

lirio18
Membres-
Compteur de contenus
2 -
Inscription
-
Dernière visite
Autres informations
-
Mes langues
français, anglais
lirio18's Achievements

Junior Member (3/12)
0
Réputation sur la communauté
-
Bonjour, Mon pc est infecté par des malwares. J'ai scanné mon pc avec Malwarebytes' anti-malware et il a trouvé 11 infections dont voici le log : Malwarebytes' Anti-Malware 1.40 Version de la base de données: 2693 Windows 6.0.6002 Service Pack 2 25/08/2009 21:30:45 mbam-log-2009-08-25 (21-29-54).txt Type de recherche: Examen complet (C:\|D:\|F:\|) Eléments examinés: 420266 Temps écoulé: 2 hour(s), 23 minute(s), 34 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 6 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 5 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\TypeLib\{b6acb3f1-6a83-432c-b854-3e1056f87f4e} (Adware.EoRezo) -> No action taken. HKEY_CLASSES_ROOT\Interface\{819db72d-1c28-4387-9778-e2ff3dc86f74} (Adware.EoRezo) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{64f56fc1-1272-44cd-ba6e-39723696e350} (Adware.EoRezo) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64f56fc1-1272-44cd-ba6e-39723696e350} (Adware.EoRezo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64f56fc1-1272-44cd-ba6e-39723696e350} (Adware.EoRezo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> No action taken. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (Adware.EoRezo) -> No action taken. F:\logiciel\Adobe Illustrator CS4\Key\adobe-master-cs4-keygen.exe (Trojan.Downloader) -> No action taken. F:\logiciel\seb\SForge 8\SoundForge8_Retail_KG.exe (Trojan.Downloader) -> No action taken. F:\logiciel\seb\SForge 8\SoundForge8_Trial.exe (Trojan.Downloader) -> No action taken. F:\logiciel\seb\SForge 7\keygenSF 7.exe (Trojan.Downloader) -> No action taken. Quelle démarche me conseillez-vous pour me débarrasser de tout ça sans faire de bêtises? Merci d'avance pour votre aide!
-
Bonjour à tous, J'ai lancé combofix (problemes de lenteur) sur mon pc et j aimerais savoir si ce qu'il a supprimé n'a pas endommagé des fichiers importants du pc. Voici donc le log : ComboFix 09-08-23.01 - hp 25/08/2009 11:10.3.2 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.1022.239 [GMT 2:00] Running from: c:\users\hp\Downloads\ComboFix.exe AV: Antivirus BitDefender *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: Pare-feu BitDefender *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242} SP: BitDefender AntiSpam *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2948777954-3077025822-2221643753-500 c:\program files\Search Settings c:\program files\Search Settings\kb127\SearchSettings.dll c:\program files\Search Settings\kb127\SearchSettingsRes409.dll c:\program files\Search Settings\SearchSettings.exe c:\windows\Fonts\AcadEref.ttf c:\windows\Fonts\AcadEref_0.ttf c:\windows\Fonts\atari-kids.ttf c:\windows\Fonts\refluxed.TTF c:\windows\Installer\196de25.msp c:\windows\pl.exe . ((((((((((((((((((((((((( Files Created from 2009-07-25 to 2009-08-25 ))))))))))))))))))))))))))))))) . 2009-08-25 09:25 . 2009-08-25 09:25 -------- d-----w- c:\users\hp\AppData\Local\temp 2009-08-25 09:25 . 2009-08-25 09:25 -------- d-----w- c:\users\Public\AppData\Local\temp 2009-08-25 09:25 . 2009-08-25 09:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-08-24 15:50 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-08-24 15:50 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-08-24 15:50 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-08-24 15:50 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-08-24 15:50 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-08-24 15:50 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe 2009-08-24 15:50 . 