Aller au contenu

lero

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    22

  • Inscription

  • Dernière visite

Profile Information

  • Sexe
    Male

Autres informations

  • Votre config
    OS Version: 6.1.7601 ServicePack: 1.0
    Product type: Workstation
    ComputerName: LERO-HP
    UserName: le ro
    Processor architecture: Intel x64
    Number of processors: 1
    Boot type: Normal boot
  • Mes langues
    français

lero's Achievements

Member

Member (4/12)

0

Réputation sur la communauté

  1. lero

    trop content de vous avoir eu à mes côtés pour me dépatouiller de ce problème, merci encore

  2. lero
    oh!!!!!!!!!01.net mais tout le monde va la dessus, c quoi se sont de malveillants qui piègent le sîte, comment cela se passe je n'aurais pas du tout penser à un sîte comme celui là......... Et qui a intérèt à cela ?......... Et encore je suis très curieux , comment arrivez-vous à lire tous ces rapports qui ne veulents rien dire pour nous ?
  3. lero
    bonjour, en tout cas merci de votre patience et de vos bons conseils , Autrement encore une petite question, je voudrais savoir comment j'ai attrapé cette infection parceque je ne vais pas sur des sîtes litigieux, est-ce-que ça peut-être des émails........etc.....
  4. lero
    bonjour, voici le rapport combo_fix ComboFix 12-09-12.02 - le ro 14/09/2012 21:16:19.7.1 - x64 Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.1979.1058 [GMT 2:00] Lancé depuis: c:\users\le ro\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\le ro\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_erelv -------\Service_qzurvi . . ((((((((((((((((((((((((((((( Fichiers créés du 2012-08-14 au 2012-09-14 )))))))))))))))))))))))))))))))))))) . . 2012-09-14 19:24 . 2012-09-14 19:24 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-14 13:53 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{652E001C-20BC-44E0-BDA7-46A94C2F049D}\mpengine.dll 2012-09-13 07:19 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-09-12 09:00 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-09-12 09:00 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-09-12 08:59 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-09-12 08:59 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2012-09-12 08:59 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-12 08:59 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-12 08:59 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-16 17:39 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll 2012-08-16 17:39 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll 2012-08-16 17:35 . 2012-06-27 04:10 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-16 17:35 . 2012-06-27 04:53 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-16 17:34 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-08-16 17:33 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-12 15:27 . 2011-08-21 21:04 64462936 ----a-w- c:\windows\system32\MRT.exe 2012-08-16 19:17 . 2012-07-26 16:23 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-16 19:17 . 2011-12-08 20:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-03 11:46 . 2012-07-15 16:48 24904 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((( SnapShot_2012-09-13_08.45.14 ))))))))))))))))))))))))))))))))))))))))) . + 2010-10-17 21:58 . 2012-09-14 13:53 47432 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:10 . 2012-09-13 07:09 46332 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-09-14 13:53 46332 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-08-14 18:16 . 2012-09-14 13:53 10428 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4062365672-1080844951-4277702916-1002_UserData.bin - 2011-08-14 15:29 . 2012-09-13 08:30 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-08-14 15:29 . 2012-09-14 13:55 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-08-14 15:29 . 2012-09-14 13:55 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-08-14 15:29 . 2012-09-13 08:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-09-13 08:30 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-09-14 13:55 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-08-14 17:47 . 2012-09-14 13:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-08-14 17:47 . 2012-09-13 07:08 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:46 . 2012-09-13 17:56 90648 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2011-08-14 17:47 . 2012-09-13 07:08 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-08-14 17:47 . 2012-09-14 13:52 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-08-14 17:47 . 2012-09-14 13:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-08-14 17:47 . 2012-09-13 07:08 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-08-14 17:35 . 2012-09-14 19:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-08-14 17:35 . 2012-09-13 08:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-08-14 18:09 . 2012-09-14 13:02 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat - 2011-08-14 18:09 . 2012-09-13 07:12 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat + 2011-08-14 17:35 . 2012-09-14 19:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-08-14 17:35 . 2012-09-13 08:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-09-14 19:26 . 2012-09-14 19:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-09-13 08:44 . 2012-09-13 08:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-09-14 19:26 . 