Virus TR/Hijacker.Gen [résolu]
Dernière réponse : dans Sécurité
Bonjour, je viens juste de choper ce virus qui revient en boucle, et j'arrive pas à en venir à bout. Quelqu'un pourrait-il m'aider svp? Merci d'avance..
Voici mon rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:07:56, on 19/01/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\ehmvp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAoC Portal\Portal.exe
D:\Jeux\DAoC\game.dll
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Pilou\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com.tw
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wibeez.com/meteo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com.tw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duxet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Lexmark - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O20 - AppInit_DLLs: C:\Windows\system32\0023.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - D:\Jeux\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: lxdrCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdrserv.exe
O23 - Service: lxdr_device - - C:\Windows\system32\lxdrcoms.exe
O23 - Service: Micro Star SCM - Micro-Star Int'l Co., Ltd. - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 5531 bytes
Voici mon rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:07:56, on 19/01/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\ehmvp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAoC Portal\Portal.exe
D:\Jeux\DAoC\game.dll
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Pilou\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com.tw
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wibeez.com/meteo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com.tw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duxet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Lexmark - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O20 - AppInit_DLLs: C:\Windows\system32\0023.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - D:\Jeux\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: lxdrCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdrserv.exe
O23 - Service: lxdr_device - - C:\Windows\system32\lxdrcoms.exe
O23 - Service: Micro Star SCM - Micro-Star Int'l Co., Ltd. - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 5531 bytes
Autres pages sur : virus hijacker gen resolu
Lassé par la pub ? Créez un compte
Bonsoir
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Copie (Ctrl+C) le texte ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt
Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
![]()
Combofix se lance, laisse toi guider..
Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Copie (Ctrl+C) le texte ci-dessous :
File::
C:\Windows\system32\0023.DLL
C:\Windows\System32\ehmvp.exe
C:\Windows\system32\0023.DLL
C:\Windows\System32\ehmvp.exe
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt
Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
Ne touche à rien tant que le scan n'est pas terminé.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Merci de t'intéresser à mon problème ! donc en ce qui concerne les faits, mon antivirus (antivir) détecte ce virus toutes les 5 minutes et n'arrive pas à l'éliminer. Il me dit que la source vient du dossier system 32, de différents fichiers nommés 59630, 4562 etc par exemple. Quand j'essaie de les supprimer à la source ils sont bien entendus insaisissables...
Voici le rapport, encore merci :
ComboFix 10-01-19.01 - Pilou 19/01/2010 21:11:03.1.2 - x86
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.3071.1992 [GMT 1:00]
Lancé depuis: c:\users\Pilou\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Pilou\Desktop\CFScript.txt
FILE ::
"c:\windows\system32\0023.DLL"
"c:\windows\System32\ehmvp.exe"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-4260861976-2749448181-3669641562-500
c:\program files\temp
c:\users\Pilou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
c:\windows\System32\ehmvp.exe
c:\windows\system32\SIntf16.dll
c:\windows\system32\WORK.DAT
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-19 au 2010-01-19 ))))))))))))))))))))))))))))))))))))
.
2010-01-19 20:15 . 2010-01-19 20:15 -------- d-----w- c:\users\Pilou\AppData\Local\temp
2010-01-19 20:15 . 2010-01-19 20:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-19 17:03 . 2010-01-19 17:03 -------- d-----w- c:\program files\trend micro
2010-01-19 17:03 . 2010-01-19 17:03 -------- d-----w- C:\rsit
2010-01-19 16:24 . 2010-01-19 16:24 -------- d-----w- c:\users\Pilou\AppData\Roaming\Malwarebytes
2010-01-19 16:24 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-19 16:24 . 2010-01-19 16:24 -------- d-----w- c:\programdata\Malwarebytes
2010-01-19 16:24 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-19 16:24 . 2010-01-19 16:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-19 15:47 . 2010-01-19 15:47 58368 ---h--w- c:\users\Pilou\hrvgm.exe
2010-01-18 06:28 . 2010-01-18 06:28 -------- d-----w- c:\programdata\Electronic Arts
2010-01-18 06:24 . 2010-01-18 06:24 10134 ----a-r- c:\users\Pilou\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-01-18 06:24 . 2010-01-18 06:24 -------- d-----w- c:\program files\Microsoft WSE
2010-01-18 06:14 . 2010-01-18 06:14 -------- d-----w- c:\program files\Electronic Arts
2010-01-16 14:55 . 2010-01-16 14:55 422262 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{DE75F6F5-27AB-7506-A5C1-67E3EFD33352}-aepack.dll
2010-01-16 14:45 . 2010-01-16 14:45 184693 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{0D24626C-2BA3-CE1F-CDC0-586541B24133}-aecore.dll
2010-01-13 15:27 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 15:27 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 17:26 . 2010-01-12 17:26 -------- d-----w- c:\users\Pilou\AppData\Roaming\Icones
2009-12-22 09:57 . 2010-01-19 16:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-22 09:57 . 2009-12-22 09:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-21 11:24 . 2009-12-21 11:24 -------- d-----w- c:\program files\EL maphack1.12b
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 20:15 . 2009-11-30 19:20 -------- d-----w- c:\users\Pilou\AppData\Roaming\Skype
2010-01-19 16:37 . 2009-07-14 08:39 697760 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-19 16:37 . 2009-07-14 08:39 128562 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-19 15:51 . 2009-11-22 08:01 -------- d-----w- c:\users\Pilou\AppData\Roaming\uTorrent
2010-01-19 15:38 . 2009-12-13 13:23 -------- d-----w- c:\users\Pilou\AppData\Roaming\vlc
2010-01-18 06:14 . 2009-03-19 15:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-17 09:55 . 2009-09-25 11:47 -------- d-----w- c:\program files\DAoC Portal
2010-01-14 15:12 . 2009-12-20 11:22 -------- d-----w- c:\program files\Diablo II 2
2010-01-14 10:12 . 2009-10-02 18:26 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-31 18:29 . 2009-10-04 09:55 -------- d-----w- c:\users\Pilou\AppData\Roaming\dvdcss
2009-12-29 08:44 . 2009-09-25 12:30 -------- d-----w- c:\users\Pilou\AppData\Roaming\DAoC Portal
2009-12-20 11:23 . 2009-12-20 07:44 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-12-20 07:37 . 2009-12-20 07:37 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2009-12-20 07:37 . 2009-12-20 07:37 17212 ----a-w- c:\windows\system32\SIntf32.dll
2009-12-19 21:35 . 2009-12-19 21:35 -------- d-----w- c:\program files\eMule
2009-12-17 16:22 . 2009-12-17 16:22 -------- d-----w- c:\programdata\BioWare
2009-12-17 15:34 . 2009-12-17 15:33 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-17 15:33 . 2009-09-25 12:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-17 15:33 . 2009-12-17 15:33 -------- d-----w- c:\programdata\Media Center Programs
