Probleme gomeo et spyware
gigilot
Messages postés
4
Statut
Membre
-
gigilot Messages postés 4 Statut Membre -
gigilot Messages postés 4 Statut Membre -
Bonjour,
Moi aussi j'ai un problème goméo et peut-être spyware. J'ai commencé par lire les différents messages sur le forum - j'ai malwarebytes et ZHPdiag qui ne trouvent plus rien mais goméo et d'autres sites s'ouvrent toujours. Pour le spyware - j'ai eu des dépenses avec ma carte bleue sur Internet que je n'avais pas faites et rien a été détecté par McAfee ni Windows Defender. Est-ce qu'il y a quelqu'un qui peut m'aider? Je ne suis pas une pro et le langage informatique n'est pas toujours facile à comprendre.
Merci pour votre aide
Moi aussi j'ai un problème goméo et peut-être spyware. J'ai commencé par lire les différents messages sur le forum - j'ai malwarebytes et ZHPdiag qui ne trouvent plus rien mais goméo et d'autres sites s'ouvrent toujours. Pour le spyware - j'ai eu des dépenses avec ma carte bleue sur Internet que je n'avais pas faites et rien a été détecté par McAfee ni Windows Defender. Est-ce qu'il y a quelqu'un qui peut m'aider? Je ne suis pas une pro et le langage informatique n'est pas toujours facile à comprendre.
Merci pour votre aide
A voir également:
- Probleme gomeo et spyware
- Spyware doctor - Télécharger - Antivirus & Antimalwares
- Spyware terminator - Télécharger - Antivirus & Antimalwares
- Spyware blaster - Télécharger - Antivirus & Antimalwares
- Anti spyware gratuit - Télécharger - Antivirus & Antimalwares
- Anti spyware - Télécharger - Antivirus & Antimalwares
6 réponses
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Bonsoir,
Voici le rapport:
ComboFix 10-09-23.01 - HP 23/09/2010 21:40:54.1.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3068.2149 [GMT 2:00]
Lancé depuis: c:\users\HP\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
* Un antivirus résident est actif
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\pdfforge Toolbar\SearchSettings.dll
Une copie infectée de c:\windows\system32\drivers\lsi_sas.sys a été trouvée et désinfectée
Copie restaurée à partir de - Kitty had a snack :p
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-08-23 au 2010-09-23 ))))))))))))))))))))))))))))))))))))
.
2010-09-23 19:52 . 2010-09-23 19:53 -------- d-----w- c:\users\HP\AppData\Local\temp
2010-09-23 19:52 . 2010-09-23 19:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-23 19:52 . 2010-09-23 19:52 -------- d-----w- c:\users\Christophe\AppData\Local\temp
2010-09-23 08:15 . 2010-09-23 08:23 -------- d-----w- c:\users\HP\AppData\Roaming\Raptr
2010-09-23 08:15 . 2010-09-23 08:19 -------- d-----w- c:\program files\Raptr
2010-09-23 08:13 . 2010-09-23 08:13 310208 ----a-w- c:\users\HP\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
2010-09-23 08:11 . 2010-09-23 08:11 52224 ----a-w- c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\f17b5viw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
2010-09-23 08:11 . 2010-09-23 08:11 101376 ----a-w- c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\f17b5viw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
2010-09-23 08:11 . 2010-09-23 08:11 -------- d-----w- c:\program files\Conduit
2010-09-23 08:11 . 2010-09-23 08:11 -------- d-----w- c:\program files\ConduitEngine
2010-09-23 08:11 . 2010-09-23 08:11 -------- d-----w- c:\program files\Vuze_Remote
2010-09-20 23:08 . 2010-09-20 23:08 2101303 ----a-w- c:\windows\system32\ZHPDiag_1.26.66.exe
2010-09-20 22:45 . 2010-09-20 22:45 -------- d-----w- c:\program files\ZHPDiag
2010-09-15 14:59 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 14:49 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-15 14:44 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 14:44 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-13 13:07 . 2010-09-13 13:07 -------- d-----w- c:\users\HP\AppData\Roaming\Malwarebytes
2010-09-13 13:04 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-13 13:04 . 2010-09-13 13:04 -------- d-----w- c:\programdata\Malwarebytes
2010-09-13 13:04 . 2010-09-13 13:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-13 13:04 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-12 18:46 . 2010-09-12 18:46 -------- d-----w- c:\users\HP\AppData\Local\Threat Expert
2010-09-11 23:09 . 2010-09-11 23:14 76704960 ----a-w- c:\programdata\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_dl.exe
2010-09-11 23:09 . 2010-09-13 13:33 -------- d-----w- c:\programdata\PC Tools
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 19:51 . 2009-03-11 14:59 -------- d-----w- c:\program files\pdfforge Toolbar
2010-09-23 19:46 . 2008-07-02 16:10 669566 ----a-w- c:\windows\system32\perfh00C.dat
2010-09-23 19:46 . 2008-07-02 16:10 123556 ----a-w- c:\windows\system32\perfc00C.dat
2010-09-23 19:39 . 2008-09-26 23:48 254274 ----a-w- c:\programdata\nvModes.dat
2010-09-23 19:36 . 2008-11-18 22:35 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-23 19:36 . 2009-01-18 22:29 -------- d-----w- c:\users\HP\AppData\Roaming\Azureus
2010-09-23 08:15 . 2009-01-20 14:05 172 ----a-w- c:\users\HP\AppData\Roaming\Azureus\restart.bat
2010-09-23 08:14 . 2009-11-20 08:14 4146688 ----a-w- c:\users\HP\AppData\Roaming\Azureus\plugins\vuzexcode\mediainfo.exe
2010-09-23 08:14 . 2009-11-20 08:14 7288256 ----a-w- c:\users\HP\AppData\Roaming\Azureus\plugins\vuzexcode\ffmpeg.exe
2010-09-23 08:12 . 2009-01-18 22:28 -------- d-----w- c:\program files\Vuze
2010-09-16 01:20 . 2008-11-21 20:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-16 01:19 . 2008-12-14 17:24 -------- d-----w- c:\users\HP\AppData\Roaming\Skype
2010-09-16 01:03 . 2008-07-02 07:55 -------- d-----w- c:\programdata\Microsoft Help
2010-09-12 18:46 . 2008-12-28 16:59 -------- d-----w- c:\program files\Google
2010-09-11 23:19 . 2010-09-11 23:16 1914752 ----a-w- c:\windows\system32\drivers\Cat.DB
2010-09-07 11:00 . 2009-08-27 22:15 -------- d-----w- c:\users\HP\AppData\Roaming\vlc
2010-08-24 12:57 . 2010-06-29 21:45 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-24 12:57 . 2010-06-29 21:44 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-24 12:57 . 2010-06-29 21:44 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-08-24 12:57 . 2010-06-29 21:44 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-24 12:57 . 2010-06-29 21:44 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-08-24 12:57 . 2010-06-29 21:44 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-24 12:57 . 2010-04-14 10:50 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 12:57 . 2008-11-16 15:29 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-24 12:57 . 2008-11-16 15:29 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-24 12:57 . 2008-06-27 05:08 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-24 09:31 . 2008-07-02 08:08 -------- d-----w- c:\program files\EasyBits For Kids
