Pageinternet.be/ps3.php – malware ?

[danipalinka]

Bonjour,

 

J'ai dû me faire avoir comme un débutant car parfois, en ouvrant Chrome ou Internet Explorer, il charge hxxp://pageinternet.be/ps3.php avant de retourner sur Google.

 

J'ai suivi quelques conseil et je suis arrivé sur Combofix... voilà le rapport, où j'ai trouvé l'adresse hxxp://pageinternet.be/ps3.php

 

Mais maintenant, que faire ?

Merci de votre aide...

 

-----------------

 

ComboFix 12-01-17.02 - Dan 18/01/2012 2:40.1.8 - x64

Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.4073.2388 [GMT 1:00]

Lancé depuis: d:\downloads\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Un nouveau point de restauration a été créé

.

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\4D

c:\programdata\4D\4D Runtime Volume License Preferences 2004.RSR

c:\programdata\4D\4D Write Prefs.RSR

c:\programdata\4D\4D Write\sPAIEctacle 4410.RSR

c:\programdata\4D\GHS\Logs\Sauvegarde\LogSauvegarde1109.txt

c:\programdata\4D\GHS\Logs\Sauvegarde\LogSauvegarde1110.txt

c:\programdata\4D\GHS\Logs\Sauvegarde\LogSauvegarde1111.txt

c:\programdata\4D\GHS\Logs\Sauvegarde\LogSauvegarde1112.txt

c:\programdata\4D\GHS\Logs\Sauvegarde\LogSauvegarde1201.txt

c:\programdata\4D\perso262144.dic

c:\programdata\FullRemove.exe

c:\users\Dan\AppData\Roaming\4D

c:\users\Dan\AppData\Roaming\4D\4D Write Prefs v12.RSR

c:\users\Dan\AppData\Roaming\4D\GHS\Courant.lnk

c:\users\Dan\AppData\Roaming\4D\GHS\Logs\Nettoyage\LogNettoyage1201.txt

c:\users\Dan\AppData\Roaming\4D\GHS\Logs\Sauvegarde\LogSauvegarde1201.txt

c:\users\Dan\AppData\Roaming\4D\GHS\Récents\Paie 05-20~011-11-29).1.lnk

c:\users\Dan\AppData\Roaming\4D\perso262144.dic

.

.

((((((((((((((((((((((((((((( Fichiers créés du 2011-12-18 au 2012-01-18 ))))))))))))))))))))))))))))))))))))

.

.

2012-01-18 01:48 . 2012-01-18 01:48 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-18 01:08 . 2012-01-18 01:08 -------- d-----w- c:\users\Dan\AppData\Roaming\QuickScan

2012-01-18 01:05 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F78CF84-5514-4476-BD1F-575AD092F7DB}\mpengine.dll

2012-01-17 10:19 . 2012-01-17 10:24 -------- d-----w- C:\temp

2012-01-16 12:20 . 2012-01-16 12:20 -------- dc-h--w- c:\programdata\{9327ACE9-CC82-4A33-9B33-291ACA1E267B}

2012-01-16 12:19 . 2012-01-16 12:19 -------- dc-h--w- c:\programdata\{DCC412E7-393B-4016-91FB-9307F059AFB6}

2012-01-16 12:18 . 2012-01-16 12:18 -------- dc-h--w- c:\programdata\{49FAB1E7-7D4E-4015-BBCA-E52669133FB7}

2012-01-16 11:56 . 2012-01-16 11:56 -------- d-----w- c:\program files (x86)\Trend Micro

2012-01-16 11:50 . 2012-01-16 11:50 -------- d-----w- c:\users\Dan\AppData\Roaming\Malwarebytes

2012-01-16 11:50 . 2012-01-16 11:50 -------- d-----w- c:\programdata\Malwarebytes

2012-01-16 11:50 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-16 11:50 . 2012-01-16 11:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-01-13 17:44 . 2012-01-13 17:44 338432 ----a-w- c:\windows\SysWow64\REX Shared Library.dll

2012-01-13 17:44 . 2012-01-13 17:44 406528 ----a-w- c:\windows\SysWow64\ReWire.dll

2012-01-13 17:40 . 2012-01-13 17:44 -------- d-----w- c:\programdata\Propellerhead Software

2012-01-13 17:40 . 2012-01-13 17:40 -------- d-----w- c:\users\Dan\AppData\Roaming\Propellerhead Software

