Répondre à : virus hollande interpol 2016-09-12T13:42:40+00:00
Anonyme
Nombre d'articles : 17

Bonjour

Merci pour cette réponse
Hier soir j’ai téléchargé Combofix sur USB via un autre PC, j’ai démarré le PC infecté en mode sans échec avec réseau, branché la clé USB et mis le fichier Combofix sur le bureau ……………..puis je l’ai lancé.
Il n’a pas mis longtemps pour trouver l’infection dans C: et me la nettoyer; le rapport s’est fait comme prévu puis le PC a redémarré.. ^^’

Et ça marche 😀 j’ai relancé Combo qui n’a rien trouvé, désinstallé puis réinstallé Comodo

j’ai l’impression que le second rapport de Combofix a remplacé le premier car voici le seul que j’ai ( à moins que les deux rapports soient cumulés )

Quoiqu’il en soit un immense merci pour votre aide précieuse :merci2:
ComboFix 14-04-12.01 – IANIK 14/04/2014 23:29:12.2.2 – x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3891.2233 [GMT 2:00]
Lancé depuis: c:usersIANIKDesktopComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2014-03-14 au 2014-04-14 ))))))))))))))))))))))))))))))))))))
.
.
2014-04-14 21:36 . 2014-04-14 21:36


d


w- c:userskrandosAppDataLocaltemp
2014-04-14 21:36 . 2014-04-14 21:36


d


w- c:usersDefaultAppDataLocaltemp
2014-04-14 21:36 . 2014-04-14 21:36


d


w- c:userscompteadministrateurAppDataLocaltemp
2014-04-14 09:06 . 2014-04-14 09:06


d


w- c:program files (x86)Malwarebytes Anti-Malware
2014-04-14 09:06 . 2014-04-03 07:51 63192 —-a-w- c:windowssystem32driversmwac.sys
2014-04-14 09:06 . 2014-04-03 07:51 88280 —-a-w- c:windowssystem32driversmbamchameleon.sys
2014-04-14 09:06 . 2014-04-03 07:50 25816 —-a-w- c:windowssystem32driversmbam.sys
2014-04-13 00:27 . 2014-04-14 21:22 119512 —-a-w- c:windowssystem32driversMBAMSwissArmy.sys
2014-04-13 00:27 . 2014-04-13 00:27


d


w- c:programdataMalwarebytes
2014-04-12 23:37 . 2014-04-12 23:37


d


w- c:program filesEnigma Software Group
2014-04-12 23:36 . 2014-04-13 11:17


d


w- c:windowsACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-04-12 17:33 . 2014-04-12 17:37


d


w- C:Boot
2014-04-11 10:44 . 2014-04-12 12:06


d


w- c:usersInvité
2014-04-11 09:00 . 2014-03-31 01:16 23134208 —-a-w- c:windowssystem32mshtml.dll
2014-04-11 09:00 . 2014-03-31 01:13 2724864 —-a-w- c:windowssystem32mshtml.tlb
2014-04-11 09:00 . 2014-03-31 00:13 2724864 —-a-w- c:windowsSysWow64mshtml.tlb
2014-04-11 08:55 . 2014-01-24 02:37 1684928 —-a-w- c:windowssystem32driversntfs.sys
2014-03-28 09:18 . 2014-03-28 09:18