2009-08-17 16:05 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2009-08-24 14:24 . 2009-08-24 15:14 -------- d-----w- c:\users\hp\AppData\Local\temp( 2009-08-23 10:54 . 2009-08-23 10:54 -------- d-----w- c:\programdata\Macrovision 2009-08-23 10:43 . 2009-08-23 10:43 12464 ----a-w- c:\windows\system32\drivers\CDAC15BA.SYS 2009-08-23 10:43 . 2009-08-23 10:43 54784 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE 2009-08-21 09:46 . 1993-07-23 16:31 210944 ----a-w- c:\windows\system32\MSVCRT10.DLL 2009-08-20 23:05 . 2008-05-28 17:33 37176 ----a-w- c:\users\hp\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-08-20 21:51 . 2009-08-20 21:51 -------- d-----w- c:\users\hp\AppData\Roaming\Ambient Design 2009-08-20 21:47 . 2009-08-20 21:47 -------- d-----w- c:\program files\Ambient Design 2009-08-20 21:15 . 2007-02-20 14:04 190696 ----a-w- c:\windows\system32\NPSWF32_FlashUtil.exe 2009-08-20 21:15 . 2007-02-20 14:04 2463976 ----a-w- c:\windows\system32\NPSWF32.dll 2009-08-20 20:23 . 2009-02-24 16:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys 2009-08-20 20:22 . 2009-08-20 20:25 -------- d-----w- c:\program files\MagicDisc 2009-08-20 15:50 . 2009-08-20 15:50 -------- d-----w- c:\program files\ASIO4ALL v2 2009-08-20 15:50 . 2009-08-20 15:50 -------- d-----w- c:\program files\VstPlugins 2009-08-20 15:50 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll 2009-08-20 15:48 . 2009-08-20 15:48 -------- d-----w- c:\program files\Outsim 2009-08-20 15:45 . 2009-08-20 15:50 -------- d-----w- c:\program files\Image-Line 2009-08-20 14:42 . 2009-08-20 14:42 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2009-08-20 14:36 . 2009-08-20 14:36 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2009-08-20 14:34 . 2009-08-20 14:34 -------- d-----w- c:\program files\backburner 2 2009-08-20 11:37 . 2009-08-20 11:37 6656 ----a-w- c:\windows\system32\haspvdd.dll 2009-08-20 11:37 . 2009-08-20 11:37 47616 ----a-w- c:\windows\system32\drivers\Haspnt.sys 2009-08-20 11:37 . 2009-08-20 11:37 383 ----a-w- c:\windows\system32\haspdos.sys 2009-08-20 11:37 . 2001-06-21 19:39 73728 ----a-w- c:\windows\system32\drivers\SENTINEL.SYS 2009-08-20 11:37 . 2001-06-21 19:39 49664 ----a-w- c:\windows\system32\SNTI386.DLL 2009-08-20 11:37 . 2001-06-21 19:39 18432 ----a-w- c:\windows\system32\RNBOVDD.DLL 2009-08-20 11:37 . 2001-06-21 19:39 20032 ----a-r- c:\windows\system32\drivers\SNTNLUSB.SYS 2009-08-20 11:37 . 2009-08-20 11:37 -------- d-----w- c:\windows\system32\RNBOSENT 2009-08-20 11:36 . 1998-07-10 02:31 7328 ----a-w- c:\windows\system32\drivers\ds1410d.sys 2009-08-20 11:36 . 2009-08-20 11:36 -------- d-----w- c:\program files\GLOBEtrotter Software Inc 2009-08-20 11:36 . 2006-11-22 08:01 693760 ----a-w- c:\windows\system32\drivers\hardlock.sys 2009-08-20 11:36 . 1998-07-30 11:51 305152 ----a-w- c:\windows\IsUninst.exe 2009-08-20 11:16 . 2009-08-20 11:19 -------- d-----w- c:\program files\Common Files\Alias Shared 2009-08-20 11:10 . 2009-08-23 09:57 -------- d-----w- C:\FLEXLM 2009-08-20 10:11 . 2007-05-16 14:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll 2009-08-20 09:58 . 2009-08-20 09:58 -------- d-----w- c:\program files\gBurner 2009-08-15 16:54 . 2008-03-30 17:55 1213784 ----a-w- c:\users\hp\AppData\Roaming\HouseCall 6.6\vsapi32.dll 2009-08-15 16:54 . 2006-11-22 15:48 91744 ----a-w- c:\users\hp\AppData\Roaming\HouseCall 6.6\BPMNT.dll 2009-08-15 16:53 . 2007-12-24 15:37 138384 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-08-15 16:53 . 2007-12-24 15:37 138384 ----a-w- c:\users\hp\AppData\Roaming\HouseCall 6.6\tmcomm.sys 2009-08-15 16:53 . 2006-07-07 14:29 1197584 ----a-w- c:\users\hp\AppData\Roaming\HouseCall 6.6\ssapi32.dll 2009-08-15 16:53 . 2009-03-27 15:38 366344 ----a-w- c:\users\hp\AppData\Roaming\HouseCall 6.6\tsc.exe 2009-08-15 16:47 . 