2010-08-19 14:47 . 2009-01-28 00:22 -------- d-----w- c:\users\HP\AppData\Roaming\dvdcss
2010-08-03 15:05 . 2010-08-03 15:05 -------- d-----r- c:\program files\Skype
2010-08-03 15:05 . 2008-12-14 17:17 -------- d-----w- c:\programdata\Skype
2010-08-03 14:55 . 2008-12-14 17:29 -------- d-----w- c:\users\HP\AppData\Roaming\skypePM
2010-07-19 10:27 . 2006-11-02 07:36 89656 ----a-w- c:\windows\system32\drivers\lsi_sas.sys
2010-07-01 10:57 . 2010-04-08 19:20 112 ----a-w- c:\programdata\Tk7Gnh6xd.dat
2010-06-26 06:05 . 2010-08-12 09:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 09:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 09:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 09:42 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-08-24 12:57 . 2010-07-27 07:02 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2008-07-02 16:13 . 2008-07-02 16:13 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
[code]<pre>
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu .exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler .exe
c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP .exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\HP\QuickPlay\QPService .exe
c:\program files\IDT\WDM\sttray .exe
c:\program files\Intel\Intel Matrix Storage Manager\iaanotif .exe
c:\program files\pdfforge Toolbar\SearchSettings .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\windows\WindowsMobile\wmdc .exe
</pre>/code
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-09-12 3863136]
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-08-10 14:06 91576 ----a-w- c:\program files\BearShareTb\BearShareDx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-09-12 13:02 3863136 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2009-05-04 10:56 398776 ----a-w- c:\program files\BearShare Applications\BearShare\BearShareIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-09-12 13:02 3863136 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\program files\BearShareTb\BearShareDx.dll" [2009-08-10 91576]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-09-12 3863136]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]
[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-23 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"CAP3ON"="c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2007-01-19 28288]
"MFP Manager"="c:\program files\MFP Server\MFPAgent.exe" [N/A]
"Server Application"="c:\windows\system32\ServoApp.exe" [2007-05-20 417792]
"GDI Manager"="c:\program files\MFP Server\App\Common\MFPAgent.exe" [N/A]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-24 1193848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
c:\users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d''cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LASER SHOT LBP-1120 Status Window.LNK - c:\windows\System32\spool\drivers\w32x86\3\CAP3LAK.EXE [2007-1-9 38976]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 ALIWEHCD;MFP Server Enhanced Controller;c:\windows\system32\Drivers\mfpec.sys [x]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R3 BthAudioHF;Service BthAudioHF;c:\windows\system32\DRIVERS\BthAudioHF.sys [2008-07-10 30208]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
R3 csr_a2dp;Profil AV Bluetooth;c:\windows\system32\drivers\bthav.sys [2010-02-05 66952]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-08-24 84264]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
R3 WUSBVBus;MFP Server Detector;c:\windows\system32\DRIVERS\mfpvbus.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-08-24 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-08-24 164808]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [2008-06-27 77824]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-08-07 24880]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McMPFSvc;Service McAfee Personal Firewall;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-08-24 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-08-24 141792]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-03-26 341328]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-08-24 55840]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-08-24 312904]
S3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-23 43552]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - mfeavfk01
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
bthaudiosvc REG_MULTI_SZ HFGService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 09:03]
2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 09:03]
2010-03-18 c:\windows\Tasks\HPCeeScheduleForHP.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-07-02 13:14]
2010-09-23 c:\windows\Tasks\User_Feed_Synchronization-{E02CEAF0-18D3-467A-9E27-A8607F0AC1CC}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://fr.search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: gouv.fr\www.impots
Trusted Zone: ucopia2.mobile\controller
FF - ProfilePath - c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\f17b5viw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\f17b5viw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\f17b5viw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-23 21:53
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2010-09-23 21:56:19
ComboFix-quarantined-files.txt 2010-09-23 19:56
Avant-CF: 195 557 752 832 octets libres
Après-CF: 196 894 232 576 octets libres
- - End Of File - - BDEAE0C2977DAD916B0F669190D2BC76
Voici le rapport:
ComboFix 10-09-23.01 - HP 23/09/2010 21:40:54.1.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3068.2149 [GMT 2:00]
Lancé depuis: c:\users\HP\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
* Un antivirus résident est actif
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\pdfforge Toolbar\SearchSettings.dll
Une copie infectée de c:\windows\system32\drivers\lsi_sas.sys a été trouvée et désinfectée
Copie restaurée à partir de - Kitty had a snack :p
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-08-23 au 2010-09-23 ))))))))))))))))))))))))))))))))))))
.
