Centre de sécurité windows
Fermé
yo52130
Messages postés
42
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
j'ai téléchargé un soit disant "générateur de clé ", et aprés l'avoir analysé par avast il n'y avait ancune menace détectée, je l'ai exécuté et il a disparu de son emplacement.
depuis, j'ai un message du centre de sécurité windows qui me dit qu'il est désactivé, et lorsque je tente de l'activer,j'ai le message suivant: "impossible de démarrer le service centre de sécurité windows".
j'arrive à démarrer le service via services.msc mais il se désactive au bout de quelques secondes avec de nouveau le même message d'alerte du centre de sécurité windows.
je pense avoir un "intru", j'ai besoins d'aide svp, merci
j'ai téléchargé un soit disant "générateur de clé ", et aprés l'avoir analysé par avast il n'y avait ancune menace détectée, je l'ai exécuté et il a disparu de son emplacement.
depuis, j'ai un message du centre de sécurité windows qui me dit qu'il est désactivé, et lorsque je tente de l'activer,j'ai le message suivant: "impossible de démarrer le service centre de sécurité windows".
j'arrive à démarrer le service via services.msc mais il se désactive au bout de quelques secondes avec de nouveau le même message d'alerte du centre de sécurité windows.
je pense avoir un "intru", j'ai besoins d'aide svp, merci
A voir également:
- Centre de sécurité windows
- Clé de produit windows 10 gratuit - Guide
- Mode securite - Guide
- Montage video windows - Guide
- Windows ne démarre pas - Guide
- Windows movie maker - Télécharger - Montage & Édition
72 réponses
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* * Colle directement le chemin des fichiers , un par un , dans l'espace "Parcourir" apres chaque analyse :
C:\Program Files\JDownloader\JDownloader.exe
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine
=================================
si encore existant supprime ceci :
C:\Windows\Tasks\qwsrqycygc.job
Virus Total
* * Colle directement le chemin des fichiers , un par un , dans l'espace "Parcourir" apres chaque analyse :
C:\Program Files\JDownloader\JDownloader.exe
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine
=================================
si encore existant supprime ceci :
C:\Windows\Tasks\qwsrqycygc.job
je tiens à préciser que lorsque je tente de démarrer le centre de sécurité via services.msc, ça me désactive de nouveau avst et windows defender et en plus le parefeu.
voici le lien de l'analyse demandée:
http://www.virustotal.com/file-scan/report.html?id=2ad20858f6345078bc00ad84b7445527f685afa8980f8b2ea01ad931b53f817f-1292663466
voici le lien de l'analyse demandée:
http://www.virustotal.com/file-scan/report.html?id=2ad20858f6345078bc00ad84b7445527f685afa8980f8b2ea01ad931b53f817f-1292663466
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
toujours pareil, sauf que maintenant, lorsque je démarre le centre de sécurité via services.msc (car il se désactive tjs aprés le démarrage de windows), ça me désactive uniquement le parefeu qui redémarre tout seul au bout de quelques secondes en désactivant de nouveau le centre de sécurité.
voici les lien:
http://www.cijoint.fr/cjlink.php?file=cj201012/cijJDCgl25.txt
http://www.cijoint.fr/cjlink.php?file=cj201012/cijLRio68Q.txt
http://www.cijoint.fr/cjlink.php?file=cj201012/cijJDCgl25.txt
http://www.cijoint.fr/cjlink.php?file=cj201012/cijLRio68Q.txt
1/.....
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* * Colle directement le chemin des fichiers , un par un , dans l'espace "Parcourir" apres chaque analyse :
C:\Windows\DBLPOW16.DLL
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
===========================
2/.....
desinstalle Web Media player
==========================
3/.....
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous "Personnalisation" :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:Services
Bonjour Service
:OTL
FF - prefs.js..browser.search.selectedEngineURL: "http://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=8251aa81ce6241b2b713adf82d0a261f&subid=&Keywords={searchTerms}"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 4
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
:Reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HonorAutoRunSetting"=1
:Files
C:\uxldqpow.sys
C:\ProgramData\vsosdk
C:\0.bak
C:\0
C:\Windows\ST6UNST.004
C:\Windows\DBLPOW16.DLL
C:\Users\Gaëlle et Lionel\AppData\Roaming\Smiley.ico
@Alternate Data Stream - 368 bytes -> C:\Users\Gaëlle et Lionel\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur "Correction" pour lancer la suppression.
▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* * Colle directement le chemin des fichiers , un par un , dans l'espace "Parcourir" apres chaque analyse :
C:\Windows\DBLPOW16.DLL
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
===========================
2/.....
desinstalle Web Media player
==========================
3/.....
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous "Personnalisation" :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:Services
Bonjour Service
:OTL
FF - prefs.js..browser.search.selectedEngineURL: "http://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=8251aa81ce6241b2b713adf82d0a261f&subid=&Keywords={searchTerms}"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 4
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
:Reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HonorAutoRunSetting"=1
:Files
C:\uxldqpow.sys
C:\ProgramData\vsosdk
C:\0.bak
C:\0
C:\Windows\ST6UNST.004
C:\Windows\DBLPOW16.DLL
C:\Users\Gaëlle et Lionel\AppData\Roaming\Smiley.ico
@Alternate Data Stream - 368 bytes -> C:\Users\Gaëlle et Lionel\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur "Correction" pour lancer la suppression.
▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.
j'ai désinstallé web média qu'a la fin (j'avais pas vu l'étape 2), dois-je relancer Otl?
Voici le lien et le rapport:
http://www.virustotal.com/file-scan/report.html?id=801fb7bedf5591b8891d7baf7d7a3ed759d966abd7e16e68aa40a600905d72ac-1292695067
All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== SERVICES/DRIVERS ==========
Service Bonjour Service stopped successfully!
Service Bonjour Service deleted successfully!
========== OTL ==========
Prefs.js: "http://mp3tubetoolbarsearch.com/{searchTerms}" removed from browser.search.selectedEngineURL
Prefs.js: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 50370 removed from network.proxy.http_port
Prefs.js: 4 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== REGISTRY ==========
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"HonorAutoRunSetting"|1 /E : value set successfully!
========== FILES ==========
C:\uxldqpow.sys moved successfully.
C:\ProgramData\vsosdk folder moved successfully.
C:\0.bak moved successfully.
C:\0 moved successfully.
C:\Windows\ST6UNST.004 moved successfully.
C:\Windows\DBLPOW16.DLL moved successfully.
C:\Users\Gaëlle et Lionel\AppData\Roaming\Smiley.ico moved successfully.
ADS C:\Users\Gaëlle et Lionel\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Classic .NET AppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Ga
->Temp folder emptied: 0 bytes
User: Gaëlle et Lionel
->Temp folder emptied: 2307467 bytes
->Temporary Internet Files folder emptied: 34131100 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 495 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28310 bytes
RecycleBin emptied: 3930933 bytes
Total Files Cleaned = 39,00 mb
OTL by OldTimer - Version 3.2.17.3 log created on 12182010_190250
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Voici le lien et le rapport:
http://www.virustotal.com/file-scan/report.html?id=801fb7bedf5591b8891d7baf7d7a3ed759d966abd7e16e68aa40a600905d72ac-1292695067
All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== SERVICES/DRIVERS ==========
Service Bonjour Service stopped successfully!
Service Bonjour Service deleted successfully!
========== OTL ==========
Prefs.js: "http://mp3tubetoolbarsearch.com/{searchTerms}" removed from browser.search.selectedEngineURL
Prefs.js: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 50370 removed from network.proxy.http_port
Prefs.js: 4 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== REGISTRY ==========
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"HonorAutoRunSetting"|1 /E : value set successfully!
========== FILES ==========
C:\uxldqpow.sys moved successfully.
C:\ProgramData\vsosdk folder moved successfully.
C:\0.bak moved successfully.
C:\0 moved successfully.
C:\Windows\ST6UNST.004 moved successfully.
C:\Windows\DBLPOW16.DLL moved successfully.
C:\Users\Gaëlle et Lionel\AppData\Roaming\Smiley.ico moved successfully.
