Antimalware doctor
junes23
-
Malekal_morte- Messages postés 184348 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention -
Malekal_morte- Messages postés 184348 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention -
Bonjour,
j'ai un pc portable vista avec un anti virus macfee.
un virus antimalware doctor est entrée dans mon ordianteur. je ne peux plus aller sur internet depus. Et macfee ne fonctionne plus. Je suis coincée en mode sans echec comment en sortir et surtout comment suprimer antimalware doctor de mon ordi?
merci
j'ai un pc portable vista avec un anti virus macfee.
un virus antimalware doctor est entrée dans mon ordianteur. je ne peux plus aller sur internet depus. Et macfee ne fonctionne plus. Je suis coincée en mode sans echec comment en sortir et surtout comment suprimer antimalware doctor de mon ordi?
merci
A voir également:
- Antimalware doctor
- Pc doctor - Télécharger - Optimisation
- Spyware doctor - Télécharger - Antivirus & Antimalwares
- Disk doctor - Télécharger - Récupération de données
- Car doctor - Télécharger - Vie quotidienne
- Picture doctor - Télécharger - Récupération de données
7 réponses
Salut,
Sauvegarde tes documents importants.
Désactive les logiciels de protection (Antivirus, Antispywares) puis :
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix, accepte la licence d'utilisation et laisse toi guider.
Eventuellement, installe la console de récupération comme cela est conseillé
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Si le rapport ne passe pas, envoie le sur ce site : http://www.cijoint.fr/
et donne le lien ici :)
Tu as le tutorial sur ce lien pour t'aider : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
PS : si Combofix ne se lance pas, renomme le fichier Combofix et retente.
Si pas mieux, tente en mode sans échec sans prise en charge du réseau : Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.
Sauvegarde tes documents importants.
Désactive les logiciels de protection (Antivirus, Antispywares) puis :
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix, accepte la licence d'utilisation et laisse toi guider.
Eventuellement, installe la console de récupération comme cela est conseillé
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Si le rapport ne passe pas, envoie le sur ce site : http://www.cijoint.fr/
et donne le lien ici :)
Tu as le tutorial sur ce lien pour t'aider : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
PS : si Combofix ne se lance pas, renomme le fichier Combofix et retente.
Si pas mieux, tente en mode sans échec sans prise en charge du réseau : Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.
voici mon rapport
omboFix 10-07-22.01 - june 23/07/2010 12:29:12.1.4 - x86 MINIMAL
Microsoft Windows+7 ...dition Familiale Premium 6.1.7600.0.1252.33.1036.18.3061.2152 [GMT 2:00]
LancÈ depuis: F:\ComboFix.exe
* Un nouveau point de restauration a ÈtÈ crÈÈ
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\FullRemove.exe
c:\system volume information\SystemRestore
c:\system volume information\SystemRestore\FRStaging\Windows\System32\DriverStore\drvindex.dat
c:\system volume information\SystemRestore\FRStaging\Windows\System32\DriverStore\INFCACHE.1
c:\system volume information\SystemRestore\FRStaging\Windows\System32\DriverStore\infpub.dat
c:\system volume information\SystemRestore\FRStaging\Windows\System32\DriverStore\infstor.dat
c:\system volume information\SystemRestore\FRStaging\Windows\System32\DriverStore\infstrng.dat
c:\system volume information\SystemRestore\FRStaging\Windows\System32\NDF\eventlog.etl
c:\system volume information\SystemRestore\FRStaging\Windows\System32\wfp\wfpdiag.etl
c:\system volume information\SystemRestore\FRStaging\Windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\system volume information\SystemRestore\FRStaging\Windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\system volume information\SystemRestore\FRStaging\Windows\Tasks\SA.DAT
c:\system volume information\SystemRestore\FRStaging\Windows\Tasks\SCHEDLGU.TXT
c:\system volume information\SystemRestore\FRStaging\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
c:\users\june\AppData\Roaming\AE6B1A3372932F260B2F4EED263A43CA
c:\users\june\AppData\Roaming\AE6B1A3372932F260B2F4EED263A43CA\enemies-names.txt
c:\users\june\AppData\Roaming\AE6B1A3372932F260B2F4EED263A43CA\local.ini
c:\users\june\AppData\Roaming\AE6B1A3372932F260B2F4EED263A43CA\lsrslt.ini
c:\users\june\AppData\Roaming\AE6B1A3372932F260B2F4EED263A43CA\patchsetup70700.exe
c:\users\june\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
c:\users\june\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk
c:\users\june\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\users\june\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\users\june\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\windows\SEC
c:\windows\SEC\172100logo.bmp
c:\windows\SEC\banner.png
c:\windows\SEC\Computer.png
c:\windows\SEC\Media _S_ Logo.png
c:\windows\SEC\Samsung.png
c:\windows\SEC\Samsung2.png
c:\windows\SEC\SamsungLogo.png
c:\windows\SEC\Thumbs.db
c:\windows\SEC\Wallpapers\Thumbs.db
c:\windows\SEC\Wallpapers\wallpaper.jpg
c:\windows\SEC\Wallpapers\wallpaper1.jpg
c:\windows\SEC\Wallpapers\Wallpaper2.jpg
.
((((((((((((((((((((((((((((( Fichiers crÈÈs du 2010-06-23 au 2010-07-23 ))))))))))))))))))))))))))))))))))))
.
2010-07-23 10:32 . 2010-07-23 10:32 -------- d-----w- c:\users\june\AppData\Local\temp
2010-07-23 10:32 . 2010-07-23 10:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-23 09:39 . 2010-07-23 09:52 -------- d-----w- c:\users\june\AppData\Local\ElevatedDiagnostics
2010-07-22 22:03 . 2010-07-23 10:32 766976 ----a-w- c:\windows\system32\drivers\alsljw.sys
2010-07-22 22:02 . 2010-07-22 22:02 -------- d-----w- c:\users\june\AppData\Local\mvkvrifwu
2010-07-19 15:58 . 2010-07-19 15:58 2944904 ----a-w- c:\users\june\AppData\Roaming\Mozilla\Firefox\Profiles\tbmt3ipm.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-07-17 20:45 . 2010-07-22 22:07 -------- d-----w- c:\users\june\AppData\Roaming\BitTorrent
2010-07-17 20:45 . 2010-07-17 20:45 -------- d-----w- c:\program files\Ask.com
2010-07-17 20:45 . 2010-07-17 20:45 -------- d-----w- c:\program files\BitTorrent
2010-07-08 20:19 . 2010-07-08 20:19 -------- d-----w- c:\windows\system32\Wat
2010-07-03 07:37 . 2010-07-03 07:37 -------- d-----w- c:\program files\MSXML 4.0
2010-07-02 15:05 . 2010-07-02 15:24 -------- d-----w- c:\users\june\AppData\Roaming\DataCast
2010-07-02 15:05 . 2010-07-02 15:05 -------- d-----w- c:\program files\MarkAny
2010-07-02 15:03 . 2010-07-02 15:03 -------- d-----w- C:\Manual-PCProgram
2010-07-02 15:01 . 2010-07-02 15:01 -------- d-----w- c:\users\june\AppData\Roaming\AVS4YOU
2010-07-02 15:00 . 2010-07-11 15:04 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-07-02 15:00 . 2008-08-13 09:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-07-02 15:00 . 2008-08-13 09:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-07-02 15:00 . 2008-08-13 09:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-07-02 15:00 . 2010-07-11 15:04 -------- d-----w- c:\program files\AVS4YOU
2010-07-02 15:00 . 2010-07-02 15:01 -------- d-----w- c:\programdata\AVS4YOU
2010-06-24 20:18 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 20:18 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 20:18 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 20:18 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 20:18 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-24 07:45 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-06-24 07:45 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-24 07:45 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-23 10:13 . 2009-12-05 22:11 708614 ----a-w- c:\windows\system32\perfh00C.dat