2009-12-17 15:33 . 2009-12-17 15:19 -------- d-----w- c:\program files\Common Files\BioWare
2009-12-16 15:16 . 2009-12-16 15:16 -------- d-----w- c:\program files\uTorrent
2009-12-12 15:49 . 2009-11-04 11:50 -------- d-----w- c:\users\Pilou\AppData\Roaming\Tropico 3
2009-12-12 08:40 . 2009-09-25 11:41 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-10 06:53 . 2009-03-19 17:11 -------- d-----w- c:\programdata\Microsoft Help
2009-12-09 13:05 . 2009-12-09 13:05 -------- d-----w- c:\program files\MagicDisc
2009-12-07 12:05 . 2009-09-25 12:27 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-07 11:35 . 2009-09-25 13:12 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-12-06 10:22 . 2009-12-06 10:22 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-12-03 21:10 . 2009-12-03 21:10 114992 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-03 06:13 . 2009-10-11 09:50 -------- d-----w- c:\program files\Java
2009-12-01 07:49 . 2009-11-29 21:24 114992 ----a-w- c:\users\Pilou\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-30 19:20 . 2009-11-30 19:20 -------- d-----r- c:\program files\Skype
2009-11-30 19:20 . 2009-11-30 19:20 -------- d-----w- c:\programdata\Skype
2009-11-29 21:23 . 2009-11-29 21:23 -------- d-sh--we c:\program files\Fichiers communs
2009-11-29 21:23 . 2009-11-29 21:23 -------- d-sh--we c:\programdata\Modèles
2009-11-29 21:23 . 2009-11-29 21:23 -------- d-sh--we c:\programdata\Menu Démarrer
2009-11-29 21:23 . 2009-11-29 21:23 -------- d-sh--we c:\programdata\Favoris
2009-11-29 21:23 . 2009-11-29 21:23 -------- d-sh--we c:\programdata\Bureau
2009-11-29 21:14 . 2009-11-29 21:14 21680 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-29 21:08 . 2009-11-21 10:12 -------- d-----w- c:\users\Pilou\AppData\Roaming\Autodesk
2009-11-29 21:08 . 2009-09-25 10:29 -------- d-----w- c:\users\Pilou\AppData\Roaming\ATI
2009-11-29 21:02 . 2009-10-28 19:12 -------- d-----w- c:\programdata\Ubisoft
2009-11-29 21:02 . 2009-09-25 10:24 -------- d-----w- c:\programdata\Ulead Systems
2009-11-29 21:02 . 2009-03-19 16:02 -------- d-----w- c:\programdata\TOSHIBA
2009-11-29 21:02 . 2009-03-19 15:47 -------- d-----w- c:\programdata\UIB
2009-11-29 21:02 . 2009-03-20 09:36 -------- d-----w- c:\programdata\Norton
2009-11-29 21:02 . 2009-03-20 09:35 -------- d-----w- c:\programdata\NortonInstaller
2009-11-29 21:00 . 2009-07-14 04:52 -------- d-----w- c:\program files\Microsoft Games
2009-11-29 20:59 . 2009-09-25 14:35 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-11-29 20:59 . 2009-03-19 15:15 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-29 20:59 . 2009-09-25 14:37 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-29 20:59 . 2009-03-19 16:09 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-29 20:58 . 2009-10-28 20:18 -------- d-----w- c:\program files\CCleaner
2009-11-29 20:58 . 2009-09-26 16:30 -------- d-----w- c:\program files\AutoWebCam
2009-11-29 20:58 . 2009-09-25 11:41 -------- d-----w- c:\program files\Avira
2009-11-29 20:58 . 2009-03-19 15:11 -------- d-----w- c:\program files\ATI Technologies
2009-11-29 20:58 . 2009-03-19 15:11 -------- d-----w- c:\program files\ATI
2009-11-29 20:54 . 2009-11-29 20:54 0 ----a-w- c:\windows\ativpsrm.bin
2009-11-29 20:54 . 2009-11-29 20:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-11-29 19:42 . 2009-09-26 10:08 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-29 17:21 . 2009-11-21 10:12 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-11-29 17:06 . 2009-11-29 17:06 111 ----a-w- c:\windows\system32\sysinter.drv
2009-11-21 10:22 . 2009-11-21 10:22 36864 ----a-w- c:\users\Pilou\AppData\Roaming\Autodesk\AutoCAD 2010\R18.0\fra\ContextualTabSelectorRules.dll
2009-10-29 07:22 . 2009-12-01 02:00 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-23 11:30 . 2009-10-11 09:52 1 ----a-w- c:\users\Pilou\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2008-04-29 16:55 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2008-04-29 16:55 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-11-12 6687264]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-04-29 16:43 96008 ----a-w- c:\windows\System32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
backup=c:\windows\pss\McAfee Security Scan.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
[HKLM\~\startupfolder\C:^Users^Pilou^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup
backupExtension=.Startup
path=c:\users\Pilou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehmvp]
c:\windows\system32\ehmvp.exe \u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2008-05-21 15:46 131752 ----a-w- c:\program files\Lexmark 4900 Series\ezprint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
2009-08-05 20:48 647520 ----a-w- c:\program files\Windows Live\Family Safety\fsui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-07-21 00:45 182808 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2008-08-27 06:00 79232 ----a-w- c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdrmon.exe]
2008-05-21 15:46 676520 ----a-w- c:\program files\Lexmark 4900 Series\lxdrmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MGSysCtrl]
2008-12-31 17:48 708608 ----a-w- c:\program files\System Control Manager\MGSysCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2008-04-29 16:21 49928 ----a-w- c:\program files\Protector Suite QL\launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 14:01 25626408 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-12-16 15:16 289584 ----a-w- c:\program files\uTorrent\uTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [14/07/2009 00:52 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [18/08/2009 02:36 176128]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [25/09/2009 12:41 108289]
R2 lxdr_device;lxdr_device;c:\windows\system32\lxdrcoms.exe -service --> c:\windows\system32\lxdrcoms.exe -service [?]
R2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [19/03/2009 17:16 159744]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [19/03/2009 16:23 54784]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [25/09/2009 13:27 691696]
S2 lxdrCATSCustConnectService;lxdrCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdrserv.exe [16/05/2008 16:39 98984]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\jeux\Dragon Age\bin_ship\daupdatersvc.service.exe [17/12/2009 16:27 25832]
S3 fssfltr;fssfltr;c:\windows\System32\drivers\fssfltr.sys [10/10/2009 12:14 54632]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [19/03/2009 16:45 380416]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [19/03/2009 16:54 3658752]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.wibeez.com/meteo
mStart Page = hxxp://www.duxet.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Pilou\AppData\Roaming\Mozilla\Firefox\Profiles\7aas1v4p.default\
FF - prefs.js: browser.search.selectedEngine - Wibeez
FF - prefs.js: browser.startup.homepage - hxxp://www.wibeez.com/meteo
FF - prefs.js: keyword.URL - hxxp://www.wibeez.com/meteo?search&q=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
MSConfigStartUp-MSWUpdate - c:\windows\Cursors\lsass.exe
MSConfigStartUp-SMSTray - c:\program files\Samsung\EmoDio\SMSTray.exe
MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe
AddRemove-Tropico3 - c:\program files\Kalypso\Tropico 3\uninst.exe
AddRemove-BIBLIO - c:\program files\BIBLIO\WDUNINST.EXE
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'lsass.exe'(612)
c:\windows\system32\psqlpwd.DLL
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
.
