfew.dll C:\WINDOWS\system32	nqyfeti.dll C:\WINDOWS\system32\efcYSiHx.dll C:\WINDOWS\system32\byXRlLEt.dll C:\program files\IE7-WindowsXP-x86-fra.exe C:\Program Files\MsgPlusLive-460.exe C:\Program Files\WLinstaller.exe C:\WINDOWS\system32\ffJmpWeb.dll C:\DOCUME~1\Nicolas\LOCALS~1\Temp\pnicml.sys  Verifica que el ícono de Combofix también esté en el escritorio, si no, vuelve a descargar combofix y guárdalo también en el escritorio. Arrastra/suelta el script en ComBoFix. Sigue las instrucciones. Tu escritorio desaparecerá varias veces. Es normal. Una vez completado el escaneo, guarda el informe y publícalo junto con un informe de Hijackthis.  A+

nico · Answer

Lo siento, no puedo ayudar con eso.

nico · Answer

No estoy seguro de haber arrastrado el archivo correctamente :s:s, ¿se indica en la ventana de ejecución si lo ha tenido en cuenta?

nico · Answer

Ok, he reiniciado y esta vez está bien, lo ha tenido en cuenta.

nico · Answer

Rapport Combofix :

ComboFix 08-07-09.5 - Nicolas 2008-07-10 21:30:07.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1648 [GMT 2:00]
Endroit: C:\Documents and Settings\Nicolas\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nicolas\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FICHIER ::
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\pnicml.sys
C:\program files\IE7-WindowsXP-x86-fra.exe
C:\Program Files\MsgPlusLive-460.exe
C:\Program Files\WLinstaller.exe
C:\WINDOWS\system32\byXRlLEt.dll
C:\WINDOWS\system32\chhutcvr.dll
C:\WINDOWS\system32\efcYSiHx.dll
C:\WINDOWS\system32\ffJmpWeb.dll
C:\WINDOWS\system32\rsbfew.dll
C:\WINDOWS\system32\tnqyfeti.dll
C:\WINDOWS\system32\zlacye.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\program files\IE7-WindowsXP-x86-fra.exe
C:\Program Files\MsgPlusLive-460.exe
C:\Program Files\WLinstaller.exe
C:\WINDOWS\system32\byXRlLEt.dll
C:\WINDOWS\system32\chhutcvr.dll
C:\WINDOWS\system32\ffJmpWeb.dll
C:\WINDOWS\system32\rsbfew.dll
C:\WINDOWS\system32\tnqyfeti.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-10 to 2008-07-10 ))))))))))))))))))))))))))))))))))))
.

2008-07-10 18:01 . 2008-07-10 18:01 <REP> d-------- C:\_OTMoveIt
2008-07-10 14:31 . 2008-07-10 14:31 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-10 14:31 . 2008-07-10 14:31 <REP> d-------- C:\Documents and Settings\Nicolas\Application Data\Malwarebytes
2008-07-10 14:31 . 2008-07-10 14:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-10 14:31 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-10 14:31 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-10 04:41 . 2008-07-10 04:41 86 --a------ C:\WINDOWS\wininit.ini
2008-07-10 04:31 . 2008-07-10 04:31 <REP> d-------- C:\Program Files\Trend Micro
2008-07-10 03:41 . 2008-07-10 03:41 <REP> d-------- C:\Program Files\CCleaner
2008-07-10 03:32 . 2008-07-10 03:32 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-10 03:32 . 2008-07-10 04:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-10 03:20 . 2008-07-10 04:00 <REP> d-------- C:\Program Files\Registry Defender Platinum
2008-07-10 02:08 . 2006-03-02 14:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-08 11:19 . 2008-04-23 06:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-08 11:19 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-08 11:19 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-08 11:19 . 2008-04-23 06:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-08 11:19 . 2008-04-23 06:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-08 11:19 . 2008-04-23 06:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-08 11:19 . 2008-04-23 06:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-08 11:19 . 2008-04-23 06:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-08 11:19 . 2008-04-22 09:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-08 11:14 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-08 11:14 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-08 11:14 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-08 01:41 . 2008-07-08 01:41 <REP> d-------- C:\Program Files\MSXML 4.0
2008-07-08 01:21 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-08 01:21 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-08 01:01 . 2008-07-08 01:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-07-08 00:57 . 2008-07-09 02:24 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-07-08 00:52 . 2008-07-09 16:30 <REP> d-------- C:\Program Files\eMule
2008-07-07 23:27 . 2008-07-07 23:27 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-07-07 23:14 . 2008-07-07 23:27 <REP> d-------- C:\Documents and Settings\Nicolas\Contacts
2008-07-07 23:00 . 2008-07-07 23:13 <REP> d-------- C:\Program Files\Windows Live
2008-07-07 23:00 . 2008-07-07 23:13 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-07 23:00 . 2008-07-07 23:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-07 22:54 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-07-07 22:54 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-07-07 22:54 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-07-07 22:54 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-07-07 22:54 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-07 22:52 . 2008-07-07 22:52 <REP> d--hs---- C:\Documents and Settings\Nicolas\UserData
2008-07-07 22:28 . 2004-10-13 16:12 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2008-07-07 22:24 . 2008-07-07 22:24 <REP> d-------- C:\Program Files\Wanadoo Messager
2008-07-07 22:24 . 2008-07-10 21:04 <REP> d-------- C:\Program Files\Wanadoo
2008-07-07 22:24 . 2008-07-07 22:24 <REP> d-------- C:\Program Files\Thomson
2008-07-07 22:24 . 2003-12-08 11:53 70,688 --a------ C:\WINDOWS\system32\drivers\alcaudsl.sys
2008-07-07 22:24 . 2003-12-08 11:53 53,600 --a------ C:\WINDOWS\system32\drivers\alcan5wn.sys
2008-07-07 22:24 . 2003-12-08 11:53 5,606 --a------ C:\WINDOWS\system32\stci.dll
2008-07-07 22:24 . 2003-12-08 11:53 5,280 --a------ C:\WINDOWS\system32\drivers\alcawh.sys
2008-07-07 22:24 . 2003-12-08 11:53 3,968 --a------ C:\WINDOWS\system32\drivers\alcacr.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-10 16:49 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\OpenOffice.org2
2008-07-09 23:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-07 21:18 --------- d-----w C:\Program Files\Google
2008-07-07 20:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-07 20:24 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-07-03 18:03 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\U3
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-15 13:55 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-06-02 18:44 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Teleca
2008-06-01 22:34 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Apple Computer
2008-06-01 22:28 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Sony Ericsson
.

