ZAZA08 : Profil et derniers messages sur le Forum Informatique

[Réglé] Infection Windows Seven

Code: Tout sélectionner: ComboFix 11-11-29.04 - guillaume 29/11/2011 23:12:32.1.2 - x64 Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.2046.1028 [GMT 1:00] Lancé depuis: c:\users\guillaume\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\program files (x86)\BabylonIM\Plugins\IE\iePLugin.dll c:\program files (x86)\FunWebProducts c:\program files (x86)\FunWebProducts\Shared\Cache\CursorManiaBtn.html c:\program files (x86)\FunWebProducts\Shared\Cache\SmileyCentralBtn.htmlx c:\program files (x86)\MyWebSearch c:\program files (x86)\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR c:\program files (x86)\MyWebSearch\bar\2.bin\CHROME.MANIFEST c:\program files (x86)\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR c:\program files (x86)\MyWebSearch\bar\2.bin\F3BKGERR.JPG c:\program files (x86)\MyWebSearch\bar\2.bin\F3CJpeg.dll c:\program files (x86)\MyWebSearch\bar\2.bin\F3DTACTL.DLL c:\program files (x86)\MyWebSearch\bar\2.bin\F3HISTSW.DLL c:\program files (x86)\MyWebSearch\bar\2.bin\F3HTtpct.dll c:\program files (x86)\MyWebSearch\bar\2.bin\F3IMSTUB.DLL c:\program files (x86)\MyWebSearch\bar\2.bin\F3PSSAVR.SCR c:\program files (x86)\MyWebSearch\bar\2.bin\F3REGHK.DLL c:\program files (x86)\MyWebSearch\bar\2.bin\F3RESTUB.DLL c:\program files (x86)\MyWebSearch\bar\2.bin\F3SPACER.WMV c:\program files (x86)\MyWebSearch\bar\2.bin\F3WALLPP.DAT c:\program files (x86)\MyWebSearch\bar\2.bin\F3WPHOOK.DLL c:\program files (x86)\MyWebSearch\bar\2.bin\FWPBUDDY.PNG c:\program files (x86)\MyWebSearch\bar\2.bin\INSTALL.RDF c:\program files (x86)\MyWebSearch\bar\2.bin\M3HIGHIN.EXE c:\program files (x86)\MyWebSearch\bar\2.bin\M3HTml.dll c:\program files (x86)\MyWebSearch\bar\2.bin\M3IDLE.DLL c:\program files (x86)\MyWebSearch\bar\2.bin\M3IMPIPE.EXE c:\program files (x86)\MyWebSearch\bar\2.bin\M3MEDINT.EXE c:\program files (x86)\MyWebSearch\bar\2.bin\M3MSG.DLL c:\program files (x86)\MyWebSearch\bar\2.bin\M3SKPLAY.EXE c:\program files (x86)\MyWebSearch\bar\2.bin\MWSBAR.DLL c:\program files (x86)\MyWebSearch\bar\2.bin\MWSSVC.EXE c:\program files (x86)\MyWebSearch\bar\Avatar\COMMON.F3S c:\program files (x86)\MyWebSearch\bar\Cache\05B99856 c:\program files (x86)\MyWebSearch\bar\Cache\05B9A6C7 c:\program files (x86)\MyWebSearch\bar\Cache\05B9AA8E.bin c:\program files (x86)\MyWebSearch\bar\Cache\05B9AEE2.bin c:\program files (x86)\MyWebSearch\bar\Cache\05B9B142.bin c:\program files (x86)\MyWebSearch\bar\Cache\05B9B3C2.bin c:\program files (x86)\MyWebSearch\bar\Cache\files.ini c:\program files (x86)\MyWebSearch\bar\Game\CHECKERS.F3S c:\program files (x86)\MyWebSearch\bar\Game\CHESS.F3S c:\program files (x86)\MyWebSearch\bar\Game\REVERSI.F3S c:\program files (x86)\MyWebSearch\bar\History\search3 c:\program files (x86)\MyWebSearch\bar\icons\CM.ICO c:\program files (x86)\MyWebSearch\bar\icons\MFC.ICO c:\program files (x86)\MyWebSearch\bar\icons\PSS.ICO c:\program files (x86)\MyWebSearch\bar\icons\SMILEY.ICO c:\program files (x86)\MyWebSearch\bar\icons\WB.ICO c:\program files (x86)\MyWebSearch\bar\icons\ZWINKY.ICO c:\program files (x86)\MyWebSearch\bar\Message\COMMON.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\COMMON.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\DOG.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\FISH.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\MAID.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\OPERA.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\SURFER.F3S c:\program files (x86)\MyWebSearch\bar\Overlay\COMMON.F3S c:\program files (x86)\MyWebSearch\bar\Settings\prevcfg2.htm c:\program files (x86)\MyWebSearch\bar\Settings\s_pid.dat c:\program files (x86)\Object c:\program files (x86)\Object\bho_project.dll c:\program files (x86)\Object\config.ini c:\program files (x86)\Object\enable.txt c:\program files (x86)\Object\status.txt c:\program files (x86)\Object\status2.txt c:\users\guillaume\AppData\Roaming\.