Heure de fin: 2010-01-19 21:18:01
ComboFix-quarantined-files.txt 2010-01-19 20:18
Avant-CF: 5 425 430 528 octets libres
Après-CF: 5 329 719 296 octets libres
- - End Of File - - 33C0575441EA05A8B2BFD382E4DD95E5
Voici le rapport, encore merci :
ComboFix 10-01-19.01 - Pilou 19/01/2010 21:11:03.1.2 - x86
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.3071.1992 [GMT 1:00]
Lancé depuis: c:\users\Pilou\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Pilou\Desktop\CFScript.txt
FILE ::
"c:\windows\system32\0023.DLL"
"c:\windows\System32\ehmvp.exe"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-4260861976-2749448181-3669641562-500
c:\program files\temp
c:\users\Pilou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
c:\windows\System32\ehmvp.exe
c:\windows\system32\SIntf16.dll
c:\windows\system32\WORK.DAT
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-19 au 2010-01-19 ))))))))))))))))))))))))))))))))))))
.
2010-01-19 20:15 . 2010-01-19 20:15 -------- d-----w- c:\users\Pilou\AppData\Local\temp
2010-01-19 20:15 . 2010-01-19 20:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-19 17:03 . 2010-01-19 17:03 -------- d-----w- c:\program files\trend micro
2010-01-19 17:03 . 2010-01-19 17:03 -------- d-----w- C:\rsit
2010-01-19 16:24 . 2010-01-19 16:24 -------- d-----w- c:\users\Pilou\AppData\Roaming\Malwarebytes
2010-01-19 16:24 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-19 16:24 . 2010-01-19 16:24 -------- d-----w- c:\programdata\Malwarebytes
2010-01-19 16:24 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-19 16:24 . 2010-01-19 16:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-19 15:47 . 2010-01-19 15:47 58368 ---h--w- c:\users\Pilou\hrvgm.exe
2010-01-18 06:28 . 2010-01-18 06:28 -------- d-----w- c:\programdata\Electronic Arts
2010-01-18 06:24 . 2010-01-18 06:24 10134 ----a-r- c:\users\Pilou\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-01-18 06:24 . 2010-01-18 06:24 -------- d-----w- c:\program files\Microsoft WSE
2010-01-18 06:14 . 2010-01-18 06:14 -------- d-----w- c:\program files\Electronic Arts
2010-01-16 14:55 . 2010-01-16 14:55 422262 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{DE75F6F5-27AB-7506-A5C1-67E3EFD33352}-aepack.dll
2010-01-16 14:45 . 2010-01-16 14:45 184693 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{0D24626C-2BA3-CE1F-CDC0-586541B24133}-aecore.dll
2010-01-13 15:27 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 15:27 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 17:26 . 2010-01-12 17:26 -------- d-----w- c:\users\Pilou\AppData\Roaming\Icones
2009-12-22 09:57 . 2010-01-19 16:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-22 09:57 . 2009-12-22 09:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-21 11:24 . 2009-12-21 11:24 -------- d-----w- c:\program files\EL maphack1.12b
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 20:15 . 2009-11-30 19:20 -------- d-----w- c:\users\Pilou\AppData\Roaming\Skype
2010-01-19 16:37 . 2009-07-14 08:39 697760 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-19 16:37 . 2009-07-14 08:39 128562 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-19 15:51 . 2009-11-22 08:01 -------- d-----w- c:\users\Pilou\AppData\Roaming\uTorrent
2010-01-19 15:38 . 2009-12-13 13:23 -------- d-----w- c:\users\Pilou\AppData\Roaming\vlc
2010-01-18 06:14 . 2009-03-19 15:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-17 09:55 . 2009-09-25 11:47 -------- d-----w- c:\program files\DAoC Portal
2010-01-14 15:12 . 2009-12-20 11:22 -------- d-----w- c:\program files\Diablo II 2
2010-01-14 10:12 . 2009-10-02 18:26 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-31 18:29 . 2009-10-04 09:55 -------- d-----w- c:\users\Pilou\AppData\Roaming\dvdcss
2009-12-29 08:44 . 2009-09-25 12:30 -------- d-----w- c:\users\Pilou\AppData\Roaming\DAoC Portal
2009-12-20 11:23 . 2009-12-20 07:44 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-12-20 07:37 . 2009-12-20 07:37 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2009-12-20 07:37 . 2009-12-20 07:37 17212 ----a-w- c:\windows\system32\SIntf32.dll
2009-12-19 21:35 . 2009-12-19 21:35 -------- d-----w- c:\program files\eMule
2009-12-17 16:22 . 2009-12-17 16:22 -------- d-----w- c:\programdata\BioWare
2009-12-17 15:34 . 2009-12-17 15:33 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-17 15:33 . 2009-09-25 12:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-17 15:33 . 2009-12-17 15:33 -------- d-----w- c:\programdata\Media Center Programs
2009-12-17 15:33 . 2009-12-17 15:19 -------- d-----w- c:\program files\Common Files\BioWare
2009-12-16 15:16 . 2009-12-16 15:16 -------- d-----w- c:\program files\uTorrent
2009-12-12 15:49 . 2009-11-04 11:50 -------- d-----w- c:\users\Pilou\AppData\Roaming\Tropico 3
2009-12-12 08:40 . 2009-09-25 11:41 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-10 06:53 . 2009-03-19 17:11 -------- d-----w- c:\programdata\Microsoft Help
2009-12-09 13:05 . 2009-12-09 13:05 -------- d-----w- c:\program files\MagicDisc
2009-12-07 12:05 . 2009-09-25 12:27 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-07 11:35 . 2009-09-25 13:12 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-12-06 10:22 . 2009-12-06 10:22 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-12-03 21:10 . 2009-12-03 21:10 114992 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-03 06:13 . 2009-10-11 09:50 -------- d-----w- c:\program files\Java
2009-12-01 07:49 . 2009-11-29 21:24 114992 ----a-w- c:\users\Pilou\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-30 19:20 . 2009-11-30 19:20 -------- d-----r- c:\program files\Skype
2009-11-30 19:20 . 2009-11-30 19:20 -------- d-----w- c:\programdata\Skype
2009-11-29 21:23 . 2009-11-29 21:23 -------- d-sh--we c:\program files\Fichiers communs
2009-11-29 21:23 . 2009-11-29 21:23 -------- d-sh--we c:\programdata\Modèles
2009-11-29 21:23 . 2009-11-29 21:23 -------- d-sh--we c:\programdata\Menu Démarrer
2009-11-29 21:23 . 2009-11-29 21:23 -------- d-sh--we c:\programdata\Favoris
2009-11-29 21:23 . 2009-11-29 21:23 -------- d-sh--we c:\programdata\Bureau
2009-11-29 21:14 . 2009-11-29 21:14 21680 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-29 21:08 . 2009-11-21 10:12 -------- d-----w- c:\users\Pilou\AppData\Roaming\Autodesk
2009-11-29 21:08 . 2009-09-25 10:29 -------- d-----w- c:\users\Pilou\AppData\Roaming\ATI
2009-11-29 21:02 . 2009-10-28 19:12 -------- d-----w- c:\programdata\Ubisoft
2009-11-29 21:02 . 2009-09-25 10:24 -------- d-----w- c:\programdata\Ulead Systems
2009-11-29 21:02 . 2009-03-19 16:02 -------- d-----w- c:\programdata\TOSHIBA
2009-11-29 21:02 . 2009-03-19 15:47 -------- d-----w- c:\programdata\UIB