((((((((((((((((((((((((((((( snapshot@2008-07-10_19.01.13.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-10 16:57:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-10 19:32:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-10 19:32:40 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_540.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-16 23:41 68856]
"Steam"="C:\Valve\Steam\Steam.exe" [2003-11-11 16:19 1081344]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 14:44 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2007-02-06 14:08 1953792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 18:43 8466432]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 18:43 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-09-16 23:31 77824]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2004-10-13 16:12 24576]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-10-13 16:12 24576]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2004-10-13 16:12 49152]
"DaemonTools_WhenUSave_Installer"="C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe" [BU]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 11:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-06-28 18:43 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Valve\\Condition Zero\\czero.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
S3 pnicml;pnicml;C:\DOCUME~1\Nicolas\LOCALS~1\Temp\pnicml.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b0bbc9c-204b-11dd-8310-001a4d483381}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-05 10:27:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{62a828f3-a84f-446b-8e80-00ba3081ba05} - (no file)
BHO-{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286} - (no file)
BHO-{CD23F372-AD0F-4037-97E6-35AA41124A0D} - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 21:32:53
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

**************************************************************************
.
------------------------ Autres processus en cours ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-10 21:36:50 - machine a été redémarrée
ComboFix-quarantined-files.txt 2008-07-10 19:35:47
ComboFix2.txt 2008-07-10 19:27:20
ComboFix3.txt 2008-07-10 17:02:36

Pré-exécution: 144,528,109,568 octets libres
Post-exécution: 144,499,118,080 octets libres

186 --- E O F --- 2008-07-09 11:25:58

Rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:59:31, on 10/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Procédés en cours :
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {50ab1803-ab00-08e8-b644-f48a3f828a26} - {62a828f3-a84f-446b-8e80-00ba3081ba05} - C:\WINDOWS\system32\zlacye.dll
O2 - BHO: (no name) - {684BFE7F-F5B2-4AB3-A95E-EB5036A2D286} - C:\WINDOWS\system32\byXRlLEt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {92FB130D-04A5-4FF9-9461-806D762EC666} - C:\WINDOWS\system32\efcYSiHx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {CD23F372-AD0F-4037-97E6-35AA41124A0D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [DaemonTools_WhenUSave_Installer] C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - Winlogon Notify: byXRlLEt - C:\WINDOWS\SYSTEM32\byXRlLEt.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner -

nico · Answer

MESSAGE PRECEDENT A NE PAS PRENDRE EN COMPTE DSL (trompé dans les fichiers, y en a tellement maintenant ! dsl )

informe de combofix

ComboFix 08-07-09.5 - Nicolas 2008-07-10 21:30:07.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1648 [GMT 2:00]
Ubicación: C:\Documents and Settings\Nicolas\Bureau\ComboFix.exe
Comandos utilizados :: C:\Documents and Settings\Nicolas\Bureau\CFScript.txt
* Creación de un nuevo punto de restauración

[color=red][b]ADVERTENCIA - ¡LA CONSOLA DE RECUPERACIÓN NO ESTÁ INSTALADA EN ESTA MAQUINA![/b][/color]

ARCHIVO ::
C:\DOCUME~1\Nicolas\LOCALS~1\Temp\pnicml.sys
C:\program files\IE7-WindowsXP-x86-fra.exe
C:\Program Files\MsgPlusLive-460.exe
C:\Program Files\WLinstaller.exe
C:\WINDOWS\system32\byXRlLEt.dll
C:\WINDOWS\system32\chhutcvr.dll
C:\WINDOWS\system32\efcYSiHx.dll
C:\WINDOWS\system32\ffJmpWeb.dll
C:\WINDOWS\system32\rsbfew.dll
C:\WINDOWS\system32\tnqyfeti.dll
C:\WINDOWS\system32\zlacye.dll
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\program files\IE7-WindowsXP-x86-fra.exe
C:\Program Files\MsgPlusLive-460.exe
C:\Program Files\WLinstaller.exe
C:\WINDOWS\system32\byXRlLEt.dll
C:\WINDOWS\system32\chhutcvr.dll
C:\WINDOWS\system32\ffJmpWeb.dll
C:\WINDOWS\system32\rsbfew.dll
C:\WINDOWS\system32\tnqyfeti.dll

.
((((((((((((((((((((((((((((( Archivos creados desde 2008-06-10 hasta 2008-07-10 ))))))))))))))))))))))))))))))))))))
.

