Bonjour,
Voila j'ai un virus qui ralentis énormément mon PC. Je suis sous Windows 7, j'ai fait une analyse avec AVG, et mis en quarantaine SHeur3, et ensuite j'en ai fais une avec kaspersky qui a trouvé WIN32.magania, que j'ai mis en quarantaine aussi. Donc j'ai utilisé le logiciel combofix pour sortir un fichier log. Mais je sais pas le lire et savoir d'ou vient le problème.
Alors si quelqu'un pouvait me donnait un coup de main ce serait très apprécié. Merci
Comboxfix log:
ComboFix 11-02-21.01 - Marcela 02/21/2011 22:37:28.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.511.162 [GMT -5:00]
Running from: d:\users\Marcela\Desktop\ComboFix.exe\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\xcrashdump.dat
d:\windows\system32\twunk_32.exe
.
((((((((((((((((((((((((( Files Created from 2011-01-22 to 2011-02-22 )))))))))))))))))))))))))))))))
.
2011-02-22 03:50 . 2011-02-22 03:50 -------- d-----w- d:\users\Marcela\AppData\Local\temp
2011-02-22 03:50 . 2011-02-22 03:50 -------- d-----w- d:\users\Default\AppData\Local\temp
2011-02-22 03:32 . 2011-02-22 03:33 -------- d-----w- D:\32788R22FWJFW
2011-02-21 00:30 . 2011-01-20 15:39 5890896 ----a-w- d:\programdata\Microsoft\Windows Defender\Definition Updates\{3EB2A4CE-D6FB-4813-B4FE-CAE92857B7A3}\mpengine.dll
2011-02-21 00:24 . 2011-02-21 00:24 -------- d-----w- d:\programdata\Kaspersky Lab Setup Files
2011-02-20 16:21 . 2011-02-20 16:21 -------- d-----w- d:\users\Marcela\AppData\Roaming\Malwarebytes
2011-02-20 16:20 . 2011-02-20 16:20 -------- d-----w- d:\programdata\Malwarebytes
2011-02-20 05:04 . 2011-02-20 05:04 -------- d-----w- d:\programdata\Driver Boost
2011-02-20 00:16 . 2011-02-20 00:16 -------- d-----w- d:\program files\iPod
2011-02-20 00:11 . 2011-02-20 00:23 -------- d-----w- d:\program files\iTunes
2011-02-19 23:01 . 2011-02-19 23:01 -------- d-----w- d:\users\Marcela\AppData\Roaming\AVG10
2011-02-19 22:55 . 2011-02-19 22:55 -------- d--h--w- d:\programdata\Common Files
2011-02-19 22:53 . 2011-02-21 00:04 -------- d-----w- d:\programdata\AVG10
2011-02-19 22:23 . 2011-02-19 22:52 -------- d-----w- d:\programdata\MFAData
2011-02-11 08:31 . 2011-02-11 08:31 -------- d-----w- D:\found.000
2011-02-11 03:26 . 2010-10-27 04:40 1289536 ----a-w- d:\windows\system32\ntdll.dll
2011-02-11 03:26 . 2010-10-27 04:43 3901824 ----a-w- d:\windows\system32\ntoskrnl.exe
2011-02-11 03:25 . 2010-10-27 04:43 3957120 ----a-w- d:\windows\system32\ntkrnlpa.exe
2011-02-11 03:24 . 2011-01-05 03:37 2329088 ----a-w- d:\windows\system32\win32k.sys
2011-02-11 03:23 . 2010-12-18 05:29 541184 ----a-w- d:\windows\system32\kerberos.dll
2011-02-11 03:22 . 2011-01-05 05:37 428032 ----a-w- d:\windows\system32\vbscript.dll
2011-02-11 03:20 . 2011-01-07 07:27 34304 ----a-w- d:\windows\system32\atmlib.dll
2011-02-11 03:20 . 2011-01-07 05:33 294400 ----a-w- d:\windows\system32\atmfd.dll
2011-02-11 03:19 . 2010-12-21 05:38 204288 ----a-w- d:\windows\system32\upnp.dll
2011-02-11 03:19 . 2010-12-21 05:36 1389568 ----a-w- d:\windows\system32\msxml6.dll
2011-02-11 03:18 . 2010-12-21 05:38 981504 ----a-w- d:\windows\system32\wininet.dll
2011-02-11 03:18 . 2010-12-21 05:36 1236992 ----a-w- d:\windows\system32\msxml3.dll
2011-02-11 03:18 . 2010-12-21 05:38 350720 ----a-w- d:\windows\system32\winhttp.dll
2011-02-11 03:18 . 2010-12-21 05:38 204800 ----a-w- d:\windows\system32\WebClnt.dll
2011-02-11 03:18 . 2010-12-21 05:34 80384 ----a-w- d:\windows\system32\davclnt.dll
2011-02-11 03:18 . 2010-12-21 05:38 73728 ----a-w- d:\windows\system32\wscsvc.dll
2011-02-11 03:18 . 2010-12-21 05:38 51200 ----a-w- d:\windows\system32\wscapi.dll
2011-02-11 03:18 . 2010-12-21 05:38 14336 ----a-w- d:\windows\system32\slwga.dll
2011-02-11 03:16 . 2011-02-03 05:45 219008 ----a-w- d:\windows\system32\drivers\dxgmms1.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 22:11 . 2010-04-28 23:40 222080 ------w- d:\windows\system32\MpSigStub.exe
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- d:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- d:\windows\system32\QuickTime.qts
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="d:\program files\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 427328]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"NeroFilterCheck"="d:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="d:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"AppleSyncNotifier"="d:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MBAMSwissArmy;MBAMSwissArmy;d:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;d:\windows\system32\DRIVERS\netaapl.sys [2010-04-20 18432]
R3 VST_DPV;VST_DPV;d:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 VSTHWBS2;VSTHWBS2;d:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
R3 WatAdminSvc;Windows Activation Technologies Service;d:\windows\system32\Wat\WatAdminSvc.exe [2010-04-30 1343400]
S0 amacpi;Microsoft Away Mode System;d:\windows\system32\DRIVERS\null.sys [2009-07-13 4608]
S0 sptd;sptd;d:\windows\System32\Drivers\sptd.sys [2010-04-28 697328]
S2 HsfXAudioService;HsfXAudioService;d:\windows\system32\svchost.exe [2009-07-14 20992]
S2 NSL;Norton Safe Web Lite;d:\program files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe [2010-05-23 126904]
S3 WDC_SAM;WD SCSI Pass Thru driver;d:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - d:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - d:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - d:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - d:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath - d:\users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\j8kjx12s.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Norton Safe Web Lite Toolbar: {203FB6B2-2E1E-4474-863B-4C483ECCE78E} - d:\programdata\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.0.1.8\coFFNST
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-OPSE reminder - d:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe
HKLM-Run-Malwarebytes' Anti-Malware (reboot) - d:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NSL]
"ImagePath"="\"d:\program files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe\" /s \"NSL\" /m \"d:\program files\Norton Safe Web Lite\Engine\1.0.1.8\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-02-21 22:54:17
ComboFix-quarantined-files.txt 2011-02-22 03:54
Pre-Run: 93,080,219,648 bytes free
Post-Run: 97,175,449,600 bytes free
- - End Of File - - 63A46CF6F5392C064020EFB5C271B259
Afficher la suite