bonjour a tous voila je vous présente le rapport combofix
j'espère que vous pourrait m'aider merci .
ComboFix 10-03-10.08 - thomas 11/03/2010 17:33:47.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.1278.500 [GMT 1:00]
Lancé depuis: c:\users\thomas\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2458008212-102051958-818682387-1003
c:\$recycle.bin\S-1-5-21-3348434502-100978969-1699846062-500
c:\program files\FBrowserAdvisor
c:\program files\FBrowsingAdvisor
c:\program files\FBrowsingAdvisor\IXPCOMEvents.xpt
c:\program files\FBrowsingAdvisor\Logo.png
c:\program files\FBrowsingAdvisor\main.db
c:\program files\FBrowsingAdvisor\unins000.dat
c:\program files\FBrowsingAdvisor\unins000.exe
c:\program files\FBrowsingAdvisor\XPCOMEvents.dll
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\SGPU.ico
c:\program files\Search Guard PlusU\sgpUpdater.exe
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\program files\Search Guard PlusU\sgpUpdaters.exe
c:\program files\Search Guard PlusU\uninstalSGPU.exe
c:\programdata\61537628
c:\programdata\61537628\61537628.exe
c:\users\thomas\AppData\Local\ecdaria.dat
c:\users\thomas\AppData\Local\ecdaria.exe
c:\users\thomas\AppData\Local\ecdaria_nav.dat
c:\users\thomas\AppData\Local\ecdaria_navps.dat
c:\users\thomas\AppData\Roaming\avdrn.dat
c:\users\thomas\AppData\Roaming\inst.exe
c:\users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winesm32.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-11 au 2010-03-11 ))))))))))))))))))))))))))))))))))))
.
2010-03-11 16:40 . 2010-03-11 16:41 -------- dc----w- c:\users\thomas\AppData\Local\temp
2010-03-11 16:40 . 2010-03-11 16:40 -------- dc----w- c:\users\Mcx1\AppData\Local\temp
2010-03-11 16:40 . 2010-03-11 16:40 -------- dc----w- c:\users\Default\AppData\Local\temp
2010-03-11 13:16 . 2010-03-11 13:16 -------- dc----w- c:\users\thomas\AppData\Roaming\Malwarebytes
2010-03-11 13:16 . 2010-01-07 15:07 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-11 13:16 . 2010-03-11 13:16 -------- dc----w- c:\programdata\Malwarebytes
2010-03-11 13:16 . 2010-03-11 13:16 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-11 13:16 . 2010-01-07 15:07 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-03-11 11:05 . 2010-02-20 23:39 24064 -c--a-w- c:\windows\system32\nshhttp.dll
2010-03-11 11:05 . 2010-02-20 21:18 411136 -c--a-w- c:\windows\system32\drivers\http.sys
2010-03-11 11:05 . 2010-02-20 23:37 31232 -c--a-w- c:\windows\system32\httpapi.dll
2010-03-08 19:19 . 2009-06-07 15:16 819200 -c--a-w- c:\windows\system32\xvidcore.dll
2010-03-08 19:19 . 2009-06-07 15:24 180224 -c--a-w- c:\windows\system32\xvidvfw.dll
2010-03-08 19:19 . 2010-03-08 19:19 -------- dc----w- c:\program files\Xvid
2010-03-05 19:53 . 2002-11-18 15:02 40960 -c--a-w- c:\windows\system32\MMAVILNG.exe
2010-03-05 16:32 . 2010-03-05 19:46 -------- dc----w- c:\program files\Essentials Codec Pack
2010-03-05 16:31 . 2010-03-05 16:31 56 -csh--r- c:\windows\system32\8B1C1CC318.sys
2010-03-05 16:29 . 2010-03-06 11:51 -------- dc----w- c:\program files\Gabest
2010-03-05 13:46 . 2010-03-05 15:51 -------- dc----w- c:\programdata\DVD Shrink
2010-03-01 00:37 . 2009-01-22 13:28 290816 -c--a-w- c:\windows\system32\decdll.dll
2010-03-01 00:37 . 2010-03-01 00:37 -------- dc----w- c:\program files\Free Video Converter
2010-02-28 22:15 . 2010-02-28 22:15 -------- dc----w- c:\program files\Windows scrabble
2010-02-28 17:03 . 2009-10-26 14:53 102400 -c--a-w- c:\users\thomas\AppData\Roaming\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
2010-02-28 17:03 . 2010-02-28 20:54 -------- dc----w- c:\users\thomas\AppData\Roaming\Zylom
2010-02-28 17:03 . 2008-09-09 14:15 161976 -c--a-w- c:\users\thomas\AppData\Roaming\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
2010-02-28 17:03 . 2010-03-01 00:33 -------- dc----w- c:\users\thomas\AppData\Local\Zylom Games
2010-02-26 10:01 . 2010-01-23 09:44 2048 -c--a-w- c:\windows\system32\tzres.dll
2010-02-26 09:59 . 2010-01-25 08:35 523776 -c--a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-26 09:59 . 2010-01-25 08:34 511488 -c--a-w- c:\windows\system32\RMActivate.exe
2010-02-26 09:59 . 2010-01-25 08:34 347136 -c--a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-26 09:59 . 2010-01-25 12:48 472064 -c--a-w- c:\windows\system32\secproc.dll
2010-02-26 09:59 . 2010-01-25 08:35 346624 -c--a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-26 09:59 . 2010-01-25 12:48 472576 -c--a-w- c:\windows\system32\secproc_isv.dll
2010-02-26 09:59 . 2010-01-25 12:48 151040 -c--a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-26 09:59 . 2010-01-25 12:48 151040 -c--a-w- c:\windows\system32\secproc_ssp.dll
2010-02-26 09:59 . 2010-01-25 12:45 329216 -c--a-w- c:\windows\system32\msdrm.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-11 16:30 . 2007-06-16 14:26 -------- dc----w- c:\program files\Common Files\Symantec Shared
