nya

bonjour a tous voila je vous présente le rapport combofix j'espère que vous pourrait m'aider merci . ComboFix 10-03-10.08 - thomas 11/03/2010 17:33:47.1.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.1278.500 [GMT 1:00] Lancé depuis: c:\users\thomas\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500 c:\$recycle.bin\S-1-5-21-2458008212-102051958-818682387-1003 c:\$recycle.bin\S-1-5-21-3348434502-100978969-1699846062-500 c:\program files\FBrowserAdvisor c:\program files\FBrowsingAdvisor c:\program files\FBrowsingAdvisor\IXPCOMEvents.xpt c:\program files\FBrowsingAdvisor\Logo.png c:\program files\FBrowsingAdvisor\main.db c:\program files\FBrowsingAdvisor\unins000.dat c:\program files\FBrowsingAdvisor\unins000.exe c:\program files\FBrowsingAdvisor\XPCOMEvents.dll c:\program files\Search Guard PlusU c:\program files\Search Guard PlusU\SGPU.ico c:\program files\Search Guard PlusU\sgpUpdater.exe c:\program files\Search Guard PlusU\sgpUpdater.xml c:\program files\Search Guard PlusU\sgpUpdaters.exe c:\program files\Search Guard PlusU\uninstalSGPU.exe c:\programdata\61537628 c:\programdata\61537628\61537628.exe c:\users\thomas\AppData\Local\ecdaria.dat c:\users\thomas\AppData\Local\ecdaria.exe c:\users\thomas\AppData\Local\ecdaria_nav.dat c:\users\thomas\AppData\Local\ecdaria_navps.dat c:\users\thomas\AppData\Roaming\avdrn.dat c:\users\thomas\AppData\Roaming\inst.exe c:\users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winesm32.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-11 au 2010-03-11 )))))))))))))))))))))))))))))))))))) . 2010-03-11 16:40 . 2010-03-11 16:41 -------- dc----w- c:\users\thomas\AppData\Local\temp 2010-03-11 16:40 . 2010-03-11 16:40 -------- dc----w- c:\users\Mcx1\AppData\Local\temp 2010-03-11 16:40 . 2010-03-11 16:40 -------- dc----w- c:\users\Default\AppData\Local\temp 2010-03-11 13:16 . 2010-03-11 13:16 -------- dc----w- c:\users\thomas\AppData\Roaming\Malwarebytes 2010-03-11 13:16 . 2010-01-07 15:07 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-11 13:16 . 2010-03-11 13:16 -------- dc----w- c:\programdata\Malwarebytes 2010-03-11 13:16 . 2010-03-11 13:16 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-11 13:16 . 2010-01-07 15:07 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys 2010-03-11 11:05 . 2010-02-20 23:39 24064 -c--a-w- c:\windows\system32\nshhttp.dll 2010-03-11 11:05 . 2010-02-20 21:18 411136 -c--a-w- c:\windows\system32\drivers\http.sys 2010-03-11 11:05 . 2010-02-20 23:37 31232 -c--a-w- c:\windows\system32\httpapi.dll 2010-03-08 19:19 . 2009-06-07 15:16 819200 -c--a-w- c:\windows\system32\xvidcore.dll 2010-03-08 19:19 . 2009-06-07 15:24 180224 -c--a-w- c:\windows\system32\xvidvfw.dll 2010-03-08 19:19 . 2010-03-08 19:19 -------- dc----w- c:\program files\Xvid 2010-03-05 19:53 . 2002-11-18 15:02 40960 -c--a-w- c:\windows\system32\MMAVILNG.exe 2010-03-05 16:32 . 2010-03-05 19:46 -------- dc----w- c:\program files\Essentials Codec Pack 2010-03-05 16:31 . 2010-03-05 16:31 56 -csh--r- c:\windows\system32\8B1C1CC318.sys 2010-03-05 16:29 . 2010-03-06 11:51 -------- dc----w- c:\program files\Gabest 2010-03-05 13:46 . 2010-03-05 15:51 -------- dc----w- c:\programdata\DVD Shrink 2010-03-01 00:37 . 2009-01-22 13:28 290816 -c--a-w- c:\windows\system32\decdll.dll 2010-03-01 00:37 . 2010-03-01 00:37 -------- dc----w- c:\program files\Free Video Converter 2010-02-28 22:15 . 