Rapport Combofix
Dernière réponse : dans Sécurité
Bonjour,
Voici le rapport de Combofix. Mon problème: Lorsque je suis sur google et que je clic sur un lien j'ai une page pornographie qui s'ouvre. je voudrais savoir si combofix à réglé le problème et tout les autres virus qui se trouve dans ma machine. Je vous remercie d'avance pour votre aide.
Salutation.
Rapport:
ComboFix 10-08-17.04 - Ountibi 18/08/2010 19:53:28.1.3 - x86
Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1036.18.3071.2049 [GMT -3:00]
Lancé depuis: c:\users\Ountibi\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\api-ms-win-security-lsalookup-l1-1-032.dll
c:\programdata\D3DCompiler_3332.dll
c:\programdata\SysWoW32
c:\programdata\SysWoW32\wu1243529411v0
c:\programdata\unrar.exe
c:\users\Ountibi\AppData\Roaming\020000003a612942973C.manifest
c:\users\Ountibi\AppData\Roaming\020000003a612942973O.manifest
c:\users\Ountibi\AppData\Roaming\020000003a612942973P.manifest
c:\users\Ountibi\AppData\Roaming\020000003a612942973S.manifest
c:\users\Ountibi\AppData\Roaming\Mozilla\Firefox\Profiles\len0b5ya.default\extensions\{e59afa57-5cfe-4220-bac4-1e11829d1339}
c:\users\Ountibi\AppData\Roaming\Mozilla\Firefox\Profiles\len0b5ya.default\extensions\{e59afa57-5cfe-4220-bac4-1e11829d1339}\chrome.manifest
c:\users\Ountibi\AppData\Roaming\Mozilla\Firefox\Profiles\len0b5ya.default\extensions\{e59afa57-5cfe-4220-bac4-1e11829d1339}\chrome\xulcache.jar
c:\users\Ountibi\AppData\Roaming\Mozilla\Firefox\Profiles\len0b5ya.default\extensions\{e59afa57-5cfe-4220-bac4-1e11829d1339}\defaults\preferences\xulcache.js
c:\users\Ountibi\AppData\Roaming\Mozilla\Firefox\Profiles\len0b5ya.default\extensions\{e59afa57-5cfe-4220-bac4-1e11829d1339}\install.rdf
c:\users\Ountibi\AppData\Roaming\SystemProc
c:\users\Pemecou\AppData\Roaming\020000003a612942973C.manifest
c:\users\Pemecou\AppData\Roaming\020000003a612942973O.manifest
c:\users\Pemecou\AppData\Roaming\020000003a612942973P.manifest
c:\users\Pemecou\AppData\Roaming\020000003a612942973S.manifest
c:\users\Pemecou\AppData\Roaming\D4BB.tmp
c:\users\Pemecou\AppData\Roaming\Mozilla\Firefox\Profiles\xu4k7dtj.default\extensions\{e59afa57-5cfe-4220-bac4-1e11829d1339}
c:\users\Pemecou\AppData\Roaming\Mozilla\Firefox\Profiles\xu4k7dtj.default\extensions\{e59afa57-5cfe-4220-bac4-1e11829d1339}\chrome.manifest
c:\users\Pemecou\AppData\Roaming\Mozilla\Firefox\Profiles\xu4k7dtj.default\extensions\{e59afa57-5cfe-4220-bac4-1e11829d1339}\chrome\xulcache.jar
c:\users\Pemecou\AppData\Roaming\Mozilla\Firefox\Profiles\xu4k7dtj.default\extensions\{e59afa57-5cfe-4220-bac4-1e11829d1339}\defaults\preferences\xulcache.js
c:\users\Pemecou\AppData\Roaming\Mozilla\Firefox\Profiles\xu4k7dtj.default\extensions\{e59afa57-5cfe-4220-bac4-1e11829d1339}\install.rdf
c:\users\Pemecou\AppData\Roaming\SystemProc
c:\windows\system32\CERTCLI32.DLL
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-07-18 au 2010-08-18 ))))))))))))))))))))))))))))))))))))
.