2010-07-23 10:13 . 2009-12-05 22:11 132628 ----a-w- c:\windows\system32\perfc00C.dat
2010-07-23 08:40 . 2009-12-05 04:46 -------- d-----w- c:\program files\McAfee
2010-07-18 14:04 . 2010-03-30 17:40 -------- d-----w- c:\users\june\AppData\Roaming\vlc
2010-07-15 13:18 . 2009-12-05 04:49 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-07-11 14:59 . 2010-06-11 16:20 -------- d-----w- c:\program files\Creative
2010-07-02 15:05 . 2009-12-05 04:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-02 15:05 . 2009-12-05 04:35 -------- d-----w- c:\program files\Samsung
2010-06-28 06:26 . 2010-03-27 22:13 -------- d-----w- c:\program files\Microsoft.NET
2010-06-24 16:58 . 2010-03-27 22:16 87792 ----a-w- c:\users\june\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-22 18:24 . 2010-04-07 16:01 -------- d-----w- c:\users\june\AppData\Roaming\dvdcss
2010-06-22 11:42 . 2010-06-22 11:42 -------- d-----w- c:\program files\AnglaisFacile.com
2010-06-15 19:55 . 2010-05-16 09:05 -------- d-----w- c:\users\june\AppData\Roaming\Skype
2010-06-15 19:54 . 2010-05-16 09:06 -------- d-----w- c:\users\june\AppData\Roaming\skypePM
2010-06-12 00:53 . 2010-03-27 22:11 -------- d-----w- c:\programdata\Microsoft Help
2010-06-11 20:27 . 2010-06-11 20:17 -------- d-----w- c:\program files\Audible
2010-06-11 16:25 . 2010-06-11 16:23 -------- d--h--w- c:\program files\Creative Installation Information
2010-06-11 16:23 . 2010-06-11 16:23 -------- d-----w- c:\program files\Common Files\Creative
2010-06-11 16:23 . 2010-06-11 16:23 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-06-11 16:22 . 2010-06-11 16:22 -------- d-----w- c:\programdata\Creative
2010-06-11 16:05 . 2010-06-11 16:05 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-06-09 16:58 . 2010-06-09 16:58 -------- d-----w- c:\users\june\AppData\Roaming\Skip-Bo
2010-06-09 16:57 . 2010-06-09 16:57 -------- d-----w- c:\programdata\Trymedia
2010-06-09 16:57 . 2010-06-09 16:30 -------- d-----w- c:\program files\RealArcade
2010-06-09 16:31 . 2010-06-09 16:31 -------- d-----w- c:\programdata\Zylom
2010-06-09 16:31 . 2010-06-09 16:31 -------- d-----w- c:\program files\Zylom Games
2010-06-09 16:31 . 2009-12-05 05:01 -------- d-----w- c:\program files\Google
2010-06-07 20:31 . 2010-03-27 22:20 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-27 07:24 . 2010-06-11 16:02 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 16:02 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 12:42 . 2009-12-05 05:01 -------- d-----w- c:\programdata\Partner
2010-05-21 05:18 . 2010-06-11 16:03 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-16 09:06 . 2010-05-16 09:06 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-05-01 14:49 . 2010-06-11 16:03 2326528 ----a-w- c:\windows\system32\win32k.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
------- Sigcheck -------
[-] 2009-07-14 01:19 . 133D4B23C1D480428820C96807C3AB75 . 1285712 . . [------] . . c:\windows\System32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ÈlÈments vides & les ÈlÈments initiaux lÈgitimes ne sont pas listÈs
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-29 7862816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-10 1578280]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-04 13830760]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer8"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 136176]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-04-16 93320]
R2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-27 66080]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 rtl819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys [2009-06-23 538624]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-08 1343400]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
--- Autres Services/Pilotes en mÈmoire ---
*Deregistered* - alsljw
.
Contenu du dossier 'T'ches planifiÈes'
2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 16:31]
2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 16:31]
2009-12-05 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-03-27 11:22]
2009-12-05 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-03-27 11:22]
.
.
------- Examen supplÈmentaire -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\june\AppData\Roaming\Mozilla\Firefox\Profiles\tbmt3ipm.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-Locked - (no file)
HKCU-Run-patchsetup70700.exe - c:\users\june\AppData\Roaming\AE6B1A3372932F260B2F4EED263A43CA\patchsetup70700.exe
HKCU-Run-jfuotrdv - c:\users\june\AppData\Local\mvkvrifwu\jlvonmutssd.exe
HKLM-RunOnce-<NO NAME> - (no file)
SafeBoot-mfehidk
SafeBoot-mferkdk
SafeBoot-mfetdik
SafeBoot-mfetdik.sys
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\alsljw]
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2010-07-23 12:34:13
ComboFix-quarantined-files.txt 2010-07-23 10:34
Avant-CF: 147+622+903+808 octets libres
AprËs-CF: 147+667+914+752 octets libres
- - End Of File - - 3A724F529B238FF7062693D391AC1E67
omboFix 10-07-22.01 - june 23/07/2010 12:29:12.1.4 - x86 MINIMAL
Microsoft Windows+7 ...dition Familiale Premium 6.1.7600.0.1252.33.1036.18.3061.2152 [GMT 2:00]
LancÈ depuis: F:\ComboFix.exe
* Un nouveau point de restauration a ÈtÈ crÈÈ
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\FullRemove.exe
c:\system volume information\SystemRestore
c:\system volume information\SystemRestore\FRStaging\Windows\System32\DriverStore\drvindex.dat
c:\system volume information\SystemRestore\FRStaging\Windows\System32\DriverStore\INFCACHE.1
c:\system volume information\SystemRestore\FRStaging\Windows\System32\DriverStore\infpub.dat
c:\system volume information\SystemRestore\FRStaging\Windows\System32\DriverStore\infstor.dat
c:\system volume information\SystemRestore\FRStaging\Windows\System32\DriverStore\infstrng.dat
c:\system volume information\SystemRestore\FRStaging\Windows\System32\NDF\eventlog.etl
c:\system volume information\SystemRestore\FRStaging\Windows\System32\wfp\wfpdiag.etl
c:\system volume information\SystemRestore\FRStaging\Windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\system volume information\SystemRestore\FRStaging\Windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\system volume information\SystemRestore\FRStaging\Windows\Tasks\SA.DAT
c:\system volume information\SystemRestore\FRStaging\Windows\Tasks\SCHEDLGU.TXT
c:\system volume information\SystemRestore\FRStaging\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
c:\users\june\AppData\Roaming\AE6B1A3372932F260B2F4EED263A43CA
c:\users\june\AppData\Roaming\AE6B1A3372932F260B2F4EED263A43CA\enemies-names.txt
c:\users\june\AppData\Roaming\AE6B1A3372932F260B2F4EED263A43CA\local.ini
c:\users\june\AppData\Roaming\AE6B1A3372932F260B2F4EED263A43CA\lsrslt.ini
c:\users\june\AppData\Roaming\AE6B1A3372932F260B2F4EED263A43CA\patchsetup70700.exe
c:\users\june\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
c:\users\june\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk
c:\users\june\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\users\june\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\users\june\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\windows\SEC
c:\windows\SEC\172100logo.bmp
c:\windows\SEC\banner.png
c:\windows\SEC\Computer.png
c:\windows\SEC\Media _S_ Logo.png
c:\windows\SEC\Samsung.png
c:\windows\SEC\Samsung2.png
c:\windows\SEC\SamsungLogo.png
c:\windows\SEC\Thumbs.db
c:\windows\SEC\Wallpapers\Thumbs.db
c:\windows\SEC\Wallpapers\wallpaper.jpg
c:\windows\SEC\Wallpapers\wallpaper1.jpg
c:\windows\SEC\Wallpapers\Wallpaper2.jpg
.
((((((((((((((((((((((((((((( Fichiers crÈÈs du 2010-06-23 au 2010-07-23 ))))))))))))))))))))))))))))))))))))
.