d


w- C:FFOutput
2014-03-28 09:17 . 2014-03-28 09:17


d


w- c:program files (x86)FreeTime
2014-03-28 09:09 . 2014-03-28 09:09


d


w- c:program files (x86)Cbr to Pdf converter
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-14 21:33 . 2013-08-31 15:49 76232 —-a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{99AC2E98-892C-4D23-8779-3E8BF1C52E7F}offreg.dll
2014-04-11 09:31 . 2011-11-17 12:20 90655440 —-a-w- c:windowssystem32MRT.exe
2014-03-04 09:17 . 2014-04-11 08:56 44032 —-a-w- c:windowsapppatchacwow64.dll
2014-03-01 05:16 . 2014-03-14 07:47 4096 —-a-w- c:windowssystem32ieetwcollectorres.dll
2014-03-01 04:58 . 2014-03-14 07:47 2765824 —-a-w- c:windowssystem32iertutil.dll
2014-03-01 04:52 . 2014-03-14 07:47 66048 —-a-w- c:windowssystem32iesetup.dll
2014-03-01 04:51 . 2014-03-14 07:47 48640 —-a-w- c:windowssystem32ieetwproxystub.dll
2014-03-01 04:42 . 2014-03-14 07:47 53760 —-a-w- c:windowssystem32jsproxy.dll
2014-03-01 04:40 . 2014-03-14 07:47 33792 —-a-w- c:windowssystem32iernonce.dll
2014-03-01 04:37 . 2014-03-14 07:47 574976 —-a-w- c:windowssystem32ieui.dll
2014-03-01 04:33 . 2014-03-14 07:47 139264 —-a-w- c:windowssystem32ieUnatt.exe
2014-03-01 04:33 . 2014-03-14 07:47 111616 —-a-w- c:windowssystem32ieetwcollector.exe
2014-03-01 04:32 . 2014-03-14 07:47 708608 —-a-w- c:windowssystem32jscript9diag.dll
2014-03-01 04:23 . 2014-03-14 07:47 940032 —-a-w- c:windowssystem32MsSpellCheckingFacility.exe
2014-03-01 04:17 . 2014-03-14 07:47 218624 —-a-w- c:windowssystem32ie4uinit.exe
2014-03-01 04:02 . 2014-03-14 07:47 195584 —-a-w- c:windowssystem32msrating.dll
2014-03-01 03:54 . 2014-03-14 07:47 5768704 —-a-w- c:windowssystem32jscript9.dll
2014-03-01 03:52 . 2014-03-14 07:47 61952 —-a-w- c:windowsSysWow64iesetup.dll
2014-03-01 03:51 . 2014-03-14 07:47 51200 —-a-w- c:windowsSysWow64ieetwproxystub.dll
2014-03-01 03:42 . 2014-03-14 07:47 627200 —-a-w- c:windowssystem32msfeeds.dll
2014-03-01 03:38 . 2014-03-14 07:47 112128 —-a-w- c:windowsSysWow64ieUnatt.exe
2014-03-01 03:37 . 2014-03-14 07:47 553472 —-a-w- c:windowsSysWow64jscript9diag.dll
2014-03-01 03:35 . 2014-03-14 07:47 2041856 —-a-w- c:windowssystem32inetcpl.cpl
2014-03-01 03:18 . 2014-03-14 07:47 13051904 —-a-w- c:windowssystem32ieframe.dll
2014-03-01 03:14 . 2014-03-14 07:47 4244480 —-a-w- c:windowsSysWow64jscript9.dll
2014-03-01 03:10 . 2014-03-14 07:47 2334208 —-a-w- c:windowssystem32wininet.dll
2014-03-01 03:00 . 2014-03-14 07:47 1964032 —-a-w- c:windowsSysWow64inetcpl.cpl
2014-03-01 02:38 . 2014-03-14 07:47 1393664 —-a-w- c:windowssystem32urlmon.dll
2014-03-01 02:32 . 2014-03-14 07:47 1820160 —-a-w- c:windowsSysWow64wininet.dll
2014-03-01 02:25 . 2014-03-14 07:47 817664 —-a-w- c:windowssystem32ieapfltr.dll
2014-02-16 11:28 . 2014-02-16 11:28 283200 —-a-w- c:windowssystem32driversdtsoftbus01.sys
2014-02-12 23:46 . 2014-02-12 23:46 0 —-a-w- c:windowsSysWow64sho3A72.tmp
2014-02-07 01:23 . 2014-03-14 07:47 3156480 —-a-w- c:windowssystem32win32k.sys
2014-02-04 02:32 . 2014-03-14 07:46 1424384 —-a-w- c:windowssystem32WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-14 07:46 624128 —-a-w- c:windowssystem32qedit.dll
2014-02-04 02:04 . 2014-03-14 07:46 1230336 —-a-w- c:windowsSysWow64WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-14 07:46 509440 —-a-w- c:windowsSysWow64qedit.dll
2014-01-29 02:32 . 2014-03-14 07:47 484864 —-a-w- c:windowssystem32wer.dll
2014-01-29 02:06 . 2014-03-14 07:47 381440 —-a-w- c:windowsSysWow64wer.dll
2014-01-28 02:32 . 2014-03-14 07:47 228864 —-a-w- c:windowssystem32wwansvc.dll
2014-01-23 22:08 . 2014-01-23 22:08 0 —-a-w- c:windowsSysWow64sho71D4.tmp
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt1]
@=”{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}”
[HKEY_CLASSES_ROOTCLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 —-a-w- c:usersIANIKAppDataRoamingDropboxbinDropboxExt.22.dll
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt2]
@=”{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}”
[HKEY_CLASSES_ROOTCLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 —-a-w- c:usersIANIKAppDataRoamingDropboxbinDropboxExt.22.dll
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt3]
@=”{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}”
[HKEY_CLASSES_ROOTCLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 —-a-w- c:usersIANIKAppDataRoamingDropboxbinDropboxExt.22.dll
.
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
“M-Downloader”=”c:program files (x86)M-DownloaderUpdater.exe” [2014-02-04 4675072]
“DAEMON Tools Lite”=”c:program files (x86)DAEMON Tools LiteDTLite.exe” [2013-03-14 3672640]
“Adobe Reader Synchronizer”=”c:program files (x86)AdobeReader 11.0ReaderAdobeCollabSync.exe” [2013-12-21 698760]
.
[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]
“KeNotify”=”c:program files (x86)TOSHIBAUtilitiesKeNotify.exe” [2010-08-15 34160]
“SunJavaUpdateSched”=”c:program files (x86)Common FilesJavaJava Updatejusched.exe” [2013-07-02 254336]
“Adobe ARM”=”c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe” [2013-11-21 959904]
.
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
“TOPI.EXE”=”c:program files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe” [2011-05-16 846936]
.
c:usersInvitéAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
TRDCReminder.lnk – c:program files (x86)TOSHIBATRDCReminderTRDCReminder.exe [2009-9-1 481184]
.
c:userskrandosAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
TRDCReminder.lnk – c:program files (x86)TOSHIBATRDCReminderTRDCReminder.exe [2009-9-1 481184]
.
c:usersIANIKAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Dropbox.lnk – c:usersIANIKAppDataRoamingDropboxbinDropbox.exe /systemstartup [2014-1-3 30714328]
.
c:usersDefault UserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
