Infecter par spyware secure

Bonjour,

Télécharge Navilog (de Il-Mafioso)

• Enregistre-le sur ton Bureau.
• Installe-le en double cliquant sur navilog.exe.
• Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.

(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau) [Clic droit -> "Exécuter en tant qu'administrateur". ( Pour Vista)]

• Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.

! N'utilise pas l'option 2, 3 et 4 sans notre accord !

• Patiente jusqu'à l'apparition de ce message :

"*** Analyse Termine le ..... ***"

• Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste le rapport ici.
• Poste le rapport généré.

Le rapport se trouve ici : C:\fixnavi.txt

Si tu as Vista, fais ceci avant :
Désactive l'UAC ( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le )

Re,

• Double clique sur le raccourci de Navilog1.
• Choisis l'option 2 puis valide. (Entrée)
• Laisse toi guider.
• Ton ordinateur va redémarrer, sinon fais le manuellement.
• Ton bureau va disparaître.
• Patiente jusqu'à l'apparition de ce message :

"*** Nettoyage Termine le ..... ***"

• Appuie sur une touche comme demandé, le Bloc-notes va s'ouvrir.
• Sauvegarde le rapport.
• Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
Tapes explorer et valide. Cela te fera apparaitre ton bureau

Démarrer -> panneau de configuration -> options internet
Clique sur l'onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés" :

Montorgueil ; VIP

Si tu les trouves, fais ceci :
* Sélectionne chacun de ces certificats et clique sur exporter. Enregistre le/les sur ton bureau.
* Supprime ensuite ceux présents dans l'onglet "certificats" des options de ton naviguateur.

Ensuite pour chacun des certificats présents sur ton bureau :
* Va sur le site Web :
http://www.bleepingcomputer.com/su [...] channel=35
* Copie/colle ceci dans la case 'Link to Topic' :
le nom du certificat (Montorgueil ,......)
* Copie/colle ceci dans la case 'Browse to the File' :
Le certificat correspondant que tu avais exportés vers ton bureau

Si c'est fait, supprime enfin le certificat présent sur ton bureau.

Les programmes suivants installent cette infection :

* Go-astro
* GoRecord
* HotTVPlayer
* MailSkinner
* Messenger Skinner
* Instant Access
* InternetGameBox
* sudoplanet
* Webmediaplayer : sauf celui provenant du site suivant > http://www.azertysite.new.fr/
* Sur le site www.games-desktop.com (Ne pas aller dessus!)

• Poste le rapport sauvegardé auparavant (C:\cleannavi.txt) ainsi qu'un nouveau rapport Hijackthis.

Re,

Utilise la nouvelle version d'HijackThis.

Télécharge Purity.zip

• Dézippe-le sur le bureau..

Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

• Double clique sur le dossier Purity. Exécute Purity.bat . (L’extension bat peut ne pas apparaître)
• Le Bloc-note va s’ouvrir. Poste le rapport ici.

Le rapport se trouve dans le dossier Purity : >Purity.txt<

Oui, il y a un un tuto dans mon lien .

Re,

Télécharge ComboFix (de sUBs) sur ton Bureau.

• Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
• Double clique sur ComboFix.exe.
• Accepte la licence en cliquant sur Oui.
• Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

Aide : Comment utiliser ComboFix.

Bonsoir,
Vu le temps que ça met, je ferai ce scan demain.
Apparemment ça va déjà mieux, je n'ai pas eu de la journée de problème avec le spyware
Merci beaucoup pour votre aide, je n'avais jamais attendu parler de ce type de "soin"
Bonne soirée

Merci de ne pas empiéter sur les messages des autres !
Merci à un modérateur de supprimer ces précédents messages.

Bonjour tout le monde,
J'ai regardé un peu ce qu'il fallait faire mais apparemment ça va pas étire possible.

J'ai télécharger combofix et enregistrer, ça c'est bon.
Après il faut installer la Console de Récupération Windows et comme je n'ai pas les cd ben je clique sur le lien proposer.