2009-11-29 21:02 . 2009-03-20 09:36 -------- d-----w- c:\programdata\Norton
2009-11-29 21:02 . 2009-03-20 09:35 -------- d-----w- c:\programdata\NortonInstaller
2009-11-29 21:00 . 2009-07-14 04:52 -------- d-----w- c:\program files\Microsoft Games
2009-11-29 20:59 . 2009-09-25 14:35 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-11-29 20:59 . 2009-03-19 15:15 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-29 20:59 . 2009-09-25 14:37 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-29 20:59 . 2009-03-19 16:09 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-29 20:58 . 2009-10-28 20:18 -------- d-----w- c:\program files\CCleaner
2009-11-29 20:58 . 2009-09-26 16:30 -------- d-----w- c:\program files\AutoWebCam
2009-11-29 20:58 . 2009-09-25 11:41 -------- d-----w- c:\program files\Avira
2009-11-29 20:58 . 2009-03-19 15:11 -------- d-----w- c:\program files\ATI Technologies
2009-11-29 20:58 . 2009-03-19 15:11 -------- d-----w- c:\program files\ATI
2009-11-29 20:54 . 2009-11-29 20:54 0 ----a-w- c:\windows\ativpsrm.bin
2009-11-29 20:54 . 2009-11-29 20:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-11-29 19:42 . 2009-09-26 10:08 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-29 17:21 . 2009-11-21 10:12 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-11-29 17:06 . 2009-11-29 17:06 111 ----a-w- c:\windows\system32\sysinter.drv
2009-11-21 10:22 . 2009-11-21 10:22 36864 ----a-w- c:\users\Pilou\AppData\Roaming\Autodesk\AutoCAD 2010\R18.0\fra\ContextualTabSelectorRules.dll
2009-10-29 07:22 . 2009-12-01 02:00 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-23 11:30 . 2009-10-11 09:52 1 ----a-w- c:\users\Pilou\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2008-04-29 16:55 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2008-04-29 16:55 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-11-12 6687264]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-04-29 16:43 96008 ----a-w- c:\windows\System32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
backup=c:\windows\pss\McAfee Security Scan.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
[HKLM\~\startupfolder\C:^Users^Pilou^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup
backupExtension=.Startup
path=c:\users\Pilou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehmvp]
c:\windows\system32\ehmvp.exe \u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2008-05-21 15:46 131752 ----a-w- c:\program files\Lexmark 4900 Series\ezprint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
2009-08-05 20:48 647520 ----a-w- c:\program files\Windows Live\Family Safety\fsui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-07-21 00:45 182808 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2008-08-27 06:00 79232 ----a-w- c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdrmon.exe]
2008-05-21 15:46 676520 ----a-w- c:\program files\Lexmark 4900 Series\lxdrmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MGSysCtrl]
2008-12-31 17:48 708608 ----a-w- c:\program files\System Control Manager\MGSysCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2008-04-29 16:21 49928 ----a-w- c:\program files\Protector Suite QL\launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 14:01 25626408 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-12-16 15:16 289584 ----a-w- c:\program files\uTorrent\uTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [14/07/2009 00:52 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [18/08/2009 02:36 176128]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [25/09/2009 12:41 108289]
R2 lxdr_device;lxdr_device;c:\windows\system32\lxdrcoms.exe -service --> c:\windows\system32\lxdrcoms.exe -service [?]
R2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [19/03/2009 17:16 159744]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [19/03/2009 16:23 54784]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [25/09/2009 13:27 691696]
S2 lxdrCATSCustConnectService;lxdrCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdrserv.exe [16/05/2008 16:39 98984]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\jeux\Dragon Age\bin_ship\daupdatersvc.service.exe [17/12/2009 16:27 25832]
S3 fssfltr;fssfltr;c:\windows\System32\drivers\fssfltr.sys [10/10/2009 12:14 54632]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [19/03/2009 16:45 380416]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [19/03/2009 16:54 3658752]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.wibeez.com/meteo
mStart Page = hxxp://www.duxet.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Pilou\AppData\Roaming\Mozilla\Firefox\Profiles\7aas1v4p.default\
FF - prefs.js: browser.search.selectedEngine - Wibeez
FF - prefs.js: browser.startup.homepage - hxxp://www.wibeez.com/meteo
FF - prefs.js: keyword.URL - hxxp://www.wibeez.com/meteo?search&q=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
MSConfigStartUp-MSWUpdate - c:\windows\Cursors\lsass.exe
MSConfigStartUp-SMSTray - c:\program files\Samsung\EmoDio\SMSTray.exe
MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe
AddRemove-Tropico3 - c:\program files\Kalypso\Tropico 3\uninst.exe
AddRemove-BIBLIO - c:\program files\BIBLIO\WDUNINST.EXE
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'lsass.exe'(612)
c:\windows\system32\psqlpwd.DLL
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
.
Heure de fin: 2010-01-19 21:18:01
ComboFix-quarantined-files.txt 2010-01-19 20:18
Avant-CF: 5 425 430 528 octets libres
Après-CF: 5 329 719 296 octets libres
- - End Of File - - 33C0575441EA05A8B2BFD382E4DD95E5
re
on continue...
1
Copie (Ctrl+C) le texte ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt
Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
![]()
Combofix se lance, laisse toi guider..
Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
2
Nous allons rechercher les restes à l'aide d'un scan en ligne :
*Clique avec le bouton droit de ta souris sur ce lien et ouvre-le dans une nouvelle fenêtre : ESET OnlineScan
~ Cette manipulation doit se faire avec Internet Explorer !
Clique ensuite sur ce bouton pour lancer l'analyse : ![]()
Choisis YES pour accepter les termes de la license.
Clique alors sur le bouton ![]()
=> Clique dans la barre jaune qui risque d'apparaître et autorise le programme (il est évidemment sans risque)
Coche la case "Scan Archives"
Appuie alors sur "Start"
=> L'outil se met à jour, installe les nouvelles bases de données et commencer l'analyse, cela va prendre beaucoup de temps ; sois patient !
Lorsqu'il a terminé, clique sur le bouton "List of found threats"
Clique alors "Export to text file..." et enregistre le fichier sur ton bureau.
Poste son contenu dans ta prochaine réponse.
on continue...