2008-07-10 18:01 . 2008-07-10 18:01 <REP> d-------- C:\_OTMoveIt
2008-07-10 14:31 . 2008-07-10 14:31 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-10 14:31 . 2008-07-10 14:31 <REP> d-------- C:\Documents and Settings\Nicolas\Application Data\Malwarebytes
2008-07-10 14:31 . 2008-07-10 14:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-10 14:31 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-10 14:31 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-10 04:41 . 2008-07-10 04:41 86 --a------ C:\WINDOWS\wininit.ini
2008-07-10 04:31 . 2008-07-10 04:31 <REP> d-------- C:\Program Files\Trend Micro
2008-07-10 03:41 . 2008-07-10 03:41 <REP> d-------- C:\Program Files\CCleaner
2008-07-10 03:32 . 2008-07-10 03:32 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-10 03:32 . 2008-07-10 04:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-10 03:20 . 2008-07-10 04:00 <REP> d-------- C:\Program Files\Registry Defender Platinum
2008-07-10 02:08 . 2006-03-02 14:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-08 11:19 . 2008-04-23 06:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-08 11:19 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-08 11:19 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-08 11:19 . 2008-04-23 06:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-08 11:19 . 2008-04-23 06:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-08 11:19 . 2008-04-23 06:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-08 11:19 . 2008-04-23 06:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-08 11:19 . 2008-04-23 06:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-08 11:19 . 2008-04-22 09:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-08 11:14 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-08 11:14 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-08 11:14 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-08 01:41 . 2008-07-08 01:41 <REP> d-------- C:\Program Files\MSXML 4.0
2008-07-08 01:21 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-08 01:21 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-08 01:01 . 2008-07-08 01:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-07-08 00:57 . 2008-07-09 02:24 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-07-08 00:52 . 2008-07-09 16:30 <REP> d-------- C:\Program Files\eMule
2008-07-07 23:27 . 2008-07-07 23:27 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-07-07 23:14 . 2008-07-07 23:27 <REP> d-------- C:\Documents and Settings\Nicolas\Contacts
2008-07-07 23:00 . 2008-07-07 23:13 <REP> d-------- C:\Program Files\Windows Live
2008-07-07 23:00 . 2008-07-07 23:13 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-07 23:00 . 2008-07-07 23:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-07 22:54 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-07-07 22:54 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-07-07 22:54 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-07-07 22:54 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-07-07 22:54 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-07 22:52 . 2008-07-07 22:52 <REP> d--hs---- C:\Documents and Settings\Nicolas\UserData
2008-07-07 22:28 . 2004-10-13 16:12 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2008-07-07 22:24 . 2008-07-07 22:24 <REP> d-------- C:\Program Files\Wanadoo Messager
2008-07-07 22:24 . 2008-07-10 21:04 <REP> d-------- C:\Program Files\Wanadoo
2008-07-07 22:24 . 2008-07-07 22:24 <REP> d-------- C:\Program Files\Thomson
2008-07-07 22:24 . 2003-12-08 11:53 70,688 --a------ C:\WINDOWS\system32\drivers\alcaudsl.sys
2008-07-07 22:24 . 2003-12-08 11:53 53,600 --a------ C:\WINDOWS\system32\drivers\alcan5wn.sys
2008-07-07 22:24 . 2003-12-08 11:53 5,606 --a------ C:\WINDOWS\system32\stci.dll
2008-07-07 22:24 . 2003-12-08 11:53 5,280 --a------ C:\WINDOWS\system32\drivers\alcawh.sys
2008-07-07 22:24 . 2003-12-08 11:53 3,968 --a------ C:\WINDOWS\system32\drivers\alcacr.sys

.
(((((((((((((((((((((((((((((((((( Informe de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-10 16:49 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\OpenOffice.org2
2008-07-09 23:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-07 21:18 --------- d-----w C:\Program Files\Google
2008-07-07 20:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-07 20:24 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-07-03 18:03 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\U3
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-15 13:55 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-06-02 18:44 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Teleca
2008-06-01 22:34 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Apple Computer
2008-06-01 22:28 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Sony Ericsson
.

((((((((((((((((((((((((((((( instantánea@2008-07-10_19.01.13.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-10 16:57:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-10 19:32:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-10 19:32:40 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_540.dat
.
((((((((((((((((((((((((((((((((( Clave de carga Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* Los elementos vacíos y los elementos iniciales legítimos no están listados

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-16 23:41 68856]
"Steam"="C:\Valve\Steam\Steam.exe" [2003-11-11 16:19 1081344]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 14:44 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2007-02-06 14:08 1953792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 18:43 8466432]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 18:43 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-09-16 23:31 77824]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2004-10-13 16:12 24576]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-10-13 16:12 24576]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2004-10-13 16:12 49152]
"DaemonTools_WhenUSave_Installer"="C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe" [BU]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 11:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-06-28 18:43 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Valve\\Condition Zero\\czero.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;avast! Protección Self;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
S3 pnicml;pnicml;C:\DOCUME~1\Nicolas\LOCALS~1\Temp\pnicml.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b0bbc9c-204b-11dd-8310-001a4d483381}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a

.
Contenido de la carpeta 'Tareas programadas'
"2008-06-05 10:27:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORFANOS ELIMINADOS - - - -

BHO-{62a828f3-a84f-446b-8e80-00ba3081ba05} - (sin archivo)
BHO-{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286} - (sin archivo)
BHO-{CD23F372-AD0F-4037-97E6-35AA41124A0D} - (sin archivo)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - detector de rootkit/malware sigiloso por Gmer, http://www.gmer.net
Escaneo de rootkit 2008-07-10 21:32:53
Windows 5.1.2600 Service Pack 2 NTFS

Barrido de procesos ocultos ...

Barrido de entradas de autoarranque ocultas ...

Barrido de archivos ocultos ...

**************************************************************************
.
------------------------ Otros Procesos en Ejecución ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Tiempo de ejecución: 2008-07-10 21:36:50 - la máquina fue reiniciada
ComboFix-quarantined-files.txt 2008-07-10 19:35:47
ComboFix2.txt 2008-07-10 19:27:20
ComboFix3.txt 2008-07-10 17:02:36

Pre-ejecución: 144,528,109,568 bytes libres
Post-ejecución: 144,499,118,080 bytes libres

186 --- E O F --- 2008-07-09 11:25:58

Buen informe HIJ

Logfile de Trend Micro HijackThis v2.0.2
Escaneo guardado en 21:38:21, el 10/07/2008
Plataforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Modo de arranque: Normal

Procesos en ejecución:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Enlaces
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [DaemonTools_WhenUSave_Installer] C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (sin nombre) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Configuración de Spybot - Search & Destroy - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (sin nombre) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Mensajero Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Mensajero Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (Clase WUWebControl) - http://www.update.microsoft.com/...
O23 - Servicio: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Servicio: avast! Control de actualización (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Servicio: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Servicio: avast! Escáner de correo - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Servicio: avast! Escáner web - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Servicio: Servicio de Google Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Servicio: Administrador de Tabla de Controlador de instalación (IDriverT) - Macrovision Corporation

nico · Answer

estaré disponible sobre las 9h, solo para avisarles, para que no esperen en vano. ¡Hasta luego! PD: no he tocado la computadora, será una sorpresa más tarde ^^

verni29 · Answer

Hola, Nico

Vamos a usar dos herramientas para hacer un chequeo de tu PC.