2010-09-23 19:52 . 2010-09-23 19:53 -------- d-----w- c:\users\HP\AppData\Local\temp
2010-09-23 19:52 . 2010-09-23 19:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-23 19:52 . 2010-09-23 19:52 -------- d-----w- c:\users\Christophe\AppData\Local\temp
2010-09-23 08:15 . 2010-09-23 08:23 -------- d-----w- c:\users\HP\AppData\Roaming\Raptr
2010-09-23 08:15 . 2010-09-23 08:19 -------- d-----w- c:\program files\Raptr
2010-09-23 08:13 . 2010-09-23 08:13 310208 ----a-w- c:\users\HP\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
2010-09-23 08:11 . 2010-09-23 08:11 52224 ----a-w- c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\f17b5viw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
2010-09-23 08:11 . 2010-09-23 08:11 101376 ----a-w- c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\f17b5viw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
2010-09-23 08:11 . 2010-09-23 08:11 -------- d-----w- c:\program files\Conduit
2010-09-23 08:11 . 2010-09-23 08:11 -------- d-----w- c:\program files\ConduitEngine
2010-09-23 08:11 . 2010-09-23 08:11 -------- d-----w- c:\program files\Vuze_Remote
2010-09-20 23:08 . 2010-09-20 23:08 2101303 ----a-w- c:\windows\system32\ZHPDiag_1.26.66.exe
2010-09-20 22:45 . 2010-09-20 22:45 -------- d-----w- c:\program files\ZHPDiag
2010-09-15 14:59 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 14:49 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-15 14:44 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 14:44 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-13 13:07 . 2010-09-13 13:07 -------- d-----w- c:\users\HP\AppData\Roaming\Malwarebytes
2010-09-13 13:04 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-13 13:04 . 2010-09-13 13:04 -------- d-----w- c:\programdata\Malwarebytes
2010-09-13 13:04 . 2010-09-13 13:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-13 13:04 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-12 18:46 . 2010-09-12 18:46 -------- d-----w- c:\users\HP\AppData\Local\Threat Expert
2010-09-11 23:09 . 2010-09-11 23:14 76704960 ----a-w- c:\programdata\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_dl.exe
2010-09-11 23:09 . 2010-09-13 13:33 -------- d-----w- c:\programdata\PC Tools
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 19:51 . 2009-03-11 14:59 -------- d-----w- c:\program files\pdfforge Toolbar
2010-09-23 19:46 . 2008-07-02 16:10 669566 ----a-w- c:\windows\system32\perfh00C.dat
2010-09-23 19:46 . 2008-07-02 16:10 123556 ----a-w- c:\windows\system32\perfc00C.dat
2010-09-23 19:39 . 2008-09-26 23:48 254274 ----a-w- c:\programdata\nvModes.dat
2010-09-23 19:36 . 2008-11-18 22:35 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-23 19:36 . 2009-01-18 22:29 -------- d-----w- c:\users\HP\AppData\Roaming\Azureus
2010-09-23 08:15 . 2009-01-20 14:05 172 ----a-w- c:\users\HP\AppData\Roaming\Azureus\restart.bat
2010-09-23 08:14 . 2009-11-20 08:14 4146688 ----a-w- c:\users\HP\AppData\Roaming\Azureus\plugins\vuzexcode\mediainfo.exe
2010-09-23 08:14 . 2009-11-20 08:14 7288256 ----a-w- c:\users\HP\AppData\Roaming\Azureus\plugins\vuzexcode\ffmpeg.exe
2010-09-23 08:12 . 2009-01-18 22:28 -------- d-----w- c:\program files\Vuze
2010-09-16 01:20 . 2008-11-21 20:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-16 01:19 . 2008-12-14 17:24 -------- d-----w- c:\users\HP\AppData\Roaming\Skype
2010-09-16 01:03 . 2008-07-02 07:55 -------- d-----w- c:\programdata\Microsoft Help
2010-09-12 18:46 . 2008-12-28 16:59 -------- d-----w- c:\program files\Google
2010-09-11 23:19 . 2010-09-11 23:16 1914752 ----a-w- c:\windows\system32\drivers\Cat.DB
2010-09-07 11:00 . 2009-08-27 22:15 -------- d-----w- c:\users\HP\AppData\Roaming\vlc
2010-08-24 12:57 . 2010-06-29 21:45 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-24 12:57 . 2010-06-29 21:44 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-24 12:57 . 2010-06-29 21:44 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-08-24 12:57 . 2010-06-29 21:44 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-24 12:57 . 2010-06-29 21:44 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-08-24 12:57 . 2010-06-29 21:44 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-24 12:57 . 2010-04-14 10:50 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 12:57 . 2008-11-16 15:29 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-24 12:57 . 2008-11-16 15:29 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-24 12:57 . 2008-06-27 05:08 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-24 09:31 . 2008-07-02 08:08 -------- d-----w- c:\program files\EasyBits For Kids
2010-08-19 14:47 . 2009-01-28 00:22 -------- d-----w- c:\users\HP\AppData\Roaming\dvdcss
2010-08-03 15:05 . 2010-08-03 15:05 -------- d-----r- c:\program files\Skype
2010-08-03 15:05 . 2008-12-14 17:17 -------- d-----w- c:\programdata\Skype
2010-08-03 14:55 . 2008-12-14 17:29 -------- d-----w- c:\users\HP\AppData\Roaming\skypePM
2010-07-19 10:27 . 2006-11-02 07:36 89656 ----a-w- c:\windows\system32\drivers\lsi_sas.sys
2010-07-01 10:57 . 2010-04-08 19:20 112 ----a-w- c:\programdata\Tk7Gnh6xd.dat
2010-06-26 06:05 . 2010-08-12 09:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 09:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 09:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 09:42 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-08-24 12:57 . 2010-07-27 07:02 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2008-07-02 16:13 . 2008-07-02 16:13 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