2012-09-14 19:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-09-13 08:44 . 2012-09-13 08:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-08-15 15:43 . 2012-09-14 19:02 197932 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2010-10-18 07:13 . 2012-09-14 13:56 706842 c:\windows\system32\perfh00C.dat - 2010-10-18 07:13 . 2012-09-13 07:12 706842 c:\windows\system32\perfh00C.dat - 2009-07-14 02:36 . 2012-09-13 07:12 618370 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-09-14 13:56 618370 c:\windows\system32\perfh009.dat - 2010-10-18 07:13 . 2012-09-13 07:12 132016 c:\windows\system32\perfc00C.dat + 2010-10-18 07:13 . 2012-09-14 13:56 132016 c:\windows\system32\perfc00C.dat + 2009-07-14 02:36 . 2012-09-14 13:56 107650 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-09-13 07:12 107650 c:\windows\system32\perfc009.dat - 2009-07-14 05:12 . 2012-09-13 08:30 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 05:12 . 2012-09-14 13:55 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 05:01 . 2012-09-14 19:25 395240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-09-13 08:43 395240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-08-20 15:03 . 2012-09-13 20:50 4313400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4062365672-1080844951-4277702916-1002-8192.dat - 2011-08-20 15:03 . 2012-09-12 19:52 4313400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4062365672-1080844951-4277702916-1002-8192.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992] R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 250056] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688] R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-15 1255736] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-05 291896] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-09-28 26680] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-09-28 31088] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-09-10 1014624] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-08-16 11:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contenu du dossier 'Tâches planifiées' . 2012-09-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 19:17] . 2012-09-04 c:\windows\Tasks\HPCeeScheduleForle ro.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15] . 2012-08-26 c:\windows\Tasks\HPCeeScheduleForLERO-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter] @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}" [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter] @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}" [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter] @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}" [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter] @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}" [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter] @="{855156F0-2A0F-11DE-8C30-0800200C9A66}" [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 391192] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 410648] "combofix"="c:\combofix\CF17479.3XE" [2010-11-20 345088] . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.orange.fr/portail uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Autres processus actifs ------------------------ . c:\windows\SysWOW64\ezSharedSvcHost.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe . ************************************************************************** . Heure de fin: 2012-09-14 21:40:17 - La machine a redémarré ComboFix-quarantined-files.txt 2012-09-14 19:40 ComboFix2.txt 2012-09-14 13:35 ComboFix3.txt 2012-09-13 08:58 ComboFix4.txt 2012-09-12 13:49 ComboFix5.txt 2012-09-14 19:15 . Avant-CF: 179 905 978 368 octets libres Après-CF: 179 324 076 032 octets libres . - - End Of File - - 6CB2498DF6BCCBC493BD0624EF56FC45 rapport delfix # DelFix v8.9 - Rapport créé le 14/09/2012 à 22:07:52 # Mis à jour le 27/07/12 par Xplode # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits) # Nom d'utilisateur : le ro - LERO-HP (Administrateur) # Exécuté depuis : C:\Users\le ro\Desktop\delfix.exe # Option [Recherche] ~~~~~~ Dossiers(s) ~~~~~~ Présent : C:\Qoobox ~~~~~~ Fichier(s) ~~~~~~ Présent : C:\ComboFix.txt Présent : C:\Users\le ro\Desktop\avenger.exe Présent : C:\Users\le ro\Desktop\avenger.zip Présent : C:\Users\le ro\Desktop\ComboFix.exe Présent : C:\Users\le ro\Desktop\TFC.exe Présent : C:\Windows\grep.exe Présent : C:\Windows\PEV.exe Présent : C:\Windows\NIRCMD.exe Présent : C:\Windows\MBR.exe Présent : C:\Windows\SED.exe Présent : C:\Windows\SWREG.exe Présent : C:\Windows\SWSC.exe Présent : C:\Windows\SWXCACLS.exe Présent : C:\Windows\Zip.exe ~~~~~~ Registre ~~~~~~ Clé Présente : HKLM\SOFTWARE\Swearware Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe ~~~~~~ Autres ~~~~~~ ************************* DelFix[R1].txt - [1085 octets] - [14/09/2012 22:07:52] ########## EOF - C:\DelFix[R1].txt - [1209 octets] ########## il y en avait 2 # DelFix v8.9 - Rapport créé le 14/09/2012 à 22:08:21 # Mis à jour le 27/07/12 par Xplode # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits) # Nom d'utilisateur : le ro - LERO-HP (Administrateur) # Exécuté depuis : C:\Users\le ro\Desktop\delfix.exe # Option [suppression] ~~~~~~ Dossiers(s) ~~~~~~ Supprimé : C:\Qoobox ~~~~~~ Fichier(s) ~~~~~~ Supprimé : C:\ComboFix.txt Supprimé : C:\Users\le ro\Desktop\avenger.exe Supprimé : C:\Users\le