Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

utilisation combofix

golfbird

Par golfbird
dans Analyses et éradication malwares

 Partager

Messages recommandés

golfbird Junior Member

golfbird

Posté(e)
Posté(e)

Bonjour,

Ayant une infection que je ne peux éradiquer avec mon antivirus et autres antimalwares j'ai utilisé combofix et ai obtenu le rapport suivant.

Quelqu'un pourrait il m'éclairer sur la marche à suivre ?

Merci

 

Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.3071.2061 [GMT 2:00]

Lancé depuis: c:\users\Beaufranc\Desktop\ComboFix.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\program files\Common Files\Real\Update_OB\lang\faust_fr.dll

c:\program files\Common Files\Real\Update_OB\lang\rpsearch_fr.dll

c:\program files\Real\RealPlayer\converter\rnuninst_fr.dll

c:\program files\Real\RealPlayer\lang\cdplay_fr.dll

c:\program files\Real\RealPlayer\lang\dbcomp_fr.dll

c:\program files\Real\RealPlayer\lang\embed_fr.dll

c:\program files\Real\RealPlayer\lang\gemctl_fr.dll

c:\program files\Real\RealPlayer\lang\mydevices_fr.dll

c:\program files\Real\RealPlayer\lang\pngui_fr.dll

c:\program files\Real\RealPlayer\lang\rjctl_fr.dll

c:\program files\Real\RealPlayer\lang\rjdlg_fr.dll

c:\program files\Real\RealPlayer\lang\rjeq_fr.dll

c:\program files\Real\RealPlayer\lang\rjfade_fr.dll

c:\program files\Real\RealPlayer\lang\rjmisc_fr.dll

c:\program files\Real\RealPlayer\lang\rjprog_fr.dll

c:\program files\Real\RealPlayer\lang\rjres_fr.dll

c:\program files\Real\RealPlayer\lang\rjskin_fr.dll

c:\program files\Real\RealPlayer\lang\rjviz_fr.dll

c:\program files\Real\RealPlayer\lang\rjwma_fr.dll

c:\program files\Real\RealPlayer\lang\rnuninst_fr.dll

c:\program files\Real\RealPlayer\lang\rpapp_fr.dll

c:\program files\Real\RealPlayer\lang\rpbgr_fr.dll

c:\program files\Real\RealPlayer\lang\rpbrp_fr.dll

c:\program files\Real\RealPlayer\lang\rpclsvc_fr.dll

c:\program files\Real\RealPlayer\lang\rpclutil_fr.dll

c:\program files\Real\RealPlayer\lang\rpdemand_fr.dll

c:\program files\Real\RealPlayer\lang\rpdsplyr_fr.dll

c:\program files\Real\RealPlayer\lang\rpext_fr.dll

c:\program files\Real\RealPlayer\lang\rpgutil_fr.dll

c:\program files\Real\RealPlayer\lang\rpmnpane_fr.dll

c:\program files\Real\RealPlayer\lang\rpplylst_fr.dll

c:\program files\Real\RealPlayer\lang\rpsearch_fr.dll

c:\program files\Real\RealPlayer\lang\rpwebctl_fr.dll

c:\program files\Real\RealPlayer\lang\systray_fr.dll

c:\program files\Real\RealPlayer\lang\tcdinfo_fr.dll

c:\program files\Real\RealPlayer\lang\tclsvc_fr.dll

c:\program files\Real\RealPlayer\lang\tdwnmgr_fr.dll

c:\program files\Real\RealPlayer\lang\tearm_fr.dll

c:\program files\Real\RealPlayer\lang\teasdk_fr.dll

c:\program files\Real\RealPlayer\lang\tmdedit_fr.dll

c:\program files\Real\RealPlayer\lang\tmp3_fr.dll

c:\program files\Real\RealPlayer\lang\twave_fr.dll

c:\program files\Real\RealPlayer\lang\upgrdhlp_fr.dll

c:\program files\Real\RealPlayer\lang\upgrdlib_fr.dll

c:\users\Beaufranc\AppData\Roaming\BITS

c:\users\Beaufranc\AppData\Roaming\BITS\BITS.ini

c:\users\Beaufranc\AppData\Roaming\BITS\DHTTable.dat

c:\users\Beaufranc\AppData\Roaming\BITS\ProxyList.ini

c:\users\Beaufranc\AppData\Roaming\BITS\UPnP.ini

c:\users\Beaufranc\AppData\Roaming\FlashGetBHO

c:\users\Beaufranc\AppData\Roaming\FlashGetBHO\GetAllUrl.htm

c:\users\Beaufranc\AppData\Roaming\FlashGetBHO\GetUrl.htm

c:\windows\system32\secushr.dat

c:\windows\system32\secustat.dat

D:\resycled

E:\resycled

F:\resycled

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-05-24 au 2010-06-24 ))))))))))))))))))))))))))))))))))))

.

