Aller au contenu

mallo22

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    1

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par mallo22

  1. mallo22
    Bonjour, je n'arrive pas à enlever le cheval de troie présent sur mon ordinateur. En dernier recours je viens d'utiliser comboFix, j'ai obtenu un rapport mais vraiment je n'y comprend pas grand chose, je ne sais pas si finalement il a éradiquer ce cheval. Si quelqu'un s'y connait, je veux bien de son aide. Voici le rapport que j'ai obtenu, il est assez conséquent...: ComboFix 09-07-19.04 - mallory 20/07/2009 14:55.1.2 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.1957 [GMT 2:00] Running from: c:\users\mallory\Downloads\ComboFix.exe AV: avast! antivirus 4.8.1296 [VPS 090118-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} SP: avast! antivirus 4.8.1296 [VPS 090118-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500 c:\$recycle.bin\S-1-5-21-3555749100-3849095834-987032366-500 c:\users\mallory\AppData\Local\msqsm.dat c:\users\mallory\AppData\Local\msqsm.exe c:\users\mallory\AppData\Local\msqsm_nav.dat c:\users\mallory\AppData\Local\msqsm_navps.dat c:\windows\Installer\1bc283a.msi . ((((((((((((((((((((((((( Files Created from 2009-06-20 to 2009-07-20 ))))))))))))))))))))))))))))))) . 2009-07-20 13:01 . 2009-07-20 13:01 -------- d-----w- c:\users\Administrateur\AppData\Local\temp 2009-07-15 16:36 . 2009-07-15 16:37 -------- d-----w- c:\users\Administrateur\AppData\Local\Adobe 2009-07-15 16:31 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll 2009-07-15 16:31 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-07-15 16:31 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-07-15 16:31 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll 2009-07-07 11:18 . 2009-07-07 11:18 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbE6A9.tmp.exe 2009-07-07 10:49 . 2009-07-07 10:49 0 ----a-w- c:\windows\nsreg.dat 2009-07-07 10:49 . 2009-07-07 10:49 -------- d-----w- c:\users\Administrateur\AppData\Local\Mozilla 2009-07-06 20:53 . 2009-07-06 20:53 -------- d-----w- c:\users\Administrateur\AppData\Local\Apple 2009-07-06 19:07 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll 2009-07-06 19:07 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2009-07-06 19:07 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2009-07-06 19:07 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll 2009-07-06 19:07 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe 2009-07-06 19:07 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll 2009-07-06 19:07 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe 2009-07-06 18:59 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll 2009-07-06 18:59 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll 2009-07-06 18:59 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll 2009-07-06 18:59 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll 2009-07-06 18:59 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll 2009-07-06 18:58 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-07-06 18:58 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-06 16:06 . 2009-07-16 01:32 -------- d-----w- c:\users\Administrateur\Tracing 2009-07-06 12:35 . 2009-07-06 12:35 -------- d-----w- c:\users\Administrateur\AppData\Roaming\ATI 2009-07-06 12:35 . 2009-07-06 12:35 -------- d-----w- c:\users\Administrateur\AppData\Local\ATI 2009-07-06 12:35 . 2009-07-06 19:47 86704 ----a-w- c:\users\Administrateur\AppData\Local\GDIPFONTCACHEV1.DAT 2009-07-06 11:17 . 2009-07-09 10:36 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2009-07-06 11:17 . 2009-07-07 10:48 -------- d-----w- c:\program files\Spybot - Search & Destroy . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-20 09:42 . 2009-02-08 19:52 90 ----a-w- c:\users\mallory\AppData\Local\tafsyd.bat 2009-07-19 19:23 . 2009-03-09 10:33 -------- d-----w- c:\programdata\Google Updater 2009-07-16 01:17 . 2007-12-25 16:42 678956 ----a-w- c:\windows\system32\perfh00C.dat 2009-07-16 01:17 . 2007-12-25 16:42 128004 ----a-w- c:\windows\system32\perfc00C.dat 2009-07-16 01:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-07-06 22:12 . 2008-07-02 16:17 86704 ----a-w- c:\users\mallory\AppData\Local\GDIPFONTCACHEV1.DAT 2009-07-06 19:24 . 2007-12-25 09:08 -------- d-----w- c:\programdata\Microsoft Help 2009-07-06 10:06 . 2008-07-27 11:32 -------- d-----w- c:\users\mallory\AppData\Roaming\LimeWire 2009-06-12 05:25 . 2007-12-25 08:54 -------- d-----w- c:\program files\Microsoft Works 2009-06-04 18:49 . 2009-06-04 18:49 -------- d-----w- c:\program files\R 2009-05-25 20:32 . 2009-01-22 16:21 -------- d-----w- c:\users\mallory\AppData\Roaming\dvdcss 2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr 2009-04-30 12:37 . 2009-06-14 16:19 293376 ----a-w- c:\windows\system32\psisdecd.dll 2009-04-30 12:37 . 2009-06-14 16:19 428544 ----a-w- c:\windows\system32\EncDec.dll 2009-04-23 12:43 . 2009-06-11 21:55 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-23 12:42 . 2009-06-11 21:55 636928 ----a-w- c:\windows\system32\localspl.dll 2009-06-13 08:07 . 2009-01-19 14:03 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll 2007-12-25 17:01 . 