Aller au contenu

bf21

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    1

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par bf21

  1. bf21
    bonjour, je suis neophyte et ayant de serieux soupçon d'intrusion dans mon PC, j'ai trainé un peu sur les forums et combofix s'averait pas mal. Cependant comment dechiffrer cela, si quelqu'un est assez doué pour me filer un coup de main ? merci par avance. . . -------\Service_uvnc_service . . ((((((((((((((((((((((((((((( Fichiers créés du 2013-01-06 au 2013-02-06 )))))))))))))))))))))))))))))))))))) . . 2013-02-06 14:07 . 2013-02-06 14:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-06 08:11 . 2013-02-06 08:14 -------- d-----w- c:\programdata\Ad-Aware Antivirus 2013-02-06 08:11 . 2013-02-06 08:11 -------- d-----w- c:\users\sandra\AppData\Roaming\LavasoftStatistics 2013-02-06 08:09 . 2013-02-06 08:09 -------- d-----w- c:\programdata\Lavasoft 2013-02-06 08:09 . 2013-02-06 08:18 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus 2013-02-06 08:09 . 2013-02-06 08:09 -------- d-----w- c:\users\sandra\AppData\Local\Downloaded Installations 2013-02-06 08:09 . 2013-02-06 08:09 47496 ----a-w- c:\windows\system32\sbbd.exe 2013-02-06 08:09 . 2013-02-06 08:09 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys 2013-02-06 08:08 . 2013-02-06 08:08 -------- d-----w- c:\users\sandra\AppData\Local\adawarebp 2013-02-06 08:08 . 2013-02-06 08:08 -------- d-----w- c:\programdata\blekko toolbars 2013-02-06 08:08 . 2013-02-06 08:08 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection 2013-02-06 08:08 . 2013-02-06 08:08 -------- d-----w- c:\program files (x86)\adawaretb 2013-02-06 08:08 . 2013-02-06 08:08 -------- d-----w- c:\program files (x86)\Toolbar Cleaner 2013-02-06 08:07 . 2013-02-06 14:01 -------- d-----w- c:\users\sandra\AppData\Roaming\Ad-Aware Antivirus 2013-02-05 12:55 . 2013-01-15 01:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B33553E7-4A86-4487-A539-6D2D70E07004}\mpengine.dll 2013-01-27 20:14 . 2013-01-27 20:15 -------- d-----w- c:\users\sandra\AppData\Local\Facebook 2013-01-22 18:53 . 2013-01-22 18:53 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-01-22 18:53 . 2013-01-22 18:53 -------- d-----r- c:\program files (x86)\Skype 2013-01-12 13:57 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll 2013-01-12 13:57 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-17 00:28 . 2010-11-20 21:03 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-13 02:03 . 2010-12-29 23:44 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-13 00:23 . 2012-04-10 22:55 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-13 00:23 . 2011-12-01 12:16 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-16 17:11 . 2012-12-22 11:55 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-22 11:55 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-22 11:55 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-22 11:55 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-11-30 04:45 . 2013-01-12 13:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-14 07:06 . 2012-12-14 13:51 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-14 13:51 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-14 13:51 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-14 13:51 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-14 13:51 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-14 13:51 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-14 13:51 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-14 13:51 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-14 13:51 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-14 13:51 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-14 13:51 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-14 13:51 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-14 13:51 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-14 13:51 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-14 13:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-14 13:51 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-14 13:51 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-14 13:51 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-14 13:51 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-14 13:51 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-14 13:51 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-14 13:51 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45 . 2012-12-12 23:39 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-12 23:39 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "3RVX"="c:\program files (x86)\3RVX\3RVX.exe" [2008-10-13 159232] "Facebook Update"="c:\users\sandra\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-01-27 138096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576] "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-14 348664] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776] "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-12-11 542104] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service] @="Ad-Aware Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [2009-09-21 54320] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 140712] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-10-03 258560] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-21 1255736] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-02-06 14456] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-29 834544] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-01 27760] S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-12-14 1236968] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600] S2 AntiVirSchedulerService;Avira Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-08-14 86224] S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520] S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 3677000] S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-13 151040] S3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [2012-02-26 12904] . . --- Autres Services/Pilotes en mémoire --- . *NewlyCreated* - GFIBTO *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-08-20 12:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contenu du dossier 'Tâches planifiées' . 2013-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 00:23] . 2013-02-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3015428642-1281927885-3717724862-1001Core.job - c:\users\sandra\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-27 20:14] . 2013-02-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3015428642-1281927885-3717724862-1001UA.job - c:\users\sandra\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-27 20:14] . 2013-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-15 23:33] . 2013-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-15 23:33] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-28 16395880] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-08 171520] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424] . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 DPF: {00A7BD45-3D5C-11D4-BDA7-00C0F02C56AB} - hxxp://lafontpizza.dyndns.org/webpages/DMWebX.ocx FF - ProfilePath - c:\users\sandra\AppData\Roaming\Mozilla\Firefox\Profiles\kapoxp59.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=164&systemid=406&sr=0&q= FF - ExtSQL: 2013-02-06 09:08; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\sandra\AppData\Roaming\Mozilla\Firefox\Profiles\kapoxp59.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack FF - ExtSQL: !HIDDEN! 2012-12-02 22:09; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - ORPHELINS SUPPRIMES - - - - . URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) URLSearchHooks-{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - (no file) BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll Toolbar-10 - (no file) Wow6432Node-HKCU-Run-HPADVISOR - c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe Wow6432Node-HKCU-Run-Corel Photo Downloader - c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe Toolbar-10 - (no file) WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file) WebBrowser-{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Autres processus actifs ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files (x86)\CyberLink\Shared files\RichVideo.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe . ************************************************************************** . Heure de fin: 2013-02-06 15:15:19 - La machine a redémarré ComboFix-quarantined-files.txt 2013-02-06 14:15 . Avant-CF: 38 235 312 128 octets libres Après-CF: 45 387 165 696 octets libres . - - End Of File - - 569AAA172E570C92E755520026A0BE82 Déplacement du sujet dans la section Analyses et éradication malwares... ...
×
×
  • Créer...