2009-08-15 16:47 116048 ----a-w- c:\users\hp\AppData\Roaming\HouseCall 6.6\TmEngDrv.dll 2009-08-15 16:47 . 2009-08-15 16:47 98304 ----a-w- c:\users\hp\AppData\Roaming\HouseCall 6.6\getMac.exe 2009-08-15 16:47 . 2009-08-15 16:47 69632 ----a-w- c:\users\hp\AppData\Roaming\HouseCall 6.6\mfcm80.dll 2009-08-15 16:47 . 2009-08-15 16:47 626688 ----a-w- c:\users\hp\AppData\Roaming\HouseCall 6.6\msvcr80.dll 2009-08-15 16:47 . 2009-08-15 16:47 57344 ----a-w- c:\users\hp\AppData\Roaming\HouseCall 6.6\mfcm80u.dll 2009-08-15 16:47 . 2009-08-15 16:47 548864 ----a-w- c:\users\hp\AppData\Roaming\HouseCall 6.6\msvcp80.dll 2009-08-15 16:47 . 2009-08-15 16:47 479232 ----a-w- c:\users\hp\AppData\Roaming\HouseCall 6.6\msvcm80.dll 2009-08-15 16:47 . 2009-08-15 16:47 1093632 ----a-w- c:\users\hp\AppData\Roaming\HouseCall 6.6\mfc80.dll 2009-08-15 16:47 . 2009-08-15 16:47 1079808 ----a-w- c:\users\hp\AppData\Roaming\HouseCall 6.6\mfc80u.dll 2009-08-15 16:46 . 2009-08-15 16:46 218736 ----a-w- c:\users\hp\AppData\Roaming\HouseCall 6.6\patch.exe 2009-08-15 16:46 . 2009-08-15 16:46 189968 ----a-w- c:\users\hp\AppData\Roaming\HouseCall 6.6\ciussi32.dll 2009-08-15 16:46 . 2009-08-15 16:46 170512 ----a-w- c:\users\hp\AppData\Roaming\HouseCall 6.6\PATCHW32.DLL 2009-08-15 16:46 . 2009-08-15 16:46 1267320 ----a-w- c:\users\hp\AppData\Roaming\HouseCall 6.6\TmUpdate.dll 2009-08-15 16:45 . 2009-08-15 16:45 61440 ----a-w- c:\users\hp\AppData\Roaming\HouseCall 6.6\Toolkit.dll 2009-08-15 16:45 . 2009-08-15 16:45 832776 ----a-w- c:\users\hp\AppData\Roaming\HouseCall 6.6\lea.dll 2009-08-15 16:45 . 2009-08-15 16:45 439560 ----a-w- c:\users\hp\AppData\Roaming\HouseCall 6.6\jlea.dll 2009-08-15 16:45 . 2009-08-15 16:45 42320 ----a-w- c:\users\hp\AppData\Roaming\HouseCall 6.6\dsvout.dll 2009-08-15 16:45 . 2009-08-15 16:45 183356 ----a-w- c:\users\hp\AppData\Roaming\HouseCall 6.6\Uninstaller.exe 2009-08-15 16:45 . 2009-08-17 08:48 -------- d-----w- c:\users\hp\AppData\Roaming\HouseCall 6.6 2009-08-13 18:43 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-08-13 18:43 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll 2009-08-13 18:43 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-07-31 19:33 . 2009-07-31 19:33 -------- d-----w- c:\programdata\TomTom 2009-07-28 19:58 . 2009-07-28 19:58 -------- d-----w- c:\programdata\ALM 2009-07-28 19:34 . 2008-04-17 01:01 7680 ----a-w- c:\programdata\EPSON\EPSON Stylus SX400 Series\Language\040c.E_DUPA3E.DLL . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-25 06:52 . 2008-11-21 17:40 -------- d-----w- c:\users\hp\AppData\Roaming\WTablet 2009-08-25 00:02 . 2009-07-10 11:53 85076 ----a-w- c:\programdata\nvModes.dat 2009-08-24 15:27 . 2009-01-31 13:06 -------- d-----w- c:\program files\Common Files\BitDefender 2009-08-24 15:26 . 2009-01-31 16:17 81984 ----a-w- c:\windows\system32\bdod.bin 2009-08-24 13:39 . 2008-11-22 13:26 -------- d-----w- c:\program files\Sony 2009-08-24 04:42 . 2008-11-17 20:51 -------- d-----w- c:\users\hp\AppData\Roaming\BitTorrent 2009-08-23 10:44 . 2008-11-28 22:20 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2009-08-23 10:42 . 2008-11-21 12:11 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2009-08-23 10:38 . 2008-11-21 12:13 -------- d-----w- c:\programdata\Autodesk 2009-08-23 10:33 . 2008-11-21 12:11 -------- d-----w- c:\program files\Autodesk 2009-08-23 09:51 . 2008-11-26 18:00 -------- d-----w- c:\programdata\Microsoft Help 2009-08-20 20:39 . 2006-11-02 15:48 669566 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-20 20:39 . 2006-11-02 15:48 123556 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-20 16:02 . 2008-11-29 17:57 -------- d-----w- c:\program files\Sony Setup 2009-08-20 15:28 . 