PC très infecté

[zabouille]

Bonsoir,

 

Voici le rapport de Combofix :

 

ComboFix 09-03-03.01 - isa 2009-03-06 21:23:41.6 - NTFSx86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3070.2161 [GMT 1:00]

Lancé depuis: c:\users\isa\Desktop\combofix.exe

Commutateurs utilisés :: c:\users\isa\Desktop\CFScript.txt.txt

* Un nouveau point de restauration a été créé

 

FILE ::

c:\users\isa\AppData\Local\RtHDVCpl.exe

c:\users\isa\Downloads\eMule\Incoming\keygen.exe

.

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-06 au 2009-03-06 ))))))))))))))))))))))))))))))))))))

.

 

2009-03-06 20:32 . 2009-03-06 20:38 <REP> d-------- C:\isa

2009-03-05 19:35 . 2009-03-05 19:35 <REP> d-------- c:\windows\Sun

2009-03-04 21:48 . 2009-03-04 22:48 <REP> d-------- C:\ToolBar SD

2009-03-04 20:46 . 2009-03-04 20:46 <REP> d-------- c:\program files\yes

2009-03-04 20:16 . 2009-03-04 20:18 <REP> d-------- c:\program files\scanhijt

2009-03-04 20:05 . 2009-03-04 20:07 <REP> d-------- c:\program files\karcher

2009-03-02 22:17 . 2009-03-02 22:17 <REP> d-------- c:\users\All Users\WindowsSearch

2009-03-02 22:17 . 2009-03-02 22:17 <REP> d-------- c:\programdata\WindowsSearch

2009-03-01 19:16 . 2009-03-01 19:42 <REP> d-------- c:\users\All Users\avg8

2009-03-01 19:16 . 2009-03-01 19:42 <REP> d-------- c:\programdata\avg8

2009-03-01 17:42 . 2009-03-01 17:42 <REP> d-------- c:\program files\CCleaner

2009-03-01 17:23 . 2009-03-04 23:40 <REP> d--h----- c:\users\isa\AppData\Roaming\drivers

2009-03-01 13:22 . 2009-03-06 21:16 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy

2009-03-01 13:22 . 2009-03-06 21:16 <REP> d-------- c:\programdata\Spybot - Search & Destroy

2009-03-01 13:22 . 2009-03-06 21:17 <REP> d-------- c:\program files\Spybot - Search & Destroy

2009-03-01 12:23 . 2009-03-01 12:23 <REP> d-------- c:\users\isa\AppData\Roaming\FloodLightGames

2009-03-01 12:19 . 2009-03-01 12:19 <REP> d-------- c:\users\isa\AppData\Roaming\eSobi

2009-02-28 18:27 . 2009-02-28 18:27 <REP> d-------- c:\users\isa\AppData\Roaming\Flood Light Games

2009-02-28 18:27 . 2009-02-28 18:27 <REP> d-------- c:\users\All Users\Flood Light Games

2009-02-28 18:27 . 2009-02-28 18:27 <REP> d-------- c:\programdata\Flood Light Games

2009-02-26 21:12 . 2006-11-28 20:46 28,224 --a------ c:\windows\System32\drivers\PCAMp50.sys

2009-02-26 21:12 . 2006-11-28 20:46 27,072 --a------ c:\windows\System32\drivers\PCASp50.sys

2009-02-26 21:11 . 2009-02-26 21:11 <REP> d-------- c:\program files\Securitoo

2009-02-26 21:11 . 2009-02-26 21:39 <REP> d-------- c:\program files\OrangeHSS

2009-02-26 21:11 . 2007-12-11 20:22 65,536 --a------ c:\windows\System32\Autodial2000.dll

2009-02-26 21:07 . 2009-02-26 21:07 <REP> d-------- c:\program files\Common Files\France Telecom

2009-02-16 20:59 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll

2009-02-16 20:59 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll

2009-02-16 20:59 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax

2009-02-16 20:59 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax

2009-02-16 20:59 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax

2009-02-13 20:11 . 2009-02-13 20:11 <REP> d-------- c:\program files\Canal

2009-02-13 20:10 . 2009-02-13 20:10 <REP> d-------- c:\program files\Common Files\Adobe AIR