2010-02-28 22:15 -------- dc----w- c:\program files\Windows scrabble 2010-02-28 17:03 . 2009-10-26 14:53 102400 -c--a-w- c:\users\thomas\AppData\Roaming\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll 2010-02-28 17:03 . 2010-02-28 20:54 -------- dc----w- c:\users\thomas\AppData\Roaming\Zylom 2010-02-28 17:03 . 2008-09-09 14:15 161976 -c--a-w- c:\users\thomas\AppData\Roaming\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll 2010-02-28 17:03 . 2010-03-01 00:33 -------- dc----w- c:\users\thomas\AppData\Local\Zylom Games 2010-02-26 10:01 . 2010-01-23 09:44 2048 -c--a-w- c:\windows\system32\tzres.dll 2010-02-26 09:59 . 2010-01-25 08:35 523776 -c--a-w- c:\windows\system32\RMActivate_isv.exe 2010-02-26 09:59 . 2010-01-25 08:34 511488 -c--a-w- c:\windows\system32\RMActivate.exe 2010-02-26 09:59 . 2010-01-25 08:34 347136 -c--a-w- c:\windows\system32\RMActivate_ssp.exe 2010-02-26 09:59 . 2010-01-25 12:48 472064 -c--a-w- c:\windows\system32\secproc.dll 2010-02-26 09:59 . 2010-01-25 08:35 346624 -c--a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-02-26 09:59 . 2010-01-25 12:48 472576 -c--a-w- c:\windows\system32\secproc_isv.dll 2010-02-26 09:59 . 2010-01-25 12:48 151040 -c--a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-02-26 09:59 . 2010-01-25 12:48 151040 -c--a-w- c:\windows\system32\secproc_ssp.dll 2010-02-26 09:59 . 2010-01-25 12:45 329216 -c--a-w- c:\windows\system32\msdrm.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-11 16:30 . 2007-06-16 14:26 -------- dc----w- c:\program files\Common Files\Symantec Shared 2010-03-11 16:29 . 2007-06-16 14:26 -------- dc----w- c:\programdata\Symantec 2010-03-11 13:18 . 2007-06-16 23:45 678718 -c--a-w- c:\windows\system32\perfh00C.dat 2010-03-11 13:18 . 2007-06-16 23:45 127798 -c--a-w- c:\windows\system32\perfc00C.dat 2010-03-11 13:13 . 2008-11-15 16:00 -------- dc----w- c:\program files\SPAMfighter 2010-03-11 12:35 . 2010-03-11 12:35 16 -c--a-w- c:\users\thomas\AppData\Roaming\rbuwzv.dat 2010-03-11 11:14 . 2006-11-02 11:18 -------- dc----w- c:\program files\Windows Mail 2010-03-11 11:11 . 2007-09-30 16:33 -------- dc----w- c:\programdata\Microsoft Help 2010-03-05 19:52 . 2007-06-16 14:25 -------- dc----w- c:\program files\Google 2010-03-05 19:52 . 2007-11-25 21:58 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys 2010-03-04 16:11 . 2008-03-10 17:15 -------- dc----w- c:\program files\Windows Live 2010-02-28 01:13 . 2007-09-30 15:59 59912 -c--a-w- c:\users\thomas\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-24 08:16 . 2009-10-03 10:14 181632 -c----w- c:\windows\system32\MpSigStub.exe 2010-01-30 14:28 . 2008-12-24 19:18 -------- dc----w- c:\program files\Mindscape 2010-01-28 19:36 . 2010-01-28 19:36 -------- dc----w- c:\programdata\LGMOBILEAX 2010-01-28 18:21 . 2009-09-13 09:04 -------- dc----w- c:\program files\LG Electronics 2010-01-28 18:18 . 2007-06-16 14:15 -------- dc-h--w- c:\program files\InstallShield Installation Information 2010-01-28 18:12 . 2010-01-28 18:12 24576 -c--a-w- c:\users\thomas\AppData\Roaming\LG Electronics\LG PC Suite III\UpdateHelper.exe 2010-01-27 00:12 . 2010-01-28 19:36 935872 -c--a-w- c:\programdata\LGMOBILEAX\B2C_Client\LGUserCSTool.exe 2010-01-22 05:43 . 2010-01-28 19:36 499712 -c--a-w- c:\programdata\LGMOBILEAX\B2C_Client\LGMUpgradeDL.dll 2010-01-15 04:24 . 2010-01-28 19:36 59328 -c--a-w- c:\programdata\LGMOBILEAX\LGMLauncher.exe 2009-12-28 12:35 . 