1) Descarga DiagHelp en tu escritorio
http://www.malekal.com/download/DiagHelp.zip

Haz clic derecho en el archivo y extrae todo
- Se creará una carpeta DiagHelp
- Ábrela y haz doble clic en go.cmd
- elige la opción 1
- El análisis comenzará, esto puede tardar unos minutos, sigue las instrucciones.
Importante: después del informe catchme, se te pedirá que presiones una tecla para continuar con el escaneo.
Sigue las instrucciones. Aparecerá un informe. Este último se encuentra en C:\resultat.txt
Copia/pega el contenido del informe en el próximo mensaje.

2) Descarga Sreng (System Repair Engineer)
http://www.kztechs.com/eng/download.html

Extrae todo su contenido en tu escritorio
En la carpeta creada, Sreng2, haz doble clic en SREnLdr.exe.
Haz clic en Smart Scan y en Scan

Cuando se complete, haz clic en el botón Save Reports
Guarda el informe en tu escritorio
Copia/pega el contenido de SREnglLOG.log en tu próxima respuesta, por favor.

¡Hasta luego!

nico · Answer

Bonjour, voici les 2 rapports : - celui de DiagHelp :  DiagHelp version v1.4 - http://www.malekal.com exécuté le 12/07/2008 à 9:54:29,87   Liste des derniers fichiers modifiés/créés dans windir\system32 et prefetch C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf --> 12/07/2008 09:54:29 C:\WINDOWS\prefetch\CHCP.COM-18156052.pf --> 12/07/2008 09:54:24 C:\WINDOWS\prefetch\GOOGLEUPDATER.EXE-2CAF5929.pf --> 12/07/2008 09:54:18 C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf --> 12/07/2008 09:53:16 C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf --> 12/07/2008 09:52:34 C:\WINDOWS\prefetch\RUNDLL32.EXE-451FC2C0.pf --> 12/07/2008 09:52:13 C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf --> 12/07/2008 09:44:42 C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf --> 12/07/2008 09:44:42 C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf --> 12/07/2008 09:44:42 C:\WINDOWS\prefetch\CONTROL.EXE-013DBFB5.pf --> 10/07/2008 22:53:08  C:\WINDOWS\System32\drivers\mbamcatchme.sys --> 07/07/2008 17:35:36 C:\WINDOWS\System32\drivers\mbam.sys --> 07/07/2008 17:35:30 C:\WINDOWS\System32\drivers	cpip.sys --> 20/06/2008 12:45:13 C:\WINDOWS\System32\drivers\afd.sys --> 20/06/2008 12:44:38 C:\WINDOWS\System32\drivers	cpip6.sys --> 20/06/2008 11:52:06 C:\WINDOWS\System32\drivers\bthport.sys --> 14/06/2008 19:59:52 C:\WINDOWS\System32\drivers\aswSP.sys --> 16/05/2008 01:20:32  C:\WINDOWS\System32\wpa.dbl --> 12/07/2008 09:43:14 C:\WINDOWS\System32\67d5e971-.txt --> 10/07/2008 18:39:41 C:\WINDOWS\System32\PerfStringBackup.INI --> 08/07/2008 11:14:18 C:\WINDOWS\System32\perfh00C.dat --> 08/07/2008 11:14:18 C:\WINDOWS\System32\perfh009.dat --> 08/07/2008 11:14:18 C:\WINDOWS\System32\perfc00C.dat --> 08/07/2008 11:14:18 C:\WINDOWS\System32\perfc009.dat --> 08/07/2008 11:14:18 C:\WINDOWS\System32\FNTCACHE.DAT --> 08/07/2008 02:48:56 C:\WINDOWS\System32\TZLog.log --> 08/07/2008 01:44:19 C:\WINDOWS\System32\CONFIG.NT --> 07/07/2008 22:36:32 C:\WINDOWS\System32\CmdLineExt03.dll --> 06/07/2008 00:50:22 C:\WINDOWS\System32\MRT.exe --> 25/06/2008 18:15:46 C:\WINDOWS\System32\mswsock.dll --> 20/06/2008 19:41:06 C:\WINDOWS\System32\dnsapi.dll --> 20/06/2008 19:41:06 C:\WINDOWS\System32\aswBoot.exe --> 16/05/2008 01:24:43 C:\WINDOWS\System32\AvastSS.scr --> 16/05/2008 01:12:36 C:\WINDOWS\System32\quartz.dll --> 07/05/2008 07:15:36 C:\WINDOWS\System32\mshtml.dll --> 23/04/2008 22:16:42 C:\WINDOWS\System32\wininet.dll --> 23/04/2008 06:16:40 C:\WINDOWS\System32\webcheck.dll --> 23/04/2008 06:16:40 C:\WINDOWS\System32\urlmon.dll --> 23/04/2008 06:16:40 C:\WINDOWS\System32\url.dll --> 23/04/2008 06:16:40 C:\WINDOWS\System32\pngfilt.dll --> 23/04/2008 06:16:40 C:\WINDOWS\System32\occache.dll --> 23/04/2008 06:16:40 C:\WINDOWS\System32\mstime.dll --> 23/04/2008 06:16:40  C:\WINDOWS\0.log --> 12/07/2008 09:43:18 C:\WINDOWS\WindowsUpdate.log --> 12/07/2008 09:43:17 C:\WINDOWS\bootstat.dat --> 12/07/2008 09:43:12 C:\WINDOWS\SchedLgU.Txt --> 10/07/2008 22:53:34 C:\WINDOWS\system.ini --> 10/07/2008 21:32:51 C:\WINDOWS\wininit.ini --> 10/07/2008 04:41:39 C:\WINDOWS\NeroDigital.ini --> 10/07/2008 01:31:45 C:\WINDOWS\QTFont.qfn --> 09/07/2008 14:55:19 C:\WINDOWS\win.ini --> 07/02/2008 19:39:15 C:\WINDOWS\BricoPackUninst.txt --> 17/09/2007 00:13:06 C:\WINDOWS\BricoPackUninst.cmd --> 17/09/2007 00:13:06 C:\WINDOWS\BricoPackFoldersDelete.cmd --> 17/09/2007 00:13:06 C:\WINDOWS\BricoPack Wallpaper.bmp --> 17/09/2007 00:12:56 C:\WINDOWS\QTFont.for --> 16/09/2007 23:23:41 C:\WINDOWS\HideWin.exe --> 11/09/2007 16:00:43  winlogon.exe  Vérifié : Signé svchost.exe  Vérifié : Signé ws2_32.dll  Vérifié : Signé user32.dll  Vérifié : Signé tcpip.sys  Vérifié : Signé ndis.sys  Vérifié : Signé null.sys  Vérifié : Signé   ListDLLs v2.25 - Lister DLL pour Win9x/NT Copyright (C) 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com  ------------------------------------------------------------------------------ explorer.exe pid: 1748 Ligne de commande: C:\WINDOWS\Explorer.EXE   Taille de base Version Chemin  0x44080000 0xd0000 7.00.6000.16674 C:\WINDOWS\system32\WININET.dll  0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll  0x43e00000 0x45000 7.00.6000.16674 C:\WINDOWS\system32\iertutil.dll  0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll  0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL  0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll  0x4c5a0000 0x18000 9.00.0000.3250 C:\PROGRA~1\WINDOW~2\wmpband.dll  0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL  0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll  0x44360000 0x5cd000 7.00.6000.16674 