[code]<pre>
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu .exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler .exe
c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP .exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\HP\QuickPlay\QPService .exe
c:\program files\IDT\WDM\sttray .exe
c:\program files\Intel\Intel Matrix Storage Manager\iaanotif .exe
c:\program files\pdfforge Toolbar\SearchSettings .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\windows\WindowsMobile\wmdc .exe
</pre>/code
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-09-12 3863136]
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-08-10 14:06 91576 ----a-w- c:\program files\BearShareTb\BearShareDx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-09-12 13:02 3863136 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2009-05-04 10:56 398776 ----a-w- c:\program files\BearShare Applications\BearShare\BearShareIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-09-12 13:02 3863136 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\program files\BearShareTb\BearShareDx.dll" [2009-08-10 91576]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-09-12 3863136]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]
[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-23 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"CAP3ON"="c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2007-01-19 28288]
"MFP Manager"="c:\program files\MFP Server\MFPAgent.exe" [N/A]
"Server Application"="c:\windows\system32\ServoApp.exe" [2007-05-20 417792]
"GDI Manager"="c:\program files\MFP Server\App\Common\MFPAgent.exe" [N/A]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-24 1193848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
c:\users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d''cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LASER SHOT LBP-1120 Status Window.LNK - c:\windows\System32\spool\drivers\w32x86\3\CAP3LAK.EXE [2007-1-9 38976]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 ALIWEHCD;MFP Server Enhanced Controller;c:\windows\system32\Drivers\mfpec.sys [x]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R3 BthAudioHF;Service BthAudioHF;c:\windows\system32\DRIVERS\BthAudioHF.sys [2008-07-10 30208]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
R3 csr_a2dp;Profil AV Bluetooth;c:\windows\system32\drivers\bthav.sys [2010-02-05 66952]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-08-24 84264]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
R3 WUSBVBus;MFP Server Detector;c:\windows\system32\DRIVERS\mfpvbus.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-08-24 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-08-24 164808]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [2008-06-27 77824]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-08-07 24880]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McMPFSvc;Service McAfee Personal Firewall;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-08-24 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-08-24 141792]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-03-26 341328]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-08-24 55840]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-08-24 312904]
S3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-23 43552]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - mfeavfk01
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
bthaudiosvc REG_MULTI_SZ HFGService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 09:03]
2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 09:03]
2010-03-18 c:\windows\Tasks\HPCeeScheduleForHP.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-07-02 13:14]
2010-09-23 c:\windows\Tasks\User_Feed_Synchronization-{E02CEAF0-18D3-467A-9E27-A8607F0AC1CC}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://fr.search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: gouv.fr\www.impots
Trusted Zone: ucopia2.mobile\controller
FF - ProfilePath - c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\f17b5viw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\f17b5viw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\f17b5viw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-23 21:53
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2010-09-23 21:56:19
ComboFix-quarantined-files.txt 2010-09-23 19:56
Avant-CF: 195 557 752 832 octets libres
Après-CF: 196 894 232 576 octets libres
- - End Of File - - BDEAE0C2977DAD916B0F669190D2BC76
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
c:\program files\Vuze_Remote\tbVuze.dll
c:\program files\BearShareTb
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\BearShare Application
c:\program files\Vuze_Remote\tbVuze.dll
c:\program files\ConduitEngine
reg::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"=-
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
c:\program files\Vuze_Remote\tbVuze.dll
c:\program files\BearShareTb
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\BearShare Application
c:\program files\Vuze_Remote\tbVuze.dll
c:\program files\ConduitEngine
reg::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"=-
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Bonsoir - le voilà: Merci!
