[résolu] problème connexion, soupçon infection

[michelba]

Bonjour,

 

On m'a confié un pc (avec Vista) qui a un problème de connexion Internet. Je communique donc sur ce forum par mon pc.

 

Donc, j'ai branché le pc à examiner sur ma connexion (filaire) Internet chez moi, et la connexion ne s'établit pas. J'ai observé

dans le centre de sécurité Vista que le pare-feu Windows est désactivé, et que le pare-feu Norton est activé.

Mais, je n'ai pas pu trouver où se cache se pare-feu Norton pour éventuellement le désactiver!

 

Bref, toute aide sera très appréciée!

 

Merci d'avance!

Modifié le 1 février 2009 par michelba

[Falkra]

Bonjour,

 

J'ai observé dans le centre de sécurité Vista que le pare-feu Windows est désactivé, et que le pare-feu Norton est activé.

ça, c'est normal, un seul pare-feu à la fois suffit.

 

Ce ne serait pas simplement un problème de connexion, sans virus ?

 

On va regarder côté virus, si ça ne donne rien, je transfère ton sujet dans une autre section.

 

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

• Double-clique sur RSIT.exe afin de lancer RSIT.
  
• Clique Continue à l'écran Disclaimer.
  
• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  
• NB : Les rapports sont sauvegardés dans le dossier C:\rsit
  Ca fait deux rapports donc.
  

[michelba]

Bonjour, Falkra

 

D'abord merci infiniment de me répondre, et je serais très heureux d'être orienté sur le bon forum si c'est nécessaire.

 

Ensuite, j'ai tenté de suivre tes instructions, ce qui est un peu compliqué puisque justement l'ordinateur en examen ne se connecte pas à Internet. Donc je passe par le mien et je transfère les fichiers téléchargés par une clé USB.

 

Donc voici d'abord log.txt :

 

==========================================

 

Logfile of random's system information tool 1.05 (written by random/random)

Run by alexandra at 2009-01-28 18:28:14

Microsoft® Windows Vista™ Йdition Familiale Premium

System drive C: has 13 GB (39%) free of 33 GB

Total RAM: 766 MB (34% free)

 

HijackThis download failed

 

======Scheduled tasks folder======

 

C:\Windows\tasks\User_Feed_Synchronization-{CFFA675E-CF03-45CC-8E49-BCF05E1BD668}.job

C:\Windows\tasks\Vйrifier les mises а jour de Windows Live Toolbar.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]

XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\4324\toolbaru.dll [2006-12-25 701952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-06-03 1404928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]

IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll [2008-11-11 62728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]

ShowBarObj Class - C:\Windows\system32\ActiveToolBand.dll [2007-02-06 299008]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-07-28 2436160]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-02-06 151552]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fenкtres pop-up - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]

{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQ Toolbar - C:\PROGRA~1\ICQTOO~1\4324\toolbaru.dll [2006-12-25 701952]

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-07-28 2436160]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Acer Tour"= []

"eRecoveryService"= []

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-10-07 1006264]

"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104]

"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe /a /m C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll []

"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-09 3784704]

"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-02-06 90191]

"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-02-06 81920]

"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-02-06 7770112]

"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2006-12-21 659456]

"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-02-06 464168]

"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe [2007-01-17 151552]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]

"ICQ"=C:\Program Files\ICQ6\ICQ.exe [2008-09-01 173304]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-07-28 171448]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-09 1232896]

"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]

"Device Detector"=DevDetect.exe -autorun []

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll eNetHook.dll"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

C:\Windows\system32\klogon.dll [2008-11-11 218376]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

shell\AutoRun\command - G:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e3d7844-90f7-11dc-9df3-0016d35b843a}]

shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96e78210-109b-11dd-ab98-0016d35b843a}]

shell\AutoRun\command - F:\EmDesk.exe

shell\EmDesk\command - F:\EmDesk.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d900ae78-9286-11dc-9697-0016d35b843a}]

shell\AutoRun\command - G:\LaunchU3.exe -a

 

 

======List of files/folders created in the last 1 months======

 