C:\WINDOWS\system32\ieframe.dll  0x44160000 0x127000 7.00.6000.16674 C:\WINDOWS\system32\urlmon.dll  0x442b0000 0x3c000 7.00.6000.16674 C:\WINDOWS\system32\webcheck.dll  0x02150000 0x187000 1.06.0000.0012 C:\PROGRA~1\SPYBOT~1\SDHelper.dll  0x43ff0000 0xa000 7.00.6000.16674 C:\WINDOWS\system32\jsproxy.dll  0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll  0x015d0000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll  0x61c20000 0x54000 8.00.0000.9118 C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll  0x5fc70000 0x18000 8.00.0000.9107 C:\Program Files\OpenOffice.org 2.2\program\uwinapi.dll  0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\OpenOffice.org 2.2\program\MSVCR71.dll  0x61740000 0x8e000 4.05.2003.0120 C:\Program Files\OpenOffice.org 2.2\program\stlport_vc7145.dll  0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\OpenOffice.org 2.2\program\MSVCP71.dll  0x10000000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll  0x00ed0000 0x2d000 C:\Program Files\WinRARarext.dll  0x00e10000 0x8000 1.00.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll  0x64f00000 0x12000 4.08.1201.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll  0x03350000 0x836000 6.14.0011.6218 C:\WINDOWS\system32
vcpl.dll  0x74bf0000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\OLEACC.dll  0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll  0x03b90000 0x45000 6.14.0011.6218 C:\WINDOWS\system32\NVRSFR.DLL  0x03be0000 0x5a000 6.14.0011.6218 C:\WINDOWS\system32
vapi.dll  0x03c40000 0x73000 6.14.0010.12002 C:\WINDOWS\system32
vshell.dll  0x60980000 0x7000 3.01.4000.1823 C:\WINDOWS\system32\MSISIP.DLL  0x74e10000 0x10000 5.06.0000.8820 C:\WINDOWS\system32\wshext.dll  0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL  0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL  0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\system32\wshFR.DLL  ListDLLs v2.25 - Lister DLL pour Win9x/NT Copyright (C) 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com  ------------------------------------------------------------------------------ winlogon.exe pid: 756 Ligne de commande: winlogon.exe   Taille de base Version Chemin  0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe  0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll  0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll  0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll  0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL  0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll  0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL    Le volume dans le lecteur C n'a pas de nom.  Le numéro de série du volume est 6CF6-2DA0   Répertoire de C:\WINDOWS\system32  02/03/2006 14:00 6 144 csrss.exe  1 fichier(s) 6 144 octets  0 Rép(s) 145 096 974 336 octets libres  Contenu de Downloaded Program Files  Le volume dans le lecteur C n'a pas de nom.  Le numéro de série du volume est 6CF6-2DA0   Répertoire de C:\WINDOWS\Downloaded Program Files  07/07/2008 23:17  . 07/07/2008 23:17  .. 11/09/2007 15:48 65 desktop.ini 24/03/2008 19:33 1 527 056 FP_AX_CAB_INSTALLER.exe 24/03/2008 19:18 247 swflash.inf 30/07/2007 19:24 293 wuweb.inf  4 fichier(s) 1 527 661 octets   Total des fichiers listés :  4 fichier(s) 1 527 661 octets  2 Rép(s) 145 096 974 336 octets libres  Recherche de rootkit ! (Merci S!Ri)  Recherche d'infections connues  Export des clés sensibles..   Liste des fichiers en exception sur le pare-feu XP SP2  "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008" "C:\Valve\Condition Zero\czero.exe"="C:\Valve\Condition Zero\czero.exe:*:Enabled:Condition Zero Launcher" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"  "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"  Export de la clé SharedTaskScheduler  [SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"    Exports des politiques REGEDIT4  [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "DisableRegistryTools"=dword:00000000 "HideLegacyLogonScripts"=dword:00000000 "HideLogoffScripts"=dword:00000000 "RunLogonScriptSync"=dword:00000001 "RunStartupScriptSync"=dword:00000000 "HideStartupScripts"=dword:00000000    Export des clés sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1351 W2K/XP/Vista - détecteur de rootkit/malware furtif par Gmer, http://www.gmer.net Scan de rootkit 2008-07-12 09:54:49 Windows 5.1.2600 Service Pack 2 NTFS  scanning hidden services & system hive ...  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:4fc02f53 "s2"=dword:9f0a7575 "h0"=dword:00000001  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools" "h0"=dword:00000000 "khjeh"=hex:de,79,dc,58,ce,b5,c3,98,63,44,e0,cb,09,e6,13,44,7b,3f,28,e4,66,..  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,fd,2a,af,03,1a,53,b3,75,c5,ac,c3,08,ab,d4,5b,45,03,.. "khjeh"=hex:ae,01,5e,0b,c3,ee,f8,b5,5f,26,36,02,af,ae,22,49,e7,b8,cc,b6,a3,..  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:54,af,84,2e,29,36,52,b1,7c,4e,a8,d1,27,e9,ee,2f,ff,fd,09,e7,e3,..  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:29,32,2e,5d,e1,30,08,82,7e,23,bf,c5,04,7d,f9,6d,53,1b,c1,92,9b,..  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42] "khjeh"=hex:97,07,10,c2,0c,28,1b,d2,ca,1f,cd,2c,85,02,e4,21,0e,bb,5a,74,4e,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools" "h0"=dword:00000000 "khjeh"=hex:de,79,dc,58,ce,b5,c3,98,63,44,e0,cb,09,e6,13,44,7b,3f,28,e4,66,..  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,fd,2a,af,03,1a,53,b3,75,c5,ac,c3,08,ab,d4,5b,45,03,.. "khjeh"=hex:ae,01,5e,0b,c3,ee,f8,b5,5f,26,36,02,af,ae,22,49,e7,b8,cc,b6,a3,..  