TRDCReminder.lnk – c:program files (x86)TOSHIBATRDCReminderTRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionwindows]
“LoadAppInit_DLLs”=1 (0x1)
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversiondrivers32]
“aux”=wdmaud.drv
.
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMCODS]
@=””
.
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMSIServer]
@=”Service”
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:program files (x86)SkypeUpdaterUpdater.exe;c:program files (x86)SkypeUpdaterUpdater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:windowssystem32IEEtwCollector.exe;c:windowsSYSNATIVEIEEtwCollector.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:windowssystem32DriversRtsUStor.sys;c:windowsSYSNATIVEDriversRtsUStor.sys [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:program files (x86)Toshiba TEMPROTemproSvc.exe;c:program files (x86)Toshiba TEMPROTemproSvc.exe [x]
R3 TMachInfo;TMachInfo;c:program files (x86)TOSHIBATOSHIBA Service StationTMachInfo.exe;c:program files (x86)TOSHIBATOSHIBA Service StationTMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:program filesTOSHIBATOSHIBA HDD SSD AlertTosSmartSrv.exe;c:program filesTOSHIBATOSHIBA HDD SSD AlertTosSmartSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys;c:windowsSYSNATIVEdriverstsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:windowssystem32driversTsUsbGD.sys;c:windowsSYSNATIVEdriversTsUsbGD.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:windowssystem32WatWatAdminSvc.exe;c:windowsSYSNATIVEWatWatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:program filesWindows LiveMeshwlcrasvc.exe;c:program filesWindows LiveMeshwlcrasvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:windowssystem32DRIVERSdtsoftbus01.sys;c:windowsSYSNATIVEDRIVERSdtsoftbus01.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:program files (x86)TOSHIBAConfigFreeCFIWmxSvcs64.exe;c:program files (x86)TOSHIBAConfigFreeCFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:program files (x86)TOSHIBAConfigFreeCFSvcs.exe;c:program files (x86)TOSHIBAConfigFreeCFSvcs.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:program files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE;c:program files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE [x]
S2 IconMan_R;IconMan_R;c:program files (x86)RealtekRealtek USB 2.0 Card ReaderRIconMan.exe;c:program files (x86)RealtekRealtek USB 2.0 Card ReaderRIconMan.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:program files (x86)Malwarebytes Anti-Malwarembamscheduler.exe;c:program files (x86)Malwarebytes Anti-Malwarembamscheduler.exe [x]
S2 MBAMService;MBAMService;c:program files (x86)Malwarebytes Anti-Malwarembamservice.exe;c:program files (x86)Malwarebytes Anti-Malwarembamservice.exe [x]
S2 sftlist;Application Virtualization Client;c:program files (x86)Microsoft Application Virtualization Clientsftlist.exe;c:program files (x86)Microsoft Application Virtualization Clientsftlist.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:program files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe;c:program files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe [x]
S3 CeKbFilter;CeKbFilter;c:windowssystem32DRIVERSCeKbFilter.sys;c:windowsSYSNATIVEDRIVERSCeKbFilter.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:windowssystem32DRIVERSHECIx64.sys;c:windowsSYSNATIVEDRIVERSHECIx64.sys [x]
S3 Impcd;Impcd;c:windowssystem32DRIVERSImpcd.sys;c:windowsSYSNATIVEDRIVERSImpcd.sys [x]
S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys;c:windowsSYSNATIVEdriversmbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:windowssystem32driversMBAMSwissArmy.sys;c:windowsSYSNATIVEdriversMBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:windowssystem32driversmwac.sys;c:windowsSYSNATIVEdriversmwac.sys [x]
S3 PGEffect;Pangu effect driver;c:windowssystem32DRIVERSpgeffect.sys;c:windowsSYSNATIVEDRIVERSpgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt64win7.sys;c:windowsSYSNATIVEDRIVERSRt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:windowssystem32DRIVERSrtl8192Ce.sys;c:windowsSYSNATIVEDRIVERSrtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:windowssystem32DRIVERSSftfslh.sys;c:windowsSYSNATIVEDRIVERSSftfslh.sys [x]
S3 Sftplay;Sftplay;c:windowssystem32DRIVERSSftplaylh.sys;c:windowsSYSNATIVEDRIVERSSftplaylh.sys [x]
S3 Sftredir;Sftredir;c:windowssystem32DRIVERSSftredirlh.sys;c:windowsSYSNATIVEDRIVERSSftredirlh.sys [x]
S3 Sftvol;Sftvol;c:windowssystem32DRIVERSSftvollh.sys;c:windowsSYSNATIVEDRIVERSSftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:program files (x86)Microsoft Application Virtualization Clientsftvsa.exe;c:program files (x86)Microsoft Application Virtualization Clientsftvsa.exe [x]
.
.
— Autres Services/Pilotes en mémoire —
.
*NewlyCreated* – MBAMSWISSARMY
*NewlyCreated* – MBAMWEBACCESSCONTROL
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftactive setupinstalled components{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-09 17:21 1150280 —-a-w- c:program files (x86)GoogleChromeApplication33.0.1750.146Installerchrmstp.exe
.
Contenu du dossier ‘Tâches planifiées’
.
2014-04-14 c:windowsTasksGoogleUpdateTaskMachineCore.job
– c:program files (x86)GoogleUpdateGoogleUpdate.exe [2013-01-28 20:28]
.
2014-04-14 c:windowsTasksGoogleUpdateTaskMachineUA.job
– c:program files (x86)GoogleUpdateGoogleUpdate.exe [2013-01-28 20:28]
.
2014-04-13 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-2671813763-2030697355-1250438868-1000Core.job
– c:usersIANIKAppDataLocalGoogleUpdateGoogleUpdate.exe [2014-02-06 19:52]
.
2014-04-14 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-2671813763-2030697355-1250438868-1000UA.job
– c:usersIANIKAppDataLocalGoogleUpdateGoogleUpdate.exe [2014-02-06 19:52]
.
.