# c:\users\guillaume\AppData\Roaming\OfferBox c:\users\guillaume\AppData\Roaming\OfferBox\config.dat c:\users\guillaume\AppData\Roaming\OfferBox\config.xml c:\users\guillaume\AppData\Roaming\PriceGong c:\users\guillaume\AppData\Roaming\PriceGong\Data\1.xml c:\users\guillaume\AppData\Roaming\PriceGong\Data\a.xml c:\users\guillaume\AppData\Roaming\PriceGong\Data\b.xml c:\users\guillaume\AppData\Roaming\PriceGong\Data\c.xml c:\users\guillaume\AppData\Roaming\PriceGong\Data\d.xml c:\users\guillaume\AppData\Roaming\PriceGong\Data\e.xml c:\users\guillaume\AppData\Roaming\PriceGong\Data\f.xml c:\users\guillaume\AppData\Roaming\PriceGong\Data\g.xml c:\users\guillaume\AppData\Roaming\PriceGong\Data\h.xml c:\users\guillaume\AppData\Roaming\PriceGong\Data\i.xml c:\users\guillaume\AppData\Roaming\PriceGong\Data\J.xml c:\users\guillaume\AppData\Roaming\PriceGong\Data\k.xml c:\users\guillaume\AppData\Roaming\PriceGong\Data\l.xml c:\users\guillaume\AppData\Roaming\PriceGong\Data\m.xml c:\users\guillaume\AppData\Roaming\PriceGong\Data\n.xml c:\users\guillaume\AppData\Roaming\PriceGong\Data\o.xml c:\users\guillaume\AppData\Roaming\PriceGong\Data\p.xml c:\users\guillaume\AppData\Roaming\PriceGong\Data\q.xml c:\users\guillaume\AppData\Roaming\PriceGong\Data\r.xml c:\users\guillaume\AppData\Roaming\PriceGong\Data\s.xml c:\users\guillaume\AppData\Roaming\PriceGong\Data\t.xml c:\users\guillaume\AppData\Roaming\PriceGong\Data\u.xml c:\users\guillaume\AppData\Roaming\PriceGong\Data\v.xml c:\users\guillaume\AppData\Roaming\PriceGong\Data\w.xml c:\users\guillaume\AppData\Roaming\PriceGong\Data\x.xml c:\users\guillaume\AppData\Roaming\PriceGong\Data\y.xml c:\users\guillaume\AppData\Roaming\PriceGong\Data\z.xml c:\users\guillaume\videos\eMule0.50a-Installer.exe c:\windows\SysWow64\f3PSSavr.scr . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_MyWebSearchService . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-10-28 au 2011-11-29 )))))))))))))))))))))))))))))))))))) . . 2011-11-29 22:59 . 2011-11-29 22:59 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A99E01E9-D7A0-4500-B22B-B9AEA1EA46F9}\offreg.dll 2011-11-29 22:54 . 2011-11-29 22:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-28 20:33 . 2011-11-28 21:38 -------- d-----w- c:\users\guillaume\AppData\Local\Diagnostics 2011-11-28 19:44 . 2011-11-28 19:44 -------- d-----w- c:\program files (x86)\SAGEM 2011-11-25 12:34 . 2011-10-18 00:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A99E01E9-D7A0-4500-B22B-B9AEA1EA46F9}\mpengine.dll 2011-11-09 21:21 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C5A54075-90F5-4E35-8018-1C3026011DAC}\mpengine.dll 2011-11-09 14:18 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-09 14:18 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-09 14:18 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2011-11-09 14:17 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys 2011-11-06 07:43 . 2011-11-06 07:43 -------- d-----w- c:\program files (x86)\Common Files\Java . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-28 18:01 . 2010-07-29 22:34 41184 ----a-w- c:\windows\avastSS.scr 2011-11-28 18:01 . 2010-03-09 19:39 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe 2011-11-28 18:01 . 2011-01-15 21:34 256960 ----a-w- c:\windows\system32\aswBoot.exe 2011-11-28 17:54 . 2011-03-17 17:13 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-28 17:53 . 2010-03-09 19:44 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-11-28 17:52 . 2010-03-09 19:44 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-11-28 17:52 . 2010-03-09 19:44 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-11-28 17:52 . 2010-03-09 19:44 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-11-28 17:51 . 2010-03-09 19:44 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-10-03 04:06 . 2010-07-21 06:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-09-01 05:24 . 2011-10-13 10:25 2309120 ----a-w- c:\windows\system32\jscript9.dll 2011-09-01 05:17 . 2011-10-13 10:25 1389056 ----a-w- c:\windows\system32\wininet.dll 2011-09-01 05:12 . 2011-10-13 10:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-09-01 02:35 . 2011-10-13 10:25 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-09-01 02:28 . 2011-10-13 10:25 1126912 ----a-w- c:\windows\SysWow64\wininet.dll 2011-09-01 02:22 . 2011-10-13 10:25 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-10-18 10:26 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngin0.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{59994074-c06d-4a75-9768-49e5a8c21264}] 2010-07-29 06:25 2734688 ----a-w- c:\program files (x86)\Messenger_Plus_Live_France\tbMes1.