2010-08-18 21:47 . 2010-08-18 21:47 340456 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\avp.exe
2010-08-18 21:47 . 2010-08-18 21:47 170512 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\prloader.dll
2010-08-18 21:47 . 2010-08-18 21:47 170584 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\prloader.dll
2010-08-18 21:46 . 2010-08-18 21:46 340520 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\avp.exe
2010-08-17 19:11 . 2010-08-17 19:11 7424 ------w- C:\bootsqm.dat
2010-08-16 03:47 . 2010-08-16 03:47 -------- d-----w- c:\users\Pemecou\AppData\Roaming\ActiveState
2010-08-16 03:17 . 2010-08-16 03:17 -------- d-----w- c:\program files\Common Files\Java
2010-08-16 03:13 . 2010-08-16 21:50 -------- d-----w- c:\users\Ountibi\AppData\Roaming\ActiveState
2010-08-15 18:25 . 2010-08-15 18:25 -------- d-----w- c:\users\Pemecou\AppData\Roaming\KompoZer
2010-08-15 18:23 . 2010-08-15 18:23 -------- d-----w- c:\users\Ountibi\AppData\Roaming\KompoZer
2010-08-12 01:52 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-12 01:52 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-08-12 01:52 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-08-12 01:41 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 01:28 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 01:28 . 2010-06-22 02:47 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 01:28 . 2010-06-22 02:47 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 01:28 . 2010-06-22 02:47 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-07-31 23:17 . 2010-08-04 03:13 -------- d-----w- c:\users\Pemecou\Vide
2010-07-30 02:11 . 2010-07-30 02:11 346112 ----a-w- c:\users\Pemecou\AppData\Roaming\Mozilla\Firefox\Profiles\xu4k7dtj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-07-30 02:11 . 2010-07-30 02:11 1496064 ----a-w- c:\users\Pemecou\AppData\Roaming\Mozilla\Firefox\Profiles\xu4k7dtj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-07-30 02:11 . 2010-07-23 20:22 43008 ----a-w- c:\users\Pemecou\AppData\Roaming\Mozilla\Firefox\Profiles\xu4k7dtj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-07-30 02:11 . 2010-07-23 20:22 338944 ----a-w- c:\users\Pemecou\AppData\Roaming\Mozilla\Firefox\Profiles\xu4k7dtj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-07-28 11:43 . 2010-07-28 11:43 -------- d-----w- c:\programdata\578223614
2010-07-25 17:09 . 2010-07-26 00:40 -------- d-----w- c:\users\Pemecou\Shared
2010-07-25 17:09 . 2010-07-26 01:15 -------- d-----w- c:\users\Pemecou\Incomplete
2010-07-25 17:09 . 2010-07-25 21:32 -------- d-----w- c:\users\Pemecou\AppData\Roaming\LimeWire
2010-07-25 15:53 . 2010-07-26 15:12 -------- d-----w- c:\users\Ountibi\Incomplete
2010-07-25 15:53 . 2010-07-25 16:12 -------- d-----w- c:\users\Ountibi\AppData\Roaming\LimeWire
2010-07-25 15:53 . 2010-07-26 15:06 -------- d-----w- c:\users\Ountibi\Shared
2010-07-25 15:52 . 2010-07-25 15:53 -------- d-----w- c:\program files\360Share Pro
2010-07-25 14:20 . 2010-08-16 18:09 -------- d-----w- c:\program files\org.manager
2010-07-23 02:53 . 2010-07-23 02:57 -------- d-----w- c:\users\Pemecou\AppData\Roaming\SmartDraw
2010-07-23 02:52 . 2010-07-23 02:59 -------- d-----w- C:\SmartDraw 2010
2010-07-21 12:27 . 2008-08-21 07:17 453152 ----a-w- c:\windows\system32\nvuninst.exe
2010-07-21 12:27 . 2008-08-24 19:22 14208 ----a-w- c:\windows\system32\drivers\nvsmu.sys
2010-07-21 12:27 . 2008-08-21 07:17 122880 ----a-w- c:\windows\system32\NVCOSMU.DLL
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-18 22:36 . 2009-12-19 23:16 -------- d-----w- c:\programdata\Kaspersky Lab
2010-08-18 22:25 . 2009-07-14 08:39 704242 ----a-w- c:\windows\system32\perfh00C.dat
2010-08-18 22:25 . 2009-07-14 08:39 130548 ----a-w- c:\windows\system32\perfc00C.dat
2010-08-16 18:09 . 2009-12-18 20:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-16 17:49 . 2009-12-25 14:46 -------- d-----w- c:\users\Pemecou\AppData\Roaming\Skype
2010-08-16 11:11 . 2009-12-25 14:48 -------- d-----w- c:\users\Pemecou\AppData\Roaming\skypePM
2010-08-16 03:16 . 2010-06-15 10:46 -------- d-----w- c:\program files\Java
2010-08-12 10:57 . 2009-12-18 19:38 -------- d-----w- c:\programdata\Microsoft Help