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:54,af,84,2e,29,36,52,b1,7c,4e,a8,d1,27,e9,ee,2f,ff,fd,09,e7,e3,..  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:29,32,2e,5d,e1,30,08,82,7e,23,bf,c5,04,7d,f9,6d,53,1b,c1,92,9b,..  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42] "khjeh"=hex:97,07,10,c2,0c,28,1b,d2,ca,1f,cd,2c,85,02,e4,21,0e,bb,5a,74,4e,..  scanning hidden registry entries ...  scanning hidden files ...  scan completed successfully hidden services: 0 hidden files: 0   KProcCheck Version 0.2-beta1 Proof-of-Concept par SIG^2 (www.security.org.sg)  Liste des processus par traversal de KiWaitListHead  4 - System 224 - ashMaiSv.exe 416 - ashWebSv.exe 624 - alg.exe 732 - csrss.exe 756 - winlogon.exe 800 - services.exe 812 - lsass.exe 968 - svchost.exe 1016 - svchost.exe 1056 - svchost.exe 1136 - svchost.exe 1172 - svchost.exe 1344 - ashServ.exe 1736 - AppleMobileDevi 1748 - explorer.exe 1764 - GoogleUpdaterSe 1800 - nvsvc32.exe 2144 - RTHDCPL.exe 2228 - CnxMon.exe 2240 - dragdiag.exe 2256 - TaskBarIcon.exe 2268 - ctfmon.exe 2276 - GoogleToolbarNo 2304 - msnmsgr.exe 2312 - TeaTimer.exe 3052 - cmd.exe  Nombre total de processus = 27 NOTE : Sous WinXP, cela ne montrera pas tous les processus.  KProcCheck Version 0.2-beta1 Proof-of-Concept par SIG^2 (www.security.org.sg)  Liste des pilotes/Modules par traversal de PsLoadedModuleList  804D7000 - \WINDOWS\system32
tkrnlpa.exe 806E2000 - \WINDOWS\system32\hal.dll BADA8000 - \WINDOWS\system32\KDCOM.DLL BACB8000 - \WINDOWS\system32\BOOTVID.dll BA6D0000 - sptd.sys BADAA000 - \WINDOWS\System32\Drivers\WMILIB.SYS BA6B8000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS BA689000 - ACPI.sys BA678000 - pci.sys BA8A8000 - isapnp.sys BAE70000 - pciide.sys BAB28000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS BA8B8000 - MountMgr.sys BA659000 - ftdisk.sys BAB30000 - PartMgr.sys BA8C8000 - VolSnap.sys BA641000 - atapi.sys BA8D8000 - jraid.sys BA8E8000 - disk.sys BA8F8000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS BA621000 - fltMgr.sys BA60A000 - KSecDD.sys BA57D000 - Ntfs.sys BA550000 - NDIS.sys BA535000 - Mup.sys BADAC000 - JGOGO.sys BAA28000 - \SystemRoot\system32\DRIVERS\intelppm.sys B9ACB000 - \SystemRoot\system32\DRIVERS
v4_mini.sys B9AB7000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS BABC0000 - \SystemRoot\system32\DRIVERS\usbuhci.sys B9A94000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS BABC8000 - \SystemRoot\system32\DRIVERS\usbehci.sys B9A6F000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys B9A58000 - \SystemRoot\system32\DRIVERS\Rtenicxp.sys BABD0000 - \SystemRoot\system32\DRIVERS\fdc.sys B9A47000 - \SystemRoot\system32\DRIVERS\serial.sys BAD9C000 - \SystemRoot\system32\DRIVERS\serenum.sys B9A33000 - \SystemRoot\system32\DRIVERS\parport.sys BAA38000 - \SystemRoot\system32\DRIVERS\i8042prt.sys BABD8000 - \SystemRoot\system32\DRIVERS\mouclass.sys BABE0000 - \SystemRoot\system32\DRIVERS\kbdclass.sys BAA48000 - \SystemRoot\system32\DRIVERS\imapi.sys BAA58000 - \SystemRoot\system32\DRIVERS\cdrom.sys BAA68000 - \SystemRoot\system32\DRIVERSedbook.sys B9A10000 - \SystemRoot\system32\DRIVERS\ks.sys B99C6000 - \SystemRoot\System32\Drivers\acn8ehko.SYS BAFF5000 - \SystemRoot\system32\DRIVERS\audstub.sys BAA78000 - \SystemRoot\system32\DRIVERSasl2tp.sys BA4F5000 - \SystemRoot\system32\DRIVERS
distapi.sys B9991000 - \SystemRoot\system32\DRIVERS
diswan.sys BAA88000 - \SystemRoot\system32\DRIVERSaspppoe.sys BAA98000 - \SystemRoot\system32\DRIVERSaspptp.sys BAC30000 - \SystemRoot\system32\DRIVERS\TDI.SYS B9980000 - \SystemRoot\system32\DRIVERS\psched.sys BAAA8000 - \SystemRoot\system32\DRIVERS\msgpc.sys BAC38000 - \SystemRoot\system32\DRIVERS\ptilink.sys BAC40000 - \SystemRoot\system32\DRIVERSaspti.sys BAAD8000 - \SystemRoot\system32\DRIVERS	ermdd.sys BADC2000 - \SystemRoot\system32\DRIVERS\swenum.sys B9927000 - \SystemRoot\system32\DRIVERS\update.sys BA4E9000 - \SystemRoot\system32\DRIVERS\mssmbios.sys BAAF8000 - \SystemRoot\System32\Drivers\NDProxy.SYS BAB18000 - \SystemRoot\system32\DRIVERS\usbhub.sys BADC4000 - \SystemRoot\system32\DRIVERS\USBD.SYS B6309000 - \SystemRoot\system32\drivers\RtkHDAud.sys B62E7000 - \SystemRoot\system32\drivers\portcls.sys BA928000 - \SystemRoot\system32\drivers\drmk.sys BAC70000 - \SystemRoot\system32\DRIVERS\flpydisk.sys BADF0000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS BAF1D000 - \SystemRoot\System32\Drivers\Null.SYS BADF2000 - \SystemRoot\System32\Drivers\Beep.SYS BAC88000 - \SystemRoot\System32\drivers\vga.sys BADF4000 - \SystemRoot\System32\Drivers\mnmdd.SYS BADF6000 - \SystemRoot\System32\Drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32
v4_disp.dll BAC20000 - \SystemRoot\system32\DRIVERS\aswFsBlk.sys B5D24000 - \SystemRoot\system32\DRIVERS
disuio.sys B5BA2000 - \SystemRoot\System32\Drivers\aswMon2.SYS B59BE000 - \SystemRoot\system32\DRIVERS\mrxdav.sys BADD0000 - \SystemRoot\System32\Drivers\ParVdm.SYS B5854000 - \SystemRoot\system32\drivers\wdmaud.sys B5AAA000 - \SystemRoot\system32\drivers\sysaudio.sys B5A1A000 - \SystemRoot\System32\Drivers\aswRdr.SYS B5264000 - \SystemRoot\System32\Drivers\HTTP.sys B4FB9000 - \SystemRoot\system32\drivers\kmixer.sys B4EF4000 - \SystemRoot\System32\Drivers\Fastfat.SYS BAEEC000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys  Nombre total de pilotes = 119  Liste des programmes installés  Adobe Flash Player ActiveX Adobe Reader 7.0.8 - Français Age of Empires III Age of Empires III AntivirXP08 Apple Mobile Device Support Apple Software Update Archiveur WinRAR avast! Antivirus CCleaner (remove only) Correctif pour