2008-12-13 16:17 -------- d-----w- c:\program files\Common Files\AVSMedia 2009-08-20 15:28 . 2008-12-13 16:17 -------- d-----w- c:\program files\AVS4YOU 2009-08-20 15:00 . 2008-11-07 14:46 275920 ----a-w- c:\users\hp\AppData\Local\GDIPFONTCACHEV1.DAT 2009-08-13 18:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-08-02 08:20 . 2009-01-31 16:27 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-29 20:18 . 2008-11-17 20:51 -------- d-----w- c:\users\hp\AppData\Roaming\DNA 2009-07-29 16:17 . 2008-11-17 20:51 -------- d-----w- c:\program files\DNA 2009-07-28 19:54 . 2006-12-18 15:11 -------- d-----w- c:\program files\Common Files\Adobe 2009-07-28 17:54 . 2008-12-23 12:45 -------- d-----w- c:\programdata\FLEXnet 2009-07-28 17:08 . 2009-04-06 19:00 132 ----a-w- C:\httpdwl.dat 2009-07-25 18:22 . 2006-12-18 14:47 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-25 18:10 . 2009-03-16 19:25 -------- d-----w- c:\programdata\eMule 2009-07-21 21:52 . 2009-08-01 21:33 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-21 21:47 . 2009-08-01 21:33 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-07-21 21:47 . 2009-08-01 21:33 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-07-21 20:13 . 2009-08-01 21:33 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-07-18 12:56 . 2009-07-18 12:56 -------- d-----w- c:\program files\Mio Technology 2009-07-16 19:12 . 2009-07-16 19:12 -------- d-----w- c:\program files\TomTom HOME 2 2009-07-16 18:52 . 2009-07-16 18:44 19165248 ----a-w- c:\users\hp\AppData\Roaming\TomTom\HOME\Profiles\wpqf1rpr.default\Updates\v2_6_2_1586_win.exe 2009-07-16 18:43 . 2009-07-16 18:43 -------- d-----w- c:\users\hp\AppData\Roaming\TomTom 2009-07-15 17:53 . 2009-07-15 17:53 -------- d-----w- c:\users\hp\AppData\Roaming\EPSON 2009-07-15 17:18 . 2009-07-09 18:30 -------- d-----w- c:\program files\epson 2009-07-15 12:40 . 2009-08-13 18:44 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-07-15 12:39 . 2009-08-13 18:44 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-15 12:39 . 2009-08-13 18:44 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-07-15 12:39 . 2009-08-13 18:44 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-07-12 10:37 . 2009-07-09 17:41 -------- d-----w- c:\programdata\EPSON 2009-07-10 12:06 . 2008-12-26 18:13 -------- d-----w- c:\programdata\NVIDIA 2009-07-09 18:54 . 2008-11-10 17:42 54228 ----a-w- c:\users\hp\AppData\Roaming\nvModes.dat 2009-07-09 18:29 . 2009-07-09 18:29 -------- d-----w- c:\users\hp\AppData\Roaming\InstallShield 2009-06-15 23:15 . 2009-08-13 18:44 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-15 14:54 . 2009-08-13 18:44 175104 ----a-w- c:\windows\system32\wdigest.dll 2009-06-15 14:53 . 2009-07-15 16:19 156672 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 14:53 . 2009-08-13 18:44 72704 ----a-w- c:\windows\system32\secur32.dll 2009-06-15 14:53 . 2009-08-13 18:44 270848 ----a-w- c:\windows\system32\schannel.dll 2009-06-15 14:53 . 2009-08-13 18:44 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-15 14:52 . 2009-08-13 18:44 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-15 14:52 . 2009-07-15 16:19 23552 ----a-w- c:\windows\system32\lpk.dll 2009-06-15 14:52 . 2009-08-13 18:44 499712 ----a-w- c:\windows\system32\kerberos.dll 2009-06-15 14:52 . 2009-07-15 16:19 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 14:51 . 2009-07-15 16:19 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-06-15 12:48 . 2009-08-13 18:44 9728 ----a-w- c:\windows\system32\lsass.exe 2009-06-15 12:42 . 2009-07-15 16:19 289792 ----a-w- c:\windows\system32\atmfd.dll 2009-06-10 11:42 . 