Je suis en mode sans echec.
Et maintenant qu'est ce que je fais ?
HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl|FEATURE_BROWSER_EMULATION /rs
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\FeatureControl|feature_enable_ie_compression /rs
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\FeatureControl|feature_enable_ie_compression /rs
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers /s
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 /s
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\drivers.desc /s
%temp%\smtmp\1\*.* /s
%temp%\smtmp\2\*.* /s
%temp%\smtmp\4\*.* /s
nslookup http://www.google.fr /c
SAVEMBR:0
NetSvcs
%systemroot%\system32\drivers\*.sys /lockedfiles
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
:OTL
O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\iMesh Applications\Mediabar\Datamngr\x64\datamngr.dll (iMesh, Inc) => Infection PUP (PUP.iMesh)
O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\iMesh Applications\Mediabar\Datamngr\x64\IEBHO.dll (iMesh, Inc) => Infection PUP (PUP.iMesh)
[2012/10/06 18:40:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iMesh Applications => Infection PUP (PUP.iMesh)
[2012/09/06 10:11:19 | 000,000,000 | ---D | M] -- C:\Users\Invité\AppData\Roaming\Iminent => Infection PUP (Adware.IMBooster)
[2012/09/06 10:10:55 | 000,000,000 | ---D | M] -- C:\Users\Invité\AppData\Roaming\OfferBox => Infection PUP (PUP.OfferBox)
SRV - [2010/10/12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) => WildTangent Games
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll () => WildTangent Games
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll => WildTangent Games
O4 - HKU\S-1-5-21-3511541904-3810307749-2454394550-1000\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h File not found => Sourceforge.net%Ares
[2011/01/26 17:12:07 | 000,000,000 | ---D | M] -- C:\Users\stephane\AppData\Roaming\Faerie Solitaire => WildTangent Game
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 => Google/Seekeen.com or Web Search
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 => Google/Seekeen.com or Web Search
IE - HKU\S-1-5-21-3511541904-3810307749-2454394550-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sou => Google/Seekeen.com or Web Search
O13 - gopher Prefix: missing => Malware sous Windows NT5
O13 - gopher Prefix: missing => Malware sous Windows NT5
O2 - BHO: (TBSB04240 Class) - {4F37A8FE-00B3-430F-85AA-F97F12E8B651} - C:\Program Files (x86)\ClipToMP3 Toolbar\tbunsqBE90.tmp\tbcore3.dll () => Toolbar.Conduit
O3 - HKLM\..\Toolbar: (ClipToMP3 Toolbar) - {37D4F18B-902D-4794-807B-D6C5314B4FF7} - C:\Program Files (x86)\ClipToMP3 Toolbar\tbunsqBE90.tmp\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\claroTlbr.dll (Montera Technologeis LTD)
"{B6337618-4ECF-45FD-ACCF-71DDDF178754}" = ClipToMP3 => ClipToMP3 Toolbar
"ClipToMP3 Toolbar" = ClipToMP3 Toolbar => ClipToMP3 Toolbar
"{7739A03A-1400-43CF-8556-4C949E530ACB}" = protocol=17 | dir=in | app=c:\users\stephane\appdata\local\microsoft\windows\temporary internet files\content.ie5\2omoaiyy\sweetimsetup[1].exe |
"{815C77EE-FC28-4EAC-A9F3-63953A600800}" = protocol=6 | dir=in | app=c:\users\stephane\appdata\local\microsoft\windows\temporary internet files\content.ie5\2omoaiyy\sweetimsetup[1].exe |
"WildTangent packardbell Master Uninstall" = Packard Bell Games => WildTangent Game
"WT078964" = Bob the Builder Can-Do-Zoo => WildTangent Game
"WT079020" = Faerie Solitaire => WildTangent Game
"WT079024" = FATE - The Traitor Soul => WildTangent Game
"WT079116" = Polar Bowler => WildTangent Game
"WT079120" = Polar Golfer => WildTangent Game
"WT079124" = Polar Pool => WildTangent Game
"WT079395" = Escape Rosecliff Island => WildTangent Game
"{12C629C7-6DCA-4DB0-9EB2-131B15923652}" = protocol=6 | dir=in | app=c:\users\stephane\appdata\roaming\2yourface\updater.exe |
"{144873B4-F194-46C2-AC3B-D05A8FC4A568}" = protocol=17 | dir=in | app=c:\users\stephane\appdata\roaming\2yourface\updater.exe |
"{1FBE6C23-EC9E-4EB5-B472-16F1077EBE82}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | => Infection PUP (PUP.iMesh)
"{49EF14B0-3924-48DF-AEA9-5C348A8EB5C6}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe | => Infection PUP (Adware.IMBooster)
"{590EE068-1872-4675-9C08-5C4DB73CBD22}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\mediabar\datamngr\srtool~1\dtuser.exe | => Infection PUP (PUP.iMesh)
"{C2DA198F-E5AD-4116-8958-4A57121C74C3}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\mediabar\datamngr\srtool~1\dtuser.exe | => Infection PUP (PUP.iMesh)
"{DB2722BC-C252-4FE0-B515-E1B7534D881E}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | => Infection PUP (PUP.iMesh)
"{F3920F1E-5ABD-48CB-8D39-A8FA4F1E0123}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe | => Infection PUP (Adware.IMBooster)
"TCP Query User{575CB2D1-62CD-42B1-B2DC-AC23A971E4DC}C:\program files (x86)\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | => Infection PUP (PUP.iMesh)
"TCP Query User{B32553BC-58E8-43FA-B7E2-2FF3FE03C313}C:\program files (x86)\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | => Infection PUP (PUP.iMesh)
"UDP Query User{A9AAFEEA-8BE3-4552-B0A2-D164FFF2D6C8}C:\program files (x86)\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | => Infection PUP (PUP.iMesh)
"UDP Query User{E486C541-EF76-4ECE-BCC2-537B89FF3652}C:\program files (x86)\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | => Infection PUP (PUP.iMesh)
"{DB8A0A15-1796-489A-9246-29A4798D249B}" = Iminent => Infection PUP (Adware.IMBooster)
"{2F326F85-CC1E-495B-8693-856316C80E34}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | => Apple Computer%Bonjour for Windows
"{32907FA8-E2F1-483D-AED2-491862E74931}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | => Apple Computer%Bonjour for Windows
"{7E2D8411-10C0-40A9-A4A9-521175EBC3FB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | => Apple Computer%Bonjour for Windows
"{88993372-5922-4B4E-8685-C1974E86534F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | => Apple Computer%Bonjour for Windows
"{A7AC2AAA-76B8-4727-BAD4-67B3FC51F1B8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | => Apple Computer%Bonjour for Windows
"{E3D2ECFD-FFCC-4E98-90EC-7B20C4A3E416}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | => Apple Computer%Bonjour for Windows
:Commands
[emptytemp]
[emptyflash]
• AVANT D' UTILISER COMBOFIX •
• Désactives l' U.A.C. le temps de la désinfection. Tuto Win. Seven / Tuto Win. Vista
• Fermes tous tes programmes et applications en cours.
• Deconnectes toi d' Internet.
• Désactives tous tes logiciels de protection (AntiVirus, AntiSpyware, AntiMalwara, PareFeu, ...)
• Pendant la durée de cette étape, ne te sert pas du pc et n'ouvres aucun programme.
• APRÈS AVOIR UTILISER COMBOFIX •
• Ré-actives la protection de l' U.A.C.
Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 35 invités
.: Nous contacter :: Flux RSS :: Données personnelles :. |