nico · Answer

Además, desde la aparición del virus tengo una pantalla azul como fondo de pantalla, quería volver a poner mi antiguo fondo y el nombre de la pantalla azul me intrigó... se trata del mismo nombre que el primer archivo encontrado por Avast: un archivo de imagen llamado "phc3rnj0ecfn". Supongo que es normal, pero ¿puedo volver a poner mi fondo de pantalla habitual? ¿Es un "residuo" inofensivo?

nico · Answer

Lo siento por el tiempo de respuesta, pero he tenido algunos problemas de visualización en la página del foro. Entonces, sí, aparece bien en el agregar/eliminar programas. No recuerdo si lo usé o no, no creo porque debería pedirme adquirir una licencia, cosa que no hice. Pero es cierto que se instaló solo y apareció un poco después de la infección encontrada... en fin, ¿qué debo hacer? ¿cómo debería reaccionar mi PC?

nico · Answer

rapport Hij :  Logfile de Trend Micro HijackThis v2.0.2 Scan enregistré à 12:20:19, le 12/07/2008 Plateforme : Windows XP SP2 (WinNT 5.01.2600) MSIE : Internet Explorer v7.00 (7.00.6000.16674) Mode démarrage : Normal  Processus en cours : C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32
vsvc32.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\DAEMON Tools\daemon.exe C:\PROGRA~1\Wanadoo\CnxMon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Page de démarrage = https://www.orange.fr/portail R1 - HKLM\Software\Microsoft\Internet Explorer\Main,URL_Page_Default = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,URL_Recherche_Default = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Page de recherche = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Page de démarrage = https://www.msn.com/fr-fr/?ocid=iehp R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,NomDossierLiens = Liens R3 - URLSearchHook : Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO : Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll O2 - BHO : Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO : SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO : Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO : Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar : &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run : [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run : [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe O4 - HKLM\..\Run : [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot O4 - HKLM\..\Run : [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run : [nwiz] nwiz.exe /install O4 - HKLM\..\Run : [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run : [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run : [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run : [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run : [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run : [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run : [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run : [DaemonTools_WhenUSave_Installer] C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe O4 - HKCU\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run : [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run : [Steam] C:\Valve\Steam\Steam.exe -silent O4 - HKCU\..\Run : [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run : [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O9 - Bouton supplémentaire : (sans nom) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Élément de menu supplémentaire 'Outils' : Configuration de Spybot - Search & Destroy - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Bouton supplémentaire : (sans nom) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Élément de menu supplémentaire : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Bouton supplémentaire : Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Élément de menu supplémentaire : Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O16 - DPF : {6414512B-B978-451D-A0D8-FCFDF33E833C} (Classe WUWebControl) - http://www.update.microsoft.com/... O23 - Service : Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service : Service de contrôle iAVS4 d'avast! (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service : Antivirus avast! - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service : Scanner de mail avast! - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service : Scanner Web avast! - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service : Service de mise à jour Google (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service : Gestionnaire de table InstallDriver (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service : Service du pilote d'affichage NVIDIA (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe  -- Fin du fichier - 6410 octets

nico · Answer

Creo que usted está más informado que yo sobre la cuestión de la protección, así que seguiré sus "directrices" e instalaré lo que deba ser instalado. Luego le enviaré otro informe de Hijackthis. ¡Hasta luego!