ComboFix 10-09-23.01 - HP 23/09/2010 22:56:34.2.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3068.1964 [GMT 2:00]
Lancé depuis: c:\users\HP\Downloads\ComboFix.exe
Commutateurs utilisés :: c:\users\HP\Desktop\CFscript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un antivirus résident est actif
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\Vuze_Remote\tbVuze.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-08-23 au 2010-09-23 ))))))))))))))))))))))))))))))))))))
.
2010-09-23 21:05 . 2010-09-23 21:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-23 21:05 . 2010-09-23 21:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-23 21:05 . 2010-09-23 21:05 -------- d-----w- c:\users\Christophe\AppData\Local\temp
2010-09-23 20:33 . 2010-09-23 21:05 -------- d-----w- c:\users\HP\AppData\Local\temp
2010-09-23 08:15 . 2010-09-23 08:23 -------- d-----w- c:\users\HP\AppData\Roaming\Raptr
2010-09-23 08:15 . 2010-09-23 08:19 -------- d-----w- c:\program files\Raptr
2010-09-23 08:13 . 2010-09-23 08:13 310208 ----a-w- c:\users\HP\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
2010-09-23 08:11 . 2010-09-23 08:11 52224 ----a-w- c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\f17b5viw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
2010-09-23 08:11 . 2010-09-23 08:11 101376 ----a-w- c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\f17b5viw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
2010-09-23 08:11 . 2010-09-23 08:11 -------- d-----w- c:\program files\Conduit
2010-09-23 08:11 . 2010-09-23 20:32 -------- d-----w- c:\program files\ConduitEngine
2010-09-23 08:11 . 2010-09-23 20:32 -------- d-----w- c:\program files\Vuze_Remote
2010-09-20 23:08 . 2010-09-20 23:08 2101303 ----a-w- c:\windows\system32\ZHPDiag_1.26.66.exe
2010-09-20 22:45 . 2010-09-20 22:45 -------- d-----w- c:\program files\ZHPDiag
2010-09-15 14:59 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 14:49 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-15 14:44 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 14:44 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-13 13:07 . 2010-09-13 13:07 -------- d-----w- c:\users\HP\AppData\Roaming\Malwarebytes
2010-09-13 13:04 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-13 13:04 . 2010-09-13 13:04 -------- d-----w- c:\programdata\Malwarebytes
2010-09-13 13:04 . 2010-09-13 13:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-13 13:04 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-12 18:46 . 2010-09-12 18:46 -------- d-----w- c:\users\HP\AppData\Local\Threat Expert
2010-09-11 23:09 . 2010-09-11 23:14 76704960 ----a-w- c:\programdata\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_dl.exe
2010-09-11 23:09 . 2010-09-13 13:33 -------- d-----w- c:\programdata\PC Tools
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 20:52 . 2008-07-02 16:10 672322 ----a-w- c:\windows\system32\perfh00C.dat
2010-09-23 20:52 . 2008-07-02 16:10 124434 ----a-w- c:\windows\system32\perfc00C.dat
2010-09-23 20:47 . 2008-09-26 23:48 254274 ----a-w- c:\programdata\nvModes.dat
2010-09-23 20:45 . 2008-11-18 22:35 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-23 19:51 . 2009-03-11 14:59 -------- d-----w- c:\program files\pdfforge Toolbar
2010-09-23 19:36 . 2009-01-18 22:29 -------- d-----w- c:\users\HP\AppData\Roaming\Azureus
2010-09-23 08:15 . 2009-01-20 14:05 172 ----a-w- c:\users\HP\AppData\Roaming\Azureus\restart.bat
2010-09-23 08:14 . 2009-11-20 08:14 4146688 ----a-w- c:\users\HP\AppData\Roaming\Azureus\plugins\vuzexcode\mediainfo.exe
2010-09-23 08:14 . 2009-11-20 08:14 7288256 ----a-w- c:\users\HP\AppData\Roaming\Azureus\plugins\vuzexcode\ffmpeg.exe
2010-09-23 08:12 . 2009-01-18 22:28 -------- d-----w- c:\program files\Vuze
2010-09-16 01:20 . 2008-11-21 20:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-16 01:19 . 2008-12-14 17:24 -------- d-----w- c:\users\HP\AppData\Roaming\Skype
2010-09-16 01:03 . 2008-07-02 07:55 -------- d-----w- c:\programdata\Microsoft Help
2010-09-12 18:46 . 2008-12-28 16:59 -------- d-----w- c:\program files\Google
2010-09-11 23:19 . 2010-09-11 23:16 1914752 ----a-w- c:\windows\system32\drivers\Cat.DB
2010-09-07 11:00 . 2009-08-27 22:15 -------- d-----w- c:\users\HP\AppData\Roaming\vlc
2010-08-24 12:57 . 2010-06-29 21:45 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-24 12:57 . 2010-06-29 21:44 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-24 12:57 . 2010-06-29 21:44 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-08-24 12:57 . 2010-06-29 21:44 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-24 12:57 . 2010-06-29 21:44 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-08-24 12:57 . 2010-06-29 21:44 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-24 12:57 . 2010-04-14 10:50 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 12:57 . 2008-11-16 15:29 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-24 12:57 . 2008-11-16 15:29 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-24 12:57 . 2008-06-27 05:08 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-24 09:31 . 2008-07-02 08:08 -------- d-----w- c:\program files\EasyBits For Kids
2010-08-19 14:47 . 2009-01-28 00:22 -------- d-----w- c:\users\HP\AppData\Roaming\dvdcss
2010-08-03 15:05 . 2010-08-03 15:05 -------- d-----r- c:\program files\Skype
2010-08-03 15:05 . 2008-12-14 17:17 -------- d-----w- c:\programdata\Skype
2010-08-03 14:55 . 2008-12-14 17:29 -------- d-----w- c:\users\HP\AppData\Roaming\skypePM
2010-07-19 10:27 . 2006-11-02 07:36 89656 ----a-w- c:\windows\system32\drivers\lsi_sas.sys
2010-07-01 10:57 . 2010-04-08 19:20 112 ----a-w- c:\programdata\Tk7Gnh6xd.dat
2010-06-26 06:05 . 2010-08-12 09:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 09:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 09:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 09:42 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-08-24 12:57 . 2010-07-27 07:02 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2008-07-02 16:13 . 2008-07-02 16:13 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
