Ca semble être pas mal arrangé.
Let me know si la console de récupération windows c'est un problème, j'ai pas compris ce que combo me demandait sur le coup
Tu en penses quoi?
ComboFix 10-05-07.05 - FM 07/05/2010 19:33:10.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1015.542 [GMT -5:00]
Lancé depuis: c:\documents and settings\FM\Mes documents\Téléchargements\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Thumbs.db
.
original MBR restored successfully !
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2010-04-08 au 2010-05-08 ))))))))))))))))))))))))))))))))))))
.
2010-05-06 17:23 . 2010-05-06 17:29 -------- d-----w- C:\Lop SD
2010-05-01 16:46 . 2010-05-01 16:46 -------- d-----w- C:\MyHosts
2010-04-30 00:16 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-04-29 16:42 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 16:42 . 2010-05-07 15:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 16:42 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-29 16:42 . 2010-04-29 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-28 23:09 . 2010-04-28 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\avG
2010-04-28 22:41 . 2010-04-28 22:41 -------- d-----w- c:\program files\ESET
2010-04-28 22:01 . 2010-05-07 23:58 -------- d-----w- c:\documents and settings\HelpAssistant.EEEPC-FRANÇOIS
2010-04-28 21:51 . 2010-04-28 21:51 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-28 21:49 . 2010-04-28 21:49 -------- d-----w- c:\documents and settings\HelpAssistant\IETldCache
2010-04-28 21:49 . 2010-04-28 21:49 -------- d-----w- c:\documents and settings\HelpAssistant\IECompatCache
2010-04-28 21:46 . 2010-04-28 21:49 -------- d-----w- c:\documents and settings\HelpAssistant\Contacts
2010-04-28 21:39 . 2010-04-28 21:50 -------- d-----w- c:\documents and settings\HelpAssistant\Bureau
2010-04-28 21:39 . 2010-04-28 21:50 -------- d-----w- c:\documents and settings\HelpAssistant\Favoris
2010-04-28 21:39 . 2010-04-28 21:50 -------- d-----w- c:\documents and settings\HelpAssistant\Modèles
2010-04-28 21:39 . 2010-04-28 21:50 -------- d-s---w- c:\documents and settings\HelpAssistant
2010-04-19 15:40 . 2010-04-19 15:40 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-04-19 02:35 . 2010-04-19 02:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-04-19 02:35 . 2010-04-19 02:40 -------- d-----w- c:\program files\Google
2010-04-18 15:02 . 2007-07-19 23:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-04-18 15:02 . 2006-09-28 21:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-04-18 15:02 . 2010-04-18 15:02 -------- d-----w- c:\windows\Logs
2010-04-18 15:01 . 2010-04-18 15:01 -------- d-----w- c:\program files\Virtools
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 00:46 . 2010-03-03 02:46 1889 --sha-w- c:\windows\system32\mmf.sys
2010-05-07 16:18 . 2008-07-07 15:39 88628 ----a-w- c:\windows\system32\perfc00C.dat
2010-05-07 16:18 . 2008-07-07 15:39 517562 ----a-w- c:\windows\system32\perfh00C.dat
2010-05-01 21:00 . 2009-12-20 18:07 -------- d-----w- c:\program files\Full Tilt Poker
2010-05-01 20:46 . 2009-11-22 03:20 -------- d-----w- c:\program files\PokerStars
2010-05-01 20:27 . 2010-01-26 17:47 -------- d-----w- c:\program files\PokerPayNoRake
2010-04-28 23:02 . 2010-01-17 01:41 -------- d-----w- c:\program files\UltimaBet
2010-04-28 22:49 . 2009-07-06 22:11 -------- d-----w- c:\program files\Fichiers communs\BitDefender
2010-04-28 22:47 . 2009-07-06 22:21 81984 ----a-w- c:\windows\system32\bdod.bin
2010-04-28 22:32 . 2008-10-03 09:53 -------- d-----w- c:\program files\CCleaner
2010-04-14 06:10 . 2008-10-26 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-14 06:57 . 2010-02-14 06:57 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-12 04:34 . 2008-07-07 15:39 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-07-07 15:39 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2008-05-07 14:34 . 2008-07-07 15:25 15523560 ----a-w- c:\program files\U1 Setup.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-11-23 203208]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-06-03 98304]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
caclethc REG_SZ c:\windows\system32\bootgfat.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"6778:TCP"= 6778:TCP:Services
"6777:TCP"= 6777:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"5307:TCP"= 5307:TCP:Services
"9114:TCP"= 9114:TCP:Services
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [04/04/2010 17:29 135336]
R2 ApacheNoguskaNolaPro;ApacheNoguskaNolaPro;c:\program files\Noguska\NolaProERP\Apache\bin\Apache.exe [17/01/2008 21:58 20541]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [02/03/2010 21:46 2560]
R2 MySQLNoguskaNolaPro;MySQLNoguskaNolaPro;c:\program files\Noguska\NolaProERP\Apache\mysql\bin\mysqld-nt.exe [14/01/2008 11:17 5701632]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [18/04/2010 21:35 136176]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [07/07/2008 09:19 625024]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09/05/2009 11:41 721904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenu du dossier 'Tâches planifiées'
2010-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-19 02:35]
2010-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-19 02:35]
2010-05-07 c:\windows\Tasks\User_Feed_Synchronization-{82E995D1-7831-4359-A145-5BF11C3BA9A6}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Examen supplémentaire -------
.