2010-07-23 10:32 . 2010-07-23 10:32 -------- d-----w- c:\users\june\AppData\Local\temp
2010-07-23 10:32 . 2010-07-23 10:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-23 09:39 . 2010-07-23 09:52 -------- d-----w- c:\users\june\AppData\Local\ElevatedDiagnostics
2010-07-22 22:03 . 2010-07-23 10:32 766976 ----a-w- c:\windows\system32\drivers\alsljw.sys
2010-07-22 22:02 . 2010-07-22 22:02 -------- d-----w- c:\users\june\AppData\Local\mvkvrifwu
2010-07-19 15:58 . 2010-07-19 15:58 2944904 ----a-w- c:\users\june\AppData\Roaming\Mozilla\Firefox\Profiles\tbmt3ipm.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-07-17 20:45 . 2010-07-22 22:07 -------- d-----w- c:\users\june\AppData\Roaming\BitTorrent
2010-07-17 20:45 . 2010-07-17 20:45 -------- d-----w- c:\program files\Ask.com
2010-07-17 20:45 . 2010-07-17 20:45 -------- d-----w- c:\program files\BitTorrent
2010-07-08 20:19 . 2010-07-08 20:19 -------- d-----w- c:\windows\system32\Wat
2010-07-03 07:37 . 2010-07-03 07:37 -------- d-----w- c:\program files\MSXML 4.0
2010-07-02 15:05 . 2010-07-02 15:24 -------- d-----w- c:\users\june\AppData\Roaming\DataCast
2010-07-02 15:05 . 2010-07-02 15:05 -------- d-----w- c:\program files\MarkAny
2010-07-02 15:03 . 2010-07-02 15:03 -------- d-----w- C:\Manual-PCProgram
2010-07-02 15:01 . 2010-07-02 15:01 -------- d-----w- c:\users\june\AppData\Roaming\AVS4YOU
2010-07-02 15:00 . 2010-07-11 15:04 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-07-02 15:00 . 2008-08-13 09:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-07-02 15:00 . 2008-08-13 09:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-07-02 15:00 . 2008-08-13 09:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-07-02 15:00 . 2010-07-11 15:04 -------- d-----w- c:\program files\AVS4YOU
2010-07-02 15:00 . 2010-07-02 15:01 -------- d-----w- c:\programdata\AVS4YOU
2010-06-24 20:18 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 20:18 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 20:18 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 20:18 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 20:18 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-24 07:45 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-06-24 07:45 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-24 07:45 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-23 10:13 . 2009-12-05 22:11 708614 ----a-w- c:\windows\system32\perfh00C.dat
2010-07-23 10:13 . 2009-12-05 22:11 132628 ----a-w- c:\windows\system32\perfc00C.dat
2010-07-23 08:40 . 2009-12-05 04:46 -------- d-----w- c:\program files\McAfee
2010-07-18 14:04 . 2010-03-30 17:40 -------- d-----w- c:\users\june\AppData\Roaming\vlc
2010-07-15 13:18 . 2009-12-05 04:49 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-07-11 14:59 . 2010-06-11 16:20 -------- d-----w- c:\program files\Creative
2010-07-02 15:05 . 2009-12-05 04:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-02 15:05 . 2009-12-05 04:35 -------- d-----w- c:\program files\Samsung
2010-06-28 06:26 . 2010-03-27 22:13 -------- d-----w- c:\program files\Microsoft.NET
2010-06-24 16:58 . 2010-03-27 22:16 87792 ----a-w- c:\users\june\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-22 18:24 . 2010-04-07 16:01 -------- d-----w- c:\users\june\AppData\Roaming\dvdcss
2010-06-22 11:42 . 2010-06-22 11:42 -------- d-----w- c:\program files\AnglaisFacile.com
2010-06-15 19:55 . 2010-05-16 09:05 -------- d-----w- c:\users\june\AppData\Roaming\Skype
2010-06-15 19:54 . 2010-05-16 09:06 -------- d-----w- c:\users\june\AppData\Roaming\skypePM
2010-06-12 00:53 . 2010-03-27 22:11 -------- d-----w- c:\programdata\Microsoft Help
2010-06-11 20:27 . 2010-06-11 20:17 -------- d-----w- c:\program files\Audible
2010-06-11 16:25 . 2010-06-11 16:23 -------- d--h--w- c:\program files\Creative Installation Information
2010-06-11 16:23 . 2010-06-11 16:23 -------- d-----w- c:\program files\Common Files\Creative
2010-06-11 16:23 . 2010-06-11 16:23 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-06-11 16:22 . 2010-06-11 16:22 -------- d-----w- c:\programdata\Creative
2010-06-11 16:05 . 2010-06-11 16:05 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-06-09 16:58 . 2010-06-09 16:58 -------- d-----w- c:\users\june\AppData\Roaming\Skip-Bo
2010-06-09 16:57 . 2010-06-09 16:57 -------- d-----w- c:\programdata\Trymedia
2010-06-09 16:57 . 2010-06-09 16:30 -------- d-----w- c:\program files\RealArcade
2010-06-09 16:31 . 2010-06-09 16:31 -------- d-----w- c:\programdata\Zylom
2010-06-09 16:31 . 2010-06-09 16:31 -------- d-----w- c:\program files\Zylom Games
2010-06-09 16:31 . 2009-12-05 05:01 -------- d-----w- c:\program files\Google
2010-06-07 20:31 . 2010-03-27 22:20 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-27 07:24 . 2010-06-11 16:02 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 16:02 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 12:42 . 2009-12-05 05:01 -------- d-----w- c:\programdata\Partner
2010-05-21 05:18 . 2010-06-11 16:03 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-16 09:06 . 2010-05-16 09:06 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-05-01 14:49 . 2010-06-11 16:03 2326528 ----a-w- c:\windows\system32\win32k.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
------- Sigcheck -------
[-] 2009-07-14 01:19 . 133D4B23C1D480428820C96807C3AB75 . 1285712 . . [------] . . c:\windows\System32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ÈlÈments vides & les ÈlÈments initiaux lÈgitimes ne sont pas listÈs
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-29 7862816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-10 1578280]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-04 13830760]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer8"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 136176]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-04-16 93320]
R2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-27 66080]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 rtl819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys [2009-06-23 538624]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-08 1343400]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
--- Autres Services/Pilotes en mÈmoire ---
*Deregistered* - alsljw
.
Contenu du dossier 'T'ches planifiÈes'
2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 16:31]
2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 16:31]
2009-12-05 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-03-27 11:22]
2009-12-05 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-03-27 11:22]
.
.
------- Examen supplÈmentaire -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\june\AppData\Roaming\Mozilla\Firefox\Profiles\tbmt3ipm.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-Locked - (no file)
HKCU-Run-patchsetup70700.exe - c:\users\june\AppData\Roaming\AE6B1A3372932F260B2F4EED263A43CA\patchsetup70700.exe
HKCU-Run-jfuotrdv - c:\users\june\AppData\Local\mvkvrifwu\jlvonmutssd.exe
HKLM-RunOnce-<NO NAME> - (no file)
SafeBoot-mfehidk
SafeBoot-mferkdk
SafeBoot-mfetdik
SafeBoot-mfetdik.sys
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\alsljw]
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2010-07-23 12:34:13
ComboFix-quarantined-files.txt 2010-07-23 10:34
Avant-CF: 147+622+903+808 octets libres
AprËs-CF: 147+667+914+752 octets libres
- - End Of File - - 3A724F529B238FF7062693D391AC1E67
Dégage AstkBar, ça bouffe des ressources pour rien.
Les barres d'outils sont pas obligatoires.
Tu es encore infecté.
Telecharge:: http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/
-> http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/
* dezippe le , Lance l'épée , executer en tant qu'administrateur sous vista
Dans le cadre , sous Input Script here , copie_colle le contenu du cadre ci dessous et clic execute:
begin copying here:
Drivers to delete:
alsljw
Files to delete:
c:\windows\system32\drivers\alsljw.sys
Folders to delete:
c:\users\june\AppData\Local\mvkvrifwu
* Après le re-démarrage, il crée un fichier log qui s'ouvrira,que tu posteras dans ta prochaine reponse, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
Relance Combofix et poste le rapport ici.
Rise Against rules :D
Les barres d'outils sont pas obligatoires.
Tu es encore infecté.
Telecharge:: http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/
-> http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/
* dezippe le , Lance l'épée , executer en tant qu'administrateur sous vista
Dans le cadre , sous Input Script here , copie_colle le contenu du cadre ci dessous et clic execute:
begin copying here:
Drivers to delete:
alsljw
Files to delete:
c:\windows\system32\drivers\alsljw.sys
Folders to delete:
c:\users\june\AppData\Local\mvkvrifwu
* Après le re-démarrage, il crée un fichier log qui s'ouvrira,que tu posteras dans ta prochaine reponse, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
Relance Combofix et poste le rapport ici.
