Pageinternet.be/ps3.php – malware ?

Bonjour,

J'ai dû me faire avoir comme un débutant car parfois, en ouvrant Chrome ou Internet Explorer, il charge hxxp://pageinternet.be/ps3.php avant de retourner sur Google.

J'ai suivi quelques conseil et je suis arrivé sur Combofix... voilà le rapport, où j'ai trouvé l'adresse hxxp://pageinternet.be/ps3.php

Mais maintenant, que faire ?
Merci de votre aide...

-----------------

ComboFix 12-01-17.02 - Dan 18/01/2012 2:40.1.8 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.4073.2388 [GMT 1:00]
Lancé depuis: d:\downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\4D
c:\programdata\4D\4D Runtime Volume License Preferences 2004.RSR
c:\programdata\4D\4D Write Prefs.RSR
c:\programdata\4D\4D Write\sPAIEctacle 4410.RSR
c:\programdata\4D\GHS\Logs\Sauvegarde\LogSauvegarde1109.txt
c:\programdata\4D\GHS\Logs\Sauvegarde\LogSauvegarde1110.txt
c:\programdata\4D\GHS\Logs\Sauvegarde\LogSauvegarde1111.txt
c:\programdata\4D\GHS\Logs\Sauvegarde\LogSauvegarde1112.txt
c:\programdata\4D\GHS\Logs\Sauvegarde\LogSauvegarde1201.txt
c:\programdata\4D\perso262144.dic
c:\programdata\FullRemove.exe
c:\users\Dan\AppData\Roaming\4D
c:\users\Dan\AppData\Roaming\4D\4D Write Prefs v12.RSR
c:\users\Dan\AppData\Roaming\4D\GHS\Courant.lnk
c:\users\Dan\AppData\Roaming\4D\GHS\Logs\Nettoyage\LogNettoyage1201.txt
c:\users\Dan\AppData\Roaming\4D\GHS\Logs\Sauvegarde\LogSauvegarde1201.txt
c:\users\Dan\AppData\Roaming\4D\GHS\Récents\Paie 05-20~011-11-29).1.lnk
c:\users\Dan\AppData\Roaming\4D\perso262144.dic
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-12-18 au 2012-01-18 ))))))))))))))))))))))))))))))))))))
.
.
2012-01-18 01:48 . 2012-01-18 01:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-18 01:08 . 2012-01-18 01:08 -------- d-----w- c:\users\Dan\AppData\Roaming\QuickScan
2012-01-18 01:05 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F78CF84-5514-4476-BD1F-575AD092F7DB}\mpengine.dll
2012-01-17 10:19 . 2012-01-17 10:24 -------- d-----w- C:\temp
2012-01-16 12:20 . 2012-01-16 12:20 -------- dc-h--w- c:\programdata\{9327ACE9-CC82-4A33-9B33-291ACA1E267B}
2012-01-16 12:19 . 2012-01-16 12:19 -------- dc-h--w- c:\programdata\{DCC412E7-393B-4016-91FB-9307F059AFB6}
2012-01-16 12:18 . 2012-01-16 12:18 -------- dc-h--w- c:\programdata\{49FAB1E7-7D4E-4015-BBCA-E52669133FB7}
2012-01-16 11:56 . 2012-01-16 11:56 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-16 11:50 . 2012-01-16 11:50 -------- d-----w- c:\users\Dan\AppData\Roaming\Malwarebytes
2012-01-16 11:50 . 2012-01-16 11:50 -------- d-----w- c:\programdata\Malwarebytes
2012-01-16 11:50 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-16 11:50 . 2012-01-16 11:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-13 17:44 . 2012-01-13 17:44 338432 ----a-w- c:\windows\SysWow64\REX Shared Library.dll
2012-01-13 17:44 . 2012-01-13 17:44 406528 ----a-w- c:\windows\SysWow64\ReWire.dll
2012-01-13 17:40 . 2012-01-13 17:44 -------- d-----w- c:\programdata\Propellerhead Software
2012-01-13 17:40 . 2012-01-13 17:40 -------- d-----w- c:\users\Dan\AppData\Roaming\Propellerhead Software
2012-01-13 17:37 . 2012-01-13 17:37 -------- d-----w- c:\program files (x86)\Propellerhead
2012-01-13 16:19 . 2012-01-13 16:19 -------- dc-h--w- c:\programdata\{0F90C280-4264-421D-B061-171A009C45E3}
2012-01-13 05:19 . 2012-01-13 05:19 -------- d-----w- c:\program files (x86)\Spectrasonics
2012-01-13 05:17 . 2012-01-16 12:22 -------- d-----w- c:\users\Dan\AppData\Local\Native Instruments
2012-01-13 04:01 . 2012-01-13 04:01 -------- dc-h--w- c:\programdata\{D1E50F38-400B-4231-8140-FB47E150B777}
2012-01-13 04:01 . 2012-01-13 04:01 -------- d-----w- c:\program files (x86)\Common Files\Native Instruments
2012-01-12 11:36 . 2012-01-12 11:36 -------- d-----w- c:\program files (x86)\Alcohol Soft
2012-01-12 11:34 . 2012-01-12 11:34 503352 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-01-11 19:19 . 2012-01-11 19:19 -------- dc----w- c:\programdata\{98352F45-F344-4528-B4AA-8BB717C0157D}
2012-01-11 19:13 . 2012-01-11 19:13 -------- dc----w- c:\programdata\{34F39B18-8D21-4D30-ABA7-42DA1C8D5D9F}
2012-01-11 17:56 . 2006-11-09 14:20 190072 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe
2012-01-11 17:56 . 2006-11-09 14:20 2111096 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\NPSWF32.dll
2012-01-11 17:25 . 2012-01-11 17:25 91276 ---h--r- c:\program files (x86)\mslch.vbs
2012-01-11 15:31 . 2012-01-11 17:56 -------- d-----w- c:\program files (x86)\Native Instruments
2012-01-11 15:31 . 2006-10-26 14:29 61440 ----a-w- c:\windows\SysWow64\NI_DFD_1_5.dll
2012-01-11 15:31 . 2006-10-26 14:29 393216 ----a-w- c:\windows\SysWow64\NI_IRC_1_2.dll
2012-01-11 15:31 . 2012-01-12 20:36 -------- d-----w- c:\program files (x86)\Vir2 Instruments
2012-01-11 15:14 . 2012-01-11 15:20 -------- d-----w- c:\users\Dan\AppData\Local\DADSU-CTL-V01X06
2012-01-11 15:14 . 2012-01-11 15:14 -------- d-----w- c:\program files (x86)\DADSU-CTL-V01X06