ro\Desktop\avenger.zip Supprimé : C:\Users\le ro\Desktop\ComboFix.exe Supprimé : C:\Users\le ro\Desktop\TFC.exe Supprimé : C:\Windows\grep.exe Supprimé : C:\Windows\PEV.exe Supprimé : C:\Windows\NIRCMD.exe Supprimé : C:\Windows\MBR.exe Supprimé : C:\Windows\SED.exe Supprimé : C:\Windows\SWREG.exe Supprimé : C:\Windows\SWSC.exe Supprimé : C:\Windows\SWXCACLS.exe Supprimé : C:\Windows\Zip.exe ~~~~~~ Registre ~~~~~~ Clé Supprimée : HKLM\SOFTWARE\Swearware Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe ~~~~~~ Autres ~~~~~~ -> Prefetch Vidé ************************* DelFix[R1].txt - [1206 octets] - [14/09/2012 22:07:52] DelFix[s1].txt - [1178 octets] - [14/09/2012 22:08:21] ########## EOF - C:\DelFix[s1].txt - [1302 octets] ########## et je trouve que mon ordi est une vrai flèche pour le moment.... je voulais vous demander est-ce-que "TFC par OldTimer", peut-être téléchargé sur un autre ordi juste pour nettoyer sans avoir eu tous ces problèmes....où est-ce-spécifique à des problèmes de ce genre. merci
  5. lero
    rapport combo fix ComboFix 12-09-12.02 - le ro 14/09/2012 15:09:47.6.1 - x64 Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.1979.1095 [GMT 2:00] Lancé depuis: c:\users\le ro\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\le ro\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé . FILE :: "c:\windows\SysWow64\drivers\anbgwyw.sys" "c:\windows\SysWow64\drivers\omjrnjf.sys" . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\drivers\anbgwyw.sys c:\windows\SysWow64\drivers\omjrnjf.sys . . ((((((((((((((((((((((((((((( Fichiers créés du 2012-08-14 au 2012-09-14 )))))))))))))))))))))))))))))))))))) . . 2012-09-14 13:19 . 2012-09-14 13:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-13 07:19 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{28F0E11C-C864-48DF-AFE3-7207FB13BF06}\mpengine.dll 2012-09-12 15:53 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-09-12 09:00 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-09-12 09:00 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-09-12 08:59 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-09-12 08:59 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2012-09-12 08:59 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-12 08:59 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-12 08:59 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-16 17:39 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll 2012-08-16 17:39 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll 2012-08-16 17:35 . 2012-06-27 04:10 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-16 17:35 . 2012-06-27 04:53 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-16 17:34 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-08-16 17:33 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-12 15:27 . 2011-08-21 21:04 64462936 ----a-w- c:\windows\system32\MRT.exe 2012-08-16 19:17 . 2012-07-26 16:23 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-16 19:17 . 2011-12-08 20:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-03 11:46 . 2012-07-15 16:48 24904 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((( SnapShot_2012-09-13_08.45.14 ))))))))))))))))))))))))))))))))))))))))) . + 2010-10-17 21:58 . 2012-09-14 13:22 47432 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:10 . 2012-09-13 07:09 46332 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-09-14 13:22 46332 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-08-14 18:16 . 2012-09-14 13:22 10420 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4062365672-1080844951-4277702916-1002_UserData.bin - 2011-08-14 15:29 . 2012-09-13 08:30 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-08-14 15:29 . 2012-09-14 13:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-08-14 15:29 . 2012-09-13 08:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-08-14 15:29 . 2012-09-14 13:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-09-14 13:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-09-13 08:30 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-08-14 17:47 . 2012-09-14 13:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-08-14 17:47 . 2012-09-13 07:08 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:46 . 2012-09-13 17:56 90648 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2011-08-14 17:47 . 2012-09-14 13:00 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-08-14 17:47 . 2012-09-13 07:08 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-08-14 17:47 . 2012-09-14 13:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-08-14 17:47 . 2012-09-13 07:08 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-08-14 17:35 . 2012-09-14 13:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-08-14 17:35 . 2012-09-13 08:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-08-14 18:09 . 2012-09-14 13:02 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat - 2011-08-14 18:09 . 2012-09-13 07:12 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat - 2011-08-14 17:35 . 2012-09-13 08:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-08-14 17:35 . 2012-09-14 13:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-09-14 13:20 . 2012-09-14 13:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-09-13 08:44 . 2012-09-13 08:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-09-13 08:44 . 2012-09-13 08:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-09-14 13:20 . 