2012-01-13 17:37 . 2012-01-13 17:37 -------- d-----w- c:\program files (x86)\Propellerhead

2012-01-13 16:19 . 2012-01-13 16:19 -------- dc-h--w- c:\programdata\{0F90C280-4264-421D-B061-171A009C45E3}

2012-01-13 05:19 . 2012-01-13 05:19 -------- d-----w- c:\program files (x86)\Spectrasonics

2012-01-13 05:17 . 2012-01-16 12:22 -------- d-----w- c:\users\Dan\AppData\Local\Native Instruments

2012-01-13 04:01 . 2012-01-13 04:01 -------- dc-h--w- c:\programdata\{D1E50F38-400B-4231-8140-FB47E150B777}

2012-01-13 04:01 . 2012-01-13 04:01 -------- d-----w- c:\program files (x86)\Common Files\Native Instruments

2012-01-12 11:36 . 2012-01-12 11:36 -------- d-----w- c:\program files (x86)\Alcohol Soft

2012-01-12 11:34 . 2012-01-12 11:34 503352 ----a-w- c:\windows\system32\drivers\sptd.sys

2012-01-11 19:19 . 2012-01-11 19:19 -------- dc----w- c:\programdata\{98352F45-F344-4528-B4AA-8BB717C0157D}

2012-01-11 19:13 . 2012-01-11 19:13 -------- dc----w- c:\programdata\{34F39B18-8D21-4D30-ABA7-42DA1C8D5D9F}

2012-01-11 17:56 . 2006-11-09 14:20 190072 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe

2012-01-11 17:56 . 2006-11-09 14:20 2111096 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\NPSWF32.dll

2012-01-11 17:25 . 2012-01-11 17:25 91276 ---h--r- c:\program files (x86)\mslch.vbs

2012-01-11 15:31 . 2012-01-11 17:56 -------- d-----w- c:\program files (x86)\Native Instruments

2012-01-11 15:31 . 2006-10-26 14:29 61440 ----a-w- c:\windows\SysWow64\NI_DFD_1_5.dll

2012-01-11 15:31 . 2006-10-26 14:29 393216 ----a-w- c:\windows\SysWow64\NI_IRC_1_2.dll

2012-01-11 15:31 . 2012-01-12 20:36 -------- d-----w- c:\program files (x86)\Vir2 Instruments

2012-01-11 15:14 . 2012-01-11 15:20 -------- d-----w- c:\users\Dan\AppData\Local\DADSU-CTL-V01X06

2012-01-11 15:14 . 2012-01-11 15:14 -------- d-----w- c:\program files (x86)\DADSU-CTL-V01X06

2012-01-11 04:23 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-01-11 04:23 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-01-11 04:23 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-01-11 04:23 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll

2012-01-11 04:23 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-01-11 04:23 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-01-11 04:23 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll

2012-01-11 04:23 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2011-12-25 12:17 . 2011-12-25 12:17 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2011-12-25 12:17 . 2011-12-25 12:17 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2011-12-25 12:17 . 2011-12-25 12:17 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2011-12-25 12:17 . 2011-12-25 12:17 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll

2011-12-23 17:27 . 2011-12-23 17:27 -------- d-----w- c:\program files (x86)\SAGEM

2011-12-23 17:27 . 2011-12-23 17:27 -------- d-----w- c:\users\Dan\AppData\Roaming\InstallShield

2011-12-22 16:45 . 2011-12-22 16:45 -------- d-----w- c:\windows\Options

2011-12-22 16:45 . 2010-01-05 18:23 1847296 ----a-r- c:\windows\system32\athurx.sys

2011-12-22 16:45 . 2011-12-22 16:45 -------- d-----w- c:\programdata\TP-LINK

2011-12-19 12:24 . 2011-12-19 12:24 -------- d-----w- c:\users\Dan\yf

2011-12-19 11:57 . 2011-12-19 11:57 -------- d-----w- c:\users\Dan\AppData\Local\Your Freedom

2011-12-19 11:56 . 2011-12-19 11:57 -------- d-----w- c:\program files (x86)\Your Freedom

.

.