2012-01-11 04:23 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 04:23 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 04:23 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 04:23 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 04:23 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 04:23 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-11 04:23 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 04:23 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-12-25 12:17 . 2011-12-25 12:17 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2011-12-25 12:17 . 2011-12-25 12:17 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2011-12-25 12:17 . 2011-12-25 12:17 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2011-12-25 12:17 . 2011-12-25 12:17 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2011-12-23 17:27 . 2011-12-23 17:27 -------- d-----w- c:\program files (x86)\SAGEM
2011-12-23 17:27 . 2011-12-23 17:27 -------- d-----w- c:\users\Dan\AppData\Roaming\InstallShield
2011-12-22 16:45 . 2011-12-22 16:45 -------- d-----w- c:\windows\Options
2011-12-22 16:45 . 2010-01-05 18:23 1847296 ----a-r- c:\windows\system32\athurx.sys
2011-12-22 16:45 . 2011-12-22 16:45 -------- d-----w- c:\programdata\TP-LINK
2011-12-19 12:24 . 2011-12-19 12:24 -------- d-----w- c:\users\Dan\yf
2011-12-19 11:57 . 2011-12-19 11:57 -------- d-----w- c:\users\Dan\AppData\Local\Your Freedom
2011-12-19 11:56 . 2011-12-19 11:57 -------- d-----w- c:\program files (x86)\Your Freedom
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-18 01:07 . 2011-09-07 21:00 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-12-21 13:29 . 2011-09-16 12:29 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52 . 2011-12-14 10:43 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 11:40 . 2011-09-09 05:59 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-18 17:42 . 2011-11-18 17:42 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-05 05:32 . 2011-12-14 10:43 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 10:43 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 13:13 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 13:13 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 13:13 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 13:13 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 13:13 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 13:13 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 13:13 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 13:13 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-26 05:21 . 2011-12-14 10:48 43520 ----a-w- c:\windows\system32\csrsrv.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2011-04-13 02:33 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ajax"="c:\program files (x86)\mslch.vbs" [2012-01-11 91276]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2010-08-20 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"adiras"="c:\windows\adirasx64.exe" [2007-02-13 253008]
.
c:\users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 E4LOADER;General Purpose USB Driver (e4ldrx64.sys);c:\windows\system32\Drivers\e4ldrx64.sys [2007-01-04 71832]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbawx64.sys [2007-01-04 146968]
R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Inspection réseau Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187B.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
R4 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R4 AsusUacSvc;Asus process privilege adjust service;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [2010-07-27 113840]
R4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-08-13 79360]
R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-08-13 79360]
R4 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2011-04-13 332272]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-11 378472]
R4 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]
R4 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [x]
S2 MboxAudioDevMon;Mbox Audio Device Monitor;c:\program files (x86)\Avid\Mbox\AudioDevMon.exe [2010-05-25 1919504]
S2 MboxMiniAudioDevMon;Mbox Mini Audio Device Monitor;c:\program files (x86)\Avid\Mbox Mini\AudioDevMon.exe [2010-05-06 1919504]
S2 MboxProAudioDevMon;Mbox Pro Audio Device Monitor;c:\program files (x86)\Avid\Mbox Pro\AudioDevMon.exe [2010-06-11 1919504]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 5352960]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 MBOX;Service for Avid Mbox;c:\windows\system32\DRIVERS\AvidMbox.sys [x]
S3 MBOXDFU;Service for Avid Mbox DFU;c:\windows\system32\DRIVERS\AvidMbox_DFU.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contenu du dossier 'Tâches planifiées'
.
2012-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
2012-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2011-04-13 02:33 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 91.121.85.116:80
TCP: DhcpNameServer = 192.168.1.254
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/fr/Core/Player/2020PlayerAX_IKEA_Win32.cab
FF - ProfilePath - c:\users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\w5vh7xnd.default\
FF - prefs.js: browser.startup.homepage - hxxp://pageinternet.be/ps3.php
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 5.6.7.8
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Toolbar-Locked - (no file)
AddRemove-Roger Nichols Digital DETAILER VST RTAS_is1 - c:\program files (x86)\Roger Nichols Digital
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2012-01-18 02:51:56
ComboFix-quarantined-files.txt 2012-01-18 01:51
.
Avant-CF: 74 497 712 128 octets libres
Après-CF: 74 345 512 960 octets libres
.
- - End Of File - - 5D119F52FDA58F961B01C442CB8170A4