2009-01-28 17:39:55 ----D---- C:\rsit

2009-01-28 17:39:55 ----D---- C:\Program Files\trend micro

2009-01-08 21:29:54 ----D---- C:\Windows\pss

2009-01-07 20:43:45 ----A---- C:\Windows\system32\mshtml.dll

2009-01-04 03:54:40 ----D---- C:\Windows\Minidump

2009-01-03 21:23:01 ----SHD---- C:\Config.Msi

2009-01-03 21:10:53 ----D---- C:\ProgramData\Kaspersky Lab Setup Files

 

======List of files/folders modified in the last 1 months======

 

2009-01-28 18:28:10 ----D---- C:\Windows\Temp

2009-01-28 17:42:37 ----AD---- C:\Windows\System32

2009-01-28 17:42:27 ----A---- C:\Windows\system32\PerfStringBackup.INI

2009-01-28 17:41:24 ----D---- C:\Windows\inf

2009-01-28 17:39:55 ----RD---- C:\Program Files

2009-01-28 17:28:46 ----D---- C:\Windows\system32\catroot

2009-01-28 17:28:38 ----D---- C:\Windows\winsxs

2009-01-28 17:28:38 ----D---- C:\Program Files\Windows Mail

2009-01-28 17:28:27 ----AD---- C:\Windows\system32\drivers

2009-01-28 17:25:26 ----SHD---- C:\System Volume Information

2009-01-28 00:45:10 ----D---- C:\ProgramData\Kaspersky Lab

2009-01-28 00:43:54 ----D---- C:\Windows\system32\catroot2

2009-01-27 22:20:38 ----D---- C:\Windows\Prefetch

2009-01-11 21:00:45 ----AD---- C:\Windows

2009-01-11 20:56:20 ----SHD---- C:\Windows\Installer

2009-01-10 02:35:28 ----A---- C:\Windows\system32\mrt.exe

2009-01-08 21:47:14 ----D---- C:\Windows\system32\LogFiles

2009-01-08 09:50:33 ----D---- C:\Users\alexandra\AppData\Roaming\Skype

2009-01-08 09:50:23 ----D---- C:\Users\alexandra\AppData\Roaming\skypePM

2009-01-06 17:48:11 ----D---- C:\Program Files\Mozilla Firefox

2009-01-03 22:19:19 ----SD---- C:\ProgramData\Microsoft

2009-01-03 21:47:46 ----D---- C:\Program Files\Kaspersky Lab

2009-01-03 21:42:48 ----D---- C:\Program Files\Symantec

2009-01-03 21:36:12 ----D---- C:\Program Files\Common Files\Symantec Shared

2009-01-03 21:35:49 ----D---- C:\ProgramData\Symantec

2009-01-03 21:29:33 ----D---- C:\Windows\Tasks

2009-01-03 21:15:25 ----HD---- C:\ProgramData

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071220.001\IDSvix86.sys [2007-11-06 180272]

R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-07-21 121872]

R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2008-10-27 239632]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]

R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]

R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2007-10-30 191536]

R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2007-01-02 76584]

R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]

R2 RMCAST;Pilote du protocole RMCAT PGMP; C:\Windows\system32\DRIVERS\RMCAST.sys [2008-05-10 113664]

R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 8192]

R3 BCM43XX;Pilote pour carte rйseau Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 534016]

R3 Cam5607;Acer OrbiCam; C:\Windows\System32\Drivers\BisonC07.sys [2005-11-29 792368]

R3 CmBatt;Pilote pour Batterie а mйthode de contrфle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-11-15 14208]

R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]

R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-08 986624]

R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-08 206848]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-09 1647976]

R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-03-27 6144]

R3 NVENETFD;Pilote du contrфleur de rйseau NVIDIA nForce; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-02-06 4456320]

R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 11520]

R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2007-10-30 12848]

R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2007-12-12 123952]

R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2007-10-30 145968]

R3 SYMIDS;SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [2007-10-30 39856]

R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2007-10-30 37936]

R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2007-10-30 27696]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-23 179896]

R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2006-07-06 168448]

R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-08 659968]

R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2007-11-15 11264]

S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456]

S3 BCM43XV;Pilote de la carte rйseau extensible Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 534016]

S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []

S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]

S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]

S3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20071231.002\NAVENG.SYS [2007-11-14 81232]

S3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20071231.002\NAVEX15.SYS [2007-11-14 865904]