Mais ce lien ne mène qu'à des consoles de récupération Xp et non vista.

En gros je pense qu'il faut obligatoirement le cd windows pour vista, ce que je n'ai pas...

J'ai le même problème que Mr Ourse,peut-on m'aider ?

Oui, rassure-toi, en général, ça se passe bien. Au pire, il y a d'autres moyens ..

Si le pc plante ou autre, tu peux démarrer sur un cd live :
http://www.malekal.com/RecuperationDonnees.php

Orane tu te comportes comme un gosse de 12 ans.
Tu pollues mon topic en plus...

Salut,
Bon j'avais un peu de temps, j'ai donc fait l'analyse combofix et voilà ce qu'il en ressort:


ComboFix 08-06-16.5 - jojo 2008-06-21 15:47:28.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1144 [GMT 2:00]
Endroit: C:\Users\jojo\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\jojo\AppData\Roaming\inst.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-21 to 2008-06-21 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-21 12:23 442,400 --sha-w C:\Windows\system32\drivers\fidbox2.dat
2008-06-21 12:23 3,640 --sha-w C:\Windows\system32\drivers\fidbox2.idx
2008-06-21 11:36 3,164,704 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-06-21 11:34 26,852 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-06-21 07:14 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-06-19 20:54 --------- d-----w C:\Users\jojo\AppData\Roaming\Azureus
2008-06-19 20:26 --------- d-----w C:\Program Files\Burn4Free
2008-06-19 15:22 --------- d-----w C:\Program Files\Navilog1
2008-06-19 10:53 --------- d-----w C:\Program Files\Azureus
2008-06-19 08:20 96,966 ----a-w C:\Windows\system32\drivers\klin.dat
2008-06-19 08:20 88,774 ----a-w C:\Windows\system32\drivers\klick.dat
2008-06-19 08:12 --------- d-----w C:\Program Files\Kaspersky Lab
2008-06-18 16:13 --------- d-----w C:\Users\jojo\AppData\Roaming\OpenOffice.org2
2008-06-15 15:01 --------- d-----w C:\Program Files\Common Files\xing shared
2008-06-15 15:01 --------- d-----w C:\Program Files\Common Files\Real
2008-06-15 15:00 --------- d-----w C:\Program Files\Real
2008-06-13 08:39 --------- d-----w C:\Program Files\Common Files\Steam
2008-06-12 16:08 --------- d-----w C:\Program Files\Valve
2008-06-11 18:17 --------- d-----w C:\ProgramData\Lavasoft
2008-06-11 18:16 --------- d-----w C:\Program Files\Lavasoft
2008-06-11 18:14 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-11 17:27 --------- d-----w C:\Users\jojo\AppData\Roaming\Lavasoft
2008-06-11 10:53 --------- d-----w C:\Program Files\Electronic Arts
2008-06-10 19:20 --------- d-----w C:\ProgramData\Diskeeper Corporation
2008-06-10 19:20 --------- d-----w C:\Program Files\Diskeeper Corporation
2008-06-10 18:48 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-06-10 18:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-24 12:34 --------- d-----w C:\Program Files\Dofus
2008-05-22 12:05 --------- d-----w C:\Users\jojo\AppData\Roaming\CDBurnerXP_Soft
2008-05-22 12:04 --------- d-----w C:\Program Files\CDBurnerXP
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-05-04 13:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-04 13:02 --------- d-----w C:\Program Files\Activision
2008-05-03 15:28 --------- d-----w C:\Program Files\THQ
2008-04-30 11:18 22,328 ----a-w C:\Users\jojo\AppData\Roaming\PnkBstrK.sys
2008-04-29 13:53 --------- d-----w C:\Program Files\Lavalys
2008-04-29 13:50 --------- d-----w C:\Program Files\PC Wizard 2008
2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 16:22 206,088 ----a-w C:\Windows\System32\klogon.dll
2008-04-25 16:21 26,964 ----a-w C:\Windows\system32\drivers\klopp.dat
2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-03-30 15:49 47,360 ----a-w C:\Users\jojo\AppData\Roaming\pcouffin.sys
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
2007-05-27 12:25 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-05-27 12:25 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-05-27 12:25 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
2008-04-25 18:22 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 15:26 1232896]
"????r"="" []
"?????????"="??????????????e" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"ISUSPM Startup"="C:\Program Files\Common\Data\C_\Program Files\Common\Data\C_\Program Files\Common\Data\C_\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 15:30 249856]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"????r"="0000" []
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 04:57 3784704 C:\Windows\RtHDVCpl.exe]
"Acer Empowering Technology Monitor"="C:\Windows\system32\SysMonitor.exe" [2006-11-23 16:24 319488]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22 35328]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-15 17:00 185896]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-13 11:18:50 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERZO~1\ACERZO~2\Kernel\Burner\MKDMP3Enc.ACM