ADS C:\Users\Gaëlle et Lionel\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Classic .NET AppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Ga
->Temp folder emptied: 0 bytes
User: Gaëlle et Lionel
->Temp folder emptied: 2307467 bytes
->Temporary Internet Files folder emptied: 34131100 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 495 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28310 bytes
RecycleBin emptied: 3930933 bytes
Total Files Cleaned = 39,00 mb
OTL by OldTimer - Version 3.2.17.3 log created on 12182010_190250
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
ok supprime tout ce qui a attrait à Combofix , retelecharge-le , renomme-le à l'enregistrement et refais un scan avec
voici le rapport:
ComboFix 10-12-18.01 - Gaëlle et Lionel 18/12/2010 19:58:57.2.2 - x86
Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1036.18.2047.1263 [GMT 1:00]
Lancé depuis: c:\users\Gaëlle et Lionel\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-11-18 au 2010-12-18 ))))))))))))))))))))))))))))))))))))
.
2010-12-18 19:10 . 2010-12-18 19:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-18 19:10 . 2010-12-18 19:10 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2010-12-18 08:22 . 2010-12-18 08:26 -------- d-----w- C:\Kill'em
2010-12-18 06:34 . 2010-12-18 12:24 -------- d-----w- c:\program files\List_Kill'em
2010-12-17 23:27 . 2010-12-18 19:10 -------- d-----w- c:\users\Gaëlle et Lionel\AppData\Local\temp
2010-12-17 21:06 . 2010-12-17 21:34 -------- d-----w- C:\UsbFix
2010-12-17 20:57 . 2010-12-17 20:57 -------- d-----w- C:\_OTL
2010-12-17 10:29 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-17 10:29 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-17 08:17 . 2010-12-17 11:00 -------- d-----w- c:\program files\ZHPDiag
2010-12-17 08:06 . 2010-12-17 10:06 -------- d-----w- C:\FyK
2010-12-16 23:30 . 2010-12-17 21:37 -------- d-----w- c:\users\Gaëlle et Lionel\AppData\Roaming\PCFix
2010-12-16 23:30 . 2010-12-17 22:24 -------- d-----w- c:\program files\PCFix
2010-12-16 18:11 . 2010-12-16 18:19 -------- d-----w- c:\windows\Downloaded Program Files
2010-12-16 18:07 . 2010-12-16 18:07 54272 --sha-r- c:\windows\system32\KBDPASHJ.dll
2010-12-16 13:20 . 2010-12-17 10:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-16 07:55 . 2010-09-03 15:15 3605096 ----a-w- c:\windows\system32\RtkAPO.dll
2010-12-16 07:55 . 2010-07-02 18:40 70232 ----a-w- c:\windows\system32\MBWrp32.dll
2010-12-16 07:55 . 2006-02-07 14:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2010-12-16 07:55 . 2006-02-07 14:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2010-12-16 07:55 . 2006-02-07 14:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2010-12-16 07:55 . 2006-02-07 14:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2010-12-16 07:55 . 2006-02-07 14:39 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2010-12-16 07:55 . 2005-11-13 22:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2010-12-16 07:55 . 2010-12-16 07:55 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2010-12-16 07:55 . 2010-12-16 07:55 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2010-12-15 16:35 . 2010-12-15 16:35 -------- d-----w- c:\users\Gaëlle et Lionel\AppData\Roaming\ParetoLogic
2010-12-15 16:35 . 2010-12-15 16:35 -------- d-----w- c:\users\Gaëlle et Lionel\AppData\Roaming\DriverCure
2010-12-15 16:35 . 2010-12-18 11:01 -------- d-----w- c:\programdata\ParetoLogic
2010-12-15 11:45 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
2010-12-15 11:45 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 11:45 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-14 22:33 . 2010-12-14 22:33 -------- d-----w- c:\users\Gaëlle et Lionel\AppData\Local\HP
2010-12-14 20:07 . 2010-12-14 20:07 -------- d-----w- c:\programdata\WEBREG
2010-12-14 20:00 . 2010-12-14 22:33 -------- d-----w- c:\users\Gaëlle et Lionel\AppData\Roaming\HP
2010-12-14 19:55 . 2010-12-14 19:55 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-12-14 17:03 . 2010-12-18 11:18 -------- d-----w- c:\programdata\HP
2010-12-14 17:03 . 2009-07-08 10:51 452408 ----a-w- c:\windows\system32\hpzids01.dll
2010-12-14 16:35 . 2010-12-18 11:17 -------- d-----w- c:\program files\Hp
2010-12-14 15:40 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E8FC3F9-9405-429B-9A52-931ACA54EAD6}\mpengine.dll
2010-12-01 16:54 . 2010-12-17 11:00 -------- d-----w- c:\users\Gaëlle et Lionel\AppData\Local\WahOO
2010-11-27 14:18 . 2010-10-28 13:33 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2010-11-27 14:18 . 2010-10-28 13:29 21312 ----a-w- c:\windows\system32\authuitu.dll