2009-02-11 22:24 . 2009-02-11 22:24 <REP> d-------- c:\users\isa\AppData\Roaming\Media Player Classic

2009-02-11 22:23 . 2009-02-11 22:23 <REP> d-------- c:\users\All Users\Real

2009-02-11 22:23 . 2009-02-11 22:23 <REP> d-------- c:\program files\K-Lite Codec Pack

2009-02-11 00:42 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb

2009-02-11 00:42 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll

2009-02-07 20:18 . 2008-06-25 20:57 446,464 --a------ c:\windows\System32\nvudisp.exe

2009-02-07 20:18 . 2008-06-25 20:57 8,429 --a------ c:\windows\System32\nvdisp.nvu

2009-02-07 20:17 . 2009-02-07 20:17 <REP> d-------- c:\program files\My Company Name

2009-02-06 23:13 . 2009-02-06 23:13 45 --a------ c:\windows\System32\initdebug.nfo

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-03 16:36 --------- d-----w c:\users\isa\AppData\Roaming\Image Zone Express

2009-03-01 20:29 --------- d-----w c:\program files\7-Zip

2009-03-01 11:41 --------- d-----w c:\program files\Acer GameZone

2009-03-01 11:34 --------- d-----w c:\program files\Common Files\Oberon Media

2009-03-01 11:31 --------- d---a-w c:\programdata\TEMP

2009-03-01 11:22 --------- d--h--w c:\program files\InstallShield Installation Information

2009-03-01 11:22 --------- d-----w c:\program files\eSobi

2009-03-01 11:06 --------- d-----w c:\users\isa\AppData\Roaming\uTorrent

2009-02-28 17:25 --------- d-----w c:\program files\Oberon Media

2009-02-11 21:11 --------- d-----w c:\program files\Java

2009-02-11 02:00 --------- d-----w c:\program files\Windows Mail

2009-02-07 19:24 --------- d-----w c:\programdata\NVIDIA

2009-02-04 17:34 --------- d-----w c:\programdata\BSD

2009-02-04 17:33 --------- d-----w c:\users\isa\AppData\Roaming\BSD Concept

2009-02-04 17:30 --------- d-----w c:\programdata\BSD Concept

2009-02-04 17:29 --------- d-----w c:\program files\BSD Concept

2009-02-04 15:52 --------- d-----w c:\users\isa\AppData\Roaming\Printer Info Cache

2009-02-03 17:51 --------- d-----w c:\program files\Common Files\Adobe

2008-12-08 11:53 57,344 ----a-w c:\windows\System32\ff_vfw.dll

2008-12-07 18:08 795,648 ----a-w c:\windows\System32\xvidcore.dll

2008-12-07 18:08 130,048 ----a-w c:\windows\System32\xvidvfw.dll

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

.

 

((((((((((((((((((((((((((((( SnapShot@2009-03-04_23.44.08,75 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-03-04 22:42:29 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-03-06 20:27:13 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-03-06 20:27:13 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2009-03-04 22:42:29 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-03-06 20:27:12 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-03-06 20:27:12 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2009-03-04 22:38:24 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-03-06 20:19:45 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-03-06 20:19:45 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-03-04 22:38:24 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-03-06 20:19:45 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-03-01 21:09:26 101,052 ----a-w c:\windows\System32\perfc009.dat

+ 2009-03-06 19:27:37 101,052 ----a-w c:\windows\System32\perfc009.dat

- 2009-03-01 21:09:26 123,350 ----a-w c:\windows\System32\perfc00C.dat

+ 2009-03-06 19:27:37 123,350 ----a-w c:\windows\System32\perfc00C.dat

- 2009-03-01 21:09:26 586,980 ----a-w c:\windows\System32\perfh009.dat

+ 2009-03-06 19:27:37 586,980 ----a-w c:\windows\System32\perfh009.dat

- 2009-03-01 21:09:26 669,328 ----a-w c:\windows\System32\perfh00C.dat

+ 2009-03-06 19:27:37 669,328 ----a-w c:\windows\System32\perfh00C.dat

- 2009-03-04 22:26:28 7,130 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-897740455-3590922161-1516729470-1000_UserData.bin

+ 2009-03-06 20:19:32 8,130 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-897740455-3590922161-1516729470-1000_UserData.bin

- 2009-03-04 22:26:28 76,156 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-03-06 20:19:32 76,950 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2009-03-04 22:26:26 56,188 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-03-06 20:19:31 57,014 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-02-13 16:36:59 143,136 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-03-06 19:03:16 181,592 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 23:38 121392 --a------ c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 c:\windows\System32\oobefldr.dll]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-09 326176]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]

"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-12-07 196128]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-25 13535776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-25 92704]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]

"RtHDVCpl"="RtHDVCpl.exe" [2007-10-11 c:\windows\RtHDVCpl.exe]

 

c:\users\isa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-08-09 344064]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-03-21 535336]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"FilterAdministratorToken"= 1 (0x1)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-897740455-3590922161-1516729470-1000]

"EnableNotificationsRef"=dword:00000003

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{9A0FC0E6-C41A-491D-85B2-7B42B0C4D7B6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{9272E7EA-E5B0-4E65-AA03-61B849992A79}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{0590D135-20CF-4616-83A2-B4D64D7A7ADC}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live

"{40F60C6C-DD8E-40B8-AB34-5061C567E010}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine

"{EC714915-D3A6-43D3-B785-23155F4ED9A6}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia

"{8FB6D042-3CF4-407D-A2E9-A1CE05C41456}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect

"{542BA28B-703D-48DB-B83F-94E757E578BF}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service

"{B34DAF09-668F-41FD-94EB-A7A892360F5C}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD

"{A924C65E-76C0-4E34-9E09-9FC3F7E6691A}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician

"{F051E17E-51EF-4830-B367-F6DA497077E5}"= c:\program files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator

"{F158742F-48F9-4833-8369-7CBA8CC22457}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician

"{E8C480A7-0F8F-40E3-951C-B35DCEC99082}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{CBE69F7D-80D0-4A78-88AA-458BB971821C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{3472E74A-6E0F-4073-BC32-5308013B35C5}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule

"UDP Query User{7175209C-DF98-4A73-8BBA-2DD7418FAA57}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

"TCP Query User{12457E32-2269-4F32-8199-418A15C8594B}c:\\emule\\emule.exe"= UDP:c:\emule\emule.exe:eMule

"UDP Query User{7A84D4A4-86CA-400C-AF68-1173647BA356}c:\\emule\\emule.exe"= TCP:c:\emule\emule.exe:eMule

"TCP Query User{0814C510-F5D5-4BBC-BB0B-6DA28EB05CF0}c:\\users\\isa\\appdata\\roaming\\m\\flec006.exe"= UDP:c:\users\isa\appdata\roaming\m\flec006.exe:flec006.exe

"UDP Query User{65EF53D6-8B7C-4B31-AAC6-26517E77BF6D}c:\\users\\isa\\appdata\\roaming\\m\\flec006.exe"= TCP:c:\users\isa\appdata\roaming\m\flec006.exe:flec006.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

 

R1 ATMhelpr;ATMhelpr;c:\windows\System32\drivers\ATMHELPR.SYS [2008-09-20 4064]

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-03-21 269448]

S3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-03-21 30752]

S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [2009-02-26 28224]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contenu du dossier 'Tâches planifiées'

 

2009-03-02 c:\windows\Tasks\WebReg Photosmart C3100 series.job

- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-12-10 20:36]

.

.