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{755DDF93-2A40-464C-8E19-14D57FDFE54C}"= UDP:C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{9E139F13-729C-48A3-A542-F8D1B9041878}"= TCP:C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{083C222B-2E43-435E-A4FA-69B43D170DBD}"= UDP:C:\Program Files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{CCAC3715-6F13-4B05-AFE8-9CB066D07D09}"= TCP:C:\Program Files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{7A11D0DC-4B4D-4D6B-9395-1FB0BB02F739}"= UDP:C:\Program Files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{CAEDC0A9-FA60-4B8B-8EB7-4679892F69D7}"= TCP:C:\Program Files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{3CF0A38F-BDCA-4850-B9CC-79DA144B0CA6}"= UDP:C:\Program Files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{801EC1BA-4EA4-4830-8FE6-B53B0271F818}"= TCP:C:\Program Files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{25C8D0F9-7579-488A-9363-C9EC507F3255}"= UDP:C:\Program Files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{8C209F36-3196-43EF-AEA2-F7691A219A8D}"= TCP:C:\Program Files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{1FC944B4-9977-4DED-ABE7-DD0F39422355}"= UDP:C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II
"{D79638DF-ECDF-43CE-9688-547B5AFC455C}"= TCP:C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II
"{FD7FC0A5-9A5B-4A5F-B7C5-5B3F1AFAF12A}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{75493FE8-D283-4F65-924B-0D423D5A8E88}C:\\program files\\electronic arts\\la bataille pour la terre du milieu ii\\patchget.dat"= UDP:C:\program files\electronic arts\la bataille pour la terre du milieu ii\patchget.datatchgrabber
"UDP Query User{7BC79122-0EE5-4BC6-B698-1EFB2459DF56}C:\\program files\\electronic arts\\la bataille pour la terre du milieu ii\\patchget.dat"= TCP:C:\program files\electronic arts\la bataille pour la terre du milieu ii\patchget.datatchgrabber
"{0642DF92-CD83-4D11-8118-F36A76206E78}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{161F6A21-C0F2-473C-87DF-D948D534BEB1}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{5CB6F436-7AB1-4503-80E1-FEAC4FE070D5}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{FF4F951E-7ABF-4A22-9A93-425057019A8C}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{14D4746B-520C-4E56-A71D-752D2D15524B}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{98A7E303-AF29-4921-911D-55D264A42C86}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{56E6ED85-E4B7-4060-A7DF-DCC872B048ED}C:\\program files\\steam\\steamapps\\mr_ourse\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\mr_ourse\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{89126744-0543-437C-B974-3BF98BC2C4E0}C:\\program files\\steam\\steamapps\\mr_ourse\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\mr_ourse\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{A693391F-EF01-4D87-81FB-14685C122E7F}C:\\program files\\steam\\steamapps\\mr_ourse\\day of defeat\\hl.exe"= UDP:C:\program files\steam\steamapps\mr_ourse\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{F76AE8F1-012F-4294-93BB-E9F08BAE0A00}C:\\program files\\steam\\steamapps\\mr_ourse\\day of defeat\\hl.exe"= TCP:C:\program files\steam\steamapps\mr_ourse\day of defeat\hl.exe:Half-Life Launcher
"TCP Query User{4CE4CE0C-1D41-43D5-9EFC-468DCE18B2E8}C:\\program files\\steam\\steamapps\\mr_ourse\\deathmatch classic\\hl.exe"= UDP:C:\program files\steam\steamapps\mr_ourse\deathmatch classic\hl.exe:Half-Life Launcher
"UDP Query User{2E700ECC-F64C-4F23-BA1C-1D3749675DF8}C:\\program files\\steam\\steamapps\\mr_ourse\\deathmatch classic\\hl.exe"= TCP:C:\program files\steam\steamapps\mr_ourse\deathmatch classic\hl.exe:Half-Life Launcher
"TCP Query User{7A374FE5-4772-4AE0-8677-18CADAD92E62}C:\\program files\\steam\\steamapps\\mr_ourse\\ricochet\\hl.exe"= UDP:C:\program files\steam\steamapps\mr_ourse\ricochet\hl.exe:Half-Life Launcher
"UDP Query User{FC4B184D-D12D-4883-BB14-52D72FB1B529}C:\\program files\\steam\\steamapps\\mr_ourse\\ricochet\\hl.exe"= TCP:C:\program files\steam\steamapps\mr_ourse\ricochet\hl.exe:Half-Life Launcher
"{D17AB31F-D415-4654-999A-47DF983E1B91}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{C40D160B-34DC-4A1A-8329-81EBC5B5BD51}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{29EBD8E7-9981-4A32-B795-FCA2EC17845E}"= UDP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{1BB9C0A3-EACB-4527-98D3-9BF2D48AECFA}"= TCP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{031B0174-02DA-4B70-B994-190A82E7762D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{348A6F2B-96D9-493F-82F3-580F8BDE30D1}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{FEEAD0C2-7CD1-4721-894A-4FCCE705DABE}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{380D2784-ECC7-4444-BD77-EA979DE81DF6}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{F532D735-15E3-4C2B-9B0A-5EE4C75E7FBF}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{91CE7A8E-0A6D-4A0D-B06D-BC3FF6C6F83D}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{1648E947-CE3E-4A76-91F9-4338844F8BF7}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{F669590F-5D15-4FCE-AFDB-708A122C0EF9}C:\\program files\\valve\\steam\\steamapps\\mr_ourse\\condition zero\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\mr_ourse\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{1D831B19-2FE9-483E-9292-CE877F1435CC}C:\\program files\\valve\\steam\\steamapps\\mr_ourse\\condition zero\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\mr_ourse\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{72413F48-1D80-4672-BCF4-D949B093599E}C:\\program files\\valve\\steam\\steamapps\\mr_ourse\\counter-strike\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\mr_ourse\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{6FDA88B9-FF11-4706-9250-E3B2C836D52B}C:\\program files\\valve\\steam\\steamapps\\mr_ourse\\counter-strike\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\mr_ourse\counter-strike\hl.exe:Half-Life Launcher