2012-09-14 13:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-08-15 15:43 . 2012-09-13 17:50 196380 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2010-10-18 07:13 . 2012-09-14 13:07 706842 c:\windows\system32\perfh00C.dat - 2010-10-18 07:13 . 2012-09-13 07:12 706842 c:\windows\system32\perfh00C.dat - 2009-07-14 02:36 . 2012-09-13 07:12 618370 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-09-14 13:07 618370 c:\windows\system32\perfh009.dat + 2010-10-18 07:13 . 2012-09-14 13:07 132016 c:\windows\system32\perfc00C.dat - 2010-10-18 07:13 . 2012-09-13 07:12 132016 c:\windows\system32\perfc00C.dat - 2009-07-14 02:36 . 2012-09-13 07:12 107650 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-09-14 13:07 107650 c:\windows\system32\perfc009.dat + 2009-07-14 05:01 . 2012-09-14 13:20 395240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-09-13 08:43 395240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-08-20 15:03 . 2012-09-13 20:50 4313400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4062365672-1080844951-4277702916-1002-8192.dat - 2011-08-20 15:03 . 2012-09-12 19:52 4313400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4062365672-1080844951-4277702916-1002-8192.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R0 erelv;erelv;c:\windows\system32\drivers\omjrnjf.sys [x] R0 qzurvi;qzurvi;c:\windows\system32\drivers\anbgwyw.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992] R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 250056] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688] R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-15 1255736] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-05 291896] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-09-28 26680] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-09-28 31088] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-09-10 1014624] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-08-16 11:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contenu du dossier 'Tâches planifiées' . 2012-09-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 19:17] . 2012-09-04 c:\windows\Tasks\HPCeeScheduleForle ro.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15] . 2012-08-26 c:\windows\Tasks\HPCeeScheduleForLERO-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter] @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}" [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter] @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}" [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter] @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}" [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter] @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}" [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter] @="{855156F0-2A0F-11DE-8C30-0800200C9A66}" [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 391192] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 410648] . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.orange.fr/portail uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Autres processus actifs ------------------------ . c:\windows\SysWOW64\ezSharedSvcHost.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe . ************************************************************************** . Heure de fin: 2012-09-14 15:35:44 - La machine a redémarré ComboFix-quarantined-files.txt 2012-09-14 13:35 ComboFix2.txt 2012-09-13 08:58 ComboFix3.txt 2012-09-12 13:49 ComboFix4.txt 2012-09-11 09:16 ComboFix5.txt 2012-09-14 13:08 . Avant-CF: 179 850 211 328 octets libres Après-CF: 179 820 429 312 octets libres . - - End Of File - - 456DBF9093EFABA40BB834495BC7BBC4
  6. lero
    bonjour, ok d'accord je fais ça.......merci à vous
  7. lero
    bonsoir j'espère que j'ai bien fait ce qu'il fallait c:\windows\SysWow64\drivers\omjrnjf.sys le premier fichier SHA256: 03cbe6df7f5605a3659ffe27a1184a8d9066436a17d7bac9cceb122de74f69ae SHA1: 3a497d3968a4f6e3c648d196da38e5f98e75ec30 MD5: 589312a3b46721c5a751e4d5222a89be File size: 60.0 KB ( 61440 bytes ) File name: omjrnjf.sys File type: Win32 EXE Tags: peexe mz Detection ratio: 5 / 41 Analysis date: 2012-09-13 18:35:56 UTC ( 2 minutes ago ) 0 2 More details Antivirus Result Update AhnLab-V3 - 20120913 AntiVir - 20120913 Antiy-AVL - 20120911 Avast - 20120913 AVG - 20120913 BitDefender - 20120913 ByteHero - 20120817 CAT-QuickHeal - 20120913 ClamAV - 20120913 Commtouch - 20120913 Comodo - 20120913 DrWeb - 20120913 Emsisoft - 20120913 eSafe Win32.Banker 20120911 ESET-NOD32 - 20120913 F-Prot - 20120913 Fortinet - 20120830 GData - 20120913 Ikarus - 20120913 Jiangmin Hoax.Agent.f 20120913 K7AntiVirus Trojan 20120913 Kaspersky - 20120913 McAfee - 20120913 McAfee-GW-Edition - 20120913 Microsoft - 20120913 Norman - 20120913 nProtect Trojan/W32.Agent.61440.JQ 20120913 Panda - 20120912 PCTools - 20120913 Rising - 20120912 Sophos - 20120913 SUPERAntiSpyware - 20120911 Symantec - 20120913 TheHacker - 20120911 TotalDefense - 20120913 TrendMicro - 20120913 TrendMicro-HouseCall - 20120913 ____________________________________________________________________________________ 2e fichierc:\windows\SysWow64\drivers\anbgwyw.sys SHA256: 03cbe6df7f5605a3659ffe27a1184a8d9066436a17d7bac9cceb122de74f69ae SHA1: 3a497d3968a4f6e3c648d196da38e5f98e75ec30 MD5: 589312a3b46721c5a751e4d5222a89be File size: 60.0 KB ( 61440 bytes ) File name: omjrnjf.sys File type: Win32 EXE Tags: peexe mz Detection ratio: 5 / 41 Analysis date: 2012-09-13 18:35:56 UTC ( 5 minutes ago ) 0 2 More details Antivirus Result Update AhnLab-V3 - 20120913 AntiVir - 20120913 Antiy-AVL - 20120911 Avast - 20120913 AVG - 20120913 BitDefender - 20120913 ByteHero - 20120817 CAT-QuickHeal - 20120913 ClamAV - 20120913 Commtouch - 20120913 Comodo - 20120913 DrWeb - 20120913 Emsisoft - 20120913 eSafe Win32.Banker 20120911 ESET-NOD32 - 20120913 F-Prot - 20120913 Fortinet - 20120830 GData - 20120913 Ikarus - 20120913 Jiangmin Hoax.Agent.f 20120913 K7AntiVirus Trojan 20120913 Kaspersky - 20120913 McAfee - 20120913 McAfee-GW-Edition - 20120913 Microsoft - 20120913 Norman - 20120913 nProtect Trojan/W32.Agent.61440.JQ 20120913 Panda - 20120912 PCTools - 20120913 Rising - 20120912 Sophos - 20120913 SUPERAntiSpyware - 20120911 Symantec - 20120913 TheHacker - 20120911 TotalDefense - 20120913 TrendMicro - 20120913 TrendMicro-HouseCall - 20120913 VBA32 - 20120913 VIPRE - 20120913 ViRobot Hoax..Agent.61440 20120913 VirusBuster - 20120913
  8. lero
    voici le rapport qui c'est gégéré à la fin de combo_fix ComboFix 12-09-12.02 - le ro 13/09/2012 10:34:47.5.1 - x64Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.1979.1146 [GMT 2:00] Lancé depuis: c:\users\le ro\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\le ro\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\le ro\AppData\Local\Temp\{5B48DB6B-3CE6-4E2C-B5F6-5808291EAC8E}\fpb.tmp c:\users\le ro\AppData\Roaming\xsecva c:\users\LERO~1\AppData\Local\Temp\{5B48DB6B-3CE6-4E2C-B5F6-5808291EAC8E}\fpb.tmp . . ((((((((((((((((((((((((((((( Fichiers créés du 2012-08-13 au 2012-09-13 )))))))))))))))))))))))))))))))))))) . . 2012-09-13 08:43 . 2012-09-13 08:43 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-13 07:19 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{28F0E11C-C864-48DF-AFE3-7207FB13BF06}\mpengine.dll 2012-09-12 17:34 . 2012-09-12 17:34 61440 ----a-w- c:\windows\SysWow64\drivers\omjrnjf.sys 2012-09-12 17:12 . 2012-09-12 17:12 61440 ----a-w- c:\windows\SysWow64\drivers\anbgwyw.sys 2012-09-12 15:53 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-09-12 09:00 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-09-12 09:00 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-09-12 08:59 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-09-12 08:59 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2012-09-12 08:59 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-12 08:59 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-12 08:59 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-16 17:39 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll 2012-08-16 17:39 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll 2012-08-16 17:35 . 2012-06-27 04:10 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-16 17:35 . 2012-06-27 04:53 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-16 17:34 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-08-16 17:33 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-12 15:27 . 2011-08-21 21:04 64462936 ----a-w- c:\windows\system32\MRT.exe 2012-08-16 19:17 . 2012-07-26 16:23 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-16 19:17 . 2011-12-08 20:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-03 11:46 . 2012-07-15 16:48 24904 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-09-10_22.07.18 ))))))))))))))))))))))))))))))))))))))))) . + 2010-10-17 21:58 . 2012-09-13 07:09 47134 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-09-13 07:09 46332 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-08-14 18:16 . 2012-09-13 07:09 10324 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4062365672-1080844951-4277702916-1002_UserData.bin + 2009-07-14 05:30 . 2012-09-12 15:30 86016 c:\windows\system32\DriverStore\infpub.dat - 2009-07-14 05:30 . 2012-08-17 16:30 86016 c:\windows\system32\DriverStore\infpub.dat + 2009-07-14 00:09 . 2009-07-14 00:09 19968 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\usb8023x.sys + 2009-07-14 00:09 . 2009-07-14 00:09 19968 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\usb80236.sys + 2012-09-12 09:00 . 2012-07-04 20:26 41472 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\rndismpx.sys + 2012-09-12 09:00 . 2012-07-04 20:26 35840 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\rndismp6.sys - 2011-08-14 15:29 . 2012-09-10 05:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-08-14 15:29 . 2012-09-13 08:30 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-08-14 15:29 . 2012-09-13 08:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-08-14 15:29 . 2012-09-10 05:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-09-10 05:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-09-13 08:30 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-08-14 17:47 . 2012-09-10 05:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-08-14 17:47 . 2012-09-13 07:08 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:46 . 2012-09-12 17:21 87896 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2011-08-14 17:47 . 2012-09-13 07:08 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-08-14 17:47 . 2012-09-10 05:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-08-14 17:47 . 2012-09-13 07:08 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-08-14 17:47 . 2012-09-10 05:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-08-14 17:35 . 2012-09-10 21:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-08-14 17:35 . 2012-09-13 08:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-08-14 18:09 . 2012-09-09 18:12 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat + 2011-08-14 18:09 . 2012-09-13 07:12 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat + 2011-08-14 17:35 . 2012-09-13 08:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-08-14 17:35 . 2012-09-10 21:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-12-10 10:29 . 2012-09-12 15:29 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe - 2011-12-10 10:29 . 2012-08-16 21:27 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe + 2011-12-10 10:29 . 2012-09-12 15:29 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe - 2011-12-10 10:29 . 2012-08-16 21:27 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe + 2011-12-10 10:29 . 2012-09-12 15:29 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe - 2011-12-10 10:29 . 2012-08-16 21:27 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe + 2011-08-20 20:00 . 2012-09-12 13:52 3700 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2012-09-13 08:44 . 2012-09-13 08:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-09-10 22:06 . 2012-09-10 22:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-09-10 22:06 . 2012-09-10 22:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-09-13 08:44 . 2012-09-13 08:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2010-10-18 07:13 . 2012-09-10 21:47 706842 c:\windows\system32\perfh00C.dat + 2010-10-18 07:13 . 2012-09-13 07:12 706842 c:\windows\system32\perfh00C.dat + 2009-07-14 02:36 . 2012-09-13 07:12 618370 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-09-10 21:47 618370 c:\windows\system32\perfh009.dat - 2010-10-18 07:13 . 2012-09-10 21:47 132016 c:\windows\system32\perfc00C.dat + 2010-10-18 07:13 . 2012-09-13 07:12 132016 c:\windows\system32\perfc00C.dat + 2009-07-14 02:36 . 2012-09-13 07:12 107650 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-09-10 21:47 107650 c:\windows\system32\perfc009.dat + 2009-07-14 05:30 . 2012-09-12 15:30 143360 c:\windows\system32\DriverStore\infstrng.dat - 2009-07-14 05:30 . 2012-08-17 16:30 143360 c:\windows\system32\DriverStore\infstrng.dat - 2009-07-14 05:30 . 2012-08-17 16:30 143360 c:\windows\system32\DriverStore\infstor.dat + 2009-07-14 05:30 . 2012-09-12 15:30 143360 c:\windows\system32\DriverStore\infstor.dat - 2009-07-14 05:31 . 2012-08-17 16:30 399360 c:\windows\system32\DriverStore\drvindex.dat + 2009-07-14 05:31 . 2012-09-12 15:30 399360 c:\windows\system32\DriverStore\drvindex.dat + 2009-07-14 05:12 . 2012-09-13 08:30 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2009-07-14 05:12 . 2012-08-20 08:25 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 05:01 . 2012-09-13 08:43 395240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-09-10 22:05 395240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2011-12-10 10:29 . 2012-08-16 21:27 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe + 2011-12-10 10:29 . 2012-09-12 15:29 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe - 2011-12-10 10:29 . 2012-08-16 21:27 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe + 2011-12-10 10:29 . 2012-09-12 15:29 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe - 2011-12-10 10:29 . 2012-08-16 21:27 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe + 2011-12-10 10:29 . 2012-09-12 15:29 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe + 2011-12-10 10:29 . 2012-09-12 15:29 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe - 2011-12-10 10:29 . 2012-08-16 21:27 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe - 2011-12-10 10:29 . 2012-08-16 21:27 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe + 2011-12-10 10:29 . 2012-09-12 15:29 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe - 2011-12-10 10:29 . 2012-08-16 21:27 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe + 2011-12-10 10:29 . 2012-09-12 15:29 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe + 2009-07-14 04:45 . 2012-09-12 15:33 7089161 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2009-07-14 04:45 . 2012-08-17 16:32 7089161 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2011-04-08 00:11 . 2012-09-10 22:05 2617584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-04-08 00:11 . 2012-09-11 12:04 2617584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-08-20 15:03 . 2012-09-12 19:52 4313400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4062365672-1080844951-4277702916-1002-8192.dat + 2012-08-30 01:06 . 2012-08-30 01:06 5007872 c:\windows\Installer\c45d9.msp - 2011-12-10 10:29 . 2012-08-16 21:27 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe + 2011-12-10 10:29 . 2012-09-12 15:29 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe - 2011-12-10 10:29 . 2012-08-16 21:27 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe + 2011-12-10 10:29 . 2012-09-12 15:29 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe - 2009-07-14 02:34 . 2012-08-17 16:30 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2009-07-14 02:34 . 2012-09-12 15:30 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT . -- Instantané actualisé -- . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R0 erelv;erelv;c:\windows\system32\drivers\omjrnjf.sys [x] R0 qzurvi;qzurvi;c:\windows\system32\drivers\anbgwyw.