------- Examen supplémentaire -------

.

uStart Page = www.orange.fr

mWindow Title =

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-06 21:27:15

Windows 6.0.6001 Service Pack 1 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

 

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'Explorer.exe'(3780)

c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll

c:\users\isa\AppData\Local\Temp\catchme.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\System32\nvvsvc.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\rundll32.exe

c:\acer\Empowering Technology\ePerformance\MemCheck.exe

c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\System32\conime.exe

c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe

c:\acer\Empowering Technology\eSettings\Service\capuserv.exe

c:\windows\System32\WUDFHost.exe

c:\combofix\hidec.exe

c:\windows\System32\rundll32.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\ehome\ehmsas.exe

c:\acer\Empowering Technology\eRecovery\eRAgent.exe

c:\progra~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

c:\windows\System32\wbem\unsecapp.exe

c:\program files\OrangeHSS\Systray\SystrayApp.exe

c:\program files\OrangeHSS\Connectivity\corecom\CoreCom.exe

c:\program files\HP\Digital Imaging\bin\hpqste08.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\System32\taskmgr.exe

c:\combofix\Catchme.tmp

c:\windows\System32\dllhost.exe

.

**************************************************************************

.

Heure de fin: 2009-03-06 21:30:29 - La machine a redémarré [isa]

ComboFix-quarantined-files.txt 2009-03-06 20:29:10

ComboFix2.txt 2009-03-06 20:14:44

ComboFix3.txt 2009-03-06 19:53:27

ComboFix4.txt 2009-03-06 19:46:52

ComboFix5.txt 2009-03-06 20:21:07

 

Avant-CF: 119,070,072,832 octets libres

Après-CF: 118,927,994,880 octets libres

 

250 --- E O F --- 2009-02-26 20:40:05

[pear]

Bonjour,

 

C'est bien.

Encore un petit effort

 

 

Combo, Nettoyage

Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Connecter tous les disques amovibles (disque dur externe, clé USB…).

Dans certaines circonstances , le Mode sans échec peut être nécessaire

Ouvrez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

 

KillAll::

File::

C:\users\isa\appdata\roaming\m\flec006.exe:flec006.exe

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=-

 

* Attention, ce code a été rédigé spécialement pour cet utilisateur, il serait dangereux de le réutiliser dans d'autres cas !

Enregistrez-le en lui donnant le nom CFScript.txt

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

 

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poster son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

Il ne vous servirait à rien de garder les logiciels utilisés pour la désinfection.

Constamment remis à jour , ils seraient obsolètes sous 10 jours.

Pour enlever les programmes utilisés pendant la procédure.

Télécharger ToolsCleaner2 de A.Rothstein

* Enregistrer ToolsCleaner2.exe sur le Bureau.

Sous Vista,Clic-droit > Exécuter en tant que Administrateur

* Double-cliquer dessus, puis cliquer sur Recherche --> Le programme va chercher les utilitaires installés

------> Il se peut que la fenêtre devienne blanche pendant le scan, c'est normal !

L'outil supprimera sans que vous ayez à intervenir.

 

* Copier-coller le contenu du rapport qui apparait dans la fenêtre blanche.

 

Et un rapport Hijackthis, svp

[zabouille]

Bonjour, voici les derniers rapports :

 

 

ComboFix 09-03-03.01 - isa 2009-03-07 12:34:13.7 - NTFSx86 MINIMAL

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3070.2728 [GMT 1:00]

Lancé depuis: c:\users\isa\Desktop\combofix.exe

Commutateurs utilisés :: c:\users\isa\Desktop\CFScript.txt.txt

 

FILE ::

c:\users\isa\appdata\roaming\m\flec006.exe:flec006.exe

.

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-07 au 2009-03-07 ))))))))))))))))))))))))))))))))))))

.