uStart Page =
https://webmail.msstate.edu/uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} -
hxxp://mediaplus.grenoble-em.com/downlo ... taller.ocxDPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} -
hxxp://game09.zylom.com/activex/zylomgamesplayer.cabFF - ProfilePath - c:\documents and settings\FM\Application Data\Mozilla\Firefox\Profiles\ozx0x35d.default\
FF - prefs.js: browser.startup.homepage -
hxxps://webmail.msstate.edu/|https://po ... index.aspxFF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -
URLSearchHooks-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
HKCU-Run-VeohPlugin - c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
AddRemove-Chilipoker - c:\poker\Chilipoker\_SetupCasino_4a50.exe
AddRemove-DX-Ball 1.09 - c:\progra~1\JEUXDX~1\UNWISE.EXE
AddRemove-free-downloads.net Toolbar - c:\progra~1\FREE-D~1.NET\UNWISE.EXE
AddRemove-SadMan Software: SnapShot_is1 - c:\program files\SadMan Software\SnapShot\unins000.exe
AddRemove-Sportsbook Poker - c:\program files\Sportsbook Poker\uninstall.exe
AddRemove-Titan Poker - c:\poker\Titan Poker\_SetupPoker_b2535f.exe
AddRemove-Winamax_is1 - c:\winamax\unins000.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\FM\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-05-07 19:47
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347]
"1"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,60,bf,2f,c2,35,91,ae,
25
"2"=hex:fb,e6,50,7f,41,f4,51,a7,7f,ec,2d,f9,42,45,3a,02,3a,b7,45,15,3f,9d,8b,
c3
"3"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,5d,f5,58,d1,21,e0,48,
8b,38,57,44,9c,4e,8d,78,88,fd,f1,01,9d,86,d8,b5,cb,d9,bf,23,55,4a,bb,31,1f
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\0685B4039E83FFC215FE6F791AF60AF7]
"1"=hex:e4,aa,f8,f3,74,8d,9e,c8,87,9d,1b,26,37,fe,f3,a9,e1,65,0b,4e,76,5e,be,
cc,22,d3,ec,74,16,8a,da,65,11,e3,07,bb,51,b8,fc,76
"2"=hex:3d,fb,20,b3,ff,9f,6a,e1
"3"=hex:97,e5,57,74,64,fe,d0,55,41,bc,9c,64,f7,a0,d6,9e,3c,e4,27,2f,da,6d,e5,
93,b3,75,85,2e,be,d4,9a,c0,41,f7,88,2b,46,eb,98,dd,a8,f7,45,2f,d4,b2,17,ce,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:e4,aa,f8,f3,74,8d,9e,c8,87,9d,1b,26,37,fe,f3,a9,e1,65,0b,4e,76,5e,be,
cc,22,d3,ec,74,16,8a,da,65,bd,ea,b5,a3,51,46,25,6c,f1,8e,c6,54,bf,ca,2d,27,\
"7"=hex:93,41,de,56,34,94,a7,b2,fc,ed,3e,91,10,66,4e,1a,c6,31,42,b5,d7,5d,59,
d2,15,2d,46,f0,84,ba,60,d2,1d,15,55,8f,94,36,ff,d9,13,fd,dc,f4,43,be,c7,61,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,2e,4e,96,8c,7e,a3,52,
64,0b,26,ce,91,53,4b,53,9a,85,70,6c,f0,9f,1f,18,c9,f3,fb,e2,b4,f6,a7,d8,a5,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:d0,71,12,cb,08,b7,a7,d6
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:68,b2,10,35,93,98,6d,0e,4a,89,cd,2d,8f,59,f0,4a,61,fd,9d,a5,52,16,3b,
c1,22,c9,bd,35,73,99,ff,59,75,cf,f5,da,a5,bb,59,5f,81,4e,8c,e9,9f,bf,4e,07,\
"13"=hex:d9,f7,07,65,31,ee,84,78,f8,37,a9,8f,fb,32,ee,14,ff,f8,1f,97,fc,3d,51,
32,f5,5d,b5,8b,17,63,09,12,5c,bd,35,2a,e5,05,2f,b1
"14"=hex:3b,83,6e,d7,a9,36,c1,1e,90,df,83,d2,e7,7a,4d,c7
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:dd,32,e2,27,65,68,7f,0d,85,fb,78,bc,35,de,c7,1b
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:ce,fd,41,58,4c,d7,e3,64,fa,b9,04,0c,53,dc,64,af,cb,61,16,d2,b5,48,fe,
46,f3,f9,d7,bd,a3,4f,18,6b,e4,60,da,6e,07,ef,29,cb,c3,75,6c,be,37,b9,78,f1,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(3504)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
c:\program files\eee storage\xpclient.dll
c:\program files\eee storage\logicnp.eznamespaceextensions.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
.
**************************************************************************
.
Heure de fin: 2010-05-07 19:52:53 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-05-08 00:52
Avant-CF: 55 523 131 392 octets libres
Après-CF: 56 899 264 512 octets libres
- - End Of File - - 49D0B6B5EBB7D365F8BE95D62A4D2D02