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992] R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 250056] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688] R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-15 1255736] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-05 291896] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-09-28 26680] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-09-28 31088] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-09-10 1014624] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-08-16 11:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contenu du dossier 'Tâches planifiées' . 2012-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 19:17] . 2012-09-04 c:\windows\Tasks\HPCeeScheduleForle ro.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15] . 2012-08-26 c:\windows\Tasks\HPCeeScheduleForLERO-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter] @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}" [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter] @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}" [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter] @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}" [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter] @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}" [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter] @="{855156F0-2A0F-11DE-8C30-0800200C9A66}" [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 391192] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 410648] . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.orange.fr/portail uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Autres processus actifs ------------------------ . c:\windows\SysWOW64\ezSharedSvcHost.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe . ************************************************************************** . Heure de fin: 2012-09-13 10:58:53 - La machine a redémarré ComboFix-quarantined-files.txt 2012-09-13 08:58 ComboFix2.txt 2012-09-12 13:49 ComboFix3.txt 2012-09-11 09:16 ComboFix4.txt 2012-09-10 22:21 . Avant-CF: 180 175 110 144 octets libres Après-CF: 180 110 376 960 octets libres . - - End Of File - - 3A89774E01C77EEEE4FB37EDF2085E2F
  9. lero
    ok merci à vous
  10. lero
    pour faire remonter mon post
  11. lero
    merci de votre réponse, The Avenger n'a pas démarré une 2e fois, il a redémarré une fois vous mettez Après le redémarrage, un fichier log s'ouvrira que vous retrouverez ici : C:\avenger.txtje suis allé voir où vous dîte je ne vois pas le fichier "avenger.txt" et je ne trouve pas cela non plus tout ce que vous aurez demandé de supprimer sera sauvegardé,compacté(zipped) et l'archive zip tranférée ici : C:\avenger\backup.zipje suis vraiment désolé de vous posez autant de soucis, je suis pourtant pleins de bonne volonté
  12. lero
    voici le rapport en suivant la même procédure que celle demandée à 10h30 ComboFix 12-09-12.02 - le ro 12/09/2012 15:23:16.3.1 - x64 Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.1979.1147 [GMT 2:00] Lancé depuis: c:\users\le ro\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\le ro\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé . . ((((((((((((((((((((((((((((( Fichiers créés du 2012-08-12 au 2012-09-12 )))))))))))))))))))))))))))))))))))) . . 2012-09-12 13:32 . 2012-09-12 13:32 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-11 19:48 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4A7733A1-8BE2-4AC7-8286-9ACCACD94E84}\mpengine.dll 2012-09-11 09:18 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-08-19 19:25 . 2012-08-20 08:19 -------- d-----w- c:\users\le ro\AppData\Roaming\xsecva 2012-08-16 17:39 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll 2012-08-16 17:39 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll 2012-08-16 17:35 . 2012-06-27 04:10 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-16 17:35 . 2012-06-27 04:53 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-16 17:34 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-08-16 17:33 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-16 21:21 . 2011-08-21 21:04 62134624 ----a-w- c:\windows\system32\MRT.exe 2012-08-16 19:17 . 2012-07-26 16:23 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-16 19:17 . 2011-12-08 20:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-03 11:46 . 2012-07-15 16:48 24904 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-09-10_22.07.18 ))))))))))))))))))))))))))))))))))))))))) . + 2010-10-17 21:58 . 2012-09-12 13:35 46928 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-09-12 13:35 46316 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-08-14 18:16 . 2012-09-12 13:35 10216 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4062365672-1080844951-4277702916-1002_UserData.bin + 2011-08-14 15:29 . 2012-09-12 08:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-08-14 15:29 . 2012-09-10 05:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-08-14 15:29 . 2012-09-10 05:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-08-14 15:29 . 2012-09-12 08:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-09-12 08:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-09-10 05:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-08-14 17:47 . 2012-09-10 05:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-08-14 17:47 . 2012-09-12 13:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-08-14 17:47 . 2012-09-12 13:16 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-08-14 17:47 . 2012-09-10 05:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-08-14 17:47 . 2012-09-10 05:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-08-14 17:47 . 2012-09-12 13:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-08-14 17:35 . 2012-09-10 21:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-08-14 17:35 . 2012-09-12 13:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-08-14 18:09 . 2012-09-11 19:39 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat - 2011-08-14 18:09 . 2012-09-09 18:12 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat + 2011-08-14 17:35 . 2012-09-12 13:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-08-14 17:35 . 2012-09-10 21:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-08-20 20:00 . 2012-09-11 09:17 3700 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2012-09-12 13:33 . 2012-09-12 13:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-09-10 22:06 . 2012-09-10 22:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-09-12 13:33 . 2012-09-12 13:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-09-10 22:06 . 2012-09-10 22:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-10-18 07:13 . 2012-09-12 13:23 706842 c:\windows\system32\perfh00C.dat - 2010-10-18 07:13 . 2012-09-10 21:47 706842 c:\windows\system32\perfh00C.dat - 2009-07-14 02:36 . 2012-09-10 21:47 618370 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-09-12 13:23 618370 c:\windows\system32\perfh009.dat + 2010-10-18 07:13 . 2012-09-12 13:23 132016 c:\windows\system32\perfc00C.dat - 2010-10-18 07:13 . 2012-09-10 21:47 132016 c:\windows\system32\perfc00C.dat + 2009-07-14 02:36 . 2012-09-12 13:23 107650 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-09-10 21:47 107650 c:\windows\system32\perfc009.dat - 2009-07-14 05:12 . 2012-08-20 08:25 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 05:12 . 2012-09-11 20:59 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2009-07-14 05:01 . 2012-09-10 22:05 395240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-09-12 13:33 395240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-04-08 00:11 . 2012-09-11 12:04 2617584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2011-04-08 00:11 . 2012-09-10 22:05 2617584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-08-20 15:03 . 2012-09-12 13:15 4310832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4062365672-1080844951-4277702916-1002-8192.dat - 2011-08-20 15:03 . 2012-09-10 22:05 4310832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4062365672-1080844951-4277702916-1002-8192.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992] R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 250056] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688] R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-15 1255736] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-05 291896] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-09-28 26680] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-09-28 31088] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-09-10 1014624] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-08-16 11:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contenu du dossier 'Tâches planifiées' . 2012-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 19:17] . 2012-09-04 c:\windows\Tasks\HPCeeScheduleForle ro.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15] . 2012-08-26 c:\windows\Tasks\HPCeeScheduleForLERO-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter] @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}" [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter] @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}" [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter] @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}" [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter] @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}" [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter] @="{855156F0-2A0F-11DE-8C30-0800200C9A66}" [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 391192] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 410648] . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.orange.fr/portail uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Autres processus actifs ------------------------ . c:\windows\SysWOW64\ezSharedSvcHost.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe . ************************************************************************** . Heure de fin: 2012-09-12 15:49:00 - La machine a redémarré ComboFix-quarantined-files.txt 2012-09-12 13:48 ComboFix2.txt 2012-09-11 09:16 ComboFix3.txt 2012-09-10 22:21 . Avant-CF: 179 472 334 848 octets libres Après-CF: 179 394 908 160 octets libres . - - End Of File - - 9198B8C5029A88F04BCF1BC439D78415
  13. lero
    bonjour, j'ai fait glisser le fichier que vous m'avez fait créer CFScript.txt dans combo_fix pourtant comme indiqué. je vais refaire vous allez me dire si c bon. merci
  14. lero
    bonjour je dois faire quoi............
  15. lero
    bonjour, je l'ai faite la procédure de 10h30 , le rapport combo_fix est de ce matin 11H04 à moins que j'ai mal fait, redites moi çi ce n'est pas bon, merci Mon lien posté à 11h22 le rapport
×
×
  • Créer...