2010-08-11 01:47 . 2009-12-30 22:28 -------- d-----w- c:\users\Pemecou\AppData\Roaming\vlc
2010-08-03 10:56 . 2009-12-20 23:18 -------- d-----w- c:\program files\CCleaner
2010-07-29 19:47 . 2009-12-19 23:17 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-07-29 19:47 . 2009-12-19 23:17 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-07-26 15:04 . 2010-07-26 15:04 0 ----a-w- c:\users\Ountibi\AppData\Roaming\3277.tmp
2010-07-25 17:05 . 2009-12-30 19:47 -------- d-----w- c:\users\Ountibi\AppData\Roaming\vlc
2010-07-25 16:17 . 2010-06-17 05:07 -------- d-----w- c:\program files\EDraw Max
2010-07-21 14:25 . 2010-02-25 22:34 -------- d-----w- c:\programdata\NVIDIA
2010-07-17 16:54 . 2009-12-30 23:23 -------- d-----w- c:\users\Pemecou\AppData\Roaming\dvdcss
2010-07-17 08:00 . 2010-06-15 10:46 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-09 18:57 . 2010-07-09 18:57 -------- d-----w- c:\users\Pemecou\AppData\Roaming\Macrovision
2010-07-07 15:29 . 2009-12-18 13:01 86504 ----a-w- c:\users\Ountibi\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-01 22:27 . 2009-12-22 11:26 86504 ----a-w- c:\users\Pemecou\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-01 22:23 . 2009-12-18 19:41 -------- d-----w- c:\program files\Microsoft Works
2010-07-01 22:23 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-07-01 16:52 . 2010-07-18 04:45 1496064 ----a-w- c:\users\Ountibi\AppData\Roaming\Mozilla\Firefox\Profiles\len0b5ya.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-07-01 16:51 . 2010-07-18 04:45 43008 ----a-w- c:\users\Ountibi\AppData\Roaming\Mozilla\Firefox\Profiles\len0b5ya.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-07-01 16:51 . 2010-07-18 04:45 338944 ----a-w- c:\users\Ountibi\AppData\Roaming\Mozilla\Firefox\Profiles\len0b5ya.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-07-01 16:51 . 2010-07-18 04:45 346112 ----a-w- c:\users\Ountibi\AppData\Roaming\Mozilla\Firefox\Profiles\len0b5ya.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-06-30 06:25 . 2010-08-11 22:15 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 23:07 . 2009-12-18 19:40 -------- d-----w- c:\program files\Microsoft.NET
2010-06-19 06:33 . 2010-08-11 22:15 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-11 22:15 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 04:07 . 2010-08-11 22:15 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48 . 2010-08-11 22:15 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-15 12:23 . 2010-06-15 12:23 133720 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll
2010-05-27 07:24 . 2010-06-15 09:48 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-15 09:48 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 17:14 . 2009-12-18 21:54 221568 ------w- c:\windows\system32\MpSigStub.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2010-08-18 340520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Welcome Center"="c:\windows\system32\OobeFldr.dll" [2009-10-26 859648]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Little transparency.exe [2009-9-9 402263]
RocketDock.lnk - c:\program files\RocketDock\RocketDock.exe [2009-10-28 495616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2004-03-10 14:39 40960 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuance OmniPage 17-reminder]
2008-11-03 14:02 54560 ----a-w- c:\program files\Nuance\OmniPage17\Ereg\Ereg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2004-03-10 14:20 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller]
2008-12-13 06:27 58656 ----a-w- c:\program files\Nuance\PDF Create 5\RegistryController.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]
2009-04-10 12:52 1277952 ----a-w- c:\program files\Nuance\PDF Create 5\PdfCreate5Hook.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 16:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca98429a3e2d30;Google Update Service (gupdate1ca98429a3e2d30);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-18 135664]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-25 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-18 722416]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
.
