Bonjour ,voila je viens d'effectuer le nouveau scan Comb avec le fichier que vous m'avez envoyé glisser dedans ,en ce qui concerne mes soucis , j'ai du ouvrir firefox avec l'autorisation administrteur ,le message d'interdiction est revenu et m'empeche d'ouvrir des applications comme par exemple , media player classic , window media player , movie maker , msn ,impossible d'acceder au panneau de configuration , programma par defaut , etc , les icones en bas à droite d' antivir , ont encore disparus il ne reste que son , branchement et icone de connexion et l'heure , donc voici le Nx compte rendu de combo à bientot merci :
ComboFix 10-04-26.02 - coach 27/04/2010 10:03:09.3.2 - x86
Microsoft® Windows Vista™ Professionnel 6.0.6002.2.1252.33.1036.18.2039.1117 [GMT 2:00]
Lancé depuis: c:\users\coach\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\coach\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
FILE ::
"c:\program files\mozilla firefox\components\pbgk1_8.dll"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\mozilla firefox\components\pbgk1_8.dll
c:\windows\system32\%appdata%
c:\windows\system32\%appdata%\Microsoft\Windows\IETldCache\index.dat . . . . impossible à supprimer
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_geunkyw
-------\Service_geunkyw
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-27 au 2010-04-27 ))))))))))))))))))))))))))))))))))))
.
2010-04-27 08:12 . 2010-04-27 08:16 -------- d-----w- c:\users\coach\AppData\Local\temp
2010-04-27 08:12 . 2010-04-27 08:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-27 08:12 . 2010-04-27 08:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-25 05:37 . 2010-04-25 05:37 -------- d-----w- c:\users\coach\AppData\Roaming\Malwarebytes
2010-04-25 05:36 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-25 05:36 . 2010-04-25 05:36 -------- d-----w- c:\programdata\Malwarebytes
2010-04-25 05:36 . 2010-04-25 05:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-25 05:36 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-14 14:55 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 14:55 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 14:55 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 14:55 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 14:55 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 14:55 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 14:55 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 14:55 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 14:55 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 14:54 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 14:54 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-27 08:13 . 2010-02-23 19:25 860672 ----a-w- c:\windows\system32\drivers\geunkyw.sys
2010-04-27 07:12 . 2006-11-02 15:47 669566 ----a-w- c:\windows\system32\perfh00C.dat
2010-04-27 07:12 . 2006-11-02 15:47 123556 ----a-w- c:\windows\system32\perfc00C.dat
2010-04-27 00:38 . 2008-11-12 18:19 -------- d-----w- c:\users\coach\AppData\Roaming\uTorrent
2010-04-26 18:24 . 2008-12-08 20:10 -------- d-----w- c:\programdata\DVD Shrink
2010-04-26 16:48 . 2008-01-07 07:25 -------- d-----w- c:\programdata\Google Updater
2010-04-23 18:20 . 2007-10-27 10:29 -------- d-----w- c:\users\coach\AppData\Roaming\Skype
2010-04-23 17:34 . 2008-05-07 17:21 -------- d-----w- c:\users\coach\AppData\Roaming\skypePM
2010-04-22 06:13 . 2007-10-27 10:29 -------- d-----w- c:\program files\Google
2010-04-14 15:35 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-14 15:32 . 2007-07-16 21:00 -------- d-----w- c:\programdata\Microsoft Help
2010-03-23 12:23 . 2010-03-23 12:23 -------- d-----w- c:\programdata\Avira
2010-03-23 12:23 . 2010-03-23 12:23 -------- d-----w- c:\program files\Avira
2010-03-04 13:54 . 2010-03-04 13:54 -------- d-----w- c:\users\coach\AppData\Roaming\FastStone
2010-03-04 13:54 . 2010-03-04 13:54 -------- d-----w- c:\program files\FastStone Photo Resizer
2010-02-26 17:56 . 2007-10-03 11:15 71848 ----a-w- c:\users\coach\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-03 15:21 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-30 19:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-30 19:04 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-30 19:04 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-30 19:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-10 20:01 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-10 20:01 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-10 20:01 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-15 08:17 . 2007-10-25 16:26 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-02-15 08:16 . 2010-02-15 08:04 89280248 ----a-w- c:\users\coach\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe
2010-02-12 10:32 . 2010-03-03 15:56 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-10 10:01 . 2010-02-10 10:01 3441144 ----a-w- c:\users\coach\AppData\Roaming\Alicia Keys - Empire State Of Mind (part ii).zip
2010-02-03 18:35 . 2010-02-03 18:35 50354 ----a-w- c:\users\coach\AppData\Roaming\Facebook\uninstall.exe
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\users\coach\AppData\Roaming\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\users\coach\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 17:59 2953216 ----a-w- c:\program files\Protector Suite QL\farchns.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 17:59 2953216 ----a-w- c:\program files\Protector Suite QL\farchns.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-04 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 4431872]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2007-06-06 561152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-28 17:46 90112 ----a-w- c:\windows\System32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^coach^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Notification de cadeaux MSN.lnk]
path=c:\users\coach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notification de cadeaux MSN.lnk
backup=c:\windows\pss\Notification de cadeaux MSN.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\axis love poll lite]
c:\programdata\Close file byte.lw0ueym [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoamOnce]
c:\programdata\Flap ante ante.ws59zx0 [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2010-02-15 08:18 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-01-04 09:55 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):9c,c5,7c,27,78,21,ca,01
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-04-07 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'
2010-04-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-27 06:58]
2010-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-20 06:59]
2010-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-20 06:59]
2010-04-27 c:\windows\Tasks\User_Feed_Synchronization-{94FC17B0-3F3A-4D3E-9DC1-9E6CABBB19DD}.job
- c:\windows\system32\msfeedssync.exe [2010-03-30 04:54]
.
.
------- Examen supplémentaire -------
.
uStart Page =
hxxp://www.google.commStart Page =
hxxp://www.google.comuSearchURL,(Default) =
hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBRIE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\users\coach\AppData\Roaming\Mozilla\Firefox\Profiles\wz4euovr.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://www.fastbrowsersearch.com/result ... EF&v=18&q=FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.fr/FF - prefs.js: keyword.URL -
hxxp://www.fastbrowsersearch.com/result ... &v=18&tid={7C921F2D-D844-24CE-F246-44BD2B9CE67B}&q=
FF - component: c:\users\coach\AppData\Roaming\Mozilla\Firefox\Profiles\wz4euovr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\coach\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
**************************************************************************
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés:
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'lsass.exe'(692)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
- - - - - - - > 'Explorer.exe'(2700)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\CyberLink\PowerDVD\deskband32.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\program files\Protector Suite QL\upeksvr.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\System Control Manager\edd.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Heure de fin: 2010-04-27 10:25:32 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-04-27 08:25
ComboFix2.txt 2010-04-25 13:44
Avant-CF: 6 558 605 312 octets libres
Après-CF: 6 318 407 680 octets libres
- - End Of File - - 1061C56678D28F9C381333518B32969F