 

2009-03-06 20:32 . 2009-03-06 20:38 <REP> d-------- C:\isa

2009-03-05 19:35 . 2009-03-05 19:35 <REP> d-------- c:\windows\Sun

2009-03-04 21:48 . 2009-03-04 22:48 <REP> d-------- C:\ToolBar SD

2009-03-04 20:46 . 2009-03-04 20:46 <REP> d-------- c:\program files\yes

2009-03-04 20:16 . 2009-03-04 20:18 <REP> d-------- c:\program files\scanhijt

2009-03-04 20:05 . 2009-03-04 20:07 <REP> d-------- c:\program files\karcher

2009-03-02 22:17 . 2009-03-02 22:17 <REP> d-------- c:\users\All Users\WindowsSearch

2009-03-02 22:17 . 2009-03-02 22:17 <REP> d-------- c:\programdata\WindowsSearch

2009-03-01 19:16 . 2009-03-01 19:42 <REP> d-------- c:\users\All Users\avg8

2009-03-01 19:16 . 2009-03-01 19:42 <REP> d-------- c:\programdata\avg8

2009-03-01 17:42 . 2009-03-01 17:42 <REP> d-------- c:\program files\CCleaner

2009-03-01 17:23 . 2009-03-04 23:40 <REP> d--h----- c:\users\isa\AppData\Roaming\drivers

2009-03-01 13:22 . 2009-03-06 21:16 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy

2009-03-01 13:22 . 2009-03-06 21:16 <REP> d-------- c:\programdata\Spybot - Search & Destroy

2009-03-01 13:22 . 2009-03-06 21:17 <REP> d-------- c:\program files\Spybot - Search & Destroy

2009-03-01 12:23 . 2009-03-01 12:23 <REP> d-------- c:\users\isa\AppData\Roaming\FloodLightGames

2009-03-01 12:19 . 2009-03-01 12:19 <REP> d-------- c:\users\isa\AppData\Roaming\eSobi

2009-02-28 18:27 . 2009-02-28 18:27 <REP> d-------- c:\users\isa\AppData\Roaming\Flood Light Games

2009-02-28 18:27 . 2009-02-28 18:27 <REP> d-------- c:\users\All Users\Flood Light Games

2009-02-28 18:27 . 2009-02-28 18:27 <REP> d-------- c:\programdata\Flood Light Games

2009-02-26 21:12 . 2006-11-28 20:46 28,224 --a------ c:\windows\System32\drivers\PCAMp50.sys

2009-02-26 21:12 . 2006-11-28 20:46 27,072 --a------ c:\windows\System32\drivers\PCASp50.sys

2009-02-26 21:11 . 2009-02-26 21:11 <REP> d-------- c:\program files\Securitoo

2009-02-26 21:11 . 2009-02-26 21:39 <REP> d-------- c:\program files\OrangeHSS

2009-02-26 21:11 . 2007-12-11 20:22 65,536 --a------ c:\windows\System32\Autodial2000.dll

2009-02-26 21:07 . 2009-02-26 21:07 <REP> d-------- c:\program files\Common Files\France Telecom

2009-02-16 20:59 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll

2009-02-16 20:59 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll

2009-02-16 20:59 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax

2009-02-16 20:59 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax

2009-02-16 20:59 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax

2009-02-13 20:11 . 2009-02-13 20:11 <REP> d-------- c:\program files\Canal

2009-02-13 20:10 . 2009-02-13 20:10 <REP> d-------- c:\program files\Common Files\Adobe AIR

2009-02-11 22:24 . 2009-02-11 22:24 <REP> d-------- c:\users\isa\AppData\Roaming\Media Player Classic

2009-02-11 22:23 . 2009-02-11 22:23 <REP> d-------- c:\users\All Users\Real

2009-02-11 22:23 . 2009-02-11 22:23 <REP> d-------- c:\program files\K-Lite Codec Pack

2009-02-11 00:42 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb

2009-02-11 00:42 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll

2009-02-07 20:18 . 2008-06-25 20:57 446,464 --a------ c:\windows\System32\nvudisp.exe

2009-02-07 20:18 . 2008-06-25 20:57 8,429 --a------ c:\windows\System32\nvdisp.nvu

2009-02-07 20:17 . 2009-02-07 20:17 <REP> d-------- c:\program files\My Company Name

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-03 16:36 --------- d-----w c:\users\isa\AppData\Roaming\Image Zone Express