1
Copie (Ctrl+C) le texte ci-dessous :
File::
c:\users\Pilou\hrvgm.exe
c:\windows\system32\ehmvp.exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehmvp]
c:\users\Pilou\hrvgm.exe
c:\windows\system32\ehmvp.exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehmvp]
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt
Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
Ne touche à rien tant que le scan n'est pas terminé.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
2
Nous allons rechercher les restes à l'aide d'un scan en ligne :
*Clique avec le bouton droit de ta souris sur ce lien et ouvre-le dans une nouvelle fenêtre : ESET OnlineScan
~ Cette manipulation doit se faire avec Internet Explorer !
=> Clique dans la barre jaune qui risque d'apparaître et autorise le programme (il est évidemment sans risque)
=> L'outil se met à jour, installe les nouvelles bases de données et commencer l'analyse, cela va prendre beaucoup de temps ; sois patient !
Nous y voici ! Le virus n'apparaît plus, cela semble réglé ! ![:)]( ":)")
Merci beaucoup
voici les deux rapports :
ComboFix 10-01-19.01 - Pilou 19/01/2010 22:17:53.2.2 - x86
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.3071.2326 [GMT 1:00]
Lancé depuis: c:\users\Pilou\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Pilou\Desktop\CFScript.txt
FILE ::
"c:\users\Pilou\hrvgm.exe"
"c:\windows\system32\ehmvp.exe"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Pilou\hrvgm.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-19 au 2010-01-19 ))))))))))))))))))))))))))))))))))))
.
2010-01-19 21:23 . 2010-01-19 21:23 -------- d-----w- c:\users\Pilou\AppData\Local\temp
2010-01-19 21:23 . 2010-01-19 21:23 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-01-19 21:23 . 2010-01-19 21:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-19 21:23 . 2010-01-19 21:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-19 21:23 . 2010-01-19 21:23 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-01-19 17:03 . 2010-01-19 17:03 -------- d-----w- c:\program files\trend micro
2010-01-19 17:03 . 2010-01-19 17:03 -------- d-----w- C:\rsit
2010-01-19 16:24 . 2010-01-19 16:24 -------- d-----w- c:\users\Pilou\AppData\Roaming\Malwarebytes
2010-01-19 16:24 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-19 16:24 . 2010-01-19 16:24 -------- d-----w- c:\programdata\Malwarebytes
2010-01-19 16:24 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-19 16:24 . 2010-01-19 16:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-18 06:28 . 2010-01-18 06:28 -------- d-----w- c:\programdata\Electronic Arts
2010-01-18 06:24 . 2010-01-18 06:24 10134 ----a-r- c:\users\Pilou\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-01-18 06:24 . 2010-01-18 06:24 -------- d-----w- c:\program files\Microsoft WSE
2010-01-18 06:14 . 2010-01-18 06:14 -------- d-----w- c:\program files\Electronic Arts
2010-01-16 14:55 . 2010-01-16 14:55 422262 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{DE75F6F5-27AB-7506-A5C1-67E3EFD33352}-aepack.dll
2010-01-16 14:45 . 2010-01-16 14:45 184693 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{0D24626C-2BA3-CE1F-CDC0-586541B24133}-aecore.dll
2010-01-13 15:27 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 15:27 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 17:26 . 2010-01-12 17:26 -------- d-----w- c:\users\Pilou\AppData\Roaming\Icones
2009-12-22 09:57 . 2010-01-19 16:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-22 09:57 . 2009-12-22 09:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-21 11:24 . 2009-12-21 11:24 -------- d-----w- c:\program files\EL maphack1.12b
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 21:20 . 2009-07-14 08:39 697760 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-19 21:20 . 2009-07-14 08:39 128562 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-19 21:09 . 2009-11-30 19:20 -------- d-----w- c:\users\Pilou\AppData\Roaming\Skype
2010-01-19 15:51 . 2009-11-22 08:01 -------- d-----w- c:\users\Pilou\AppData\Roaming\uTorrent
2010-01-19 15:38 . 2009-12-13 13:23 -------- d-----w- c:\users\Pilou\AppData\Roaming\vlc
2010-01-18 06:14 . 2009-03-19 15:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-17 09:55 . 2009-09-25 11:47 -------- d-----w- c:\program files\DAoC Portal
2010-01-14 15:12 . 2009-12-20 11:22 -------- d-----w- c:\program files\Diablo II 2
2010-01-14 10:12 . 2009-10-02 18:26 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-31 18:29 . 2009-10-04 09:55 -------- d-----w- c:\users\Pilou\AppData\Roaming\dvdcss
2009-12-29 08:44 . 2009-09-25 12:30 -------- d-----w- c:\users\Pilou\AppData\Roaming\DAoC Portal
2009-12-20 11:23 . 2009-12-20 07:44 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-12-20 07:37 . 2009-12-20 07:37 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2009-12-20 07:37 . 2009-12-20 07:37 17212 ----a-w- c:\windows\system32\SIntf32.dll
2009-12-19 21:35 . 2009-12-19 21:35 -------- d-----w- c:\program files\eMule
2009-12-17 16:22 . 2009-12-17 16:22 -------- d-----w- c:\programdata\BioWare
2009-12-17 15:34 . 2009-12-17 15:33 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-17 15:33 . 2009-09-25 12:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-17 15:33 . 2009-12-17 15:33 -------- d-----w- c:\programdata\Media Center Programs
2009-12-17 15:33 . 2009-12-17 15:19 -------- d-----w- c:\program files\Common Files\BioWare
2009-12-16 15:16 . 2009-12-16 15:16 -------- d-----w- c:\program files\uTorrent
2009-12-12 15:49 . 2009-11-04 11:50 -------- d-----w- c:\users\Pilou\AppData\Roaming\Tropico 3
2009-12-12 08:40 . 2009-09-25 11:41 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-10 06:53 . 2009-03-19 17:11 -------- d-----w- c:\programdata\Microsoft Help
2009-12-09 13:05 . 2009-12-09 13:05 -------- d-----w- c:\program files\MagicDisc
2009-12-07 12:05 . 2009-09-25 12:27 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-07 11:35 . 2009-09-25 13:12 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-12-06 10:22 . 2009-12-06 10:22 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-12-03 21:10 . 2009-12-03 21:10 114992 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-03 06:13 . 2009-10-11 09:50 -------- d-----w- c:\program files\Java
2009-12-01 07:49 . 2009-11-29 21:24 114992 ----a-w- c:\users\Pilou\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-30 19:20 . 2009-11-30 19:20 -------- d-----r- c:\program files\Skype
2009-11-30 19:20 . 2009-11-30 19:20 -------- d-----w- c:\programdata\Skype
2009-11-29 21:23 . 2009-11-29 21:23 -------- d-sh--we c:\program files\Fichiers communs
2009-11-29 21:23 . 2009-11-29 21:23 -------- d-sh--we c:\programdata\Modèles
2009-11-29 21:23 . 2009-11-29 21:23 -------- d-sh--we c:\programdata\Menu Démarrer
2009-11-29 21:23 . 2009-11-29 21:23 -------- d-sh--we c:\programdata\Favoris
2009-11-29 21:23 . 2009-11-29 21:23 -------- d-sh--we c:\programdata\Bureau
2009-11-29 21:14 . 2009-11-29 21:14 21680 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-29 21:08 . 2009-11-21 10:12 -------- d-----w- c:\users\Pilou\AppData\Roaming\Autodesk
2009-11-29 21:08 . 2009-09-25 10:29 -------- d-----w- c:\users\Pilou\AppData\Roaming\ATI
2009-11-29 21:02 . 2009-10-28 19:12 -------- d-----w- c:\programdata\Ubisoft
2009-11-29 21:02 . 2009-09-25 10:24 -------- d-----w- c:\programdata\Ulead Systems
2009-11-29 21:02 . 2009-03-19 16:02 -------- d-----w- c:\programdata\TOSHIBA