Contenu du dossier 'Tâches planifiées'
2010-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-18 22:05]
2010-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-18 22:05]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: Ajouter au fichier PDF existant - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Ajouter le contenu des liens sélectionnés à un fichier PDF existant - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Ajouter le contenu du lien à un fichier PDF existant - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Créer des fichiers PDF à partir des liens sélectionnés - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Créer fichier PDF - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Créer un fichier PDF depuis le contenu du lien - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Ountibi\AppData\Roaming\Mozilla\Firefox\Profiles\len0b5ya.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\users\Ountibi\AppData\Roaming\Mozilla\Firefox\Profiles\len0b5ya.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{0DAF3CE5-E984-4CAD-AA4D-65D325D74583} - c:\windows\system32\certcli32.dll
HKCU-Run-OpAgent - OpAgent.exe
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2010-08-18 20:04:06
ComboFix-quarantined-files.txt 2010-08-18 23:04
Avant-CF: 82 186 256 384 octets libres
Après-CF: 82 955 812 864 octets libres
- - End Of File - - 917076C597B70D1AC9ED85EC4E964D65
Voici le rapport de Combofix. Mon problème: Lorsque je suis sur google et que je clic sur un lien j'ai une page pornographie qui s'ouvre. je voudrais savoir si combofix à réglé le problème et tout les autres virus qui se trouve dans ma machine. Je vous remercie d'avance pour votre aide.
Salutation.
Rapport:
ComboFix 10-08-17.04 - Ountibi 18/08/2010 19:53:28.1.3 - x86
Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1036.18.3071.2049 [GMT -3:00]
Lancé depuis: c:\users\Ountibi\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\api-ms-win-security-lsalookup-l1-1-032.dll
c:\programdata\D3DCompiler_3332.dll
c:\programdata\SysWoW32
c:\programdata\SysWoW32\wu1243529411v0
c:\programdata\unrar.exe
c:\users\Ountibi\AppData\Roaming\020000003a612942973C.manifest
c:\users\Ountibi\AppData\Roaming\020000003a612942973O.manifest
c:\users\Ountibi\AppData\Roaming\020000003a612942973P.manifest
c:\users\Ountibi\AppData\Roaming\020000003a612942973S.manifest
c:\users\Ountibi\AppData\Roaming\Mozilla\Firefox\Profiles\len0b5ya.default\extensions\{e59afa57-5cfe-4220-bac4-1e11829d1339}
c:\users\Ountibi\AppData\Roaming\Mozilla\Firefox\Profiles\len0b5ya.default\extensions\{e59afa57-5cfe-4220-bac4-1e11829d1339}\chrome.manifest
c:\users\Ountibi\AppData\Roaming\Mozilla\Firefox\Profiles\len0b5ya.default\extensions\{e59afa57-5cfe-4220-bac4-1e11829d1339}\chrome\xulcache.jar
c:\users\Ountibi\AppData\Roaming\Mozilla\Firefox\Profiles\len0b5ya.default\extensions\{e59afa57-5cfe-4220-bac4-1e11829d1339}\defaults\preferences\xulcache.js
c:\users\Ountibi\AppData\Roaming\Mozilla\Firefox\Profiles\len0b5ya.default\extensions\{e59afa57-5cfe-4220-bac4-1e11829d1339}\install.rdf
c:\users\Ountibi\AppData\Roaming\SystemProc
c:\users\Pemecou\AppData\Roaming\020000003a612942973C.manifest
c:\users\Pemecou\AppData\Roaming\020000003a612942973O.manifest
c:\users\Pemecou\AppData\Roaming\020000003a612942973P.manifest
c:\users\Pemecou\AppData\Roaming\020000003a612942973S.manifest
c:\users\Pemecou\AppData\Roaming\D4BB.tmp
c:\users\Pemecou\AppData\Roaming\Mozilla\Firefox\Profiles\xu4k7dtj.default\extensions\{e59afa57-5cfe-4220-bac4-1e11829d1339}
c:\users\Pemecou\AppData\Roaming\Mozilla\Firefox\Profiles\xu4k7dtj.default\extensions\{e59afa57-5cfe-4220-bac4-1e11829d1339}\chrome.manifest
c:\users\Pemecou\AppData\Roaming\Mozilla\Firefox\Profiles\xu4k7dtj.default\extensions\{e59afa57-5cfe-4220-bac4-1e11829d1339}\chrome\xulcache.jar
c:\users\Pemecou\AppData\Roaming\Mozilla\Firefox\Profiles\xu4k7dtj.default\extensions\{e59afa57-5cfe-4220-bac4-1e11829d1339}\defaults\preferences\xulcache.js
c:\users\Pemecou\AppData\Roaming\Mozilla\Firefox\Profiles\xu4k7dtj.default\extensions\{e59afa57-5cfe-4220-bac4-1e11829d1339}\install.rdf
c:\users\Pemecou\AppData\Roaming\SystemProc
c:\windows\system32\CERTCLI32.DLL
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-07-18 au 2010-08-18 ))))))))))))))))))))))))))))))))))))
.