Rise Against rules :D
voici mon rapport advengerLogfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\alsljw
Files to delete:" not found!
Deletion of driver "alsljw
Files to delete:" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\c:\windows\system32\drivers\alsljw.sys" not found!
Deletion of driver "c:\windows\system32\drivers\alsljw.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\Folder to delete:" not found!
Deletion of driver "Folder to delete:" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\c:\users\june\AppData\Local\mvkvrifwu" not found!
Deletion of driver "c:\users\june\AppData\Local\mvkvrifwu" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
http://swandog46.geekstogo.com
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\alsljw
Files to delete:" not found!
Deletion of driver "alsljw
Files to delete:" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\c:\windows\system32\drivers\alsljw.sys" not found!
Deletion of driver "c:\windows\system32\drivers\alsljw.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\Folder to delete:" not found!
Deletion of driver "Folder to delete:" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\c:\users\june\AppData\Local\mvkvrifwu" not found!
Deletion of driver "c:\users\june\AppData\Local\mvkvrifwu" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
mon nouveau rapport combofixe
ComboFix 10-07-22.01 - june 23/07/2010 13:20:00.1.4 - x86 MINIMAL
Microsoft Windows+7 ...dition Familiale Premium 6.1.7600.0.1252.33.1036.18.3061.2150 [GMT 2:00]
LancÈ depuis: c:\users\june\Desktop\ComboFix.exe
* Un nouveau point de restauration a ÈtÈ crÈÈ
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\cleanup.exe
c:\programdata\FullRemove.exe
c:\users\june\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
c:\users\june\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk
c:\users\june\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\users\june\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\users\june\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\users\june\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk
c:\windows\SEC
c:\windows\SEC\172100logo.bmp
c:\windows\SEC\banner.png
c:\windows\SEC\Computer.png
c:\windows\SEC\Media _S_ Logo.png
c:\windows\SEC\Samsung.png
c:\windows\SEC\Samsung2.png
c:\windows\SEC\SamsungLogo.png
c:\windows\SEC\Thumbs.db
c:\windows\SEC\Wallpapers\Thumbs.db
c:\windows\SEC\Wallpapers\wallpaper.jpg
c:\windows\SEC\Wallpapers\wallpaper1.jpg
c:\windows\SEC\Wallpapers\Wallpaper2.jpg
C:\zip.exe
.
((((((((((((((((((((((((((((( Fichiers crÈÈs du 2010-06-23 au 2010-07-23 ))))))))))))))))))))))))))))))))))))
.
2010-07-23 11:24 . 2010-07-23 11:24 -------- d-----w- c:\users\june\AppData\Local\temp
2010-07-23 11:24 . 2010-07-23 11:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-23 11:24 . 2010-07-23 11:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-23 09:39 . 2010-07-23 09:52 -------- d-----w- c:\users\june\AppData\Local\ElevatedDiagnostics
2010-07-22 22:03 . 2010-07-23 11:24 766976 ----a-w- c:\windows\system32\drivers\alsljw.sys
2010-07-22 22:02 . 2010-07-22 22:02 -------- d-----w- c:\users\june\AppData\Local\mvkvrifwu
2010-07-22 22:02 . 2010-07-22 22:02 1051136 ----a-w- c:\users\june\AppData\Roaming\AE6B1A3372932F260B2F4EED263A43CA\patchsetup70700.exe
2010-07-22 22:02 . 2010-07-23 21:13 -------- d-----w- c:\users\june\AppData\Roaming\AE6B1A3372932F260B2F4EED263A43CA
2010-07-19 15:58 . 2010-07-19 15:58 2944904 ----a-w- c:\users\june\AppData\Roaming\Mozilla\Firefox\Profiles\tbmt3ipm.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-07-17 20:45 . 2010-07-22 22:07 -------- d-----w- c:\users\june\AppData\Roaming\BitTorrent
2010-07-17 20:45 . 2010-07-17 20:45 -------- d-----w- c:\program files\Ask.com
2010-07-17 20:45 . 2010-07-17 20:45 -------- d-----w- c:\program files\BitTorrent
2010-07-08 20:19 . 2010-07-08 20:19 -------- d-----w- c:\windows\system32\Wat
2010-07-03 07:37 . 2010-07-03 07:37 -------- d-----w- c:\program files\MSXML 4.0
2010-07-02 15:05 . 2010-07-02 15:24 -------- d-----w- c:\users\june\AppData\Roaming\DataCast
2010-07-02 15:05 . 2010-07-02 15:05 -------- d-----w- c:\program files\MarkAny
2010-07-02 15:03 . 2010-07-02 15:03 -------- d-----w- C:\Manual-PCProgram
2010-07-02 15:01 . 2010-07-02 15:01 -------- d-----w- c:\users\june\AppData\Roaming\AVS4YOU
2010-07-02 15:00 . 2010-07-11 15:04 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-07-02 15:00 . 2008-08-13 09:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-07-02 15:00 . 2008-08-13 09:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-07-02 15:00 . 2008-08-13 09:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-07-02 15:00 . 2010-07-11 15:04 -------- d-----w- c:\program files\AVS4YOU
2010-07-02 15:00 . 2010-07-02 15:01 -------- d-----w- c:\programdata\AVS4YOU
2010-06-24 20:18 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 20:18 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 20:18 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 20:18 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 20:18 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-24 07:45 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-06-24 07:45 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-24 07:45 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-23 21:13 . 2010-03-28 12:08 -------- d-----w- c:\programdata\McAfee Security Scan
2010-07-23 11:16 . 2010-07-23 11:16 574 ----a-w- C:\cleanup.bat
2010-07-23 11:16 . 2010-07-23 11:16 0 ----a-w- C:\backup.reg
2010-07-23 08:40 . 2009-12-05 04:46 -------- d-----w- c:\program files\McAfee
2010-07-18 14:04 . 2010-03-30 17:40 -------- d-----w- c:\users\june\AppData\Roaming\vlc
2010-07-15 13:18 . 2009-12-05 04:49 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-07-11 14:59 . 2010-06-11 16:20 -------- d-----w- c:\program files\Creative
2010-07-06 19:32 . 2009-12-05 22:11 708852 ----a-w- c:\windows\system32\perfh00C.dat
2010-07-06 19:32 . 2009-12-05 22:11 132834 ----a-w- c:\windows\system32\perfc00C.dat
2010-07-02 15:05 . 2009-12-05 04:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-02 15:05 . 2009-12-05 04:35 -------- d-----w- c:\program files\Samsung
2010-06-28 06:26 . 2010-03-27 22:13 -------- d-----w- c:\program files\Microsoft.NET
2010-06-24 16:58 . 2010-03-27 22:16 87792 ----a-w- c:\users\june\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-22 18:24 . 2010-04-07 16:01 -------- d-----w- c:\users\june\AppData\Roaming\dvdcss
2010-06-22 11:42 . 2010-06-22 11:42 -------- d-----w- c:\program files\AnglaisFacile.com
2010-06-15 19:55 . 2010-05-16 09:05 -------- d-----w- c:\users\june\AppData\Roaming\Skype
2010-06-15 19:54 . 2010-05-16 09:06 -------- d-----w- c:\users\june\AppData\Roaming\skypePM
2010-06-12 00:53 . 2010-03-27 22:11 -------- d-----w- c:\programdata\Microsoft Help
2010-06-11 20:27 . 2010-06-11 20:17 -------- d-----w- c:\program files\Audible
2010-06-11 16:25 . 2010-06-11 16:23 -------- d--h--w- c:\program files\Creative Installation Information
2010-06-11 16:23 . 2010-06-11 16:23 -------- d-----w- c:\program files\Common Files\Creative
2010-06-11 16:23 . 2010-06-11 16:23 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-06-11 16:22 . 2010-06-11 16:22 -------- d-----w- c:\programdata\Creative
2010-06-11 16:05 . 2010-06-11 16:05 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-06-09 16:58 . 2010-06-09 16:58 -------- d-----w- c:\users\june\AppData\Roaming\Skip-Bo
2010-06-09 16:57 . 2010-06-09 16:57 -------- d-----w- c:\programdata\Trymedia
2010-06-09 16:57 . 2010-06-09 16:30 -------- d-----w- c:\program files\RealArcade
2010-06-09 16:31 . 2010-06-09 16:31 -------- d-----w- c:\programdata\Zylom
2010-06-09 16:31 . 2010-06-09 16:31 -------- d-----w- c:\program files\Zylom Games
2010-06-09 16:31 . 2009-12-05 05:01 -------- d-----w- c:\program files\Google
2010-06-07 20:31 . 2010-03-27 22:20 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-27 07:24 . 2010-06-11 16:02 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 16:02 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 12:42 . 2009-12-05 05:01 -------- d-----w- c:\programdata\Partner
2010-05-21 05:18 . 2010-06-11 16:03 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-16 09:06 . 2010-05-16 09:06 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-05-01 14:49 . 2010-06-11 16:03 2326528 ----a-w- c:\windows\system32\win32k.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
------- Sigcheck -------
[-] 2009-07-14 01:19 . 133D4B23C1D480428820C96807C3AB75 . 1285712 . . [------] . . c:\windows\System32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ÈlÈments vides & les ÈlÈments initiaux lÈgitimes ne sont pas listÈs
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]
"patchsetup70700.exe"="c:\users\june\AppData\Roaming\AE6B1A3372932F260B2F4EED263A43CA\patchsetup70700.exe" [2010-07-22 1051136]
"jfuotrdv"="c:\users\june\AppData\Local\mvkvrifwu\jlvonmutssd.exe" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-29 7862816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-10 1578280]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-04 13830760]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer8"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 136176]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-04-16 93320]
R2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-27 66080]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 rtl819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys [2009-06-23 538624]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-08 1343400]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
--- Autres Services/Pilotes en mÈmoire ---
*Deregistered* - alsljw
.