S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]

S3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-11-30 279088]

S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]

S3 usbvideo;Pйriphйrique vidйo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]

S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]

S4 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 eDataSecurity Service;eDSService.exe; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-02-06 457512]

R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2006-12-22 24576]

R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-03-22 131072]

R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-01-31 53248]

R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-01-02 24576]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]

R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-20 262247]

R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-01-02 135168]

R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-05 386560]

S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []

S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []

S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe /m C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll []

S3 avp;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2008-11-11 206088]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-28 138168]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

 

-----------------EOF-----------------

 

=========================================

 

Et maintenant voici info.txt

 

===========================================

 

info.txt logfile of random's system information tool 1.05 2009-01-28 17:40:02

 

======Uninstall list======

 

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}

7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"

ACDSee for PENTAX 3.0-->MsiExec.exe /X{D8066430-C5E6-477F-ACED-30377E5D8D87}

Acer Arcade Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall

Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL

Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x40c -removeonly

Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly

Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x40c -removeonly

Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x40c -removeonly

Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x40c -removeonly

Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x40c -removeonly

Acer GridVista-->C:\Windows\UnInst32.exe GridV.UNI

Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x40c -removeonly

Acer OrbiCam -->C:\Program Files\InstallShield Installation Information\{DD1DED37-2486-4F56-8F89-56AA814003F5}\Setup.exe -runfromtemp -l0x040c -removeonly

Acer OrbiCam-->Rundll32.exe BisonR07.dll,WinMainRmv

Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly

Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x40c -removeonly

Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE

Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete

Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}

Dйtecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{EFFCB0F1-CFEC-48D4-B793-EBFCAE852976}

Deutsch Platinum-->C:\Windows\uninst.exe -fd:\DeIsL1.isu -cd:\_ISREG32.DLL

Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}

Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\HXFSETUP.EXE -U -IAcrZUn32z.inf

ICQ Toolbar-->regsvr32 /u /s "C:\PROGRA~1\ICQTOO~1\4324\toolbaru.dll"

ICQ6-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly

Italiano Platinum-->C:\Windows\uninst.exe -f"C:\Program Files\MMT\Italiano\DeIsL1.isu" -c"C:\Program Files\MMT\Italiano\_ISREG32.DLL"

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}

Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}

Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI

LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}

Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL

Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}

Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}

Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}

Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}

NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly

NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7

NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI

OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}

PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall

QIP 2005 Uninstall-->"C:\Program Files\QIP\unqip.exe"

QuickTime 3.0-->C:\Windows\uninst.exe -f"C:\Program Files\QuickTime\DeIsL1.isu" -c"C:\Windows\system32\QTUninst.dll

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly

Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}

Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}

Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}

Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}

Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}

Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}

Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}

Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C6

 

========================================

 

J'ai aussi un hijackthis.log si besoin est...

 

A très bientôt

[Falkra]

Télécharge ceci par clé USB, pareil, on continue.

 

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux.

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

• Assure toi que tous les programmes sont fermés avant de commencer.
  
• Double-clique combofix.exe afin de l'exécuter.
  
• Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  
• Si on te propose de redémarrer parc qu'un rootkit a été trouvé, fais-le.
  
• On va te proposer de télécharger et installer la console de récupération, clique sur "Oui" au message, autorise le téléchargement dans ton firewall si demandé, puis accepte le message de contrat utilisateur final.
  
• Le bureau disparaît, c'est normal, et il va revenir.
  
• Ne ferme pas la fenêtre qui s'ouvre, tu te retrouverais avec un bureau vide.
  
• Lorsque l'analyse sera terminée, un rapport apparaîtra.
  
• Copie-colle ce rapport dans ta prochaine réponse.
  Le rapport se trouve dans : C:\Combofix.txt (si jamais).
  

[michelba]

Merci Falkra, j'ai fait ce que tu as dit, mais j'arrive à un problème délicat :

 

j'en suis au point où la fenêtre "Administrateur" s'est ouverte et indique "Merci de patienter ; ComboFix s'apprête à démarrer".

 

A ce moment, une fenêtre s'est ouverte avec écrit : (je résume)

 

"ComboFix a repéré que les scanneurs Kasperky et Norton Internet Security sont actifs ; prière de les désactiver avant de cliquer sur OK, sinon des résultats imprévisibles, voire nuisibles sont à craindre."