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2011-08-24 16:21 1299248 ----a-w- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{59994074-c06d-4a75-9768-49e5a8c21264}"= "c:\program files (x86)\Messenger_Plus_Live_France\tbMes1.dll" [2010-07-29 2734688] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngin0.dll" [2010-10-18 3908192] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248] . [HKEY_CLASSES_ROOT\clsid\{59994074-c06d-4a75-9768-49e5a8c21264}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-28 39408] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456] "TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-07 247144] "Performance Center"="c:\program files (x86)\Ascentive\Performance Center\APCMain.exe" [2009-04-21 3239936] "ares"="c:\program files (x86)\Ares\Ares.exe" [2010-10-27 1015808] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736] "PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-05 181480] "ORAHSSSessionManager"="c:\program files (x86)\Orange\Connexion Internet Orange\SessionManager\SessionManager.exe" [2009-08-24 135920] "TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-05-02 202256] "SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~2\BABYLO~1\BndHook.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-09 135664] R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-09 135664] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432] R3 PCAMPR4;PCAMPR4 NDIS Protocol Driver;c:\windows\system32\PCAMPR4.SYS [x] R3 PCANDIS4;PCANDIS4 NDIS Protocol Driver;c:\windows\system32\PCANDIS4.SYS [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 BabylonIM Coordinator;BabylonIM Coordinator;c:\progra~2\BABYLO~1\Bandoo.exe [2010-06-09 1937344] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320] S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-08-07 92008] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x] S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . Contenu du dossier 'Tâches planifiées' . 2011-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-09 19:46] . 2011-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-09 19:46] . 2011-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790718917-1058178114-661355394-1000Core1cac82d36dc5566.job - c:\users\guillaume\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-14 19:52] . 2011-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790718917-1058178114-661355394-1000UA.job - c:\users\guillaume\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-14 19:52] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] "combofix"="c:\combofix\CF17784.3XE" [2010-11-20 345088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.orange.fr uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://home.sweetim.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = 200.251.201.1:8080 uInternet Settings,ProxyOverride = <local> TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{DB1582DC-9B45-4204-B9C0-C71091992392}: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{DB1582DC-9B45-4204-B9C0-C71091992392}\356425027596649602055726C69636: DhcpNameServer = 109.0.66.20 109.0.66.10 . - - - - ORPHELINS SUPPRIMES - - - - . BHO-{de4e75d3-60aa-4f02-a0e4-c8a40576574c} - (no file) Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-UniblueRegistryBooster - c:\program files (x86)\Uniblue\RegistryBooster\launcher.exe Wow6432Node-HKCU-Run-PC SpeedScan Pro - c:\program files (x86)\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe SafeBoot-mcmscsvc SafeBoot-MCODS Toolbar-Locked - (no file) WebBrowser-{59994074-C06D-4A75-9768-49E5A8C21264} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{31C322DC-5878-452E-A2D8-C4AAB9973C9A} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-YInstHelper - c:\windows\system32\regsvr32 . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Autres processus actifs ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\progra~2\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files (x86)\Internet Explorer\IELowutil.exe . ************************************************************************** . Heure de fin: 2011-11-30 00:16:07 - La machine a redémarré ComboFix-quarantined-files.txt 2011-11-29 23:16 . Avant-CF: 201 184 337 920 octets libres Après-CF: 201 947 729 920 octets libres . - - End Of File - - 5D1D5ECFC3B5DA0CBC0B0AA80F87667E

ZAZA08

Contacter ZAZA08

Statistiques de l’utilisateur

Le matériel informatique de ZAZA08

Les derniers messages de ZAZA08