 

2010-06-24 09:31 . 2010-06-24 09:31 -------- d-----w- c:\users\Beaufranc\AppData\Local\temp

2010-06-24 09:31 . 2010-06-24 09:31 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-06-23 13:08 . 2010-06-23 13:08 -------- d-----w- c:\users\Beaufranc\AppData\Roaming\Malwarebytes

2010-06-23 13:08 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-23 13:08 . 2010-06-23 13:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-23 13:08 . 2010-06-23 13:08 -------- d-----w- c:\programdata\Malwarebytes

2010-06-23 13:08 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-17 14:41 . 2010-06-17 14:41 -------- d-----w- c:\users\Beaufranc\AppData\Roaming\Uniblue

2010-06-14 13:42 . 2010-06-14 13:42 3648 ------w- C:\bootsqm.dat

2010-06-09 06:29 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll

2010-06-09 06:29 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll

2010-06-09 06:29 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys

2010-06-09 06:29 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-06-09 06:29 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll

2010-05-29 23:51 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-23 09:35 . 2009-12-19 13:03 -------- d-----w- c:\users\Beaufranc\AppData\Roaming\FileZilla

2010-06-23 09:16 . 2009-07-14 08:39 695004 ----a-w- c:\windows\system32\perfh00C.dat

2010-06-23 09:16 . 2009-07-14 08:39 127684 ----a-w- c:\windows\system32\perfc00C.dat

2010-06-19 21:10 . 2009-12-19 13:03 -------- d-----w- c:\program files\FileZilla FTP Client

2010-06-09 21:24 . 2010-06-09 21:24 16 ----a-w- c:\users\Beaufranc\AppData\Roaming\ohipmn.dat

2010-06-09 06:34 . 2009-12-21 08:52 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-07 07:01 . 2010-01-22 21:34 -------- d-----w- c:\users\Beaufranc\AppData\Roaming\XnView

2010-05-29 23:54 . 2010-01-22 10:59 -------- d-----w- c:\program files\TuneUp Utilities 2010

2010-05-28 20:49 . 2010-05-06 11:46 -------- d-----w- c:\program files\Glary Utilities

2010-05-11 21:56 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail

2010-05-09 09:56 . 2010-05-09 09:56 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll

2010-05-09 09:56 . 2010-05-09 09:56 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll

2010-05-09 09:56 . 2010-05-09 09:56 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll

2010-05-09 09:56 . 2010-05-09 09:56 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll

2010-05-09 09:56 . 2010-05-09 09:56 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll

2010-05-09 09:56 . 2010-05-09 09:56 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll

2010-05-09 09:56 . 2010-05-09 09:56 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll

2010-05-09 09:56 . 2010-05-09 09:56 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

2010-05-09 09:56 . 2010-05-09 09:56 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

2010-05-09 09:56 . 2010-05-09 09:55 -------- d-----w- c:\program files\Common Files\Real

2010-05-09 09:56 . 2010-05-09 09:55 -------- d-----w- c:\program files\Real

2010-05-09 09:55 . 2010-05-09 09:55 -------- d-----w- c:\program files\Common Files\xing shared

2010-05-09 09:55 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-05-09 09:55 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-05-07 16:07 . 2010-01-22 11:00 30536 ----a-w- c:\windows\system32\TURegOpt.exe

2010-05-07 16:01 . 2010-01-22 11:00 21320 ----a-w- c:\windows\system32\authuitu.dll

2010-05-07 16:01 . 2010-01-22 11:00 30024 ----a-w- c:\windows\system32\uxtuneup.dll

2010-05-06 11:35 . 2010-05-06 11:35 639296 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2010-04-27 06:32 . 2010-01-25 10:01 -------- d-----w- c:\programdata\NVIDIA

2010-04-26 10:39 . 2010-04-26 10:38 -------- d-----w- c:\program files\NVIDIA Corporation

2010-04-26 10:38 . 2009-12-28 13:22 -------- d-----w- c:\program files\AGEIA Technologies

2010-04-22 13:42 . 2010-04-22 13:42 3584 ----a-r- c:\users\Beaufranc\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe

2010-04-20 14:35 . 2010-01-22 11:00 30024 ----a-w- c:\windows\system32\uxtFDE4.tmp