 

J'ai désactivé Kaspersky, MAIS je ne sais absolument pas où se cache Norton dans l'ordinateur : pas d'icône sur le bureau, un dossier Symantec quasiment vide...

 

Je préfère mettre tout ça en veille prolongée en attendant te conseils, de peur de commettre l'irréparable...

[Falkra]

Si Kaspersky est désactivé, combofix démarre et fait le boulot ?

[michelba]

Si Kaspersky est désactivé, combofix démarre et fait le boulot ?

 

J'ai relancé avec Kaspersky désactivé, j'obtiens la fenêtre :

 

"Le scanneur Norton Internet Security est toujours actif mais ComboFix va continuer à s'éxécuter.

Veuillez noter que c'est à vos risques et périls"

 

Est-ce que j'appuie sur OK?

[Falkra]

Appuie sur OK.

[michelba]

Et voila Combofix.txt (désolé pour les lettres cyrilliques, c'est dû à ma configuration)

 

=============================

ComboFix 09-01-21.04 - alexandra 2009-01-29 19:08:28.1 - NTFSx86

Microsoft® Windows Vista™ Йdition Familiale Premium 6.0.6000.0.1252.1.1036.18.766.256 [GMT 1:00]

Lancй depuis: c:\users\alexandra\Desktop\ComboFix.exe

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)

AV: Norton Internet Security *On-access scanning enabled* (Outdated)

FW: Norton Internet Security *enabled*

* Un nouveau point de restauration a йtй crйй

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\Temp\log.txt

 

.

((((((((((((((((((((((((((((( Fichiers crййs du 2008-12-28 au 2009-01-28 ))))))))))))))))))))))))))))))))))))

.

 

2009-01-28 17:39 . 2009-01-28 17:40 <REP> d-------- C:\rsit

2009-01-28 17:39 . 2009-01-28 17:39 <REP> d-------- c:\program files\trend micro

2009-01-28 00:44 . 2008-12-16 04:14 290,304 --a------ c:\windows\System32\drivers\srv.sys

2009-01-07 20:43 . 2008-12-12 02:53 1,383,424 --a------ c:\windows\System32\mshtml.tlb

2009-01-04 03:53 . 2009-01-04 03:54 139,650,807 --a------ c:\windows\MEMORY.DMP

2009-01-04 03:53 . 2009-01-29 09:26 360,480 --ahs---- c:\windows\System32\drivers\fidbox2.dat

2009-01-04 03:53 . 2009-01-29 09:25 2,312 --ahs---- c:\windows\System32\drivers\fidbox2.idx

2009-01-03 21:10 . 2009-01-03 21:10 <REP> d-------- c:\users\All Users\Kaspersky Lab Setup Files

2009-01-03 21:10 . 2009-01-03 21:10 <REP> d-------- c:\programdata\Kaspersky Lab Setup Files

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-29 18:05 13,213 ----a-w c:\users\alexandra\AppData\Roaming\nvModes.dat

2009-01-28 22:37 --------- d-----w c:\programdata\Kaspersky Lab

2009-01-28 16:28 --------- d-----w c:\program files\Windows Mail

2009-01-27 23:49 597,080 --sha-w c:\windows\system32\drivers\fidbox.idx

2009-01-27 23:49 44,443,424 --sha-w c:\windows\system32\drivers\fidbox.dat

2009-01-08 08:50 --------- d-----w c:\users\alexandra\AppData\Roaming\skypePM

2009-01-08 08:50 --------- d-----w c:\users\alexandra\AppData\Roaming\Skype

2009-01-03 20:47 --------- d-----w c:\program files\Kaspersky Lab

2009-01-03 20:42 --------- d-----w c:\program files\Symantec

2009-01-03 20:36 --------- d-----w c:\program files\Common Files\Symantec Shared

2009-01-03 20:35 --------- d-----w c:\programdata\Symantec

2008-12-11 05:17 174 --sha-w c:\program files\desktop.ini

2008-12-10 22:43 --------- d-----w c:\programdata\Microsoft Help

2008-11-01 03:33 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll

2008-11-01 03:33 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2008-11-01 03:33 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll

2008-11-01 03:33 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll

2008-11-01 03:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll

2008-10-31 23:23 2,560 ----a-w c:\windows\AppPatch\AcRes.dll

2008-10-29 06:20 2,923,520 ----a-w c:\windows\explorer.exe

2008-07-29 20:09 56 ---ha-w c:\users\All Users\ezsidmv.dat

2008-07-29 20:09 56 ---ha-w c:\programdata\ezsidmv.dat

2007-10-19 20:31 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2007-10-19 20:31 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2007-10-19 20:31 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les йlйments vides & les йlйments initiaux lйgitimes ne sont pas listйs

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"ICQ"="c:\program files\ICQ6\ICQ.exe" [2008-09-01 173304]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-28 171448]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-06 90191]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-06 81920]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-06 7770112]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-21 659456]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]

"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-01-17 151552]

"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 c:\windows\RtHDVCpl.exe]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-03-27 528384]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=G G G

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.ACDV"= ACDV.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"DefaultOutboundAction"= 0 (0x0)

"DefaultInboundAction"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"TCP Query User{A4DB2792-CB56-45C5-AA0F-F255F3CB8787}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:Messenger

"UDP Query User{BEF06702-6016-4AB7-819E-83930381B1E8}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:Messenger

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"DisabledInterfaces"= {259C8A65-8F12-4FB5-B2F6-7DCE7573A664}

"DefaultOutboundAction"= 0 (0x0)

"DefaultInboundAction"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"DefaultOutboundAction"= 0 (0x0)

"DefaultInboundAction"= 1 (0x1)

 

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 32784]

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20071220.001\IDSvix86.sys [2007-12-22 180272]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-07-09 20496]

R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2007-10-30 37936]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

\shell\AutoRun\command - G:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96e78210-109b-11dd-ab98-0016d35b843a}]

\shell\AutoRun\command - F:\EmDesk.exe

\shell\EmDesk\command - F:\EmDesk.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d900ae78-9286-11dc-9697-0016d35b843a}]

\shell\AutoRun\command - G:\LaunchU3.exe -a

.

Contenu du dossier 'Tвches planifiйes'

 

2009-01-28 c:\windows\Tasks\User_Feed_Synchronization-{CFFA675E-CF03-45CC-8E49-BCF05E1BD668}.job

- c:\windows\system32\msfeedssync.exe [2006-11-02 10:45]

 

2009-01-29 c:\windows\Tasks\Vйrifier les mises а jour de Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKCU-Run-Device Detector - DevDetect.exe

HKLM-Run-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

HKLM-Run-Acer Tour - (no file)

HKLM-Run-eRecoveryService - (no file)

 

 

.

------- Examen supplйmentaire -------

.

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = about:blank

uInternet Settings,ProxyOverride = <local>

FF - ProfilePath - c:\users\alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\h6g9njg1.default\

FF - prefs.js: browser.search.selectedEngine - ICQ Search

FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-29 19:14:36

Windows 6.0.6000 NTFS

 

Recherche de processus cachйs ...

 

Recherche d'йlйments en dйmarrage automatique cachйs ...

 

Recherche de fichiers cachйs ...

 

Scan terminй avec succиs

Fichiers cachйs: 0

 

**************************************************************************

.

--------------------- DLLs chargйes dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(624)

c:\windows\system32\eNetHook.dll

 

- - - - - - - > 'lsass.exe'(592)

c:\windows\system32\eNetHook.dll

.

Heure de fin: 2009-01-29 19:21:30

ComboFix-quarantined-files.txt 2009-01-29 18:18:15

 

Avant-CF: 13 464 461 312 octets libres

Aprиs-CF: 13,270,679,552 octets libres

 

Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4,5,6,7

165 --- E O F --- 2009-01-28 16:28:47

 

======================================

 

Voila, chef, j'attends les ordres!

[Falkra]

Supprime les restes de Norton avec cet outil officiel, qui fera le travail. Il supprime tous les produits Norton/Symantec, ça règlera la question, puisque tu ne pensais pas avoir de restes Norton.

 

Est-ce normal que l'UAC soit désactivée, que les mises à jour le soient aussi, ainsi que le centre de sécurité ? (ça peut être un réglage à toi, je préfère demander d'abord).