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-18 01:07 . 2011-09-07 21:00 45056 ----a-w- c:\windows\system32\acovcnt.exe

2011-12-21 13:29 . 2011-09-16 12:29 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-24 04:52 . 2011-12-14 10:43 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-11-21 11:40 . 2011-09-09 05:59 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-11-18 17:42 . 2011-11-18 17:42 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-11-05 05:32 . 2011-12-14 10:43 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-05 04:26 . 2011-12-14 10:43 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-11-04 01:53 . 2011-12-14 13:13 2309120 ----a-w- c:\windows\system32\jscript9.dll

2011-11-04 01:44 . 2011-12-14 13:13 1390080 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 01:44 . 2011-12-14 13:13 1493504 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-04 01:34 . 2011-12-14 13:13 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-11-03 22:47 . 2011-12-14 13:13 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll

2011-11-03 22:40 . 2011-12-14 13:13 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-11-03 22:39 . 2011-12-14 13:13 1127424 ----a-w- c:\windows\SysWow64\wininet.dll

2011-11-03 22:31 . 2011-12-14 13:13 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-10-26 05:21 . 2011-12-14 10:48 43520 ----a-w- c:\windows\system32\csrsrv.dll

.

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2011-04-13 02:33 433648 ----a-w- c:\programdata\Partner\Partner.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ajax"="c:\program files (x86)\mslch.vbs" [2012-01-11 91276]

"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2010-08-20 33120]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"adiras"="c:\windows\adirasx64.exe" [2007-02-13 253008]

.

c:\users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 E4LOADER;General Purpose USB Driver (e4ldrx64.sys);c:\windows\system32\Drivers\e4ldrx64.sys [2007-01-04 71832]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]

R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]

R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbawx64.sys [2007-01-04 146968]

R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Inspection réseau Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187B.sys [x]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]

R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]

R4 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

R4 AsusUacSvc;Asus process privilege adjust service;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [2010-07-27 113840]

R4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-08-13 79360]

R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-08-13 79360]

R4 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2011-04-13 332272]

R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-11 378472]

R4 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]

R4 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]

R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [x]

S2 MboxAudioDevMon;Mbox Audio Device Monitor;c:\program files (x86)\Avid\Mbox\AudioDevMon.exe [2010-05-25 1919504]

S2 MboxMiniAudioDevMon;Mbox Mini Audio Device Monitor;c:\program files (x86)\Avid\Mbox Mini\AudioDevMon.exe [2010-05-06 1919504]

S2 MboxProAudioDevMon;Mbox Pro Audio Device Monitor;c:\program files (x86)\Avid\Mbox Pro\AudioDevMon.exe [2010-06-11 1919504]

S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 5352960]

S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]

S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]

S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]

S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]

S3 MBOX;Service for Avid Mbox;c:\windows\system32\DRIVERS\AvidMbox.sys [x]

S3 MBOXDFU;Service for Avid Mbox DFU;c:\windows\system32\DRIVERS\AvidMbox_DFU.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

Contenu du dossier 'Tâches planifiées'

.

2012-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]

.

2012-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2011-04-13 02:33 750064 ----a-w- c:\programdata\Partner\Partner64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Examen supplémentaire -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = 91.121.85.116:80

TCP: DhcpNameServer = 192.168.1.254

DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/fr/Core/Player/2020PlayerAX_IKEA_Win32.cab

FF - ProfilePath - c:\users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\w5vh7xnd.default\

FF - prefs.js: browser.startup.homepage - hxxp://pageinternet.be/ps3.php

FF - prefs.js: network.proxy.ftp - 127.0.0.1

FF - prefs.js: network.proxy.ftp_port - 8080

FF - prefs.js: network.proxy.gopher - 5.6.7.8

FF - prefs.js: network.proxy.gopher_port - 8080

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.socks - 127.0.0.1

FF - prefs.js: network.proxy.socks_port - 8080

FF - prefs.js: network.proxy.ssl - 127.0.0.1

FF - prefs.js: network.proxy.ssl_port - 8080

FF - prefs.js: network.proxy.type - 4

.

- - - - ORPHELINS SUPPRIMES - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Toolbar-Locked - (no file)

AddRemove-Roger Nichols Digital DETAILER VST RTAS_is1 - c:\program files (x86)\Roger Nichols Digital

.

.

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Heure de fin: 2012-01-18 02:51:56

ComboFix-quarantined-files.txt 2012-01-18 01:51

.

Avant-CF: 74 497 712 128 octets libres

Après-CF: 74 345 512 960 octets libres

.

- - End Of File - - 5D119F52FDA58F961B01C442CB8170A4