verni29 · Answer

Un otro enlace.  https://www.clubic.com/telecharger-fiche10821-avira-antivir-personal-free-antivirus.html

verni29 · Answer

Nico,  Aquí está la solución para desactivar la protección residente:  menú de inicio --> Programas --> Avast  Abres Avast (no debería ser el skin sino la interfaz normal)  Configuraciones --> Protección residente  pon en desactivar  ¡A+!

nico · Answer

Lo he hecho, gracias. Comencé la instalación de Sunbelt Personal Firewall, todo se desarrolló normalmente, pero antes de la última ventana que me pide reiniciar el PC para finalizar la instalación, recibí un mensaje de error "error interno...". Hice clic en "ok" (sin otra opción) y ahora puedo reiniciar mi PC. Dicho esto, ¿se habría realizado correctamente la instalación?

nico · Answer

Lo siento, una vez más fui demasiado rápido... no puedo reiniciar el PC, esto es lo que muestra la última ventana de instalación: "El asistente fue interrumpido antes de que Sunbelt (...) pudiera ser completamente instalado. Su sistema no ha sido modificado. Para completar la instalación en otro momento, por favor ejecute la configuración nuevamente. haga clic en finalizar para salir (...).  Así que haré clic y volveré a comenzar la instalación!"

nico · Answer

Instalación de Java OK, me ha permitido, por supuesto, constatar la eficacia del firewall (¡impresionante!). Tengo un pequeño problema con el último enlace (el de la etapa 4), parece ser erróneo (según Orange). ¡Hasta luego!

nico · Answer

rapport Hij :  Logfile de HijackThis v1.99.1 Analyse enregistrée à 14:53:30, le 12/07/2008 Plateforme : Windows XP SP2 (WinNT 5.01.2600) MSIE : Internet Explorer v7.00 (7.00.6000.16674)  Processus en cours : C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32
vsvc32.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\DAEMON Tools\daemon.exe C:\PROGRA~1\Wanadoo\CnxMon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe C:\WINDOWS\system32\wuauclt.exe C:\DOCUME~1\Nicolas\LOCALS~1\Temp\Rar$EX00.750\HijackThis.exe  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [DaemonTools_WhenUSave_Installer] C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Démarrage : RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O9 - Bouton extra : (pas de nom) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Élément de menu 'Outils' supplémentaire : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Bouton extra : (pas de nom) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Élément de menu 'Outils' supplémentaire : Configuration de Spybot - Search & Destroy - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Bouton extra : (pas de nom) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (fichier manquant) O9 - Élément de menu 'Outils' supplémentaire : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (fichier manquant) O9 - Bouton extra : Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Élément de menu 'Outils' supplémentaire : Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O11 - Groupe d'options : [INTERNATIONAL] International* O16 - DPF : {6414512B-B978-451D-A0D8-FCFDF33E833C} (classe WUWebControl) - http://www.update.microsoft.com/... O16 - DPF : {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1215865838395&h=d25db4a49e84af280db9dd1465543dae/&filename=jinstall-6u7-windows-i586-jc.cab O18 - Protocole : livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocole : msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O23 - Service : Avira AntiVir Personal – Planificateur d’antivirus gratuit (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service : Avira AntiVir Personal – Gardien antivirus gratuit (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service : Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service : Service de mise à jour Google (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service : Gestionnaire de table des pilotes InstallDriver (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service : Service de pilote d'affichage NVIDIA (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe O23 - Service : SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe O23 - Service : Pare-feu personnel Sunbelt 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe    Pour précision, il me reste des programmes sur le bureau (malwarebytes, sreng2) avec les dossiers et fichiers associés, de même que le fameux fix.reg. Que fais-je de tout cela ? Et dans mes programmes apparaît toujours l'antivirus XP08, dois-je le supprimer via le panneau de config ?

nico · Answer

¡Alerta! Después de haber publicado este mensaje, fui a internet y mi antivirus me alertó que se encontró un virus: "¡Se encontró un virus o programa no deseado! C:\Documents and Settings\Temporary Internet files\Content.IE5\0L6YB5IN\prototype[1]" Debajo está marcado: "contiene patrón de detección del virus Java script JS/Director.A (en forma de enlace). ¿Qué debo hacer? ¿Ponerlo en cuarentena, eliminarlo...?

nico · Answer

Sí, estoy contento de que reaccione, pero la casilla "denegar acceso" está marcada por defecto... ¿dejo así y hago clic en OK o cambio de opción (eliminar, quitar, cuarentena, ignorar)? Además, hice clic en el enlace JS\director.A y en el sitio de antivirus no está (re)conocido. Después de eso haré la limpieza del sistema y pondré el tema como resuelto. ¡Le agradezco profundamente la atención que ha prestado a mi problema y el tiempo que ha dedicado, ¡chapó!

nico · Answer

ok, creo que todo está bien, ¡gracias de nuevo! Y si alguna vez tengo otro problema de este tipo, sabré a quién acudir. (aunque preferiría no tener que hacerlo ;)) ¡Felicidades por el trabajo realizado y mucha suerte con lo que venga, vernie29!

nico · Answer

Me encantaría, para cerrar el problema ;), pero no puedo cambiar el estado del problema, tal vez sea porque no soy miembro. En ese caso, puedo intentar informar a uno de nuestros últimos posts a un moderador especificando que puede poner "resuelto".

Win32:Adware-gen [Adw]

34 respuestas

Vídeos transformados en imágenes - recuperación

Comaps en play store

Problema de texturas en enshrouded

Quiero saber cómo denunciar una estafa

Gps tracker para coche

¿cuáles son sus experiencias con tabletas android abor

Desactivar office

Reinstalación de w11 imposible tras fallo del pc...

Sitio inaccesible

Dossier de elementos enviados inexistente