2010-08-18 21:47 . 2010-08-18 21:47 340456 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\avp.exe
2010-08-18 21:47 . 2010-08-18 21:47 170512 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\prloader.dll
2010-08-18 21:47 . 2010-08-18 21:47 170584 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\prloader.dll
2010-08-18 21:46 . 2010-08-18 21:46 340520 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\avp.exe
2010-08-17 19:11 . 2010-08-17 19:11 7424 ------w- C:\bootsqm.dat
2010-08-16 03:47 . 2010-08-16 03:47 -------- d-----w- c:\users\Pemecou\AppData\Roaming\ActiveState
2010-08-16 03:17 . 2010-08-16 03:17 -------- d-----w- c:\program files\Common Files\Java
2010-08-16 03:13 . 2010-08-16 21:50 -------- d-----w- c:\users\Ountibi\AppData\Roaming\ActiveState
2010-08-15 18:25 . 2010-08-15 18:25 -------- d-----w- c:\users\Pemecou\AppData\Roaming\KompoZer
2010-08-15 18:23 . 2010-08-15 18:23 -------- d-----w- c:\users\Ountibi\AppData\Roaming\KompoZer
2010-08-12 01:52 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-12 01:52 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-08-12 01:52 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-08-12 01:41 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 01:28 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 01:28 . 2010-06-22 02:47 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 01:28 . 2010-06-22 02:47 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 01:28 . 2010-06-22 02:47 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-07-31 23:17 . 2010-08-04 03:13 -------- d-----w- c:\users\Pemecou\Vide
2010-07-30 02:11 . 2010-07-30 02:11 346112 ----a-w- c:\users\Pemecou\AppData\Roaming\Mozilla\Firefox\Profiles\xu4k7dtj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-07-30 02:11 . 2010-07-30 02:11 1496064 ----a-w- c:\users\Pemecou\AppData\Roaming\Mozilla\Firefox\Profiles\xu4k7dtj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-07-30 02:11 . 2010-07-23 20:22 43008 ----a-w- c:\users\Pemecou\AppData\Roaming\Mozilla\Firefox\Profiles\xu4k7dtj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-07-30 02:11 . 2010-07-23 20:22 338944 ----a-w- c:\users\Pemecou\AppData\Roaming\Mozilla\Firefox\Profiles\xu4k7dtj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-07-28 11:43 . 2010-07-28 11:43 -------- d-----w- c:\programdata\578223614
2010-07-25 17:09 . 2010-07-26 00:40 -------- d-----w- c:\users\Pemecou\Shared
2010-07-25 17:09 . 2010-07-26 01:15 -------- d-----w- c:\users\Pemecou\Incomplete
2010-07-25 17:09 . 2010-07-25 21:32 -------- d-----w- c:\users\Pemecou\AppData\Roaming\LimeWire
2010-07-25 15:53 . 2010-07-26 15:12 -------- d-----w- c:\users\Ountibi\Incomplete
2010-07-25 15:53 . 2010-07-25 16:12 -------- d-----w- c:\users\Ountibi\AppData\Roaming\LimeWire
2010-07-25 15:53 . 2010-07-26 15:06 -------- d-----w- c:\users\Ountibi\Shared
2010-07-25 15:52 . 2010-07-25 15:53 -------- d-----w- c:\program files\360Share Pro
2010-07-25 14:20 . 2010-08-16 18:09 -------- d-----w- c:\program files\org.manager
2010-07-23 02:53 . 2010-07-23 02:57 -------- d-----w- c:\users\Pemecou\AppData\Roaming\SmartDraw
2010-07-23 02:52 . 2010-07-23 02:59 -------- d-----w- C:\SmartDraw 2010
2010-07-21 12:27 . 2008-08-21 07:17 453152 ----a-w- c:\windows\system32\nvuninst.exe
2010-07-21 12:27 . 2008-08-24 19:22 14208 ----a-w- c:\windows\system32\drivers\nvsmu.sys
2010-07-21 12:27 . 2008-08-21 07:17 122880 ----a-w- c:\windows\system32\NVCOSMU.DLL
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-18 22:36 . 2009-12-19 23:16 -------- d-----w- c:\programdata\Kaspersky Lab
2010-08-18 22:25 . 2009-07-14 08:39 704242 ----a-w- c:\windows\system32\perfh00C.dat
2010-08-18 22:25 . 2009-07-14 08:39 130548 ----a-w- c:\windows\system32\perfc00C.dat
2010-08-16 18:09 . 2009-12-18 20:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-16 17:49 . 2009-12-25 14:46 -------- d-----w- c:\users\Pemecou\AppData\Roaming\Skype
2010-08-16 11:11 . 2009-12-25 14:48 -------- d-----w- c:\users\Pemecou\AppData\Roaming\skypePM
2010-08-16 03:16 . 2010-06-15 10:46 -------- d-----w- c:\program files\Java
2010-08-12 10:57 . 2009-12-18 19:38 -------- d-----w- c:\programdata\Microsoft Help