2007-12-25 16:48 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 1120568] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-14 39408] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-09 4702208] "Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-08-03 1826816] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{1B7A552A-2770-4AA0-AB77-8359B2E1AF4E}"= c:\program files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports "{E71EF18A-4CC6-43DE-BE42-257CDD34BCA0}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{93D58BE5-C307-46DC-9317-5820B8A9A727}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{B2F51143-78A7-461F-9B92-D976D3885529}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{E6DF9273-8CC0-446E-BD96-0596E6A4475C}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{904A18FA-5F60-4338-8401-4B4F6DCE5FD9}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail "{3AD66B67-B401-4DE1-B574-FC8181791A21}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail "{4A4171F1-0156-46FC-92D4-D1AFC0593BD0}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail "{C7C324BD-B1AA-4EBD-B27E-F016E64359CD}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail "{31ABD39D-8B99-4E00-914E-5EC452E63E2E}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail "{6F131B5E-5544-4AAA-BD1C-09DAEE0BFB31}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail "TCP Query User{2854B003-8A56-4BBB-861F-4BCB1C0E241D}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{E0FC165B-98E4-489C-928D-EC23BB2AAC0F}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire "{972CBA3A-7A28-4465-8630-3E3FCDD05B03}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager "{3051DFF5-89D9-4B25-B18C-AC406C63E1BD}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager "{6BF08949-23F6-4A71-A716-7E0E715F57DF}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:PMSRegisterFile "{9513CBE2-33B9-44C4-A890-13D55239721D}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:PMSRegisterFile "{8DD445FD-DC5B-4174-8437-27AC46F46B2E}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\umi.exe:umi "{3E50FDB8-84D1-45E1-B8DE-D25DDFCE60D8}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\umi.exe:umi "{A793E9FE-F4EA-4A98-921C-9C38ED89A589}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin "{CE499C40-8D93-41CE-B4EF-CE194FC6138E}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin "{096CE9D6-1C0B-43E7-BA60-433F825AE8C5}"= Disabled:UDP:c:\users\mallory\AppData\Local\Temp\ImInstaller\HiYo_Installer.exe:IncrediMail Installer "{BE47CEA2-A530-42C1-A692-8D95C1E62E26}"= Disabled:TCP:c:\users\mallory\AppData\Local\Temp\ImInstaller\HiYo_Installer.exe:IncrediMail Installer "{E448E60A-5C12-4F9C-AFC4-E80D43D9C025}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [17/07/2008 10:15 114768] R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [17/07/2008 10:15 20560] R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [17/07/2008 10:15 51792] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [06/07/2009 13:17 1153368] S2 gupdate1c9a0a28fc96a4b;Service Google Update (gupdate1c9a0a28fc96a4b);c:\program files\Google\Update\GoogleUpdate.exe [09/03/2009 12:34 133104] S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [12/04/2009 23:04 55280] S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-07-20 c:\windows\Tasks\Extension de garantie.job - c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-12-25 16:38] 2009-07-20 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-25 06:24] 2009-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-09 10:33] 2009-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-09 10:33] 2009-07-20 c:\windows\Tasks\Recovery DVD Creator.job - c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-12-25 16:34] 2009-07-19 c:\windows\Tasks\User_Feed_Synchronization-{9F7E34E9-1EC7-4F5C-92C8-603F4FD0A2DC}.job - c:\windows\system32\msfeedssync.exe [2009-07-06 11:31] . - - - - ORPHANS REMOVED - - - - HKCU-Run-msqsm - c:\users\mallory\appdata\local\msqsm.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Search - ?p=ZKxdm177YYFR IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\mallory\AppData\Roaming\Mozilla\Firefox\Profiles\abj9lfn7.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q= FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-20 15:01 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,48,8f,e0,d5,7a, b7,5a,10,e2,63,26,f1,3f,c8,ff,68,0d,97,73,c9,68,ff,dc,bb,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,8d,f6,d8,15,0e, 3a,2b,a2,6a,9c,d6,61,af,45,84,18,45,41,ca,c9,ac,d7,a6,3e,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,f1,0b,2c,e8,ac, 31,d7,4d,ff,7c,85,e0,43,d4,0e,fe,b2,66,76,30,25,c6,5e,2e,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,31,3a,e8,28,56, cc,f8,50,86,8c,21,01,be,91,eb,e7,ce,b3,12,38,2a,ee,69,1f,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,3e,2b,5c,a5,72, 3c,35,eb,f5,1d,4d,73,a8,13,5c,05,69,06,18,b8,ac,42,17,3d,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,53,0f,9a,28,4d, 2e,9a,75,df,20,58,62,78,6b,cf,c8,d3,9e,d0,83,0b,5d,f7,4f,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,c2,d2,05,49,c9, ad,31,a2,fb,a7,78,e6,12,2f,9a,ea,4e,4a,96,a7,80,7a,41,af,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,b1,0e,30,37,83, 41,53,1b,01,3a,48,fc,e8,04,4a,f1,41,b5,3b,50,22,39,90,e3,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,0b,92,85,fb,ca, 06,26,69,f6,0f,4e,58,98,5b,89,c9,cf,20,f4,80,9a,75,2c,f6,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,98,dd,53,58,23, 95,dc,4f,3d,ce,ea,26,2d,45,aa,78,44,03,14,49,5f,76,43,f9,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,1d,3d,c2,80,21, 79,4b,62,2a,b7,cc,b5,b9,7f,41,e7,f8,23,9f,da,01,9d,4b,2d,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,16,17,a7,78,8f, b5,b1,e0,6c,43,2d,1e,aa,22,2f,9c,7f,3d,49,c4,a9,73,8e,32,6c,43,2d,1e,aa,22,\ . Completion time: 2009-07-20 15:04 ComboFix-quarantined-files.txt 2009-07-20 13:04 Pre-Run: 128 245 821 440 octets libres Post-Run: 128 211 132 416 octets libres 253 --- E O F --- 2009-07-17 09:38 Merci Mallory
×
×
  • Créer...