2009-11-29 21:02 . 2009-03-19 15:47 -------- d-----w- c:\programdata\UIB
2009-11-29 21:02 . 2009-03-20 09:36 -------- d-----w- c:\programdata\Norton
2009-11-29 21:02 . 2009-03-20 09:35 -------- d-----w- c:\programdata\NortonInstaller
2009-11-29 21:00 . 2009-07-14 04:52 -------- d-----w- c:\program files\Microsoft Games
2009-11-29 20:59 . 2009-09-25 14:35 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-11-29 20:59 . 2009-03-19 15:15 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-29 20:59 . 2009-09-25 14:37 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-29 20:59 . 2009-03-19 16:09 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-29 20:58 . 2009-10-28 20:18 -------- d-----w- c:\program files\CCleaner
2009-11-29 20:58 . 2009-09-26 16:30 -------- d-----w- c:\program files\AutoWebCam
2009-11-29 20:58 . 2009-09-25 11:41 -------- d-----w- c:\program files\Avira
2009-11-29 20:58 . 2009-03-19 15:11 -------- d-----w- c:\program files\ATI Technologies
2009-11-29 20:58 . 2009-03-19 15:11 -------- d-----w- c:\program files\ATI
2009-11-29 20:54 . 2009-11-29 20:54 0 ----a-w- c:\windows\ativpsrm.bin
2009-11-29 20:54 . 2009-11-29 20:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-11-29 19:42 . 2009-09-26 10:08 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-29 17:21 . 2009-11-21 10:12 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-11-29 17:06 . 2009-11-29 17:06 111 ----a-w- c:\windows\system32\sysinter.drv
2009-11-21 10:22 . 2009-11-21 10:22 36864 ----a-w- c:\users\Pilou\AppData\Roaming\Autodesk\AutoCAD 2010\R18.0\fra\ContextualTabSelectorRules.dll
2009-10-29 07:22 . 2009-12-01 02:00 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-23 11:30 . 2009-10-11 09:52 1 ----a-w- c:\users\Pilou\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-01-19_20.15.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:55 . 2010-01-19 21:17 29188 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-11-30 00:07 . 2010-01-19 20:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-30 00:07 . 2010-01-19 21:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-30 00:07 . 2010-01-19 20:11 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-30 00:07 . 2010-01-19 21:11 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-30 00:07 . 2010-01-19 21:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-30 00:07 . 2010-01-19 20:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-03 21:11 . 2010-01-19 21:17 6182 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3904400809-3730177928-742343622-1000_UserData.bin
- 2010-01-19 16:31 . 2010-01-19 16:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-01-19 16:31 . 2010-01-19 21:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-01-19 16:31 . 2010-01-19 16:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-19 16:31 . 2010-01-19 21:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:05 . 2010-01-19 21:20 610094 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-01-19 16:37 610094 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-01-19 21:20 104412 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2010-01-19 16:37 104412 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2008-04-29 16:55 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2008-04-29 16:55 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-11-12 6687264]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-04-29 16:43 96008 ----a-w- c:\windows\System32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
backup=c:\windows\pss\McAfee Security Scan.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
[HKLM\~\startupfolder\C:^Users^Pilou^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup
backupExtension=.Startup
path=c:\users\Pilou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2008-05-21 15:46 131752 ----a-w- c:\program files\Lexmark 4900 Series\ezprint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
2009-08-05 20:48 647520 ----a-w- c:\program files\Windows Live\Family Safety\fsui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-07-21 00:45 182808 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2008-08-27 06:00 79232 ----a-w- c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdrmon.exe]
2008-05-21 15:46 676520 ----a-w- c:\program files\Lexmark 4900 Series\lxdrmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MGSysCtrl]
2008-12-31 17:48 708608 ----a-w- c:\program files\System Control Manager\MGSysCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2008-04-29 16:21 49928 ----a-w- c:\program files\Protector Suite QL\launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 14:01 25626408 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-12-16 15:16 289584 ----a-w- c:\program files\uTorrent\uTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [14/07/2009 00:52 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [18/08/2009 02:36 176128]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [25/09/2009 12:41 108289]
R2 lxdr_device;lxdr_device;c:\windows\system32\lxdrcoms.exe -service --> c:\windows\system32\lxdrcoms.exe -service [?]
R2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [19/03/2009 17:16 159744]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [19/03/2009 16:23 54784]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [25/09/2009 13:27 691696]
S2 lxdrCATSCustConnectService;lxdrCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdrserv.exe [16/05/2008 16:39 98984]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\jeux\Dragon Age\bin_ship\daupdatersvc.service.exe [17/12/2009 16:27 25832]
S3 fssfltr;fssfltr;c:\windows\System32\drivers\fssfltr.sys [10/10/2009 12:14 54632]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [19/03/2009 16:45 380416]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [19/03/2009 16:54 3658752]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.wibeez.com/meteo
mStart Page = hxxp://www.duxet.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Pilou\AppData\Roaming\Mozilla\Firefox\Profiles\7aas1v4p.default\
FF - prefs.js: browser.search.selectedEngine - Wibeez
FF - prefs.js: browser.startup.homepage - hxxp://www.wibeez.com/meteo
FF - prefs.js: keyword.URL - hxxp://www.wibeez.com/meteo?search&q=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'lsass.exe'(624)
c:\windows\system32\psqlpwd.DLL
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
.
Heure de fin: 2010-01-19 22:26:06
ComboFix-quarantined-files.txt 2010-01-19 21:26
ComboFix2.txt 2010-01-19 20:18
Avant-CF: 5 221 773 312 octets libres
Après-CF: 5 152 997 376 octets libres
- - End Of File - - 69A2839F2ACA1B097ACB408A879CF96D
C:\Users\Pilou\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\4934abef-165c1496 multiple threats deleted - quarantined
D:\Azureus\Dragon Age Origins [PC] NoDVD Crack Z0RG0N\Dragon Age Origins [PC] NoDVD Crack Z0RG0N.zip probably unknown NewHeur_PE virus deleted - quarantined
Merci beaucoup
voici les deux rapports :
ComboFix 10-01-19.01 - Pilou 19/01/2010 22:17:53.2.2 - x86
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.3071.2326 [GMT 1:00]
Lancé depuis: c:\users\Pilou\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Pilou\Desktop\CFScript.txt
FILE ::
"c:\users\Pilou\hrvgm.exe"
"c:\windows\system32\ehmvp.exe"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Pilou\hrvgm.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-19 au 2010-01-19 ))))))))))))))))))))))))))))))))))))
.