[code]<pre>
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu .exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler .exe
c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP .exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\HP\QuickPlay\QPService .exe
c:\program files\IDT\WDM\sttray .exe
c:\program files\Intel\Intel Matrix Storage Manager\iaanotif .exe
c:\program files\pdfforge Toolbar\SearchSettings .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\windows\WindowsMobile\wmdc .exe
</pre>/code
((((((((((((((((((((((((((((( SnapShot@2010-09-23_19.53.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-09-23 20:50 71436 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-09-23 20:50 97592 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-14 06:43 . 2010-09-23 20:50 12550 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2712701935-507359512-454146886-1000_UserData.bin
- 2008-09-26 23:11 . 2010-09-23 19:38 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-26 23:11 . 2010-09-23 20:46 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-26 23:11 . 2010-09-23 20:46 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-26 23:11 . 2010-09-23 19:38 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-23 19:38 . 2010-09-23 19:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-23 20:46 . 2010-09-23 20:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-23 20:46 . 2010-09-23 20:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-09-23 19:38 . 2010-09-23 19:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2010-09-23 20:52 590082 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-09-23 20:52 102094 c:\windows\System32\perfc009.dat
- 2008-09-26 23:11 . 2010-09-23 19:38 1163264 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-26 23:11 . 2010-09-23 20:46 1163264 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [BU]
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-08-10 14:06 91576 ----a-w- c:\program files\BearShareTb\BearShareDx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
c:\program files\ConduitEngine\ConduitEngine.dll [BU]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2009-05-04 10:56 398776 ----a-w- c:\program files\BearShare Applications\BearShare\BearShareIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
c:\program files\Vuze_Remote\tbVuze.dll [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\program files\BearShareTb\BearShareDx.dll" [2009-08-10 91576]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [BU]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [BU]
[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-23 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"CAP3ON"="c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2007-01-19 28288]
"MFP Manager"="c:\program files\MFP Server\MFPAgent.exe" [N/A]
"Server Application"="c:\windows\system32\ServoApp.exe" [2007-05-20 417792]
"GDI Manager"="c:\program files\MFP Server\App\Common\MFPAgent.exe" [N/A]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-24 1193848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
c:\users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d''cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LASER SHOT LBP-1120 Status Window.LNK - c:\windows\System32\spool\drivers\w32x86\3\CAP3LAK.EXE [2007-1-9 38976]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 ALIWEHCD;MFP Server Enhanced Controller;c:\windows\system32\Drivers\mfpec.sys [x]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R3 BthAudioHF;Service BthAudioHF;c:\windows\system32\DRIVERS\BthAudioHF.sys [2008-07-10 30208]
R3 csr_a2dp;Profil AV Bluetooth;c:\windows\system32\drivers\bthav.sys [2010-02-05 66952]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-08-24 84264]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
R3 WUSBVBus;MFP Server Detector;c:\windows\system32\DRIVERS\mfpvbus.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-08-24 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-08-24 164808]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [2008-06-27 77824]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-08-07 24880]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McMPFSvc;Service McAfee Personal Firewall;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-08-24 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-08-24 141792]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-03-26 341328]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-08-24 55840]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-08-24 312904]
S3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-23 43552]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - mfeavfk01
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
bthaudiosvc REG_MULTI_SZ HFGService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 09:03]
2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 09:03]
2010-03-18 c:\windows\Tasks\HPCeeScheduleForHP.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-07-02 13:14]
2010-09-23 c:\windows\Tasks\User_Feed_Synchronization-{E02CEAF0-18D3-467A-9E27-A8607F0AC1CC}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://fr.search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: gouv.fr\www.impots
Trusted Zone: ucopia2.mobile\controller
FF - ProfilePath - c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\f17b5viw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\f17b5viw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\f17b5viw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-23 23:05
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(4832)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
.