2010-08-11 01:47 . 2009-12-30 22:28 -------- d-----w- c:\users\Pemecou\AppData\Roaming\vlc
2010-08-03 10:56 . 2009-12-20 23:18 -------- d-----w- c:\program files\CCleaner
2010-07-29 19:47 . 2009-12-19 23:17 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-07-29 19:47 . 2009-12-19 23:17 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-07-26 15:04 . 2010-07-26 15:04 0 ----a-w- c:\users\Ountibi\AppData\Roaming\3277.tmp
2010-07-25 17:05 . 2009-12-30 19:47 -------- d-----w- c:\users\Ountibi\AppData\Roaming\vlc
2010-07-25 16:17 . 2010-06-17 05:07 -------- d-----w- c:\program files\EDraw Max
2010-07-21 14:25 . 2010-02-25 22:34 -------- d-----w- c:\programdata\NVIDIA
2010-07-17 16:54 . 2009-12-30 23:23 -------- d-----w- c:\users\Pemecou\AppData\Roaming\dvdcss
2010-07-17 08:00 . 2010-06-15 10:46 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-09 18:57 . 2010-07-09 18:57 -------- d-----w- c:\users\Pemecou\AppData\Roaming\Macrovision
2010-07-07 15:29 . 2009-12-18 13:01 86504 ----a-w- c:\users\Ountibi\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-01 22:27 . 2009-12-22 11:26 86504 ----a-w- c:\users\Pemecou\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-01 22:23 . 2009-12-18 19:41 -------- d-----w- c:\program files\Microsoft Works
2010-07-01 22:23 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-07-01 16:52 . 2010-07-18 04:45 1496064 ----a-w- c:\users\Ountibi\AppData\Roaming\Mozilla\Firefox\Profiles\len0b5ya.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-07-01 16:51 . 2010-07-18 04:45 43008 ----a-w- c:\users\Ountibi\AppData\Roaming\Mozilla\Firefox\Profiles\len0b5ya.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-07-01 16:51 . 2010-07-18 04:45 338944 ----a-w- c:\users\Ountibi\AppData\Roaming\Mozilla\Firefox\Profiles\len0b5ya.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-07-01 16:51 . 2010-07-18 04:45 346112 ----a-w- c:\users\Ountibi\AppData\Roaming\Mozilla\Firefox\Profiles\len0b5ya.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-06-30 06:25 . 2010-08-11 22:15 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 23:07 . 2009-12-18 19:40 -------- d-----w- c:\program files\Microsoft.NET
2010-06-19 06:33 . 2010-08-11 22:15 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-11 22:15 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 04:07 . 2010-08-11 22:15 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48 . 2010-08-11 22:15 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-15 12:23 . 2010-06-15 12:23 133720 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll
2010-05-27 07:24 . 2010-06-15 09:48 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-15 09:48 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 17:14 . 2009-12-18 21:54 221568 ------w- c:\windows\system32\MpSigStub.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2010-08-18 340520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Welcome Center"="c:\windows\system32\OobeFldr.dll" [2009-10-26 859648]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Little transparency.exe [2009-9-9 402263]
RocketDock.lnk - c:\program files\RocketDock\RocketDock.exe [2009-10-28 495616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2004-03-10 14:39 40960 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuance OmniPage 17-reminder]
2008-11-03 14:02 54560 ----a-w- c:\program files\Nuance\OmniPage17\Ereg\Ereg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2004-03-10 14:20 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller]
2008-12-13 06:27 58656 ----a-w- c:\program files\Nuance\PDF Create 5\RegistryController.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]
2009-04-10 12:52 1277952 ----a-w- c:\program files\Nuance\PDF Create 5\PdfCreate5Hook.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 16:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca98429a3e2d30;Google Update Service (gupdate1ca98429a3e2d30);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-18 135664]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-25 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-18 722416]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
.