2009-03-01 20:29 --------- d-----w c:\program files\7-Zip

2009-03-01 11:41 --------- d-----w c:\program files\Acer GameZone

2009-03-01 11:34 --------- d-----w c:\program files\Common Files\Oberon Media

2009-03-01 11:31 --------- d---a-w c:\programdata\TEMP

2009-03-01 11:22 --------- d--h--w c:\program files\InstallShield Installation Information

2009-03-01 11:22 --------- d-----w c:\program files\eSobi

2009-03-01 11:06 --------- d-----w c:\users\isa\AppData\Roaming\uTorrent

2009-02-28 17:25 --------- d-----w c:\program files\Oberon Media

2009-02-11 21:11 --------- d-----w c:\program files\Java

2009-02-11 02:00 --------- d-----w c:\program files\Windows Mail

2009-02-07 19:24 --------- d-----w c:\programdata\NVIDIA

2009-02-04 17:34 --------- d-----w c:\programdata\BSD

2009-02-04 17:33 --------- d-----w c:\users\isa\AppData\Roaming\BSD Concept

2009-02-04 17:30 --------- d-----w c:\programdata\BSD Concept

2009-02-04 17:29 --------- d-----w c:\program files\BSD Concept

2009-02-04 15:52 --------- d-----w c:\users\isa\AppData\Roaming\Printer Info Cache

2009-02-03 17:51 --------- d-----w c:\program files\Common Files\Adobe

2008-12-08 11:53 57,344 ----a-w c:\windows\System32\ff_vfw.dll

2008-12-07 18:08 795,648 ----a-w c:\windows\System32\xvidcore.dll

2008-12-07 18:08 130,048 ----a-w c:\windows\System32\xvidvfw.dll

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

.

 

((((((((((((((((((((((((((((( SnapShot@2009-03-04_23.44.08,75 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-03-04 22:42:29 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-03-07 11:37:18 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-03-07 11:37:18 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2009-03-04 22:42:29 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-03-07 11:37:18 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-03-07 11:37:18 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2009-03-04 22:38:24 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-03-07 11:27:27 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-03-07 11:27:27 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-03-04 22:38:24 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-03-07 11:27:27 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-03-01 21:09:26 101,052 ----a-w c:\windows\System32\perfc009.dat

+ 2009-03-06 19:27:37 101,052 ----a-w c:\windows\System32\perfc009.dat

- 2009-03-01 21:09:26 123,350 ----a-w c:\windows\System32\perfc00C.dat

+ 2009-03-06 19:27:37 123,350 ----a-w c:\windows\System32\perfc00C.dat

- 2009-03-01 21:09:26 586,980 ----a-w c:\windows\System32\perfh009.dat

+ 2009-03-06 19:27:37 586,980 ----a-w c:\windows\System32\perfh009.dat

- 2009-03-01 21:09:26 669,328 ----a-w c:\windows\System32\perfh00C.dat

+ 2009-03-06 19:27:37 669,328 ----a-w c:\windows\System32\perfh00C.dat

- 2009-03-04 22:26:28 7,130 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-897740455-3590922161-1516729470-1000_UserData.bin

+ 2009-03-06 20:28:45 8,288 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-897740455-3590922161-1516729470-1000_UserData.bin

- 2009-03-04 22:26:28 76,156 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-03-06 20:28:44 76,950 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2009-03-04 22:26:26 56,188 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-03-06 20:28:42 57,046 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-02-13 16:36:59 143,136 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-03-07 11:26:01 185,882 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 23:38 121392 --a------ c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 c:\windows\System32\oobefldr.dll]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-09 326176]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]

"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-12-07 196128]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-25 13535776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-25 92704]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]

"RtHDVCpl"="RtHDVCpl.exe" [2007-10-11 c:\windows\RtHDVCpl.exe]

 

c:\users\isa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-08-09 344064]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-03-21 535336]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"FilterAdministratorToken"= 1 (0x1)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-897740455-3590922161-1516729470-1000]