Sujet	Commencé par	Statistiques	Infos sur le dernier message
[Résolu] Infection détectée sous Windows Vista 1 2 3 4 Problème d'installation d'office 2010	mc guill	37 réponses 1277 vues	01 mai 2012 - 09:41 Par : Tonton
SOS rapport Combofix please ! Sérieuse suspicion de contamination	Ecucu	3 réponses 157 vues	19 mai 2012 - 10:05 Par : bernard53
Malwarebytes Anti-Malware et Utorrent	Yuuki	6 réponses 251 vues	20 mai 2012 - 05:53 Par : Dylav
Ne peut se connecter à Internet 1 2 3 SousWindows 7	scrattinette	25 réponses 307 vues	12 mai 2012 - 12:33 Par : ph1ph1l0u
Aide pour contrôle si infection + problème Avira 1 2	jp9905	12 réponses 619 vues	11 mai 2012 - 02:11 Par : Notpa
Infection Smart Fortress 2012	mattam	0 réponses 214 vues	15 mai 2012 - 01:07 Par : mattam
[Résolu] Malware détecté dans rapport HiJackThis	Freeboy	7 réponses 338 vues	09 mai 2012 - 09:07 Par : tomtom95
Possible infection ? 1 2 Problème de lenteur et démarrage	gaby62	10 réponses 211 vues	11 mai 2012 - 12:25 Par : Apollo
Analyse rapport ComboFix 1 2	mimi6515	12 réponses 427 vues	23 avril 2012 - 10:57 Par : APFP38
Infection virus Virus « Office central de lutte » etc.	martinmartin	0 réponses 151 vues	10 mai 2012 - 10:35 Par : martinmartin

Forums Zebulon.fr: Pageinternet.be/ps3.php – malware ? - Forums Zebulon.fr

Pageinternet.be/ps3.php – malware ? Peut-être une infection ? Help avec Combofix Noter :

#1 danipalinka

PUBLICITÉ

1 utilisateur(s) en train de lire ce sujet
0 membre(s), 1 invité(s), 0 utilisateur(s) anonyme(s)

Supprimer le message

Thème et langage

Statistiques d'exécution