2010-01-19 21:23 . 2010-01-19 21:23 -------- d-----w- c:\users\Pilou\AppData\Local\temp
2010-01-19 21:23 . 2010-01-19 21:23 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-01-19 21:23 . 2010-01-19 21:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-19 21:23 . 2010-01-19 21:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-19 21:23 . 2010-01-19 21:23 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-01-19 17:03 . 2010-01-19 17:03 -------- d-----w- c:\program files\trend micro
2010-01-19 17:03 . 2010-01-19 17:03 -------- d-----w- C:\rsit
2010-01-19 16:24 . 2010-01-19 16:24 -------- d-----w- c:\users\Pilou\AppData\Roaming\Malwarebytes
2010-01-19 16:24 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-19 16:24 . 2010-01-19 16:24 -------- d-----w- c:\programdata\Malwarebytes
2010-01-19 16:24 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-19 16:24 . 2010-01-19 16:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-18 06:28 . 2010-01-18 06:28 -------- d-----w- c:\programdata\Electronic Arts
2010-01-18 06:24 . 2010-01-18 06:24 10134 ----a-r- c:\users\Pilou\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-01-18 06:24 . 2010-01-18 06:24 -------- d-----w- c:\program files\Microsoft WSE
2010-01-18 06:14 . 2010-01-18 06:14 -------- d-----w- c:\program files\Electronic Arts
2010-01-16 14:55 . 2010-01-16 14:55 422262 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{DE75F6F5-27AB-7506-A5C1-67E3EFD33352}-aepack.dll
2010-01-16 14:45 . 2010-01-16 14:45 184693 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{0D24626C-2BA3-CE1F-CDC0-586541B24133}-aecore.dll
2010-01-13 15:27 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 15:27 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 17:26 . 2010-01-12 17:26 -------- d-----w- c:\users\Pilou\AppData\Roaming\Icones
2009-12-22 09:57 . 2010-01-19 16:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-22 09:57 . 2009-12-22 09:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-21 11:24 . 2009-12-21 11:24 -------- d-----w- c:\program files\EL maphack1.12b
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 21:20 . 2009-07-14 08:39 697760 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-19 21:20 . 2009-07-14 08:39 128562 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-19 21:09 . 2009-11-30 19:20 -------- d-----w- c:\users\Pilou\AppData\Roaming\Skype
2010-01-19 15:51 . 2009-11-22 08:01 -------- d-----w- c:\users\Pilou\AppData\Roaming\uTorrent
2010-01-19 15:38 . 2009-12-13 13:23 -------- d-----w- c:\users\Pilou\AppData\Roaming\vlc
2010-01-18 06:14 . 2009-03-19 15:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-17 09:55 . 2009-09-25 11:47 -------- d-----w- c:\program files\DAoC Portal
2010-01-14 15:12 . 2009-12-20 11:22 -------- d-----w- c:\program files\Diablo II 2
2010-01-14 10:12 . 2009-10-02 18:26 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-31 18:29 . 2009-10-04 09:55 -------- d-----w- c:\users\Pilou\AppData\Roaming\dvdcss
2009-12-29 08:44 . 2009-09-25 12:30 -------- d-----w- c:\users\Pilou\AppData\Roaming\DAoC Portal
2009-12-20 11:23 . 2009-12-20 07:44 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-12-20 07:37 . 2009-12-20 07:37 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2009-12-20 07:37 . 2009-12-20 07:37 17212 ----a-w- c:\windows\system32\SIntf32.dll
2009-12-19 21:35 . 2009-12-19 21:35 -------- d-----w- c:\program files\eMule
2009-12-17 16:22 . 2009-12-17 16:22 -------- d-----w- c:\programdata\BioWare
2009-12-17 15:34 . 2009-12-17 15:33 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-17 15:33 . 2009-09-25 12:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-17 15:33 . 2009-12-17 15:33 -------- d-----w- c:\programdata\Media Center Programs
2009-12-17 15:33 . 2009-12-17 15:19 -------- d-----w- c:\program files\Common Files\BioWare
2009-12-16 15:16 . 2009-12-16 15:16 -------- d-----w- c:\program files\uTorrent
2009-12-12 15:49 . 2009-11-04 11:50 -------- d-----w- c:\users\Pilou\AppData\Roaming\Tropico 3
2009-12-12 08:40 . 2009-09-25 11:41 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-10 06:53 . 2009-03-19 17:11 -------- d-----w- c:\programdata\Microsoft Help
2009-12-09 13:05 . 2009-12-09 13:05 -------- d-----w- c:\program files\MagicDisc
2009-12-07 12:05 . 2009-09-25 12:27 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-07 11:35 . 2009-09-25 13:12 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-12-06 10:22 . 2009-12-06 10:22 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-12-03 21:10 . 2009-12-03 21:10 114992 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-03 06:13 . 2009-10-11 09:50 -------- d-----w- c:\program files\Java
2009-12-01 07:49 . 2009-11-29 21:24 114992 ----a-w- c:\users\Pilou\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-30 19:20 . 2009-11-30 19:20 -------- d-----r- c:\program files\Skype
2009-11-30 19:20 . 2009-11-30 19:20 -------- d-----w- c:\programdata\Skype
2009-11-29 21:23 . 2009-11-29 21:23 -------- d-sh--we c:\program files\Fichiers communs
2009-11-29 21:23 . 2009-11-29 21:23 -------- d-sh--we c:\programdata\Modèles
2009-11-29 21:23 . 2009-11-29 21:23 -------- d-sh--we c:\programdata\Menu Démarrer
2009-11-29 21:23 . 2009-11-29 21:23 -------- d-sh--we c:\programdata\Favoris
2009-11-29 21:23 . 2009-11-29 21:23 -------- d-sh--we c:\programdata\Bureau
2009-11-29 21:14 . 2009-11-29 21:14 21680 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-29 21:08 . 2009-11-21 10:12 -------- d-----w- c:\users\Pilou\AppData\Roaming\Autodesk
2009-11-29 21:08 . 2009-09-25 10:29 -------- d-----w- c:\users\Pilou\AppData\Roaming\ATI
2009-11-29 21:02 . 2009-10-28 19:12 -------- d-----w- c:\programdata\Ubisoft
2009-11-29 21:02 . 2009-09-25 10:24 -------- d-----w- c:\programdata\Ulead Systems
2009-11-29 21:02 . 2009-03-19 16:02 -------- d-----w- c:\programdata\TOSHIBA
2009-11-29 21:02 . 2009-03-19 15:47 -------- d-----w- c:\programdata\UIB
2009-11-29 21:02 . 2009-03-20 09:36 -------- d-----w- c:\programdata\Norton
2009-11-29 21:02 . 2009-03-20 09:35 -------- d-----w- c:\programdata\NortonInstaller
2009-11-29 21:00 . 2009-07-14 04:52 -------- d-----w- c:\program files\Microsoft Games
2009-11-29 20:59 . 2009-09-25 14:35 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-11-29 20:59 . 2009-03-19 15:15 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-29 20:59 . 2009-09-25 14:37 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-29 20:59 . 2009-03-19 16:09 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-29 20:58 . 2009-10-28 20:18 -------- d-----w- c:\program files\CCleaner
2009-11-29 20:58 . 2009-09-26 16:30 -------- d-----w- c:\program files\AutoWebCam
2009-11-29 20:58 . 2009-09-25 11:41 -------- d-----w- c:\program files\Avira
2009-11-29 20:58 . 2009-03-19 15:11 -------- d-----w- c:\program files\ATI Technologies
2009-11-29 20:58 . 2009-03-19 15:11 -------- d-----w- c:\program files\ATI
2009-11-29 20:54 . 2009-11-29 20:54 0 ----a-w- c:\windows\ativpsrm.bin