Heure de fin: 2010-09-23 23:10:22
ComboFix-quarantined-files.txt 2010-09-23 21:10
ComboFix2.txt 2010-09-23 20:38
ComboFix3.txt 2010-09-23 19:56
Avant-CF: 192 551 395 328 octets libres
Après-CF: 192 507 056 128 octets libres
- - End Of File - - F5B98A820D6B4C0648BB93163A1A2925
ComboFix 10-09-23.01 - HP 23/09/2010 22:56:34.2.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3068.1964 [GMT 2:00]
Lancé depuis: c:\users\HP\Downloads\ComboFix.exe
Commutateurs utilisés :: c:\users\HP\Desktop\CFscript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un antivirus résident est actif
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\Vuze_Remote\tbVuze.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-08-23 au 2010-09-23 ))))))))))))))))))))))))))))))))))))
.
2010-09-23 21:05 . 2010-09-23 21:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-23 21:05 . 2010-09-23 21:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-23 21:05 . 2010-09-23 21:05 -------- d-----w- c:\users\Christophe\AppData\Local\temp
2010-09-23 20:33 . 2010-09-23 21:05 -------- d-----w- c:\users\HP\AppData\Local\temp
2010-09-23 08:15 . 2010-09-23 08:23 -------- d-----w- c:\users\HP\AppData\Roaming\Raptr
2010-09-23 08:15 . 2010-09-23 08:19 -------- d-----w- c:\program files\Raptr
2010-09-23 08:13 . 2010-09-23 08:13 310208 ----a-w- c:\users\HP\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
2010-09-23 08:11 . 2010-09-23 08:11 52224 ----a-w- c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\f17b5viw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
2010-09-23 08:11 . 2010-09-23 08:11 101376 ----a-w- c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\f17b5viw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
2010-09-23 08:11 . 2010-09-23 08:11 -------- d-----w- c:\program files\Conduit
2010-09-23 08:11 . 2010-09-23 20:32 -------- d-----w- c:\program files\ConduitEngine
2010-09-23 08:11 . 2010-09-23 20:32 -------- d-----w- c:\program files\Vuze_Remote
2010-09-20 23:08 . 2010-09-20 23:08 2101303 ----a-w- c:\windows\system32\ZHPDiag_1.26.66.exe
2010-09-20 22:45 . 2010-09-20 22:45 -------- d-----w- c:\program files\ZHPDiag
2010-09-15 14:59 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 14:49 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-15 14:44 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 14:44 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-13 13:07 . 2010-09-13 13:07 -------- d-----w- c:\users\HP\AppData\Roaming\Malwarebytes
2010-09-13 13:04 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-13 13:04 . 2010-09-13 13:04 -------- d-----w- c:\programdata\Malwarebytes
2010-09-13 13:04 . 2010-09-13 13:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-13 13:04 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-12 18:46 . 2010-09-12 18:46 -------- d-----w- c:\users\HP\AppData\Local\Threat Expert
2010-09-11 23:09 . 2010-09-11 23:14 76704960 ----a-w- c:\programdata\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_dl.exe
2010-09-11 23:09 . 2010-09-13 13:33 -------- d-----w- c:\programdata\PC Tools
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 20:52 . 2008-07-02 16:10 672322 ----a-w- c:\windows\system32\perfh00C.dat
2010-09-23 20:52 . 2008-07-02 16:10 124434 ----a-w- c:\windows\system32\perfc00C.dat
2010-09-23 20:47 . 2008-09-26 23:48 254274 ----a-w- c:\programdata\nvModes.dat
2010-09-23 20:45 . 2008-11-18 22:35 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-23 19:51 . 2009-03-11 14:59 -------- d-----w- c:\program files\pdfforge Toolbar
2010-09-23 19:36 . 2009-01-18 22:29 -------- d-----w- c:\users\HP\AppData\Roaming\Azureus
2010-09-23 08:15 . 2009-01-20 14:05 172 ----a-w- c:\users\HP\AppData\Roaming\Azureus\restart.bat
2010-09-23 08:14 . 2009-11-20 08:14 4146688 ----a-w- c:\users\HP\AppData\Roaming\Azureus\plugins\vuzexcode\mediainfo.exe
2010-09-23 08:14 . 2009-11-20 08:14 7288256 ----a-w- c:\users\HP\AppData\Roaming\Azureus\plugins\vuzexcode\ffmpeg.exe
2010-09-23 08:12 . 2009-01-18 22:28 -------- d-----w- c:\program files\Vuze
2010-09-16 01:20 . 2008-11-21 20:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-16 01:19 . 2008-12-14 17:24 -------- d-----w- c:\users\HP\AppData\Roaming\Skype
2010-09-16 01:03 . 2008-07-02 07:55 -------- d-----w- c:\programdata\Microsoft Help
2010-09-12 18:46 . 2008-12-28 16:59 -------- d-----w- c:\program files\Google
2010-09-11 23:19 . 2010-09-11 23:16 1914752 ----a-w- c:\windows\system32\drivers\Cat.DB
2010-09-07 11:00 . 2009-08-27 22:15 -------- d-----w- c:\users\HP\AppData\Roaming\vlc
2010-08-24 12:57 . 2010-06-29 21:45 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-24 12:57 . 2010-06-29 21:44 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-24 12:57 . 2010-06-29 21:44 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-08-24 12:57 . 2010-06-29 21:44 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-24 12:57 . 2010-06-29 21:44 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-08-24 12:57 . 2010-06-29 21:44 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-24 12:57 . 2010-04-14 10:50 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 12:57 . 2008-11-16 15:29 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-24 12:57 . 2008-11-16 15:29 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-24 12:57 . 2008-06-27 05:08 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-24 09:31 . 2008-07-02 08:08 -------- d-----w- c:\program files\EasyBits For Kids
2010-08-19 14:47 . 2009-01-28 00:22 -------- d-----w- c:\users\HP\AppData\Roaming\dvdcss
2010-08-03 15:05 . 2010-08-03 15:05 -------- d-----r- c:\program files\Skype
2010-08-03 15:05 . 2008-12-14 17:17 -------- d-----w- c:\programdata\Skype
2010-08-03 14:55 . 2008-12-14 17:29 -------- d-----w- c:\users\HP\AppData\Roaming\skypePM
2010-07-19 10:27 . 2006-11-02 07:36 89656 ----a-w- c:\windows\system32\drivers\lsi_sas.sys
2010-07-01 10:57 . 2010-04-08 19:20 112 ----a-w- c:\programdata\Tk7Gnh6xd.dat
2010-06-26 06:05 . 2010-08-12 09:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 09:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 09:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 09:42 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-08-24 12:57 . 2010-07-27 07:02 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2008-07-02 16:13 . 2008-07-02 16:13 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
