Besoin d'aide désinfection [Résolu]
Forum Sécurité - Virus : Besoin d'aide désinfection [Résolu]
| Citation : O4 - HKCU\..\Run: [kwyckac] "c:\users\cajoline\appdata\local\kwyckac.exe" kwyckac |
---> Infection Navipromo.
1/
- Démarre Spybot, clique sur Mode, coche Mode avancé.
- A gauche, clique sur Outils, puis sur Résident.
- Décoche la case devant Résident "TeaTimer" :
- Quitte Spybot.
2/
- Désactive l'UAC le temps de la désinfection.
- Télécharge Navilog1 (de IL-MAFIOSO) sur ton Bureau.
- Double-clique sur Navilog1.exe afin de lancer l'installation.
- Si le fix ne lance pas automatiquement après son installation, double-clique sur Navilog1 présent sur le Bureau.
(Sous Vista, clique droit sur le raccourci de Navilog1 et choisis Exécuter en tant qu'administrateur)
- Appuie sur F ou f puis valide par Entrée.
- Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options.
- Choisis l'option 1 et appuie sur la touche Entrée pour valider ton choix.
- Patiente jusqu'au message : *** Analyse terminée le ..... ***
- Le scan fini, le Bloc-notes contenant le rapport sera affiché, poste le contenu de ce rapport dans ta prochaine réponse.
- Si le résultat du scan ne s'affiche pas, tu le trouveras dans C:\fixnavi.txt
N'utilise pas l'option 2, 3 et 4 sans notre accord, des fichiers légitimes peuvent être inclus dans ce scan.
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2047
Windows 6.0.6001 Service Pack 1
27/04/2009 16:42:34
mbam-log-2009-04-27 (16-42-34).txt
Type de recherche: Examen rapide
Eléments examinés: 64036
Temps écoulé: 34 minute(s), 58 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c
windows/downloaded program files/uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\Downloaded Program Files\uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Windows\Downloaded Program Files\uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.
/!\ Déconnecte-toi et ferme toutes applications en cours /!\
- Double-clique sur le raccourci d'Ad-Remover pour le lancer.
(Sous Vista, il faut cliquer droit sur le raccourci d'Ad-Remover et choisir Exécuter en tant qu'administrateur)
- Au menu principal, choisis l'option B.
- Coche A à l'écran de sélection :
- Puis choisis S, le programme va travailler.
- Poste le rapport qui apparaît à la fin (C:\Ad-Report-Clean-(date).log).
/!\ Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide /!\
Ok, bonne nuit 
Je suis repassé sur mon propre pc.. la suite demain, si j'ai le courage
Bonjour,
Voici le log Combofix
ComboFix 09-04-28.02 - cajoline 29/04/2009 8:34.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.1918.1283 [GMT 2:00]
Lancé depuis: c:\users\cajoline\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-28 au 2009-4-29 ))))))))))))))))))))))))))))))))))))
.
2009-04-27 17:01 . 2009-04-28 14:02 -------- d-----w c:\programdata\NOS
2009-04-27 17:01 . 2009-04-28 14:02 -------- d-----w c:\users\All Users\NOS
2009-04-27 17:01 . 2009-04-28 14:01 -------- d-----w c:\program files\NOS
2009-04-27 16:58 . 2009-04-27 16:56 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-27 16:56 . 2009-04-27 16:56 -------- d-----w c:\program files\Java
2009-04-27 15:17 . 2009-04-27 16:43 -------- d-----w c:\program files\Ad-remover
2009-04-27 15:00 . 2009-04-27 15:00 -------- d-sh--w c:\windows\system32\%APPDATA%
2009-04-27 13:58 . 2009-04-27 13:58 -------- d-----w c:\users\cajoline\AppData\Roaming\Malwarebytes
2009-04-27 13:58 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-27 13:58 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-27 13:58 . 2009-04-27 13:58 -------- d-----w c:\programdata\Malwarebytes
2009-04-27 13:58 . 2009-04-27 13:58 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-27 13:58 . 2009-04-27 13:58 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-27 12:36 . 2009-04-28 14:36 -------- d-----w C:\rsit
2009-04-27 10:25 . 2009-04-27 13:23 -------- d-----w c:\program files\Navilog1
2009-04-27 09:43 . 2009-04-28 16:17 -------- d-----w c:\program files\Trend Micro
2009-04-27 07:33 . 2009-04-29 06:17 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-04-27 07:33 . 2009-04-29 06:17 -------- d-----w c:\users\All Users\Spybot - Search & Destroy
2009-04-27 07:33 . 2009-04-29 06:17 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-27 06:52 . 2009-04-27 06:52 -------- d-----w c:\program files\Avira
2009-04-27 06:52 . 2009-04-27 06:52 -------- d-----w c:\programdata\Avira
2009-04-27 06:52 . 2009-04-27 06:52 -------- d-----w c:\users\All Users\Avira
2009-04-27 06:32 . 2009-04-27 06:32 -------- d-----w C:\OEMSettings
2009-04-27 06:31 . 2007-04-23 12:19 227328 ----a-w c:\windows\system32\drivers\wg111v3.sys
2009-04-18 14:16 . 2009-04-18 14:17 -------- d-----w c:\users\cajoline\AppData\Local\Google
2009-04-18 14:16 . 2009-04-18 14:16 -------- d-----w c:\users\cajoline\AppData\Local\Apps
2009-04-18 14:16 . 2009-04-18 14:16 -------- d-----w c:\users\cajoline\AppData\Local\Deployment
2009-04-16 17:07 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-04-16 17:07 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-16 17:07 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll
2009-04-16 17:07 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll
2009-04-09 19:27 . 2009-04-09 19:27 -------- d--h--w c:\windows\msdownld.tmp
2009-04-08 17:38 . 2009-04-08 17:38 -------- d-----w c:\users\cajoline\AppData\Roaming\HiYo
2009-03-30 17:56 . 2006-03-21 15:42 303104 ----a-w c:\windows\system32\lxcrcoin.dll
2009-03-30 17:56 . 2009-03-30 17:59 -------- d-----w c:\users\cajoline\{ff3da70a-bacb-4553-9f9a-d970f80d9871}
2009-03-30 17:41 . 2009-03-30 17:44 -------- d-----w c:\users\cajoline\{f2336e6a-a50f-43ea-9b1f-7ee22e2e6ee7}
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 06:19 . 2008-07-26 08:25 669328 ----a-w c:\windows\system32\perfh00C.dat
2009-04-29 06:19 . 2008-07-26 08:25 123350 ----a-w c:\windows\system32\perfc00C.dat
2009-04-27 10:22 . 2009-02-10 10:48 93 ----a-w c:\users\cajoline\AppData\Local\yyogeks.bat
2009-04-27 10:22 . 2008-10-19 13:54 -------- d-----w c:\program files\lx_cats
2009-04-27 09:29 . 2008-10-18 10:52 680 ----a-w c:\users\cajoline\AppData\Local\d3d9caps.dat
2009-04-27 06:32 . 2008-07-25 22:46 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-27 06:32 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-27 06:32 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-27 06:31 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-20 16:48 . 2009-03-14 15:26 446 ----a-w c:\users\cajoline\AppData\Roaming\wklnhst.dat
2009-04-17 12:22 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-03-31 17:05 . 2009-03-30 17:31 -------- d-----w c:\program files\Lexmark Fax Solutions
2009-03-31 17:05 . 2009-03-30 17:31 -------- d-----w c:\program files\Lexmark 2400 Series
2009-03-30 17:31 . 2008-10-19 13:45 -------- d-----w c:\program files\Lexmark Toolbar
2009-03-17 03:38 . 2009-04-16 17:07 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-08 11:34 . 2009-04-09 19:24 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-04-09 19:24 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-04-09 19:24 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-04-09 19:24 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-04-09 19:24 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-04-09 19:24 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-04-09 19:24 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-04-09 19:24 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-04-09 19:24 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-04-09 19:24 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-04-09 19:24 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-04-09 19:24 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-04-09 19:24 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-04-09 19:24 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-04-09 19:24 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-04-09 19:24 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-04-09 19:24 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-04-09 19:24 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 04:46 . 2009-04-16 17:06 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 17:06 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-16 17:06 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 17:06 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 17:06 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 17:06 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 17:06 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-16 17:06 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 17:06 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 17:06 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-01 10:11 . 2008-07-25 23:06 -------- d-----w c:\program files\EasyBits For Kids
2009-02-15 16:11 . 2008-10-18 10:35 97496 ----a-w c:\users\cajoline\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-15 15:23 . 2008-11-20 18:13 40960 ----a-w C:\HTGD0003.exe
2009-02-10 08:58 . 2008-10-31 18:32 93 ----a-w c:\users\cajoline\AppData\Local\daqwm.bat
2009-02-09 03:10 . 2009-03-11 09:17 2033152 ----a-w c:\windows\system32\win32k.sys
2009-02-06 18:39 . 2009-02-06 18:39 308600 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2008-01-21 02:57 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
2008-10-27 18:16 . 2008-10-27 18:16 22 --sha-w c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"DPService"="c:\program files\HP\DVDPlay\DPService.exe" [2008-03-11 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 286720]
"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 98304]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 290816]
"LXCRCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 65536]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-27 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-07-03 6266880]
c:\users\cajoline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Notification de cadeaux MSN.lnk - c:\users\cajoline\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-3-19 135680]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2006-5-29 1708032]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CD8C370B-FF34-4810-A4C3-538B2BF61207}"= c:\program files\HP\DVDPlay\DVDPlay.exe
VD Play