Contenu du dossier 'T'ches planifiÈes'
2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 16:31]
2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 16:31]
2009-12-05 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-03-27 11:22]
2009-12-05 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-03-27 11:22]
.
.
------- Examen supplÈmentaire -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\june\AppData\Roaming\Mozilla\Firefox\Profiles\tbmt3ipm.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-Locked - (no file)
HKLM-RunOnce-Cleanup - C:\cleanup.exe
HKLM-RunOnce-<NO NAME> - (no file)
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\alsljw]
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2010-07-23 13:25:42
ComboFix-quarantined-files.txt 2010-07-23 11:25
ComboFix2.txt 2010-07-23 10:34
Avant-CF: 147+763+048+448 octets libres
AprËs-CF: 147+426+136+064 octets libres
- - End Of File - - 490A0416ED8A4D366BA35A968C4D8A86
ComboFix 10-07-22.01 - june 23/07/2010 13:20:00.1.4 - x86 MINIMAL
Microsoft Windows+7 ...dition Familiale Premium 6.1.7600.0.1252.33.1036.18.3061.2150 [GMT 2:00]
LancÈ depuis: c:\users\june\Desktop\ComboFix.exe
* Un nouveau point de restauration a ÈtÈ crÈÈ
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\cleanup.exe
c:\programdata\FullRemove.exe
c:\users\june\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
c:\users\june\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk
c:\users\june\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\users\june\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\users\june\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\users\june\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk
c:\windows\SEC
c:\windows\SEC\172100logo.bmp
c:\windows\SEC\banner.png
c:\windows\SEC\Computer.png
c:\windows\SEC\Media _S_ Logo.png
c:\windows\SEC\Samsung.png
c:\windows\SEC\Samsung2.png
c:\windows\SEC\SamsungLogo.png
c:\windows\SEC\Thumbs.db
c:\windows\SEC\Wallpapers\Thumbs.db
c:\windows\SEC\Wallpapers\wallpaper.jpg
c:\windows\SEC\Wallpapers\wallpaper1.jpg
c:\windows\SEC\Wallpapers\Wallpaper2.jpg
C:\zip.exe
.
((((((((((((((((((((((((((((( Fichiers crÈÈs du 2010-06-23 au 2010-07-23 ))))))))))))))))))))))))))))))))))))
.
2010-07-23 11:24 . 2010-07-23 11:24 -------- d-----w- c:\users\june\AppData\Local\temp
2010-07-23 11:24 . 2010-07-23 11:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-23 11:24 . 2010-07-23 11:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-23 09:39 . 2010-07-23 09:52 -------- d-----w- c:\users\june\AppData\Local\ElevatedDiagnostics
2010-07-22 22:03 . 2010-07-23 11:24 766976 ----a-w- c:\windows\system32\drivers\alsljw.sys
2010-07-22 22:02 . 2010-07-22 22:02 -------- d-----w- c:\users\june\AppData\Local\mvkvrifwu
2010-07-22 22:02 . 2010-07-22 22:02 1051136 ----a-w- c:\users\june\AppData\Roaming\AE6B1A3372932F260B2F4EED263A43CA\patchsetup70700.exe
2010-07-22 22:02 . 2010-07-23 21:13 -------- d-----w- c:\users\june\AppData\Roaming\AE6B1A3372932F260B2F4EED263A43CA
2010-07-19 15:58 . 2010-07-19 15:58 2944904 ----a-w- c:\users\june\AppData\Roaming\Mozilla\Firefox\Profiles\tbmt3ipm.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-07-17 20:45 . 2010-07-22 22:07 -------- d-----w- c:\users\june\AppData\Roaming\BitTorrent
2010-07-17 20:45 . 2010-07-17 20:45 -------- d-----w- c:\program files\Ask.com
2010-07-17 20:45 . 2010-07-17 20:45 -------- d-----w- c:\program files\BitTorrent
2010-07-08 20:19 . 2010-07-08 20:19 -------- d-----w- c:\windows\system32\Wat
2010-07-03 07:37 . 2010-07-03 07:37 -------- d-----w- c:\program files\MSXML 4.0
2010-07-02 15:05 . 2010-07-02 15:24 -------- d-----w- c:\users\june\AppData\Roaming\DataCast
2010-07-02 15:05 . 2010-07-02 15:05 -------- d-----w- c:\program files\MarkAny
2010-07-02 15:03 . 2010-07-02 15:03 -------- d-----w- C:\Manual-PCProgram
2010-07-02 15:01 . 2010-07-02 15:01 -------- d-----w- c:\users\june\AppData\Roaming\AVS4YOU
2010-07-02 15:00 . 2010-07-11 15:04 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-07-02 15:00 . 2008-08-13 09:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-07-02 15:00 . 2008-08-13 09:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-07-02 15:00 . 2008-08-13 09:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-07-02 15:00 . 2010-07-11 15:04 -------- d-----w- c:\program files\AVS4YOU
2010-07-02 15:00 . 2010-07-02 15:01 -------- d-----w- c:\programdata\AVS4YOU
2010-06-24 20:18 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 20:18 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 20:18 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 20:18 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 20:18 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-24 07:45 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-06-24 07:45 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-24 07:45 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-23 21:13 . 2010-03-28 12:08 -------- d-----w- c:\programdata\McAfee Security Scan
2010-07-23 11:16 . 2010-07-23 11:16 574 ----a-w- C:\cleanup.bat
2010-07-23 11:16 . 2010-07-23 11:16 0 ----a-w- C:\backup.reg
2010-07-23 08:40 . 2009-12-05 04:46 -------- d-----w- c:\program files\McAfee
2010-07-18 14:04 . 2010-03-30 17:40 -------- d-----w- c:\users\june\AppData\Roaming\vlc
2010-07-15 13:18 . 2009-12-05 04:49 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-07-11 14:59 . 2010-06-11 16:20 -------- d-----w- c:\program files\Creative
2010-07-06 19:32 . 2009-12-05 22:11 708852 ----a-w- c:\windows\system32\perfh00C.dat
2010-07-06 19:32 . 2009-12-05 22:11 132834 ----a-w- c:\windows\system32\perfc00C.dat
2010-07-02 15:05 . 2009-12-05 04:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-02 15:05 . 2009-12-05 04:35 -------- d-----w- c:\program files\Samsung
2010-06-28 06:26 . 2010-03-27 22:13 -------- d-----w- c:\program files\Microsoft.NET
2010-06-24 16:58 . 2010-03-27 22:16 87792 ----a-w- c:\users\june\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-22 18:24 . 2010-04-07 16:01 -------- d-----w- c:\users\june\AppData\Roaming\dvdcss
2010-06-22 11:42 . 2010-06-22 11:42 -------- d-----w- c:\program files\AnglaisFacile.com
2010-06-15 19:55 . 2010-05-16 09:05 -------- d-----w- c:\users\june\AppData\Roaming\Skype
2010-06-15 19:54 . 2010-05-16 09:06 -------- d-----w- c:\users\june\AppData\Roaming\skypePM
2010-06-12 00:53 . 2010-03-27 22:11 -------- d-----w- c:\programdata\Microsoft Help
2010-06-11 20:27 . 2010-06-11 20:17 -------- d-----w- c:\program files\Audible
2010-06-11 16:25 . 2010-06-11 16:23 -------- d--h--w- c:\program files\Creative Installation Information
2010-06-11 16:23 . 2010-06-11 16:23 -------- d-----w- c:\program files\Common Files\Creative
2010-06-11 16:23 . 2010-06-11 16:23 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-06-11 16:22 . 2010-06-11 16:22 -------- d-----w- c:\programdata\Creative