[code]<pre>
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu .exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler .exe
c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP .exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\HP\QuickPlay\QPService .exe
c:\program files\IDT\WDM\sttray .exe
c:\program files\Intel\Intel Matrix Storage Manager\iaanotif .exe
c:\program files\pdfforge Toolbar\SearchSettings .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\windows\WindowsMobile\wmdc .exe
</pre>/code
((((((((((((((((((((((((((((( SnapShot@2010-09-23_19.53.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-09-23 20:50 71436 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-09-23 20:50 97592 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-14 06:43 . 2010-09-23 20:50 12550 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2712701935-507359512-454146886-1000_UserData.bin
- 2008-09-26 23:11 . 2010-09-23 19:38 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-26 23:11 . 2010-09-23 20:46 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-26 23:11 . 2010-09-23 20:46 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-26 23:11 . 2010-09-23 19:38 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-23 19:38 . 2010-09-23 19:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-23 20:46 . 2010-09-23 20:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-23 20:46 . 2010-09-23 20:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-09-23 19:38 . 2010-09-23 19:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2010-09-23 20:52 590082 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-09-23 20:52 102094 c:\windows\System32\perfc009.dat
- 2008-09-26 23:11 . 2010-09-23 19:38 1163264 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-26 23:11 . 2010-09-23 20:46 1163264 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [BU]
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-08-10 14:06 91576 ----a-w- c:\program files\BearShareTb\BearShareDx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
c:\program files\ConduitEngine\ConduitEngine.dll [BU]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2009-05-04 10:56 398776 ----a-w- c:\program files\BearShare Applications\BearShare\BearShareIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
c:\program files\Vuze_Remote\tbVuze.dll [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\program files\BearShareTb\BearShareDx.dll" [2009-08-10 91576]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [BU]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [BU]
[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-23 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"CAP3ON"="c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2007-01-19 28288]
"MFP Manager"="c:\program files\MFP Server\MFPAgent.exe" [N/A]
"Server Application"="c:\windows\system32\ServoApp.exe" [2007-05-20 417792]
"GDI Manager"="c:\program files\MFP Server\App\Common\MFPAgent.exe" [N/A]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-24 1193848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
c:\users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d''cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LASER SHOT LBP-1120 Status Window.LNK - c:\windows\System32\spool\drivers\w32x86\3\CAP3LAK.EXE [2007-1-9 38976]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 ALIWEHCD;MFP Server Enhanced Controller;c:\windows\system32\Drivers\mfpec.sys [x]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R3 BthAudioHF;Service BthAudioHF;c:\windows\system32\DRIVERS\BthAudioHF.sys [2008-07-10 30208]
R3 csr_a2dp;Profil AV Bluetooth;c:\windows\system32\drivers\bthav.sys [2010-02-05 66952]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-08-24 84264]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
R3 WUSBVBus;MFP Server Detector;c:\windows\system32\DRIVERS\mfpvbus.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-08-24 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-08-24 164808]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [2008-06-27 77824]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-08-07 24880]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McMPFSvc;Service McAfee Personal Firewall;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-08-24 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-08-24 141792]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-03-26 341328]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-08-24 55840]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-08-24 312904]
S3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-23 43552]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - mfeavfk01
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
bthaudiosvc REG_MULTI_SZ HFGService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 09:03]
2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 09:03]
2010-03-18 c:\windows\Tasks\HPCeeScheduleForHP.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-07-02 13:14]
2010-09-23 c:\windows\Tasks\User_Feed_Synchronization-{E02CEAF0-18D3-467A-9E27-A8607F0AC1CC}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://fr.search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: gouv.fr\www.impots
Trusted Zone: ucopia2.mobile\controller
FF - ProfilePath - c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\f17b5viw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\f17b5viw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\f17b5viw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-23 23:05
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(4832)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
.
Heure de fin: 2010-09-23 23:10:22
ComboFix-quarantined-files.txt 2010-09-23 21:10
ComboFix2.txt 2010-09-23 20:38
ComboFix3.txt 2010-09-23 19:56
Avant-CF: 192 551 395 328 octets libres
Après-CF: 192 507 056 128 octets libres
- - End Of File - - F5B98A820D6B4C0648BB93163A1A2925