2010-11-27 14:18 . 2010-10-28 13:29 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2010-11-27 14:18 . 2010-11-27 14:18 -------- d-----w- c:\program files\TuneUp Utilities 2011
2010-11-27 14:12 . 2010-11-27 14:12 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2010-11-23 21:46 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-17 10:05 . 2010-12-17 10:05 967 ------w- C:\FindyKill_Upload_Me_Bureau.zip
2010-11-17 20:45 . 2010-11-17 20:45 15256 ----a-w- c:\users\Gaëlle et Lionel\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2010-11-17 20:45 . 2010-11-17 20:45 15256 ----a-w- c:\users\Gaëlle et Lionel\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2010-10-30 15:26 . 2010-10-30 15:25 167043 ------w- C:\ZipSave becpwin 30-10-2010.zip
2010-10-30 15:25 . 2010-09-15 10:25 442368 ------w- c:\windows\Setup1.exe
2010-10-30 15:25 . 2010-09-15 10:25 74752 ----a-w- c:\windows\ST6UNST.EXE
2010-10-19 09:41 . 2009-11-25 21:08 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-27 22:41 . 2010-09-27 22:40 167043 ------w- C:\ZipSave becpwin 28-09-2010.zip
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
2009-10-15 08:53 165184 ----a-w- c:\program files\Neuf\Kit\SFRNavErrorHelper.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX6000"="c:\windows\vVX6000.exe" [2009-07-24 764256]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-11-29 443728]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"UacDisableNotify"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AutoStartNPSAgent"=c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
"Pando"="c:\program files\Pando Networks\Pando\pando.exe" /Minimized
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"VIARaidUtl"=c:\program files\VIA\RAID\raid_tool.exe
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"
"Desktop Disc Tool"="c:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"
"CPMonitor"="c:\program files\Roxio 2010\5.0\CPMonitor.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1caa7ee7c6d31f5;Service Google Update (gupdate1caa7ee7c6d31f5);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 133104]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-07-24 219632]
R2 VRAID Log Service;VRAID Log Service;c:\program files\VIA\RAID\vialogsv.exe [2008-09-24 52888]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2009-07-24 25112]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-08-13 259440]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-07-24 1116656]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-16 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
R3 WMSVC;Service de gestion Web;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 9728]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-26 721904]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-04-07 233472]
S2 ftpsvc;Service FTP Microsoft;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-11-29 363344]
S2 port_nt;port_nt;c:\windows\system32\drivers\port_nt.sys [2000-10-23 3608]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-10-28 1483072]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-04-07 36608]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-29 20952]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys [2009-07-24 2074464]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - FSUSBEXDISK
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
ftpsvc REG_MULTI_SZ ftpsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'
2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 12:10]
2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 12:10]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Gaëlle et Lionel\AppData\Roaming\Mozilla\Firefox\Profiles\94ppojh0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.sfr.fr/accueil/adsl.html
FF - prefs.js: network.proxy.http -
FF - prefs.js: network.proxy.http_port -
FF - prefs.js: network.proxy.type -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2010-12-18 20:14:24
ComboFix-quarantined-files.txt 2010-12-18 19:14
Avant-CF: 28 221 845 504 octets libres
Après-CF: 27 943 055 360 octets libres
- - End Of File - - D1D75E013784BABF3AFD0BB340CDC6C0
ComboFix 10-12-18.01 - Gaëlle et Lionel 18/12/2010 19:58:57.2.2 - x86
Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1036.18.2047.1263 [GMT 1:00]
Lancé depuis: c:\users\Gaëlle et Lionel\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-11-18 au 2010-12-18 ))))))))))))))))))))))))))))))))))))
.