"EnableNotificationsRef"=dword:00000003

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{9A0FC0E6-C41A-491D-85B2-7B42B0C4D7B6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{9272E7EA-E5B0-4E65-AA03-61B849992A79}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{0590D135-20CF-4616-83A2-B4D64D7A7ADC}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live

"{40F60C6C-DD8E-40B8-AB34-5061C567E010}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine

"{EC714915-D3A6-43D3-B785-23155F4ED9A6}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia

"{8FB6D042-3CF4-407D-A2E9-A1CE05C41456}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect

"{542BA28B-703D-48DB-B83F-94E757E578BF}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service

"{B34DAF09-668F-41FD-94EB-A7A892360F5C}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD

"{A924C65E-76C0-4E34-9E09-9FC3F7E6691A}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician

"{F051E17E-51EF-4830-B367-F6DA497077E5}"= c:\program files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator

"{F158742F-48F9-4833-8369-7CBA8CC22457}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician

"{E8C480A7-0F8F-40E3-951C-B35DCEC99082}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{CBE69F7D-80D0-4A78-88AA-458BB971821C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{3472E74A-6E0F-4073-BC32-5308013B35C5}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule

"UDP Query User{7175209C-DF98-4A73-8BBA-2DD7418FAA57}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

"TCP Query User{12457E32-2269-4F32-8199-418A15C8594B}c:\\emule\\emule.exe"= UDP:c:\emule\emule.exe:eMule

"UDP Query User{7A84D4A4-86CA-400C-AF68-1173647BA356}c:\\emule\\emule.exe"= TCP:c:\emule\emule.exe:eMule

"TCP Query User{0814C510-F5D5-4BBC-BB0B-6DA28EB05CF0}c:\\users\\isa\\appdata\\roaming\\m\\flec006.exe"= UDP:c:\users\isa\appdata\roaming\m\flec006.exe:flec006.exe

"UDP Query User{65EF53D6-8B7C-4B31-AAC6-26517E77BF6D}c:\\users\\isa\\appdata\\roaming\\m\\flec006.exe"= TCP:c:\users\isa\appdata\roaming\m\flec006.exe:flec006.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

 

R1 ATMhelpr;ATMhelpr;c:\windows\System32\drivers\ATMHELPR.SYS [2008-09-20 4064]

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-03-21 269448]

S3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-03-21 30752]

S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [2009-02-26 28224]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contenu du dossier 'Tâches planifiées'

 

2009-03-02 c:\windows\Tasks\WebReg Photosmart C3100 series.job

- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-12-10 20:36]

.

.

------- Examen supplémentaire -------

.

uStart Page = www.orange.fr

mWindow Title =

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-07 12:37:21

Windows 6.0.6001 Service Pack 1 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'Explorer.exe'(5892)

c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\System32\nvvsvc.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\rundll32.exe

c:\acer\Empowering Technology\ePerformance\MemCheck.exe

c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\System32\conime.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\System32\WUDFHost.exe

c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe

c:\acer\Empowering Technology\eSettings\Service\capuserv.exe

c:\windows\System32\rundll32.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\System32\wbem\unsecapp.exe

c:\progra~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

c:\acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe

c:\acer\Empowering Technology\eRecovery\eRAgent.exe

c:\program files\HP\Digital Imaging\bin\hpqste08.exe

c:\program files\OrangeHSS\Systray\SystrayApp.exe

c:\windows\System32\dllhost.exe

.

**************************************************************************

.

Heure de fin: 2009-03-07 12:39:20 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-03-07 11:39:16

ComboFix2.txt 2009-03-06 20:30:30

ComboFix3.txt 2009-03-06 20:14:44

ComboFix4.txt 2009-03-06 19:53:27

ComboFix5.txt 2009-03-07 11:33:57

 

Avant-CF: 117,492,494,336 octets libres

Après-CF: 117,432,889,344 octets libres

 

240 --- E O F --- 2009-02-26 20:40:05

 

 

 

le rapport "toolscleaner" :

 

[ Rapport ToolsCleaner version 2.3.2 (par A.Rothstein & dj QUIOU) ]

 

-->- Recherche:

 

C:\Combofix.txt: trouvé !

