Votre question
Fermé

re besoin d'aide pour désinfestion...

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
4 Janvier 2012 14:06:46

Bonjour, problème pour posté mes rapports sur l'autre post....
Voici rapport de ComboFix :
ComboFix 12-01-03.08 - Aline 04/01/2012 13:24:57.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.1238 [GMT 1:00]
Lancé depuis: c:\users\Aline\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}
c:\program files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\defaults\preferences\prefs.js
c:\program files\webmediaplayer
c:\program files\webmediaplayer\sqlite3.dll
c:\program files\webmediaplayer\uninst.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\InternetGameBox
c:\programdata\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Conditions générales.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Confidentialité.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Désinstaller.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\InternetGameBox\InternetGameBox.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Website.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Spyware-Secure trial.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Website.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Conditions générales.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Confidentialité.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\WebMediaPlayer.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Website.lnk
c:\temp\vtmp2
c:\users\Aline\AppData\Roaming\Microsoft\Windows\Recent\www.mu-megaupload.pif
c:\windows\system32\nsinet.exe
c:\windows\system32\nvs2.inf
D:\uninstall.exe
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
-------\Service_Mp3Tube Toolbar Updater Service
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-12-04 au 2012-01-04 ))))))))))))))))))))))))))))))))))))
.
.
2012-01-04 12:37 . 2012-01-04 12:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-03 12:21 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7D4D2423-F10C-4217-88FB-E24FFC4D1EF0}\mpengine.dll
2012-01-02 13:33 . 2012-01-02 13:33 -------- d-----w- c:\users\Aline\AppData\Roaming\Malwarebytes
2012-01-02 13:33 . 2012-01-02 13:33 -------- d-----w- c:\programdata\Malwarebytes
2012-01-02 13:32 . 2012-01-02 18:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-01 14:02 . 2012-01-01 14:06 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-01-01 13:47 . 2012-01-01 13:47 -------- d-----w- c:\program files\ClearProg
2011-12-26 08:54 . 2011-12-26 08:54 -------- d-----w- c:\program files\iPod(41)
2011-12-26 08:54 . 2011-12-26 08:55 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-12-26 08:54 . 2011-12-26 08:55 -------- d-----w- c:\program files\iTunes(42)
2011-12-26 08:51 . 2011-12-26 08:51 -------- d-----w- c:\program files\Apple Software Update(9)
2011-12-26 08:45 . 2012-01-02 23:36 -------- d-----w- c:\program files\Bonjour
2011-12-15 08:29 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:01 . 2011-06-29 11:47 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2008-03-08 07:20 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-07-11 21:22 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2008-07-25 22:56 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2008-03-08 07:20 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2008-03-08 07:20 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2008-03-08 07:20 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2008-07-25 22:56 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2006-10-11 08:04 . 2007-11-28 10:55 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2007-11-28 10:55 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2007-12-07 13:31 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2007-12-07 13:31 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2007-11-28 10:55 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f4e6547e-325b-403c-a3bb-ad29ed37a92f}"= "c:\program files\SearchElf_1.2\prxtbSea2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a83c3565-302c-4bf8-b000-6b6f1811d892}]
2010-08-19 12:27 135840 ----a-w- c:\program files\FreeCompressor\spointer\extensions\freecompressor_air_ie.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}]
2011-01-17 14:54 175912 ----a-w- c:\program files\SearchElf_1.2\prxtbSea2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f4e6547e-325b-403c-a3bb-ad29ed37a92f}"= "c:\program files\SearchElf_1.2\prxtbSea2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F4E6547E-325B-403C-A3BB-AD29ED37A92F}"= "c:\program files\SearchElf_1.2\prxtbSea2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-06-01 1783400]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-02-07 3497984]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-04-14 428544]
"NokiaPCInternetAccess"="c:\program files\Nokia\PC Internet Access\NPCIA.exe" [2009-05-08 536576]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2011-06-02 67456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-09-25 54672]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-10 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2010-12-15 274608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
.
c:\users\Aline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1581740571-4136416168-1869878740-1000Core.job
- c:\users\Aline\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-10 10:53]
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1581740571-4136416168-1869878740-1000UA.job
- c:\users\Aline\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-10 10:53]
.
2012-01-04 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-06-29 09:42]
.
2012-01-03 c:\windows\Tasks\User_Feed_Synchronization-{4DCD9940-E5A8-4F2E-B487-DFDD6012371B}.job
- c:\windows\system32\msfeedssync.exe [2008-10-22 07:33]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr
mStart Page = hxxp://fr.yahoo.com
IE: E&xporter vers Microsoft Excel
IE: {{725EC34E-943C-4df6-B0B2-FBDE7F242276} - c:\users\Aline\Desktop\PartyPoker.fr.lnk
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Aline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: everestpoker.fr\account
Trusted Zone: orange.fr
Trusted Zone: orange.fr\www
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
FF - ProfilePath - c:\users\Aline\AppData\Roaming\Mozilla\Firefox\Profiles\7ij20pen.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - mivolo.com
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&clid=f8f870e1af9843f99073fc8c5c78d70f&subid=&Keywords=
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
FF - prefs.js: browser.search.selectedEngine - Yahoo-Mp3Tube
.
- - - - ORPHELINS SUPPRIMES - - - -
.
URLSearchHooks-{9AE8C233-91C2-401B-B8AD-3C137804C524} - (no file)
WebBrowser-{09B445AE-2345-4FCA-85AE-FB3626ECEBDD} - D:\seeearch.dll
HKCU-Run-SweetIM - c:\program files\Macrogaming\SweetIM\SweetIM.exe
HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
HKLM-Run-EoWeather - (no file)
AddRemove-ScanQuery - c:\program files\ScanQuery\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-04 13:47
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1581740571-4136416168-1869878740-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*F*R*_*K*i*d*c*a*²YõK\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1581740571-4136416168-1869878740-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*éÓãc]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1581740571-4136416168-1869878740-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*éÓãc\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1581740571-4136416168-1869878740-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*éÓãc]
"0"=hex:43,3a,5c,55,73,65,72,73,5c,41,6c,69,6e,65,5c,44,6f,77,6e,6c,6f,61,64,
73,5c,46,72,69,6e,67,65,20,53,30,34,45,30,32,20,56,4f,73,74,66,72,2e,61,76,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(2568)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\SFR\Gestionnaire de Connexion\SFR.DashBoard.Service.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Heure de fin: 2012-01-04 13:55:12 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-01-04 12:54
.
Avant-CF: 37 298 180 096 octets libres
Après-CF: 38 025 936 896 octets libres
.
- - End Of File - - 0D326B3E3BB962FFF5346DFAFC417DE1

Autres pages sur : besoin aide desinfestion

4 Janvier 2012 14:13:07

par contre j'arrive pas à vous mettre le rapport de AdwCleaner... il bloc au moment de "publiez votre réponse"....
Merci pour votre aide et vos infos, tout ça est bon à savoir....
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS