S3 netw5v32;Pilote de carte de liaison WiFi sans fil Intel® 5000 Series pour Windows Vista 32 bits;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-01-28 68200]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-19 189440]
utilisation combofix
dans Analyses et éradication malwares
Posté(e)
Bonjour,
Ayant une infection que je ne peux éradiquer avec mon antivirus et autres antimalwares j'ai utilisé combofix et ai obtenu le rapport suivant.
Quelqu'un pourrait il m'éclairer sur la marche à suivre ?
Merci
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.3071.2061 [GMT 2:00]
Lancé depuis: c:\users\Beaufranc\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common Files\Real\Update_OB\lang\faust_fr.dll
c:\program files\Common Files\Real\Update_OB\lang\rpsearch_fr.dll
c:\program files\Real\RealPlayer\converter\rnuninst_fr.dll
c:\program files\Real\RealPlayer\lang\cdplay_fr.dll
c:\program files\Real\RealPlayer\lang\dbcomp_fr.dll
c:\program files\Real\RealPlayer\lang\embed_fr.dll
c:\program files\Real\RealPlayer\lang\gemctl_fr.dll
c:\program files\Real\RealPlayer\lang\mydevices_fr.dll
c:\program files\Real\RealPlayer\lang\pngui_fr.dll
c:\program files\Real\RealPlayer\lang\rjctl_fr.dll
c:\program files\Real\RealPlayer\lang\rjdlg_fr.dll
c:\program files\Real\RealPlayer\lang\rjeq_fr.dll
c:\program files\Real\RealPlayer\lang\rjfade_fr.dll
c:\program files\Real\RealPlayer\lang\rjmisc_fr.dll
c:\program files\Real\RealPlayer\lang\rjprog_fr.dll
c:\program files\Real\RealPlayer\lang\rjres_fr.dll
c:\program files\Real\RealPlayer\lang\rjskin_fr.dll
c:\program files\Real\RealPlayer\lang\rjviz_fr.dll
c:\program files\Real\RealPlayer\lang\rjwma_fr.dll
c:\program files\Real\RealPlayer\lang\rnuninst_fr.dll
c:\program files\Real\RealPlayer\lang\rpapp_fr.dll
c:\program files\Real\RealPlayer\lang\rpbgr_fr.dll
c:\program files\Real\RealPlayer\lang\rpbrp_fr.dll
c:\program files\Real\RealPlayer\lang\rpclsvc_fr.dll
c:\program files\Real\RealPlayer\lang\rpclutil_fr.dll
c:\program files\Real\RealPlayer\lang\rpdemand_fr.dll
c:\program files\Real\RealPlayer\lang\rpdsplyr_fr.dll
c:\program files\Real\RealPlayer\lang\rpext_fr.dll
c:\program files\Real\RealPlayer\lang\rpgutil_fr.dll
c:\program files\Real\RealPlayer\lang\rpmnpane_fr.dll
c:\program files\Real\RealPlayer\lang\rpplylst_fr.dll
c:\program files\Real\RealPlayer\lang\rpsearch_fr.dll
c:\program files\Real\RealPlayer\lang\rpwebctl_fr.dll
c:\program files\Real\RealPlayer\lang\systray_fr.dll
c:\program files\Real\RealPlayer\lang\tcdinfo_fr.dll
c:\program files\Real\RealPlayer\lang\tclsvc_fr.dll
c:\program files\Real\RealPlayer\lang\tdwnmgr_fr.dll
c:\program files\Real\RealPlayer\lang\tearm_fr.dll
c:\program files\Real\RealPlayer\lang\teasdk_fr.dll
c:\program files\Real\RealPlayer\lang\tmdedit_fr.dll
c:\program files\Real\RealPlayer\lang\tmp3_fr.dll
c:\program files\Real\RealPlayer\lang\twave_fr.dll
c:\program files\Real\RealPlayer\lang\upgrdhlp_fr.dll
c:\program files\Real\RealPlayer\lang\upgrdlib_fr.dll
c:\users\Beaufranc\AppData\Roaming\BITS
c:\users\Beaufranc\AppData\Roaming\BITS\BITS.ini
c:\users\Beaufranc\AppData\Roaming\BITS\DHTTable.dat
c:\users\Beaufranc\AppData\Roaming\BITS\ProxyList.ini
c:\users\Beaufranc\AppData\Roaming\BITS\UPnP.ini
c:\users\Beaufranc\AppData\Roaming\FlashGetBHO
c:\users\Beaufranc\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
c:\users\Beaufranc\AppData\Roaming\FlashGetBHO\GetUrl.htm
c:\windows\system32\secushr.dat
c:\windows\system32\secustat.dat
D:\resycled
E:\resycled
F:\resycled
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-05-24 au 2010-06-24 ))))))))))))))))))))))))))))))))))))
.
2010-06-24 09:31 . 2010-06-24 09:31 -------- d-----w- c:\users\Beaufranc\AppData\Local\temp
2010-06-24 09:31 . 2010-06-24 09:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-23 13:08 . 2010-06-23 13:08 -------- d-----w- c:\users\Beaufranc\AppData\Roaming\Malwarebytes
2010-06-23 13:08 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-23 13:08 . 2010-06-23 13:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-23 13:08 . 2010-06-23 13:08 -------- d-----w- c:\programdata\Malwarebytes
2010-06-23 13:08 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-17 14:41 . 2010-06-17 14:41 -------- d-----w- c:\users\Beaufranc\AppData\Roaming\Uniblue
2010-06-14 13:42 . 2010-06-14 13:42 3648 ------w- C:\bootsqm.dat
2010-06-09 06:29 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-09 06:29 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 06:29 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 06:29 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-09 06:29 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-29 23:51 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-23 09:35 . 2009-12-19 13:03 -------- d-----w- c:\users\Beaufranc\AppData\Roaming\FileZilla
2010-06-23 09:16 . 2009-07-14 08:39 695004 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-23 09:16 . 2009-07-14 08:39 127684 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-19 21:10 . 2009-12-19 13:03 -------- d-----w- c:\program files\FileZilla FTP Client
2010-06-09 21:24 . 2010-06-09 21:24 16 ----a-w- c:\users\Beaufranc\AppData\Roaming\ohipmn.dat
2010-06-09 06:34 . 2009-12-21 08:52 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-07 07:01 . 2010-01-22 21:34 -------- d-----w- c:\users\Beaufranc\AppData\Roaming\XnView
2010-05-29 23:54 . 2010-01-22 10:59 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-05-28 20:49 . 2010-05-06 11:46 -------- d-----w- c:\program files\Glary Utilities
2010-05-11 21:56 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-09 09:56 . 2010-05-09 09:56 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-05-09 09:56 . 2010-05-09 09:56 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-05-09 09:56 . 2010-05-09 09:56 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-05-09 09:56 . 2010-05-09 09:56 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-05-09 09:56 . 2010-05-09 09:56 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-05-09 09:56 . 2010-05-09 09:56 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-05-09 09:56 . 2010-05-09 09:56 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-05-09 09:56 . 2010-05-09 09:56 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-05-09 09:56 . 2010-05-09 09:56 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-05-09 09:56 . 2010-05-09 09:55 -------- d-----w- c:\program files\Common Files\Real
2010-05-09 09:56 . 2010-05-09 09:55 -------- d-----w- c:\program files\Real
2010-05-09 09:55 . 2010-05-09 09:55 -------- d-----w- c:\program files\Common Files\xing shared
2010-05-09 09:55 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-09 09:55 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-07 16:07 . 2010-01-22 11:00 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-05-07 16:01 . 2010-01-22 11:00 21320 ----a-w- c:\windows\system32\authuitu.dll
2010-05-07 16:01 . 2010-01-22 11:00 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-05-06 11:35 . 2010-05-06 11:35 639296 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-04-27 06:32 . 2010-01-25 10:01 -------- d-----w- c:\programdata\NVIDIA
2010-04-26 10:39 . 2010-04-26 10:38 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-26 10:38 . 2009-12-28 13:22 -------- d-----w- c:\program files\AGEIA Technologies
2010-04-22 13:42 . 2010-04-22 13:42 3584 ----a-r- c:\users\Beaufranc\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-04-20 14:35 . 2010-01-22 11:00 30024 ----a-w- c:\windows\system32\uxtFDE4.tmp
2010-04-05 06:28 . 2009-07-24 10:26 291352 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2010-01-20 22:53 . 2010-01-20 22:41 952 --sha-w- c:\windows\System32\KGyGaAvL.sys
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-04-05 1123360]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-01-19 8452640]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Mémento.lnk]
backup=c:\windows\pss\Mémento.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Beaufranc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PopTray.lnk]
backup=c:\windows\pss\PopTray.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2007-06-11 13:55 316336 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdeamon]
2007-06-01 08:06 20480 ----a-w- c:\program files\Lexmark 4800 Series\lxdeamon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdemon.exe]
2007-06-11 13:53 455600 ----a-w- c:\program files\Lexmark 4800 Series\lxdemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-01-19 18:10 8452640 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-02-20 15:40 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-05-09 09:55 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 135664]
R2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdeserv.exe [2007-05-29 99248]
R3 Arrakis3;BitDefender Serveur Arrakis;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 183880]
R3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-02-11 153448]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-05-06 79952]
S2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe [2007-05-29 598960]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-07 1051976]
S3 acpials;Filtre du capteur de lumière ambiante;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
S3 netw5v32;Pilote de carte de liaison WiFi sans fil Intel® 5000 Series pour Windows Vista 32 bits;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-01-28 68200]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-19 189440]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - 26AAE74F
*NewlyCreated* - 6EA57AD0
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - 26aae74f
*Deregistered* - 6ea57ad0
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'
2010-06-23 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-05-06 08:01]
2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 15:57]
2010-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 15:57]
.
.
------- Examen supplémentaire -------
.
uStart Page = file:///C:/Users/Beaufranc/Documents/Mes%20sites%20Web/D%E9marrageIE/index.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Télécharger en utilisant Download &Express - c:\program files\Download Express\Add_Url.htm
Trusted Zone: kuaiche.com\software
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} - hxxps://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
FF - ProfilePath - c:\users\Beaufranc\AppData\Roaming\Mozilla\Firefox\Profiles\tbgvtxjb.default\
FF - prefs.js: browser.startup.homepage - c:\\Users\\Beaufranc\\Documents\\Mes sites Web\\DémarrageIE\\index.htm
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
d:\program files\FireFox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\FireFox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\FireFox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\FireFox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\FireFox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\FireFox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-Locked - (no file)
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-2936227520-3949034871-3895078191-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):a7,c1,29,6e,fa,63,a3,0f,3c,36,a2,2f,23,2a,9b,97,de,46,f4,6c,80,
8e,c8,52,b4,de,86,66,df,62,09,ef,86,9b,f0,9d,92,37,b7,fb,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-2936227520-3949034871-3895078191-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):7a,9b,c5,42,e3,f7,d5,2e,83,b5,eb,63,e4,4e,0a,a7,f9,c5,0a,a1,c5,
1e,da,47,56,6d,82,70,ff,52,b5,e0,56,03,0d,c5,e9,cc,13,3e,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-2936227520-3949034871-3895078191-1000_Classes\CLSID\{ac31aad2-4205-4c89-817a-5e2fab0ede2b}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000005d
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
[HKEY_USERS\S-1-5-21-2936227520-3949034871-3895078191-1000_Classes\CLSID\{ee55b6aa-67ba-4e02-8817-bfebb5f80eb2}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000027
"Therad"=dword:00000014
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2010-06-24 11:34:03
ComboFix-quarantined-files.txt 2010-06-24 09:34
Avant-CF: 131 429 048 320 octets libres
Après-CF: 131 171 315 712 octets libres
- - End Of File - - B7E47FDFAC6C6CEB030269AE3DC6C67F