2009-08-13 18:44 160256 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-08 19:21 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256] "Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-11-05 61440] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128] c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-8-20 576000] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):8f,a4,fa,a3,6f,e8,c9,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-338664184-4014282007-519315535-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{E6EAD248-3380-420E-8AC7-31548A61C8DA}"= UDP:c:\program files\HP\QuickPlay\QP.exe:QP "{615648ED-EC8F-43D5-828E-0A5BBF002C89}"= TCP:c:\program files\HP\QuickPlay\QP.exe:QP "{9FBB0E94-271F-497D-9242-6853245229E4}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype "{A68FAB80-2FB4-494F-975C-1CA983F27C67}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype "{F057381B-D1CE-4F1D-A181-833875C46737}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In) "{FF42A23F-2ACE-47B2-81E5-78CA8A2B308B}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In) "{34CB0660-E782-4FAD-973F-90C1794AFAB6}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb "{11F80C90-F283-4A4B-B35D-34B949AB222A}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb "{EADCA2E7-047B-4DE6-8670-43FC68E640F7}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray "{E4B79923-5089-4626-A5A6-01C58610F9CF}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray "{D47D2003-4C0B-4256-81AD-9A67F064C2A2}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR "{5D1B9EB6-2BCC-4D29-AC8A-D7956828FAD7}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR "{73ABB6D8-C49E-4407-92A0-7D8C098960D2}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{7D58D658-B8C3-42C2-9A2F-F4E8FB346662}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{18AEC15C-07CD-4B0B-A6F5-51698E071BFE}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In) "{AB956D54-3CAA-4C3D-A64A-13104A51A4DE}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In) "{CAFA18FC-5F13-40FA-901D-7C71AC6B592D}"= UDP:5353:Adobe CSI CS4 "{63804777-09AF-4AC6-8AA8-FD93C2E5C4BE}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4 "{D84740A2-9BEA-40E2-ABF7-C3490FF824DE}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4 "{3CFFD61D-247D-4CAB-97BE-92F9D1AC191A}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [24/08/2009 17:50 114768] R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [24/08/2009 17:50 20560] R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [24/08/2009 17:50 53328] R2 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [21/11/2008 19:33 1373480] S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808] S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [22/11/2008 19:55 33752] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-25 c:\windows\Tasks\User_Feed_Synchronization-{E64E62FE-0363-4D9F-BB68-EC69F699DE6C}.job - c:\windows\system32\msfeedssync.exe [2009-08-01 20:13] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.fr/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: bitdefender.com FF - ProfilePath - c:\users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\n9f87mcj.default\ FF - prefs.js: browser.startup.homepage - hxxp://google.fr FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . . ------- File Associations ------- . inifile=%SystemRoot%\System32\NOTEPAD.EXE %1" . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-25 11:25 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2009-08-25 11:32 ComboFix-quarantined-files.txt 2009-08-25 09:32 ComboFix2.txt 2009-08-24 14:24 ComboFix3.txt 2009-04-11 11:39 ComboFix4.txt 2009-03-19 23:05 Pre-Run: 51 093 909 504 octets libres Post-Run: 51 463 266 304 octets libres 366 --- E O F --- 2009-08-23 09:51 Voilà , si quelqu'un peut me venir en aide!! merci d'avance Lirio