C:\fixnavi.txt: trouvé !

C:\cleannavi.txt: trouvé !

C:\TB.txt: trouvé !

C:\Combofix: trouvé !

C:\Qoobox: trouvé !

C:\Toolbar SD: trouvé !

C:\isa\Combofix.txt: trouvé !

C:\Program Files\karcher\HijackThis.exe: trouvé !

C:\Program Files\scanhijt\HijackThis: trouvé !

C:\Program Files\yes\HijackThis.exe: trouvé !

C:\Users\isa\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: trouvé !

C:\Users\isa\Desktop\Navilog1.exe: trouvé !

C:\Users\isa\Desktop\ComboFix.exe: trouvé !

C:\Users\isa\Desktop\ToolBarSD.exe: trouvé !

 

---------------------------------

-->- Suppression:

 

C:\Program Files\karcher\HijackThis.exe: supprimé !

C:\Program Files\yes\HijackThis.exe: supprimé !

C:\Users\isa\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: supprimé !

C:\Users\isa\Desktop\Navilog1.exe: supprimé !

C:\Users\isa\Desktop\ComboFix.exe: ERREUR DE SUPPRESSION !!

C:\Users\isa\Desktop\ToolBarSD.exe: supprimé !

C:\Combofix.txt: supprimé !

C:\fixnavi.txt: supprimé !

C:\cleannavi.txt: supprimé !

C:\TB.txt: supprimé !

C:\isa\Combofix.txt: supprimé !

C:\Combofix: supprimé !

C:\Qoobox: supprimé !

C:\Toolbar SD: supprimé !

C:\Program Files\scanhijt\HijackThis: supprimé !

 

 

et le rapport HJT :

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:52, on 2009-03-07

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\conime.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\mobsync.exe

C:\Acer\Empowering Technology\SysMonitor.exe

C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

C:\Windows\System32\nvraidservice.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\OrangeHSS\systray\systrayapp.exe

C:\Windows\Explorer.exe

C:\Windows\system32\SearchFilterHost.exe

C:\nettoyage\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe

O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_11) -

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

 

--

End of file - 7127 bytes

[pear]

C'est tout bon, sauf que vous n'avez d'installé aucun antivirus ni parefeu.

Vous devrez y remédier de toute urgence.

 

au moins Antivir(excellent)

 

Télécharger Avira AntiVir Personal Edition en Anglais

Télécharger Avira AntiVir Personal Edition en Français

 

NB : le choix d'Antivir comme antivirus à utiliser dans le cadre de cette procédure, a reposé sur les critères suivants :

--- failles de votre antivirus qui a laissé passer des malwares

--- En mode sans échec ,seuls les processus systèmes sont lancés.Il est donc plus facile de supprimer les infections

--- Antivir peut-être installé et désinstallé facilement

--- Antivir est reconnu pour son efficacité en mode sans échec

....AntiVir ne laisse pas entrer Bagle, sauf si l'utilisateur lui force la main pour récupérer un crack

 

Paramètres conseillés

Clic droit sur le parapluie---------------------->Configure-Configurer

Cliquer Expert mode----------------------------->Scan-Recherche:

Cocher: ----------------------------------------------->All files -Tous les Fichiers

Additionnal Settings-Autres réglages:--->tout cocher

Clic sur Scan+ -Recherche+

Action for concerning files -Action en cas de résultat positif:

Cocher-------------------------------------------------->Copie file to quarantine before action-Copier le fichier dans la quarantaine avant l'action:

Primary action-Action principale............>: Repair :Réparer ( au cas ou ce serait un fichier système corrompu)

Secondary action.-Action secondaire...>.: Delete-Supprimer ( s'il y a détection, autant supprimer. une sauvegarde sera dans la quarantaine)

 

et le parefeu Xp .

[zabouille]

J'ai réinstallé ANTIVIR et le pare-feu WINDOWS.

 

Merci +++ pour tous les conseils et le temps que vous avez passé à régler mon problème.

Bon vent à vous.