X64 Entries


.
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt1]
@=”{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}”
[HKEY_CLASSES_ROOTCLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 —-a-w- c:usersIANIKAppDataRoamingDropboxbinDropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt2]
@=”{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}”
[HKEY_CLASSES_ROOTCLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 —-a-w- c:usersIANIKAppDataRoamingDropboxbinDropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt3]
@=”{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}”
[HKEY_CLASSES_ROOTCLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 —-a-w- c:usersIANIKAppDataRoamingDropboxbinDropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt4]
@=”{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}”
[HKEY_CLASSES_ROOTCLSID{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 —-a-w- c:usersIANIKAppDataRoamingDropboxbinDropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
“IgfxTray”=”c:windowssystem32igfxtray.exe” [2010-08-10 161304]
“HotKeysCmds”=”c:windowssystem32hkcmd.exe” [2010-08-10 386584]
“Persistence”=”c:windowssystem32igfxpers.exe” [2010-08-10 415256]
“RtHDVCpl”=”c:program filesRealtekAudioHDARAVCpl64.exe” [2010-07-28 11101800]
“RtHDVBg”=”c:program filesRealtekAudioHDARAVBg64.exe” [2010-07-28 2120808]
“SynTPEnh”=”c:program files (x86)SynapticsSynTPSynTPEnh.exe” [BU]
.