2010-04-05 06:28 . 2009-07-24 10:26 291352 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2010-01-20 22:53 . 2010-01-20 22:41 952 --sha-w- c:\windows\System32\KGyGaAvL.sys

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-04-05 1123360]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-01-19 8452640]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]

backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Mémento.lnk]

backup=c:\windows\pss\Mémento.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^Users^Beaufranc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PopTray.lnk]

backup=c:\windows\pss\PopTray.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]

2007-06-11 13:55 316336 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdeamon]

2007-06-01 08:06 20480 ----a-w- c:\program files\Lexmark 4800 Series\lxdeamon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdemon.exe]

2007-06-11 13:53 455600 ----a-w- c:\program files\Lexmark 4800 Series\lxdemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2010-01-19 18:10 8452640 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2010-02-20 15:40 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-05-09 09:55 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

 

R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 135664]

R2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdeserv.exe [2007-05-29 99248]

R3 Arrakis3;BitDefender Serveur Arrakis;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 183880]

R3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-02-11 153448]

S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-05-06 79952]

S2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe [2007-05-29 598960]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-07 1051976]

S3 acpials;Filtre du capteur de lumière ambiante;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]

S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]

S3 netw5v32;Pilote de carte de liaison WiFi sans fil Intel® 5000 Series pour Windows Vista 32 bits;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-01-28 68200]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-19 189440]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]

 

 

--- Autres Services/Pilotes en mémoire ---

 

*NewlyCreated* - 26AAE74F

*NewlyCreated* - 6EA57AD0

*NewlyCreated* - MBAMPROTECTOR

*NewlyCreated* - MBAMSWISSARMY

*Deregistered* - 26aae74f

*Deregistered* - 6ea57ad0

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contenu du dossier 'Tâches planifiées'

 

2010-06-23 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2010-05-06 08:01]

 

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 15:57]

 

2010-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 15:57]

.

.

------- Examen supplémentaire -------

.

uStart Page = file:///C:/Users/Beaufranc/Documents/Mes%20sites%20Web/D%E9marrageIE/index.htm

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: Télécharger en utilisant Download &Express - c:\program files\Download Express\Add_Url.htm

Trusted Zone: kuaiche.com\software

Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll

Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll

Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll

DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} - hxxps://static.impots.gouv.fr/abos/static/securite/certdgi1.cab

FF - ProfilePath - c:\users\Beaufranc\AppData\Roaming\Mozilla\Firefox\Profiles\tbgvtxjb.default\

FF - prefs.js: browser.startup.homepage - c:\\Users\\Beaufranc\\Documents\\Mes sites Web\\DémarrageIE\\index.htm

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

 

---- PARAMETRES FIREFOX ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

d:\program files\FireFox\greprefs\all.js - pref("ui.use_native_colors", true);

d:\program files\FireFox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

d:\program files\FireFox\greprefs\all.js - pref("svg.smil.enabled", false);

d:\program files\FireFox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

d:\program files\FireFox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

d:\program files\FireFox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - ORPHELINS SUPPRIMES - - - -

 

Toolbar-Locked - (no file)

MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe

 

 

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\S-1-5-21-2936227520-3949034871-3895078191-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):a7,c1,29,6e,fa,63,a3,0f,3c,36,a2,2f,23,2a,9b,97,de,46,f4,6c,80,

8e,c8,52,b4,de,86,66,df,62,09,ef,86,9b,f0,9d,92,37,b7,fb,00,00,00,00,00,00,\

 

[HKEY_USERS\S-1-5-21-2936227520-3949034871-3895078191-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):7a,9b,c5,42,e3,f7,d5,2e,83,b5,eb,63,e4,4e,0a,a7,f9,c5,0a,a1,c5,

1e,da,47,56,6d,82,70,ff,52,b5,e0,56,03,0d,c5,e9,cc,13,3e,00,00,00,00,00,00,\

 

[HKEY_USERS\S-1-5-21-2936227520-3949034871-3895078191-1000_Classes\CLSID\{ac31aad2-4205-4c89-817a-5e2fab0ede2b}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:0000005d

"Therad"=dword:00000001

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

 

[HKEY_USERS\S-1-5-21-2936227520-3949034871-3895078191-1000_Classes\CLSID\{ee55b6aa-67ba-4e02-8817-bfebb5f80eb2}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:00000027

"Therad"=dword:00000014

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Heure de fin: 2010-06-24 11:34:03

ComboFix-quarantined-files.txt 2010-06-24 09:34

 

Avant-CF: 131 429 048 320 octets libres

Après-CF: 131 171 315 712 octets libres

 

- - End Of File - - B7E47FDFAC6C6CEB030269AE3DC6C67F

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...