2010-03-11 16:29 . 2007-06-16 14:26 -------- dc----w- c:\programdata\Symantec
2010-03-11 13:18 . 2007-06-16 23:45 678718 -c--a-w- c:\windows\system32\perfh00C.dat
2010-03-11 13:18 . 2007-06-16 23:45 127798 -c--a-w- c:\windows\system32\perfc00C.dat
2010-03-11 13:13 . 2008-11-15 16:00 -------- dc----w- c:\program files\SPAMfighter
2010-03-11 12:35 . 2010-03-11 12:35 16 -c--a-w- c:\users\thomas\AppData\Roaming\rbuwzv.dat
2010-03-11 11:14 . 2006-11-02 11:18 -------- dc----w- c:\program files\Windows Mail
2010-03-11 11:11 . 2007-09-30 16:33 -------- dc----w- c:\programdata\Microsoft Help
2010-03-05 19:52 . 2007-06-16 14:25 -------- dc----w- c:\program files\Google
2010-03-05 19:52 . 2007-11-25 21:58 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys
2010-03-04 16:11 . 2008-03-10 17:15 -------- dc----w- c:\program files\Windows Live
2010-02-28 01:13 . 2007-09-30 15:59 59912 -c--a-w- c:\users\thomas\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-03 10:14 181632 -c----w- c:\windows\system32\MpSigStub.exe
2010-01-30 14:28 . 2008-12-24 19:18 -------- dc----w- c:\program files\Mindscape
2010-01-28 19:36 . 2010-01-28 19:36 -------- dc----w- c:\programdata\LGMOBILEAX
2010-01-28 18:21 . 2009-09-13 09:04 -------- dc----w- c:\program files\LG Electronics
2010-01-28 18:18 . 2007-06-16 14:15 -------- dc-h--w- c:\program files\InstallShield Installation Information
2010-01-28 18:12 . 2010-01-28 18:12 24576 -c--a-w- c:\users\thomas\AppData\Roaming\LG Electronics\LG PC Suite III\UpdateHelper.exe
2010-01-27 00:12 . 2010-01-28 19:36 935872 -c--a-w- c:\programdata\LGMOBILEAX\B2C_Client\LGUserCSTool.exe
2010-01-22 05:43 . 2010-01-28 19:36 499712 -c--a-w- c:\programdata\LGMOBILEAX\B2C_Client\LGMUpgradeDL.dll
2010-01-15 04:24 . 2010-01-28 19:36 59328 -c--a-w- c:\programdata\LGMOBILEAX\LGMLauncher.exe
2009-12-28 12:35 . 2010-02-10 07:19 11776 -c--a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 07:19 1314816 -c--a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32 . 2010-02-10 07:19 22528 -c--a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32 . 2010-02-10 07:19 31744 -c--a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32 . 2010-02-10 07:19 123904 -c--a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32 . 2010-02-10 07:19 13312 -c--a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31 . 2010-02-10 07:19 82944 -c--a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31 . 2010-02-10 07:19 50176 -c--a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28 . 2010-02-10 07:19 65024 -c--a-w- c:\windows\system32\avicap32.dll
2009-12-28 12:28 . 2010-02-10 07:19 91136 -c--a-w- c:\windows\system32\avifil32.dll
2009-12-24 11:40 . 2009-12-24 11:40 653560 -c--a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-18 13:05 . 2010-01-22 05:47 833024 -c--a-w- c:\windows\system32\wininet.dll
2009-12-18 13:01 . 2010-01-22 05:47 78336 -c--a-w- c:\windows\system32\ieencode.dll
2009-12-18 10:14 . 2010-01-22 05:47 26624 -c--a-w- c:\windows\system32\ieUnatt.exe
2007-11-25 22:19 . 2007-11-25 21:58 88 -csha-r- c:\windows\System32\5D8807D36B.sys
2007-06-16 23:54 . 2007-06-16 23:54 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]
c:\users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-19 07:33 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-01-30 13352]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-09-21 112688]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - SPBBCDrv
*Deregistered* - SRTSPX
*Deregistered* - SYMDNS
*Deregistered* - SymEvent
*Deregistered* - SYMFW
*Deregistered* - SYMIDS
*Deregistered* - SYMNDISV
*Deregistered* - SYMREDRV
.
Contenu du dossier 'Tâches planifiées'
2007-10-02 c:\windows\Tasks\HDReg.job
- c:\program files\HDReg\HDRegRem.exe [2003-07-15 07:14]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://home.sweetim.com
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward &Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
FF - ProfilePath - c:\users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\55zydqk1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-EoEngine - (no file)
HKLM-Run-FBSSA - c:\program files\SGPSA\ie3sh.exe
MSConfigStartUp-61537628 - c:\progra~2\61537628\61537628.exe
AddRemove-FBrowsingAdvisor_is1 - c:\program files\FBrowsingAdvisor\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-11 17:41
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
FBSSA = c:\program files\SGPSA\ie3sh.exe?wser Search\IE\SearchAssistant.dll?????????s=DSP&v=19&tid={9F3589E6
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2010-03-11 17:43:45
ComboFix-quarantined-files.txt 2010-03-11 16:43
Avant-CF: 174 529 212 416 octets libres
Après-CF: 174 603 243 520 octets libres
- - End Of File - - 7EED6BE731752B342106EAF4CD83C884