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabledecryption

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-08-24 13:32]
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\drivers\klbg.sys [2008-01-29 18:29]
R0 PzWDM;PzWDM;C:\Windows\system32\Drivers\PzWDM.sys [2005-06-29 02:38]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2008-03-26 13:10]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-24 15:46]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\Windows\system32\DRIVERS\sis163u.sys [2006-12-20 12:18]
R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-12 18:17]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-09 03:52]
S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-24 15:46]
S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\Windows\system32\DRIVERS\WlanUIG.sys [2005-06-17 10:27]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44d8a4da-106c-11dc-a438-00032f3389af}]
\shell\AutoRun\command - J:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65ac8c27-1113-11dc-8941-00032f3389af}]
\shell\AutoRun\command - G:\autorun.exe
\shell\directx\command - G:\DirectX9\dxsetup.exe
\shell\setup\command - G:\install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{872e4e4f-088a-11dc-9996-806e6f6e6963}]
\shell\AutoRun\command - E:\Autorun.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-20 21:27:03 C:\Windows\Tasks\User_Feed_Synchronization-{E1BDE520-370D-4181-90AF-3977184B1BBC}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-06-21 13:37:00 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 15:50:23
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-06-21 15:51:39
ComboFix-quarantined-files.txt 2008-06-21 13:51:23