"{39A1BE29-9CB1-44E3-84A1-DF309ACACF7B}"= c:\program files\HP\DVDPlay\DPService.exeVD Play Resident Program
"{88061566-051B-425A-A4FD-BA4EA27E2286}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{EB86B761-E6A0-429A-8D4D-8C0ED1D9316B}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{04A55403-A25A-4540-913F-1AF8995F2EE1}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{9CA2D00C-F134-48DB-B6AB-282D4178478A}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{80178EE3-8861-4F23-B53B-940B92756EBE}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{D06825D3-007E-4E3C-8B04-6B0C2C8D549B}"= UDP:c:\program files\Avira\AntiVir PersonalEdition Classic\avcenter.exe:Start Avira AntiVir Personal
"{847269C1-CF6F-4D1B-B551-A810AE960B6F}"= TCP:c:\program files\Avira\AntiVir PersonalEdition Classic\avcenter.exe:Start Avira AntiVir Personal
"TCP Query User{783BA072-514C-4254-A530-377F3F097B8E}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{372622E2-B481-4A5E-A2E4-F0E10DEBDA39}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{30C17735-25B0-4741-961A-EC5D220D44F5}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{A23C7987-9476-4BF4-AEF1-C3571CA6B7AF}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{22968DB8-1EAD-4098-AC47-C7C4D5B1A550}"= Disabled:UDP:c:\program files\Magentic\bin\MgImp.exe:Magentic
"{F48D81A5-5385-4609-9878-D5263768FB55}"= Disabled:TCP:c:\program files\Magentic\bin\MgImp.exe:Magentic
"{69932464-F848-4B22-9AD2-C26B7A4A2C34}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{F3EB0336-DD67-4607-A361-4412B0FF89E7}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{D4F0841E-1601-48E2-B5BC-DE4A57D4A949}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{A8F37853-424D-46D2-B5A8-38AD78837A0C}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{56990D70-9C1B-495B-806C-50F5A6E0A5E5}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{3463FA66-25A7-4ABC-9003-59C0D50EA34C}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{26AEBFDE-78C4-49DB-91A0-79933A41EBB2}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{82FA6FBD-534B-411E-BF61-5CE025247B5F}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{21D91058-AFE7-480C-813B-3DEE45D61FFA}"= Disabled:UDP:c:\program files\Magentic\bin\Magentic.exe:Magentic
"{091FDFEE-7399-4EA8-990B-2B55499F4B27}"= Disabled:TCP:c:\program files\Magentic\bin\Magentic.exe:Magentic
"{ACD4E295-6995-41F2-85F7-F1DE145EA090}"= Disabled:UDP:c:\program files\Magentic\bin\MgApp.exe:Magentic
"{72027773-F290-495B-9287-E3A7CCF59CE1}"= Disabled:TCP:c:\program files\Magentic\bin\MgApp.exe:Magentic
"{1B70BDAC-05EC-445B-AE3C-4E8F1D9D6B45}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{C7E8CAE9-4333-4C72-B4AF-B65ED589A336}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{736AF162-6F36-41C3-BC64-9A74AEAF82FF}"= Disabled:UDP:c:\program files\Magentic\bin\Magentic.exe:Magentic
"{E41BF015-280B-4112-818F-1C1671343CF0}"= Disabled:TCP:c:\program files\Magentic\bin\Magentic.exe:Magentic
"{CEEE4FA4-5476-4E7C-8CD2-F0493AC21313}"= Disabled:UDP:c:\program files\Magentic\bin\MgApp.exe:Magentic
"{4C3FD2C1-EFA3-4A19-A0E7-BFE64434F56F}"= Disabled:TCP:c:\program files\Magentic\bin\MgApp.exe:Magentic
"{ABAE7133-7ECF-4414-A954-D25D4AE3304D}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{451338ED-649E-4AD7-875A-8D7CD13276AE}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{AE571D6E-51DC-4F7C-9207-6DD433B2D206}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{82F10958-2536-4F0B-A878-2E08E2477C1E}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{0854D5E2-95E4-4CB5-BA4C-05B92BC3DB1A}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2007-04-23 227328]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
ezSharedSvc
.
Contenu du dossier 'Tâches planifiées'
2009-04-29 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:23]
2009-04-29 c:\windows\Tasks\User_Feed_Synchronization-{3B208E22-1996-4211-AD17-D47418736C3F}.job
- c:\windows\system32\msfeedssync.exe [2009-04-09 11:31]
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 09:13
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
[HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
[HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe"
[HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10a.ocx, 1"
[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10a.ocx, 1"
[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
[HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_USERS\software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
[HKEY_USERS\software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
[HKEY_USERS\software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
[HKEY_USERS\software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
Heure de fin: 2009-04-29 9:21
ComboFix-quarantined-files.txt 2009-04-29 07:17
Avant-CF: 122 254 872 576 octets libres
Après-CF: 123 806 683 136 octets libres
279 --- E O F --- 2009-04-28 16:58
Si je crois, globalement je trouve le pc toujours lent. Pour preuve, rien qu'en tappant ma réponse, les lettres s'affichent avec 20 sec de retard 
Non, je parlais de otcleanit.
Si on se comprends plus, ça commencer à pas être facile