2010-02-10 07:19 11776 -c--a-w- c:\windows\system32\tsbyuv.dll 2009-12-28 12:35 . 2010-02-10 07:19 1314816 -c--a-w- c:\windows\system32\quartz.dll 2009-12-28 12:32 . 2010-02-10 07:19 22528 -c--a-w- c:\windows\system32\msyuv.dll 2009-12-28 12:32 . 2010-02-10 07:19 31744 -c--a-w- c:\windows\system32\msvidc32.dll 2009-12-28 12:32 . 2010-02-10 07:19 123904 -c--a-w- c:\windows\system32\msvfw32.dll 2009-12-28 12:32 . 2010-02-10 07:19 13312 -c--a-w- c:\windows\system32\msrle32.dll 2009-12-28 12:31 . 2010-02-10 07:19 82944 -c--a-w- c:\windows\system32\mciavi32.dll 2009-12-28 12:31 . 2010-02-10 07:19 50176 -c--a-w- c:\windows\system32\iyuv_32.dll 2009-12-28 12:28 . 2010-02-10 07:19 65024 -c--a-w- c:\windows\system32\avicap32.dll 2009-12-28 12:28 . 2010-02-10 07:19 91136 -c--a-w- c:\windows\system32\avifil32.dll 2009-12-24 11:40 . 2009-12-24 11:40 653560 -c--a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2009-12-18 13:05 . 2010-01-22 05:47 833024 -c--a-w- c:\windows\system32\wininet.dll 2009-12-18 13:01 . 2010-01-22 05:47 78336 -c--a-w- c:\windows\system32\ieencode.dll 2009-12-18 10:14 . 2010-01-22 05:47 26624 -c--a-w- c:\windows\system32\ieUnatt.exe 2007-11-25 22:19 . 2007-11-25 21:58 88 -csha-r- c:\windows\System32\5D8807D36B.sys 2007-06-16 23:54 . 2007-06-16 23:54 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960] c:\users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer1"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2008-01-19 07:33 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-01-30 13352] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-09-21 112688] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - MBAMSWISSARMY *Deregistered* - NAVENG *Deregistered* - NAVEX15 *Deregistered* - SPBBCDrv *Deregistered* - SRTSPX *Deregistered* - SYMDNS *Deregistered* - SymEvent *Deregistered* - SYMFW *Deregistered* - SYMIDS *Deregistered* - SYMNDISV *Deregistered* - SYMREDRV . Contenu du dossier 'Tâches planifiées' 2007-10-02 c:\windows\Tasks\HDReg.job - c:\program files\HDReg\HDRegRem.exe [2003-07-15 07:14] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://home.sweetim.com IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: Backward &Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cac&hed Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Si&milar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html FF - ProfilePath - c:\users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\55zydqk1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p= FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHELINS SUPPRIMES - - - - URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file) WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) HKLM-Run-EoEngine - (no file) HKLM-Run-FBSSA - c:\program files\SGPSA\ie3sh.exe MSConfigStartUp-61537628 - c:\progra~2\61537628\61537628.exe AddRemove-FBrowsingAdvisor_is1 - c:\program files\FBrowsingAdvisor\unins000.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-11 17:41 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run FBSSA = c:\program files\SGPSA\ie3sh.exe?wser Search\IE\SearchAssistant.dll?????????s=DSP&v=19&tid={9F3589E6 Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Heure de fin: 2010-03-11 17:43:45 ComboFix-quarantined-files.txt 2010-03-11 16:43 Avant-CF: 174 529 212 416 octets libres Après-CF: 174 603 243 520 octets libres - - End Of File - - 7EED6BE731752B342106EAF4CD83C884