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

212 --- E O F --- 2008-06-20 09:21:57

Salut,
Nouveau rapport de combofix


ComboFix 08-06-16.5 - jojo 2008-06-23 13:05:03.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1115 [GMT 2:00]
Endroit: C:\Users\jojo\Desktop\ComboFix.exe
Command switches used :: C:\Users\jojo\Desktop\CFScript.txt.txt
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-05-23 to 2008-06-23 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 11:02 450,592 --sha-w C:\Windows\system32\drivers\fidbox2.dat
2008-06-23 11:00 3,668 --sha-w C:\Windows\system32\drivers\fidbox2.idx
2008-06-23 10:34 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-06-22 21:18 3,164,704 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-06-22 21:18 26,852 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-06-19 20:54 --------- d-----w C:\Users\jojo\AppData\Roaming\Azureus
2008-06-19 20:26 --------- d-----w C:\Program Files\Burn4Free
2008-06-19 15:22 --------- d-----w C:\Program Files\Navilog1
2008-06-19 10:53 --------- d-----w C:\Program Files\Azureus
2008-06-19 08:20 96,966 ----a-w C:\Windows\system32\drivers\klin.dat
2008-06-19 08:20 88,774 ----a-w C:\Windows\system32\drivers\klick.dat
2008-06-19 08:12 --------- d-----w C:\Program Files\Kaspersky Lab
2008-06-18 16:13 --------- d-----w C:\Users\jojo\AppData\Roaming\OpenOffice.org2
2008-06-15 15:01 --------- d-----w C:\Program Files\Common Files\xing shared
2008-06-15 15:01 --------- d-----w C:\Program Files\Common Files\Real
2008-06-15 15:00 --------- d-----w C:\Program Files\Real
2008-06-13 08:39 --------- d-----w C:\Program Files\Common Files\Steam
2008-06-12 16:08 --------- d-----w C:\Program Files\Valve
2008-06-11 18:17 --------- d-----w C:\ProgramData\Lavasoft
2008-06-11 18:16 --------- d-----w C:\Program Files\Lavasoft
2008-06-11 18:14 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-11 17:27 --------- d-----w C:\Users\jojo\AppData\Roaming\Lavasoft
2008-06-11 10:53 --------- d-----w C:\Program Files\Electronic Arts
2008-06-10 19:20 --------- d-----w C:\ProgramData\Diskeeper Corporation
2008-06-10 19:20 --------- d-----w C:\Program Files\Diskeeper Corporation
2008-06-10 18:48 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-06-10 18:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-24 12:34 --------- d-----w C:\Program Files\Dofus
2008-05-22 12:05 --------- d-----w C:\Users\jojo\AppData\Roaming\CDBurnerXP_Soft
2008-05-22 12:04 --------- d-----w C:\Program Files\CDBurnerXP
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-05-04 13:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-04 13:02 --------- d-----w C:\Program Files\Activision
2008-05-03 15:28 --------- d-----w C:\Program Files\THQ
2008-04-30 11:18 22,328 ----a-w C:\Users\jojo\AppData\Roaming\PnkBstrK.sys
2008-04-29 13:53 --------- d-----w C:\Program Files\Lavalys
2008-04-29 13:50 --------- d-----w C:\Program Files\PC Wizard 2008
2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 16:22 206,088 ----a-w C:\Windows\System32\klogon.dll
2008-04-25 16:21 26,964 ----a-w C:\Windows\system32\drivers\klopp.dat
2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-03-30 15:49 47,360 ----a-w C:\Users\jojo\AppData\Roaming\pcouffin.sys
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
2007-05-27 12:25 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-05-27 12:25 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-05-27 12:25 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-21_15.51.00,09 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-21 07:12:43 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-23 10:32:52 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-06-21 07:12:44 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-23 10:32:54 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-06-21 07:12:44 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-06-23 10:32:54 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-06-21 07:15:02 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-06-23 10:35:10 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-06-23 10:35:10 