2010-12-18 19:10 . 2010-12-18 19:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-18 19:10 . 2010-12-18 19:10 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2010-12-18 08:22 . 2010-12-18 08:26 -------- d-----w- C:\Kill'em
2010-12-18 06:34 . 2010-12-18 12:24 -------- d-----w- c:\program files\List_Kill'em
2010-12-17 23:27 . 2010-12-18 19:10 -------- d-----w- c:\users\Gaëlle et Lionel\AppData\Local\temp
2010-12-17 21:06 . 2010-12-17 21:34 -------- d-----w- C:\UsbFix
2010-12-17 20:57 . 2010-12-17 20:57 -------- d-----w- C:\_OTL
2010-12-17 10:29 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-17 10:29 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-17 08:17 . 2010-12-17 11:00 -------- d-----w- c:\program files\ZHPDiag
2010-12-17 08:06 . 2010-12-17 10:06 -------- d-----w- C:\FyK
2010-12-16 23:30 . 2010-12-17 21:37 -------- d-----w- c:\users\Gaëlle et Lionel\AppData\Roaming\PCFix
2010-12-16 23:30 . 2010-12-17 22:24 -------- d-----w- c:\program files\PCFix
2010-12-16 18:11 . 2010-12-16 18:19 -------- d-----w- c:\windows\Downloaded Program Files
2010-12-16 18:07 . 2010-12-16 18:07 54272 --sha-r- c:\windows\system32\KBDPASHJ.dll
2010-12-16 13:20 . 2010-12-17 10:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-16 07:55 . 2010-09-03 15:15 3605096 ----a-w- c:\windows\system32\RtkAPO.dll
2010-12-16 07:55 . 2010-07-02 18:40 70232 ----a-w- c:\windows\system32\MBWrp32.dll
2010-12-16 07:55 . 2006-02-07 14:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2010-12-16 07:55 . 2006-02-07 14:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2010-12-16 07:55 . 2006-02-07 14:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2010-12-16 07:55 . 2006-02-07 14:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2010-12-16 07:55 . 2006-02-07 14:39 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2010-12-16 07:55 . 2005-11-13 22:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2010-12-16 07:55 . 2010-12-16 07:55 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2010-12-16 07:55 . 2010-12-16 07:55 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2010-12-15 16:35 . 2010-12-15 16:35 -------- d-----w- c:\users\Gaëlle et Lionel\AppData\Roaming\ParetoLogic
2010-12-15 16:35 . 2010-12-15 16:35 -------- d-----w- c:\users\Gaëlle et Lionel\AppData\Roaming\DriverCure
2010-12-15 16:35 . 2010-12-18 11:01 -------- d-----w- c:\programdata\ParetoLogic
2010-12-15 11:45 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
2010-12-15 11:45 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 11:45 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-14 22:33 . 2010-12-14 22:33 -------- d-----w- c:\users\Gaëlle et Lionel\AppData\Local\HP
2010-12-14 20:07 . 2010-12-14 20:07 -------- d-----w- c:\programdata\WEBREG
2010-12-14 20:00 . 2010-12-14 22:33 -------- d-----w- c:\users\Gaëlle et Lionel\AppData\Roaming\HP
2010-12-14 19:55 . 2010-12-14 19:55 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-12-14 17:03 . 2010-12-18 11:18 -------- d-----w- c:\programdata\HP
2010-12-14 17:03 . 2009-07-08 10:51 452408 ----a-w- c:\windows\system32\hpzids01.dll
2010-12-14 16:35 . 2010-12-18 11:17 -------- d-----w- c:\program files\Hp
2010-12-14 15:40 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E8FC3F9-9405-429B-9A52-931ACA54EAD6}\mpengine.dll
2010-12-01 16:54 . 2010-12-17 11:00 -------- d-----w- c:\users\Gaëlle et Lionel\AppData\Local\WahOO
2010-11-27 14:18 . 2010-10-28 13:33 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2010-11-27 14:18 . 2010-10-28 13:29 21312 ----a-w- c:\windows\system32\authuitu.dll
2010-11-27 14:18 . 2010-10-28 13:29 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2010-11-27 14:18 . 2010-11-27 14:18 -------- d-----w- c:\program files\TuneUp Utilities 2011
2010-11-27 14:12 . 2010-11-27 14:12 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2010-11-23 21:46 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-17 10:05 . 2010-12-17 10:05 967 ------w- C:\FindyKill_Upload_Me_Bureau.zip