2010-06-11 16:05 . 2010-06-11 16:05 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-06-09 16:58 . 2010-06-09 16:58 -------- d-----w- c:\users\june\AppData\Roaming\Skip-Bo
2010-06-09 16:57 . 2010-06-09 16:57 -------- d-----w- c:\programdata\Trymedia
2010-06-09 16:57 . 2010-06-09 16:30 -------- d-----w- c:\program files\RealArcade
2010-06-09 16:31 . 2010-06-09 16:31 -------- d-----w- c:\programdata\Zylom
2010-06-09 16:31 . 2010-06-09 16:31 -------- d-----w- c:\program files\Zylom Games
2010-06-09 16:31 . 2009-12-05 05:01 -------- d-----w- c:\program files\Google
2010-06-07 20:31 . 2010-03-27 22:20 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-27 07:24 . 2010-06-11 16:02 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 16:02 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 12:42 . 2009-12-05 05:01 -------- d-----w- c:\programdata\Partner
2010-05-21 05:18 . 2010-06-11 16:03 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-16 09:06 . 2010-05-16 09:06 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-05-01 14:49 . 2010-06-11 16:03 2326528 ----a-w- c:\windows\system32\win32k.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
------- Sigcheck -------
[-] 2009-07-14 01:19 . 133D4B23C1D480428820C96807C3AB75 . 1285712 . . [------] . . c:\windows\System32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ÈlÈments vides & les ÈlÈments initiaux lÈgitimes ne sont pas listÈs
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]
"patchsetup70700.exe"="c:\users\june\AppData\Roaming\AE6B1A3372932F260B2F4EED263A43CA\patchsetup70700.exe" [2010-07-22 1051136]
"jfuotrdv"="c:\users\june\AppData\Local\mvkvrifwu\jlvonmutssd.exe" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-29 7862816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-10 1578280]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-04 13830760]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer8"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 136176]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-04-16 93320]
R2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-27 66080]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 rtl819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys [2009-06-23 538624]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-08 1343400]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
--- Autres Services/Pilotes en mÈmoire ---
*Deregistered* - alsljw
.
Contenu du dossier 'T'ches planifiÈes'
2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 16:31]
2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 16:31]
2009-12-05 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-03-27 11:22]
2009-12-05 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-03-27 11:22]
.
.
------- Examen supplÈmentaire -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\june\AppData\Roaming\Mozilla\Firefox\Profiles\tbmt3ipm.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-Locked - (no file)
HKLM-RunOnce-Cleanup - C:\cleanup.exe
HKLM-RunOnce-<NO NAME> - (no file)
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\alsljw]
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2010-07-23 13:25:42
ComboFix-quarantined-files.txt 2010-07-23 11:25
ComboFix2.txt 2010-07-23 10:34
Avant-CF: 147+763+048+448 octets libres
AprËs-CF: 147+426+136+064 octets libres
- - End Of File - - 490A0416ED8A4D366BA35A968C4D8A86
mon nouveau rapport combofixe
ComboFix 10-07-22.01 - june 23/07/2010 13:20:00.1.4 - x86 MINIMAL
Microsoft Windows+7 ...dition Familiale Premium 6.1.7600.0.1252.33.1036.18.3061.2150 [GMT 2:00]
LancÈ depuis: c:\users\june\Desktop\ComboFix.exe
* Un nouveau point de restauration a ÈtÈ crÈÈ
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\cleanup.exe
c:\programdata\FullRemove.exe
c:\users\june\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
c:\users\june\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk
c:\users\june\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\users\june\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\users\june\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\users\june\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk
c:\windows\SEC
c:\windows\SEC\172100logo.bmp
c:\windows\SEC\banner.png
c:\windows\SEC\Computer.png
c:\windows\SEC\Media _S_ Logo.png
c:\windows\SEC\Samsung.png
c:\windows\SEC\Samsung2.png
c:\windows\SEC\SamsungLogo.png
c:\windows\SEC\Thumbs.db
c:\windows\SEC\Wallpapers\Thumbs.db
c:\windows\SEC\Wallpapers\wallpaper.jpg
c:\windows\SEC\Wallpapers\wallpaper1.jpg
c:\windows\SEC\Wallpapers\Wallpaper2.jpg
C:\zip.exe
.
((((((((((((((((((((((((((((( Fichiers crÈÈs du 2010-06-23 au 2010-07-23 ))))))))))))))))))))))))))))))))))))
.
2010-07-23 11:24 . 2010-07-23 11:24 -------- d-----w- c:\users\june\AppData\Local\temp
2010-07-23 11:24 . 2010-07-23 11:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-23 11:24 . 2010-07-23 11:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-23 09:39 . 2010-07-23 09:52 -------- d-----w- c:\users\june\AppData\Local\ElevatedDiagnostics
2010-07-22 22:03 . 2010-07-23 11:24 766976 ----a-w- c:\windows\system32\drivers\alsljw.sys
2010-07-22 22:02 . 2010-07-22 22:02 -------- d-----w- c:\users\june\AppData\Local\mvkvrifwu
2010-07-22 22:02 . 2010-07-22 22:02 1051136 ----a-w- c:\users\june\AppData\Roaming\AE6B1A3372932F260B2F4EED263A43CA\patchsetup70700.exe
2010-07-22 22:02 . 2010-07-23 21:13 -------- d-----w- c:\users\june\AppData\Roaming\AE6B1A3372932F260B2F4EED263A43CA
2010-07-19 15:58 . 2010-07-19 15:58 2944904 ----a-w- c:\users\june\AppData\Roaming\Mozilla\Firefox\Profiles\tbmt3ipm.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-07-17 20:45 . 2010-07-22 22:07 -------- d-----w- c:\users\june\AppData\Roaming\BitTorrent
2010-07-17 20:45 . 2010-07-17 20:45 -------- d-----w- c:\program files\Ask.com
2010-07-17 20:45 . 2010-07-17 20:45 -------- d-----w- c:\program files\BitTorrent
2010-07-08 20:19 . 2010-07-08 20:19 -------- d-----w- c:\windows\system32\Wat
2010-07-03 07:37 . 2010-07-03 07:37 -------- d-----w- c:\program files\MSXML 4.0
2010-07-02 15:05 . 2010-07-02 15:24 -------- d-----w- c:\users\june\AppData\Roaming\DataCast
2010-07-02 15:05 . 2010-07-02 15:05 -------- d-----w- c:\program files\MarkAny
2010-07-02 15:03 . 2010-07-02 15:03 -------- d-----w- C:\Manual-PCProgram
2010-07-02 15:01 . 2010-07-02 15:01 -------- d-----w- c:\users\june\AppData\Roaming\AVS4YOU
2010-07-02 15:00 . 2010-07-11 15:04 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-07-02 15:00 . 2008-08-13 09:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-07-02 15:00 . 2008-08-13 09:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-07-02 15:00 . 2008-08-13 09:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-07-02 15:00 . 2010-07-11 15:04 -------- d-----w- c:\program files\AVS4YOU
2010-07-02 15:00 . 2010-07-02 15:01 -------- d-----w- c:\programdata\AVS4YOU