2009-11-29 20:54 . 2009-11-29 20:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-11-29 19:42 . 2009-09-26 10:08 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-29 17:21 . 2009-11-21 10:12 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-11-29 17:06 . 2009-11-29 17:06 111 ----a-w- c:\windows\system32\sysinter.drv
2009-11-21 10:22 . 2009-11-21 10:22 36864 ----a-w- c:\users\Pilou\AppData\Roaming\Autodesk\AutoCAD 2010\R18.0\fra\ContextualTabSelectorRules.dll
2009-10-29 07:22 . 2009-12-01 02:00 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-23 11:30 . 2009-10-11 09:52 1 ----a-w- c:\users\Pilou\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-01-19_20.15.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:55 . 2010-01-19 21:17 29188 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-11-30 00:07 . 2010-01-19 20:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-30 00:07 . 2010-01-19 21:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-30 00:07 . 2010-01-19 20:11 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-30 00:07 . 2010-01-19 21:11 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-30 00:07 . 2010-01-19 21:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-30 00:07 . 2010-01-19 20:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-03 21:11 . 2010-01-19 21:17 6182 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3904400809-3730177928-742343622-1000_UserData.bin
- 2010-01-19 16:31 . 2010-01-19 16:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-01-19 16:31 . 2010-01-19 21:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-01-19 16:31 . 2010-01-19 16:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-19 16:31 . 2010-01-19 21:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:05 . 2010-01-19 21:20 610094 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-01-19 16:37 610094 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-01-19 21:20 104412 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2010-01-19 16:37 104412 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2008-04-29 16:55 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2008-04-29 16:55 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-11-12 6687264]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-04-29 16:43 96008 ----a-w- c:\windows\System32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
backup=c:\windows\pss\McAfee Security Scan.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
[HKLM\~\startupfolder\C:^Users^Pilou^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup
backupExtension=.Startup
path=c:\users\Pilou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2008-05-21 15:46 131752 ----a-w- c:\program files\Lexmark 4900 Series\ezprint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
2009-08-05 20:48 647520 ----a-w- c:\program files\Windows Live\Family Safety\fsui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-07-21 00:45 182808 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2008-08-27 06:00 79232 ----a-w- c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdrmon.exe]
2008-05-21 15:46 676520 ----a-w- c:\program files\Lexmark 4900 Series\lxdrmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MGSysCtrl]
2008-12-31 17:48 708608 ----a-w- c:\program files\System Control Manager\MGSysCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2008-04-29 16:21 49928 ----a-w- c:\program files\Protector Suite QL\launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 14:01 25626408 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-12-16 15:16 289584 ----a-w- c:\program files\uTorrent\uTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [14/07/2009 00:52 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [18/08/2009 02:36 176128]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [25/09/2009 12:41 108289]
R2 lxdr_device;lxdr_device;c:\windows\system32\lxdrcoms.exe -service --> c:\windows\system32\lxdrcoms.exe -service [?]
R2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [19/03/2009 17:16 159744]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [19/03/2009 16:23 54784]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [25/09/2009 13:27 691696]
S2 lxdrCATSCustConnectService;lxdrCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdrserv.exe [16/05/2008 16:39 98984]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\jeux\Dragon Age\bin_ship\daupdatersvc.service.exe [17/12/2009 16:27 25832]
S3 fssfltr;fssfltr;c:\windows\System32\drivers\fssfltr.sys [10/10/2009 12:14 54632]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [19/03/2009 16:45 380416]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [19/03/2009 16:54 3658752]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.wibeez.com/meteo
mStart Page = hxxp://www.duxet.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Pilou\AppData\Roaming\Mozilla\Firefox\Profiles\7aas1v4p.default\
FF - prefs.js: browser.search.selectedEngine - Wibeez
FF - prefs.js: browser.startup.homepage - hxxp://www.wibeez.com/meteo
FF - prefs.js: keyword.URL - hxxp://www.wibeez.com/meteo?search&q=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'lsass.exe'(624)
c:\windows\system32\psqlpwd.DLL
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
.
Heure de fin: 2010-01-19 22:26:06
ComboFix-quarantined-files.txt 2010-01-19 21:26
ComboFix2.txt 2010-01-19 20:18
Avant-CF: 5 221 773 312 octets libres
Après-CF: 5 152 997 376 octets libres
- - End Of File - - 69A2839F2ACA1B097ACB408A879CF96D
C:\Users\Pilou\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\4934abef-165c1496 multiple threats deleted - quarantined
D:\Azureus\Dragon Age Origins [PC] NoDVD Crack Z0RG0N\Dragon Age Origins [PC] NoDVD Crack Z0RG0N.zip probably unknown NewHeur_PE virus deleted - quarantined
re
tu te doutes d'où viennet tes problèmes de virus...
Je te conseille de faire un gros ménage dans tes cracks...![:o]( ":o")
Supprime tous les programmes installés pour la désinfection.
Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.
![]()
Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.
Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.
~Edite ton premier message et marque [résolu] dans le titre.
Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.
![:hello:]( ":hello:")
tu te doutes d'où viennet tes problèmes de virus...
Citation :
D:\Azureus\Dragon Age Origins [PC] NoDVD Crack Z0RG0N\Dragon Age Origins [PC] NoDVD Crack Z0RG0N.zip probably unknown NewHeur_PE virus deleted - quarantined Je te conseille de faire un gros ménage dans tes cracks...
Supprime tous les programmes installés pour la désinfection.
Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.
Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.
Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.
~Edite ton premier message et marque [résolu] dans le titre.
Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumVirus tr dropper gen ecran bleu
- ForumProbleme virus tr crypt.ulpm.gen
- ForumTr dldr.swizzor.gen virus
- ForumVirus trojan. tr trash.gen
- ForumVirus trojan tr vundo.gen
- ForumVirus trojan tr atraps.gen
- ForumVirus tr agent.iob win32 trojan-gen
- ForumVirus tr
- ForumVirus tr dldr.bagle.mn
- ForumVirus tr fakescanner.f
- Voir plus