2010-11-17 20:45 . 2010-11-17 20:45 15256 ----a-w- c:\users\Gaëlle et Lionel\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2010-11-17 20:45 . 2010-11-17 20:45 15256 ----a-w- c:\users\Gaëlle et Lionel\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2010-10-30 15:26 . 2010-10-30 15:25 167043 ------w- C:\ZipSave becpwin 30-10-2010.zip
2010-10-30 15:25 . 2010-09-15 10:25 442368 ------w- c:\windows\Setup1.exe
2010-10-30 15:25 . 2010-09-15 10:25 74752 ----a-w- c:\windows\ST6UNST.EXE
2010-10-19 09:41 . 2009-11-25 21:08 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-27 22:41 . 2010-09-27 22:40 167043 ------w- C:\ZipSave becpwin 28-09-2010.zip
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
2009-10-15 08:53 165184 ----a-w- c:\program files\Neuf\Kit\SFRNavErrorHelper.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX6000"="c:\windows\vVX6000.exe" [2009-07-24 764256]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-11-29 443728]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"UacDisableNotify"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AutoStartNPSAgent"=c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
"Pando"="c:\program files\Pando Networks\Pando\pando.exe" /Minimized
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"VIARaidUtl"=c:\program files\VIA\RAID\raid_tool.exe
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"
"Desktop Disc Tool"="c:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"
"CPMonitor"="c:\program files\Roxio 2010\5.0\CPMonitor.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1caa7ee7c6d31f5;Service Google Update (gupdate1caa7ee7c6d31f5);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 133104]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-07-24 219632]
R2 VRAID Log Service;VRAID Log Service;c:\program files\VIA\RAID\vialogsv.exe [2008-09-24 52888]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2009-07-24 25112]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-08-13 259440]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-07-24 1116656]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-16 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
R3 WMSVC;Service de gestion Web;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 9728]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-26 721904]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-04-07 233472]
S2 ftpsvc;Service FTP Microsoft;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-11-29 363344]
S2 port_nt;port_nt;c:\windows\system32\drivers\port_nt.sys [2000-10-23 3608]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-10-28 1483072]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-04-07 36608]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-29 20952]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys [2009-07-24 2074464]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - FSUSBEXDISK
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
ftpsvc REG_MULTI_SZ ftpsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'
2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 12:10]
2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 12:10]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Gaëlle et Lionel\AppData\Roaming\Mozilla\Firefox\Profiles\94ppojh0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.sfr.fr/accueil/adsl.html
FF - prefs.js: network.proxy.http -
FF - prefs.js: network.proxy.http_port -
FF - prefs.js: network.proxy.type -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2010-12-18 20:14:24
ComboFix-quarantined-files.txt 2010-12-18 19:14
Avant-CF: 28 221 845 504 octets libres
Après-CF: 27 943 055 360 octets libres
- - End Of File - - D1D75E013784BABF3AFD0BB340CDC6C0
tu n'as pas renommé combofix....
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* * Colle directement le chemin des fichiers , un par un , dans l'espace "Parcourir" apres chaque analyse :
c:\windows\system32\drivers\port_nt.sys
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* * Colle directement le chemin des fichiers , un par un , dans l'espace "Parcourir" apres chaque analyse :
c:\windows\system32\drivers\port_nt.sys
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