2010-06-24 20:18 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 20:18 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 20:18 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 20:18 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 20:18 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-24 07:45 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-06-24 07:45 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-24 07:45 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-23 21:13 . 2010-03-28 12:08 -------- d-----w- c:\programdata\McAfee Security Scan
2010-07-23 11:16 . 2010-07-23 11:16 574 ----a-w- C:\cleanup.bat
2010-07-23 11:16 . 2010-07-23 11:16 0 ----a-w- C:\backup.reg
2010-07-23 08:40 . 2009-12-05 04:46 -------- d-----w- c:\program files\McAfee
2010-07-18 14:04 . 2010-03-30 17:40 -------- d-----w- c:\users\june\AppData\Roaming\vlc
2010-07-15 13:18 . 2009-12-05 04:49 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-07-11 14:59 . 2010-06-11 16:20 -------- d-----w- c:\program files\Creative
2010-07-06 19:32 . 2009-12-05 22:11 708852 ----a-w- c:\windows\system32\perfh00C.dat
2010-07-06 19:32 . 2009-12-05 22:11 132834 ----a-w- c:\windows\system32\perfc00C.dat
2010-07-02 15:05 . 2009-12-05 04:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-02 15:05 . 2009-12-05 04:35 -------- d-----w- c:\program files\Samsung
2010-06-28 06:26 . 2010-03-27 22:13 -------- d-----w- c:\program files\Microsoft.NET
2010-06-24 16:58 . 2010-03-27 22:16 87792 ----a-w- c:\users\june\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-22 18:24 . 2010-04-07 16:01 -------- d-----w- c:\users\june\AppData\Roaming\dvdcss
2010-06-22 11:42 . 2010-06-22 11:42 -------- d-----w- c:\program files\AnglaisFacile.com
2010-06-15 19:55 . 2010-05-16 09:05 -------- d-----w- c:\users\june\AppData\Roaming\Skype
2010-06-15 19:54 . 2010-05-16 09:06 -------- d-----w- c:\users\june\AppData\Roaming\skypePM
2010-06-12 00:53 . 2010-03-27 22:11 -------- d-----w- c:\programdata\Microsoft Help
2010-06-11 20:27 . 2010-06-11 20:17 -------- d-----w- c:\program files\Audible
2010-06-11 16:25 . 2010-06-11 16:23 -------- d--h--w- c:\program files\Creative Installation Information
2010-06-11 16:23 . 2010-06-11 16:23 -------- d-----w- c:\program files\Common Files\Creative
2010-06-11 16:23 . 2010-06-11 16:23 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-06-11 16:22 . 2010-06-11 16:22 -------- d-----w- c:\programdata\Creative
2010-06-11 16:05 . 2010-06-11 16:05 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-06-09 16:58 . 2010-06-09 16:58 -------- d-----w- c:\users\june\AppData\Roaming\Skip-Bo
2010-06-09 16:57 . 2010-06-09 16:57 -------- d-----w- c:\programdata\Trymedia
2010-06-09 16:57 . 2010-06-09 16:30 -------- d-----w- c:\program files\RealArcade
2010-06-09 16:31 . 2010-06-09 16:31 -------- d-----w- c:\programdata\Zylom
2010-06-09 16:31 . 2010-06-09 16:31 -------- d-----w- c:\program files\Zylom Games
2010-06-09 16:31 . 2009-12-05 05:01 -------- d-----w- c:\program files\Google
2010-06-07 20:31 . 2010-03-27 22:20 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-27 07:24 . 2010-06-11 16:02 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 16:02 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 12:42 . 2009-12-05 05:01 -------- d-----w- c:\programdata\Partner
2010-05-21 05:18 . 2010-06-11 16:03 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-16 09:06 . 2010-05-16 09:06 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-05-01 14:49 . 2010-06-11 16:03 2326528 ----a-w- c:\windows\system32\win32k.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
------- Sigcheck -------
[-] 2009-07-14 01:19 . 133D4B23C1D480428820C96807C3AB75 . 1285712 . . [------] . . c:\windows\System32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ÈlÈments vides & les ÈlÈments initiaux lÈgitimes ne sont pas listÈs
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]
"patchsetup70700.exe"="c:\users\june\AppData\Roaming\AE6B1A3372932F260B2F4EED263A43CA\patchsetup70700.exe" [2010-07-22 1051136]
"jfuotrdv"="c:\users\june\AppData\Local\mvkvrifwu\jlvonmutssd.exe" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-29 7862816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-10 1578280]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-04 13830760]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer8"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 136176]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-04-16 93320]
R2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-27 66080]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 rtl819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys [2009-06-23 538624]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-08 1343400]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
--- Autres Services/Pilotes en mÈmoire ---
*Deregistered* - alsljw
.
Contenu du dossier 'T'ches planifiÈes'
2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 16:31]
2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 16:31]
2009-12-05 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-03-27 11:22]
2009-12-05 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-03-27 11:22]
.
.
------- Examen supplÈmentaire -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\june\AppData\Roaming\Mozilla\Firefox\Profiles\tbmt3ipm.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-Locked - (no file)
HKLM-RunOnce-Cleanup - C:\cleanup.exe
HKLM-RunOnce-<NO NAME> - (no file)
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\alsljw]
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2010-07-23 13:25:42
ComboFix-quarantined-files.txt 2010-07-23 11:25
ComboFix2.txt 2010-07-23 10:34
Avant-CF: 147+763+048+448 octets libres
AprËs-CF: 147+426+136+064 octets libres
- - End Of File - - 490A0416ED8A4D366BA35A968C4D8A86
ComboFix 10-07-22.01 - june 23/07/2010 13:20:00.1.4 - x86 MINIMAL
Microsoft Windows+7 ...dition Familiale Premium 6.1.7600.0.1252.33.1036.18.3061.2150 [GMT 2:00]
LancÈ depuis: c:\users\june\Desktop\ComboFix.exe
* Un nouveau point de restauration a ÈtÈ crÈÈ
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\cleanup.exe
c:\programdata\FullRemove.exe
c:\users\june\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
c:\users\june\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk
c:\users\june\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\users\june\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\users\june\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\users\june\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk
c:\windows\SEC
c:\windows\SEC\172100logo.bmp
c:\windows\SEC\banner.png
c:\windows\SEC\Computer.png
c:\windows\SEC\Media _S_ Logo.png
c:\windows\SEC\Samsung.png
c:\windows\SEC\Samsung2.png
c:\windows\SEC\SamsungLogo.png
c:\windows\SEC\Thumbs.db
c:\windows\SEC\Wallpapers\Thumbs.db
c:\windows\SEC\Wallpapers\wallpaper.jpg
c:\windows\SEC\Wallpapers\wallpaper1.jpg
c:\windows\SEC\Wallpapers\Wallpaper2.jpg
C:\zip.exe
.
((((((((((((((((((((((((((((( Fichiers crÈÈs du 2010-06-23 au 2010-07-23 ))))))))))))))))))))))))))))))))))))
.