Contenu du dossier 'Tâches planifiées'
2010-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-18 22:05]
2010-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-18 22:05]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: Ajouter au fichier PDF existant - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Ajouter le contenu des liens sélectionnés à un fichier PDF existant - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Ajouter le contenu du lien à un fichier PDF existant - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Créer des fichiers PDF à partir des liens sélectionnés - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Créer fichier PDF - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Créer un fichier PDF depuis le contenu du lien - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Ountibi\AppData\Roaming\Mozilla\Firefox\Profiles\len0b5ya.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\users\Ountibi\AppData\Roaming\Mozilla\Firefox\Profiles\len0b5ya.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{0DAF3CE5-E984-4CAD-AA4D-65D325D74583} - c:\windows\system32\certcli32.dll
HKCU-Run-OpAgent - OpAgent.exe
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2010-08-18 20:04:06
ComboFix-quarantined-files.txt 2010-08-18 23:04
Avant-CF: 82 186 256 384 octets libres
Après-CF: 82 955 812 864 octets libres
- - End Of File - - 917076C597B70D1AC9ED85EC4E964D65
Autres pages sur : rapport combofix
Lassé par la pub ? Créez un compte
Salut. Il vaut mieux éviter d'utiliser CF sans l'avis d'un helper. ![;)]( ";)")
/!\ Pour le bon déroulement de la désinfection:
N'ouvre pas le même sujet sur des forums différents, c'est une perte de temps pour tout le monde!
Évites les manipulations hasardeuses avec ton PC, mieux vaut demander!
Prends le temps de lire corectement et de comprendre l'ensemble des procédures qui te seront demandées.
Suis à la lettre chaque procédure qui te sera fournie.
Si tu as une quelconque question ou un quelconque problème, n'hésite pas à me demander.
Dans un souci de lisibilité du sujet, merci de bien vouloir héberger tous les rapports ici, et de poster les liens dans la discussion. ![:clin:]( ":clin:")
***
Télécharger sur le bureau Malwarebyte's Anti-Malware
Double-clic sur « mbam-setup » pour lancer l'installation.
Installer simplement sans rien modifier.
Quand le programme lancé ==> onglet « Mise à jour » cliquer sur ==> « Recherche de mise à jour. »
Onglet « Recherche » ==> cocher « Exécuter un examen complet ».
Clic « Rechercher »,
Cocher tous les disque dur,
Clic « Lancer l'examen ».
En fin de scan , si infection trouvée,
==> Clic « Afficher résultat ».
Fermer vos applications en cours,
Vérifier si tout est coché et clic « Supprimer la sélection ».
Un rapport s'ouvre l'héberger et donner son lien.
/!\ Pour le bon déroulement de la désinfection:
***
Télécharger sur le bureau Malwarebyte's Anti-Malware
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumJ'ai enfin mon rapport combofix
- ForumRapport combofix , ordinateur propre
- ForumRapport combofix a interpretter, svp
- ForumTr crypt.zpack rapport combofix
- downloadRapport combofix et hijackthis uc100
- ForumUn diagnostic sur rapport combofix
- ForumAide rapport combofix et hijackthis
- ForumPb de virus, mon rapport combofix
- ForumRapport combofix
- ForumComment interpreter rapport combofix
- Voir plus