Examen supplémentaire


.
uLocal Page = c:windowssystem32blank.htm
uStart Page = hxxp://www.google.com” onclick=”window.open(this.href);return false;
mDefault_Page_URL = hxxp://www.google.com” onclick=”window.open(this.href);return false;
mStart Page = hxxp://www.google.com” onclick=”window.open(this.href);return false;
mLocal Page = c:windowsSysWOW64blank.htm
uInternet Settings,ProxyOverride = *.local
IE: HD Streamer Settings… – C:%5CProgram%20Files%20(x86)%5CHD%20Streamer%5CScriptHost.dll/ID1?settings.html
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces{99BE3145-732A-4EC3-A110-A218281DB981}: NameServer = 178.33.41.181,46.4.70.20
TCP: Interfaces{99BE3145-732A-4EC3-A110-A218281DB981}6427565675966696: NameServer = 178.33.41.181,46.4.70.20
TCP: Interfaces{99BE3145-732A-4EC3-A110-A218281DB981}D4F6E64727565796C6D275946494055524C49434: NameServer = 178.33.41.181,46.4.70.20
.
– – – – ORPHELINS SUPPRIMES – – – –
.
Toolbar-Locked – (no file)
AddRemove-{5CE76B83-45ED-585C-13F5-48E73E4C02E9} – c:progra~3INSTAL~1{6ACBC~1Setup.exe
AddRemove-{7D307878-CAEB-782D-3889-5CF971457A1D} – c:progra~3INSTAL~1{0BA3D~1Setup.exe
.
.
.


CLES DE REGISTRE BLOQUEES


.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@=”FlashBroker”
“LocalizedString”=”@c:\Windows\system32\Macromed\Flash\FlashUtil64_11_5_502_146_ActiveX.exe,-101”
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]
“Enabled”=dword:00000001
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]
@=”c:\Windows\system32\Macromed\Flash\FlashUtil64_11_5_502_146_ActiveX.exe”
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]
@=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@=”IFlashBroker5″
.
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]
@=”{00020424-0000-0000-C000-000000000046}”
.
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]
@=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=”1.0”
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@=”FlashBroker”
“LocalizedString”=”@c:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe,-101”
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]
“Enabled”=dword:00000001
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]
@=”c:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe”
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]
@=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@=”Shockwave Flash Object”
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]
@=”c:\Windows\SysWOW64\Macromed\Flash\Flash32_11_5_502_146.ocx”
“ThreadingModel”=”Apartment”
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]
@=”0″
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]
@=”ShockwaveFlash.ShockwaveFlash.11″
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]
@=”c:\Windows\SysWOW64\Macromed\Flash\Flash32_11_5_502_146.ocx, 1″
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]
@=”{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]
@=”1.0″
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]
@=”ShockwaveFlash.ShockwaveFlash”
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@=”Macromedia Flash Factory Object”
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]
@=”c:\Windows\SysWOW64\Macromed\Flash\Flash32_11_5_502_146.ocx”
“ThreadingModel”=”Apartment”
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]
@=”FlashFactory.FlashFactory.1″
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]
@=”c:\Windows\SysWOW64\Macromed\Flash\Flash32_11_5_502_146.ocx, 1″
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]
@=”{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]
@=”1.0″
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]
@=”FlashFactory.FlashFactory”
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@=”IFlashBroker5″
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]
@=”{00020424-0000-0000-C000-000000000046}”
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]
@=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=”1.0”
.
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]
@Denied: (Full) (Everyone)
.
Heure de fin: 2014-04-14 23:38:56
ComboFix-quarantined-files.txt 2014-04-14 21:38
ComboFix2.txt 2014-04-14 20:40
.
Avant-CF: 170 072 498 176 octets libres
Après-CF: 169 792 987 136 octets libres
.
– – End Of File – – 7E59E60B0FDC3F962F8EC2C90818907D