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-21 07:14:56 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-06-23 10:35:05 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-06-23 10:35:05 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-21 07:12:47 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-22 20:45:46 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-21 07:12:47 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-22 20:45:46 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-21 07:12:47 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-22 20:45:46 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-21 07:18:42 103,726 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-06-23 10:39:47 103,726 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-21 07:18:42 117,366 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-06-23 10:39:47 117,366 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-06-21 07:18:42 609,944 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-06-23 10:39:47 609,944 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-21 07:18:42 690,594 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-06-23 10:39:47 690,594 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-06-21 07:15:40 13,936 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3951257556-1329497356-1706330503-1000_UserData.bin
+ 2008-06-23 10:35:29 13,960 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3951257556-1329497356-1706330503-1000_UserData.bin
- 2008-06-21 07:15:40 136,012 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-23 10:35:29 136,360 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-21 07:15:39 61,902 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-23 10:35:27 61,990 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
2008-04-25 18:22 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 15:26 1232896]
"????r"="" []
"?????????"="??????????????e" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="C:\Windows\system32\SysMonitor.exe" [2006-11-23 16:24 319488]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-13 11:18:50 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERZO~1\ACERZO~2\Kernel\Burner\MKDMP3Enc.ACM
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{755DDF93-2A40-464C-8E19-14D57FDFE54C}"= UDP:C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{9E139F13-729C-48A3-A542-F8D1B9041878}"= TCP:C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{083C222B-2E43-435E-A4FA-69B43D170DBD}"= UDP:C:\Program Files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{CCAC3715-6F13-4B05-AFE8-9CB066D07D09}"= TCP:C:\Program Files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{7A11D0DC-4B4D-4D6B-9395-1FB0BB02F739}"= UDP:C:\Program Files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{CAEDC0A9-FA60-4B8B-8EB7-4679892F69D7}"= TCP:C:\Program Files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{3CF0A38F-BDCA-4850-B9CC-79DA144B0CA6}"= UDP:C:\Program Files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{801EC1BA-4EA4-4830-8FE6-B53B0271F818}"= TCP:C:\Program Files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{25C8D0F9-7579-488A-9363-C9EC507F3255}"= UDP:C:\Program Files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{8C209F36-3196-43EF-AEA2-F7691A219A8D}"= TCP:C:\Program Files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{1FC944B4-9977-4DED-ABE7-DD0F39422355}"= UDP:C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II
"{D79638DF-ECDF-43CE-9688-547B5AFC455C}"= TCP:C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II
"{FD7FC0A5-9A5B-4A5F-B7C5-5B3F1AFAF12A}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{75493FE8-D283-4F65-924B-0D423D5A8E88}C:\\program files\\electronic arts\\la bataille pour la terre du milieu ii\\patchget.dat"= UDP:C:\program files\electronic arts\la bataille pour la terre du milieu ii\patchget.datatchgrabber
"UDP Query User{7BC79122-0EE5-4BC6-B698-1EFB2459DF56}C:\\program files\\electronic arts\\la bataille pour la terre du milieu ii\\patchget.dat"= TCP:C:\program files\electronic arts\la bataille pour la terre du milieu ii\patchget.datatchgrabber