2010-07-23 11:24 . 2010-07-23 11:24 -------- d-----w- c:\users\june\AppData\Local\temp
2010-07-23 11:24 . 2010-07-23 11:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-23 11:24 . 2010-07-23 11:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-23 09:39 . 2010-07-23 09:52 -------- d-----w- c:\users\june\AppData\Local\ElevatedDiagnostics
2010-07-22 22:03 . 2010-07-23 11:24 766976 ----a-w- c:\windows\system32\drivers\alsljw.sys
2010-07-22 22:02 . 2010-07-22 22:02 -------- d-----w- c:\users\june\AppData\Local\mvkvrifwu
2010-07-22 22:02 . 2010-07-22 22:02 1051136 ----a-w- c:\users\june\AppData\Roaming\AE6B1A3372932F260B2F4EED263A43CA\patchsetup70700.exe
2010-07-22 22:02 . 2010-07-23 21:13 -------- d-----w- c:\users\june\AppData\Roaming\AE6B1A3372932F260B2F4EED263A43CA
2010-07-19 15:58 . 2010-07-19 15:58 2944904 ----a-w- c:\users\june\AppData\Roaming\Mozilla\Firefox\Profiles\tbmt3ipm.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-07-17 20:45 . 2010-07-22 22:07 -------- d-----w- c:\users\june\AppData\Roaming\BitTorrent
2010-07-17 20:45 . 2010-07-17 20:45 -------- d-----w- c:\program files\Ask.com
2010-07-17 20:45 . 2010-07-17 20:45 -------- d-----w- c:\program files\BitTorrent
2010-07-08 20:19 . 2010-07-08 20:19 -------- d-----w- c:\windows\system32\Wat
2010-07-03 07:37 . 2010-07-03 07:37 -------- d-----w- c:\program files\MSXML 4.0
2010-07-02 15:05 . 2010-07-02 15:24 -------- d-----w- c:\users\june\AppData\Roaming\DataCast
2010-07-02 15:05 . 2010-07-02 15:05 -------- d-----w- c:\program files\MarkAny
2010-07-02 15:03 . 2010-07-02 15:03 -------- d-----w- C:\Manual-PCProgram
2010-07-02 15:01 . 2010-07-02 15:01 -------- d-----w- c:\users\june\AppData\Roaming\AVS4YOU
2010-07-02 15:00 . 2010-07-11 15:04 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-07-02 15:00 . 2008-08-13 09:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-07-02 15:00 . 2008-08-13 09:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-07-02 15:00 . 2008-08-13 09:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-07-02 15:00 . 2010-07-11 15:04 -------- d-----w- c:\program files\AVS4YOU
2010-07-02 15:00 . 2010-07-02 15:01 -------- d-----w- c:\programdata\AVS4YOU
2010-06-24 20:18 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 20:18 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 20:18 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 20:18 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 20:18 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-24 07:45 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-06-24 07:45 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-24 07:45 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-23 21:13 . 2010-03-28 12:08 -------- d-----w- c:\programdata\McAfee Security Scan
2010-07-23 11:16 . 2010-07-23 11:16 574 ----a-w- C:\cleanup.bat
2010-07-23 11:16 . 2010-07-23 11:16 0 ----a-w- C:\backup.reg
2010-07-23 08:40 . 2009-12-05 04:46 -------- d-----w- c:\program files\McAfee
2010-07-18 14:04 . 2010-03-30 17:40 -------- d-----w- c:\users\june\AppData\Roaming\vlc
2010-07-15 13:18 . 2009-12-05 04:49 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-07-11 14:59 . 2010-06-11 16:20 -------- d-----w- c:\program files\Creative
2010-07-06 19:32 . 2009-12-05 22:11 708852 ----a-w- c:\windows\system32\perfh00C.dat
2010-07-06 19:32 . 2009-12-05 22:11 132834 ----a-w- c:\windows\system32\perfc00C.dat
2010-07-02 15:05 . 2009-12-05 04:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-02 15:05 . 2009-12-05 04:35 -------- d-----w- c:\program files\Samsung
2010-06-28 06:26 . 2010-03-27 22:13 -------- d-----w- c:\program files\Microsoft.NET
2010-06-24 16:58 . 2010-03-27 22:16 87792 ----a-w- c:\users\june\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-22 18:24 . 2010-04-07 16:01 -------- d-----w- c:\users\june\AppData\Roaming\dvdcss
2010-06-22 11:42 . 2010-06-22 11:42 -------- d-----w- c:\program files\AnglaisFacile.com
2010-06-15 19:55 . 2010-05-16 09:05 -------- d-----w- c:\users\june\AppData\Roaming\Skype
2010-06-15 19:54 . 2010-05-16 09:06 -------- d-----w- c:\users\june\AppData\Roaming\skypePM
2010-06-12 00:53 . 2010-03-27 22:11 -------- d-----w- c:\programdata\Microsoft Help
2010-06-11 20:27 . 2010-06-11 20:17 -------- d-----w- c:\program files\Audible
2010-06-11 16:25 . 2010-06-11 16:23 -------- d--h--w- c:\program files\Creative Installation Information
2010-06-11 16:23 . 2010-06-11 16:23 -------- d-----w- c:\program files\Common Files\Creative
2010-06-11 16:23 . 2010-06-11 16:23 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-06-11 16:22 . 2010-06-11 16:22 -------- d-----w- c:\programdata\Creative
2010-06-11 16:05 . 2010-06-11 16:05 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-06-09 16:58 . 2010-06-09 16:58 -------- d-----w- c:\users\june\AppData\Roaming\Skip-Bo
2010-06-09 16:57 . 2010-06-09 16:57 -------- d-----w- c:\programdata\Trymedia
2010-06-09 16:57 . 2010-06-09 16:30 -------- d-----w- c:\program files\RealArcade
2010-06-09 16:31 . 2010-06-09 16:31 -------- d-----w- c:\programdata\Zylom
2010-06-09 16:31 . 2010-06-09 16:31 -------- d-----w- c:\program files\Zylom Games
2010-06-09 16:31 . 2009-12-05 05:01 -------- d-----w- c:\program files\Google
2010-06-07 20:31 . 2010-03-27 22:20 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-27 07:24 . 2010-06-11 16:02 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 16:02 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 12:42 . 2009-12-05 05:01 -------- d-----w- c:\programdata\Partner
2010-05-21 05:18 . 2010-06-11 16:03 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-16 09:06 . 2010-05-16 09:06 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-05-01 14:49 . 2010-06-11 16:03 2326528 ----a-w- c:\windows\system32\win32k.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
------- Sigcheck -------
[-] 2009-07-14 01:19 . 133D4B23C1D480428820C96807C3AB75 . 1285712 . . [------] . . c:\windows\System32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ÈlÈments vides & les ÈlÈments initiaux lÈgitimes ne sont pas listÈs
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]
"patchsetup70700.exe"="c:\users\june\AppData\Roaming\AE6B1A3372932F260B2F4EED263A43CA\patchsetup70700.exe" [2010-07-22 1051136]
"jfuotrdv"="c:\users\june\AppData\Local\mvkvrifwu\jlvonmutssd.exe" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-29 7862816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-10 1578280]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-04 13830760]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer8"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 136176]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-04-16 93320]
R2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-27 66080]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 rtl819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys [2009-06-23 538624]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-08 1343400]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
--- Autres Services/Pilotes en mÈmoire ---
*Deregistered* - alsljw
.
Contenu du dossier 'T'ches planifiÈes'
2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 16:31]
2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 16:31]
2009-12-05 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-03-27 11:22]
2009-12-05 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-03-27 11:22]
.
.
------- Examen supplÈmentaire -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\june\AppData\Roaming\Mozilla\Firefox\Profiles\tbmt3ipm.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-Locked - (no file)
HKLM-RunOnce-Cleanup - C:\cleanup.exe
HKLM-RunOnce-<NO NAME> - (no file)
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\alsljw]
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2010-07-23 13:25:42
ComboFix-quarantined-files.txt 2010-07-23 11:25
ComboFix2.txt 2010-07-23 10:34
Avant-CF: 147+763+048+448 octets libres
AprËs-CF: 147+426+136+064 octets libres
- - End Of File - - 490A0416ED8A4D366BA35A968C4D8A86
beu.....
bizarre ce qui s'est passé sur The Avenger, il a tout pris en driver \o
on va retenter - je vais virer un truc :)
Relance The Avenger.
Dans le cadre , sous Input Script here , copie_colle le contenu du cadre ci dessous et clic execute:
* Après le re-démarrage, il crée un fichier log qui s'ouvrira,que tu posteras dans ta prochaine reponse, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
Relance Combofix et poste le rapport ici.
Rise Against rules :D
bizarre ce qui s'est passé sur The Avenger, il a tout pris en driver \o
on va retenter - je vais virer un truc :)
Relance The Avenger.
Dans le cadre , sous Input Script here , copie_colle le contenu du cadre ci dessous et clic execute:
begin copying here: Drivers to delete: alsljw Files to delete: c:\windows\system32\drivers\alsljw.sys
* Après le re-démarrage, il crée un fichier log qui s'ouvrira,que tu posteras dans ta prochaine reponse, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
Relance Combofix et poste le rapport ici.
Rise Against rules :D