"{0642DF92-CD83-4D11-8118-F36A76206E78}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{161F6A21-C0F2-473C-87DF-D948D534BEB1}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{5CB6F436-7AB1-4503-80E1-FEAC4FE070D5}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{FF4F951E-7ABF-4A22-9A93-425057019A8C}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{14D4746B-520C-4E56-A71D-752D2D15524B}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{98A7E303-AF29-4921-911D-55D264A42C86}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{56E6ED85-E4B7-4060-A7DF-DCC872B048ED}C:\\program files\\steam\\steamapps\\mr_ourse\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\mr_ourse\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{89126744-0543-437C-B974-3BF98BC2C4E0}C:\\program files\\steam\\steamapps\\mr_ourse\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\mr_ourse\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{A693391F-EF01-4D87-81FB-14685C122E7F}C:\\program files\\steam\\steamapps\\mr_ourse\\day of defeat\\hl.exe"= UDP:C:\program files\steam\steamapps\mr_ourse\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{F76AE8F1-012F-4294-93BB-E9F08BAE0A00}C:\\program files\\steam\\steamapps\\mr_ourse\\day of defeat\\hl.exe"= TCP:C:\program files\steam\steamapps\mr_ourse\day of defeat\hl.exe:Half-Life Launcher
"TCP Query User{4CE4CE0C-1D41-43D5-9EFC-468DCE18B2E8}C:\\program files\\steam\\steamapps\\mr_ourse\\deathmatch classic\\hl.exe"= UDP:C:\program files\steam\steamapps\mr_ourse\deathmatch classic\hl.exe:Half-Life Launcher
"UDP Query User{2E700ECC-F64C-4F23-BA1C-1D3749675DF8}C:\\program files\\steam\\steamapps\\mr_ourse\\deathmatch classic\\hl.exe"= TCP:C:\program files\steam\steamapps\mr_ourse\deathmatch classic\hl.exe:Half-Life Launcher
"TCP Query User{7A374FE5-4772-4AE0-8677-18CADAD92E62}C:\\program files\\steam\\steamapps\\mr_ourse\\ricochet\\hl.exe"= UDP:C:\program files\steam\steamapps\mr_ourse\ricochet\hl.exe:Half-Life Launcher
"UDP Query User{FC4B184D-D12D-4883-BB14-52D72FB1B529}C:\\program files\\steam\\steamapps\\mr_ourse\\ricochet\\hl.exe"= TCP:C:\program files\steam\steamapps\mr_ourse\ricochet\hl.exe:Half-Life Launcher
"{D17AB31F-D415-4654-999A-47DF983E1B91}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{C40D160B-34DC-4A1A-8329-81EBC5B5BD51}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{29EBD8E7-9981-4A32-B795-FCA2EC17845E}"= UDP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{1BB9C0A3-EACB-4527-98D3-9BF2D48AECFA}"= TCP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{031B0174-02DA-4B70-B994-190A82E7762D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{348A6F2B-96D9-493F-82F3-580F8BDE30D1}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{FEEAD0C2-7CD1-4721-894A-4FCCE705DABE}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{380D2784-ECC7-4444-BD77-EA979DE81DF6}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{F532D735-15E3-4C2B-9B0A-5EE4C75E7FBF}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{91CE7A8E-0A6D-4A0D-B06D-BC3FF6C6F83D}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{1648E947-CE3E-4A76-91F9-4338844F8BF7}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{F669590F-5D15-4FCE-AFDB-708A122C0EF9}C:\\program files\\valve\\steam\\steamapps\\mr_ourse\\condition zero\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\mr_ourse\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{1D831B19-2FE9-483E-9292-CE877F1435CC}C:\\program files\\valve\\steam\\steamapps\\mr_ourse\\condition zero\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\mr_ourse\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{72413F48-1D80-4672-BCF4-D949B093599E}C:\\program files\\valve\\steam\\steamapps\\mr_ourse\\counter-strike\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\mr_ourse\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{6FDA88B9-FF11-4706-9250-E3B2C836D52B}C:\\program files\\valve\\steam\\steamapps\\mr_ourse\\counter-strike\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\mr_ourse\counter-strike\hl.exe:Half-Life Launcher

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabledecryption

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-08-24 13:32]
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\drivers\klbg.sys [2008-01-29 18:29]
R0 PzWDM;PzWDM;C:\Windows\system32\Drivers\PzWDM.sys [2005-06-29 02:38]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2008-03-26 13:10]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-24 15:46]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\Windows\system32\DRIVERS\sis163u.sys [2006-12-20 12:18]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-09 03:52]
S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-24 15:46]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-12 18:17]
S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\Windows\system32\DRIVERS\WlanUIG.sys [2005-06-17 10:27]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44d8a4da-106c-11dc-a438-00032f3389af}]
\shell\AutoRun\command - J:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65ac8c27-1113-11dc-8941-00032f3389af}]
\shell\AutoRun\command - G:\autorun.exe
\shell\directx\command - G:\DirectX9\dxsetup.exe
\shell\setup\command - G:\install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{872e4e4f-088a-11dc-9996-806e6f6e6963}]
\shell\AutoRun\command - E:\Autorun.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-23 10:38:34 C:\Windows\Tasks\User_Feed_Synchronization-{E1BDE520-370D-4181-90AF-3977184B1BBC}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-06-23 10:38:38 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 13:07:44
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-06-23 13:09:01
ComboFix-quarantined-files.txt 2008-06-23 11:08:36
ComboFix2.txt 2008-06-21 13:51:40

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

242 --- E O F --- 2008-06-20 09:21:57

Re,


Logfile of HijackThis v1.99.1
Scan saved at 14:50:46, on 23/06/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\jojo\Desktop\hijack\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/y [...] .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: klogon - C:\Windows\system32\klogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Ptin y'en as tous les deux jours de nouvelle version mdr
Et voilà


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:48:19, on 23/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/y [...] .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7922 bytes

Salut,
Pourquoi supprimer Adobe reader ?

J'ai fait cmd mais à chaque ligne ca faisait "accès refusé" donc je l'ai lancer en tant qu'administrateur et ça marche

"Désactive-réactive la restauration système."
C'était pas plutôt le contrôleur de compte utilisateur ?

Les mises à jour sont faites dès que ça m'indique qu'ils y'en as des nouvelles, je met juste les MAJ importantes.


Et enfin le rapport de ToolsCleaner2


-->- Recherche:

C:\Combofix: trouvé !
C:\Qoobox: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Navilog1: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\Navilog1: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Navilog1: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: trouvé !
C:\Users\jojo\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis: trouvé !
C:\Users\jojo\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: trouvé !
C:\Users\jojo\Desktop\HijackThis.lnk: trouvé !
C:\Users\jojo\Desktop\ComboFix.exe: trouvé !
C:\Users\jojo\Desktop\hijack\HijackThis.exe: trouvé !
C:\Users\Public\Desktop\Navilog1.lnk: trouvé !

---------------------------------
-->- Suppression:

C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: supprimé !
C:\Users\jojo\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: supprimé !
C:\Users\jojo\Desktop\HijackThis.lnk: supprimé !
C:\Users\jojo\Desktop\ComboFix.exe: supprimé !
C:\Users\jojo\Desktop\hijack\HijackThis.exe: supprimé !
C:\Users\Public\Desktop\Navilog1.lnk: supprimé !
C:\Combofix: supprimé !
C:\Qoobox: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Navilog1: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1: supprimé !
C:\Users\jojo\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis: supprimé !

Mais pourquoi réactiver la restauration système ?
Je l'ai pas désactiver...

Okk, j'avais pas compris comme ca

Merci beaucoup.
@++