Se connecter avec
S'enregistrer | Connectez-vous

Cheval de troie

Dernière réponse : dans Réseaux
Lassé par la pub ? Créez un compte

bonjour je ne sait pas quoi faire alors je met le rapport de combofix ComboFix 10-06-01.05 - delphine 02/06/2010 17:13:42.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2814.1735 [GMT 2:00]
Lancé depuis: c:\users\delphine\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un antivirus résident est actif

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\delphine\AppData\Roaming\.#
c:\users\delphine\AppData\Roaming\.#\MBX@1B48@3B2990.###
c:\users\delphine\AppData\Roaming\.#\MBX@1B48@3B29C0.###
c:\users\delphine\AppData\Roaming\.#\MBX@1B48@3B29F0.###
c:\users\delphine\AppData\Roaming\.#\MBX@334@1782990.###
c:\users\delphine\AppData\Roaming\.#\MBX@334@17829C0.###
c:\users\delphine\AppData\Roaming\.#\MBX@334@17829F0.###
c:\users\delphine\AppData\Roaming\.#\MBX@988@372990.###
c:\users\delphine\AppData\Roaming\.#\MBX@988@3729C0.###
c:\users\delphine\AppData\Roaming\.#\MBX@988@3729F0.###
c:\users\delphine\AppData\Roaming\.#\MBX@D58@1DC2990.###
c:\users\delphine\AppData\Roaming\.#\MBX@D58@1DC29C0.###
c:\users\delphine\AppData\Roaming\.#\MBX@D58@1DC29F0.###
c:\users\delphine\AppData\Roaming\Desktopicon
c:\users\delphine\AppData\Roaming\Desktopicon\eBay.ico
c:\users\delphine\AppData\Roaming\Desktopicon\uninst.exe
c:\users\delphine\AppData\Roaming\Microsoft\Windows\Recent\00 - RapGodFather.com=- Daily Updated Hip-Hop News & Downloads - Home.url
c:\users\delphine\AppData\Roaming\Microsoft\Windows\Recent\Games-Attack Website.url
c:\users\Public\mdsys.s
c:\users\Public\mdusys.s
c:\users\Public\winbrd.jpg
c:\windows\system32\%appdata%
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-05-02 au 2010-06-02 ))))))))))))))))))))))))))))))))))))
.

2010-06-02 15:20 . 2010-06-02 15:22 -------- d-----w- c:\users\delphine\AppData\Local\temp
2010-06-02 15:20 . 2010-06-02 15:20 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2010-06-02 08:50 . 2010-06-02 08:50 -------- d-----w- c:\users\delphine\AppData\Roaming\Avira
2010-06-02 06:34 . 2010-06-02 06:41 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-06-02 06:34 . 2009-03-30 07:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-06-02 06:34 . 2010-06-02 06:34 -------- d-----w- c:\programdata\Avira
2010-06-02 06:34 . 2010-06-02 06:34 -------- d-----w- c:\program files\Avira
2010-06-01 20:13 . 2010-06-01 20:13 -------- d-----w- c:\program files\MP3 Rocket
2010-06-01 13:24 . 2010-06-01 13:24 -------- d-----w- c:\users\delphine\AppData\Roaming\TuneUp Software
2010-06-01 13:23 . 2010-06-01 13:23 -------- d-----w- c:\programdata\TuneUp Software
2010-06-01 13:23 . 2010-06-01 13:23 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-05-31 20:57 . 2010-05-31 20:57 -------- d-----w- c:\program files\Unlocker
2010-05-31 09:15 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-31 09:15 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-31 09:15 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-31 09:15 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-31 09:15 . 2010-05-06 20:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-31 09:14 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-31 09:14 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-31 09:14 . 2010-05-31 09:14 -------- d-----w- c:\programdata\Alwil Software
2010-05-31 09:14 . 2010-05-31 09:14 -------- d-----w- c:\program files\Alwil Software
2010-05-30 14:10 . 2010-06-01 20:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-30 14:10 . 2010-06-01 20:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-30 14:05 . 2010-05-30 14:05 -------- d-----w- c:\users\delphine\AppData\Roaming\Malwarebytes
2010-05-30 14:05 . 2010-05-30 14:05 -------- d-----w- c:\programdata\Malwarebytes
2010-05-30 14:05 . 2010-06-01 20:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-28 13:28 . 2010-05-28 13:28 -------- d-----w- c:\users\delphine\AppData\Roaming\Uniblue
2010-05-26 19:39 . 2010-06-01 20:08 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-05-26 18:31 . 2010-06-02 12:13 -------- d-----w- c:\users\delphine\AppData\Roaming\QuickScan
2010-05-26 18:31 . 2010-05-18 15:21 702120 ----a-w- c:\users\delphine\AppData\Roaming\Mozilla\Firefox\Profiles\mf90pe27.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-05-26 18:31 . 2010-05-18 15:21 868456 ----a-w- c:\users\delphine\AppData\Roaming\Mozilla\Firefox\Profiles\mf90pe27.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-05-26 13:42 . 2010-05-26 20:23 -------- d-----w- c:\users\delphine\AppData\Local\prnmoprqe
2010-05-26 12:49 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-24 19:59 . 2010-05-24 19:59 50354 ----a-w- c:\users\delphine\AppData\Roaming\Facebook\uninstall.exe
2010-05-24 19:59 . 2010-05-24 19:59 -------- d-----w- c:\users\delphine\AppData\Roaming\Facebook
2010-05-20 21:33 . 2007-11-27 06:41 405504 ----a-w- c:\users\delphine\AppData\Roaming\NCH Software\Components\mp3el2\lame.exe
2010-05-20 21:33 . 2008-02-13 06:07 172032 ----a-w- c:\users\delphine\AppData\Roaming\NCH Software\Components\a52dec\a52dec.exe
2010-05-20 21:33 . 2008-07-21 06:37 456211 ----a-w- c:\users\delphine\AppData\Roaming\NCH Software\Components\ffmpeg3\avformat-52.dll
2010-05-20 21:33 . 2008-07-21 06:37 40960 ----a-w- c:\users\delphine\AppData\Roaming\NCH Software\Components\ffmpeg3\avutil-49.dll
2010-05-20 21:33 . 2008-07-21 06:37 2457619 ----a-w- c:\users\delphine\AppData\Roaming\NCH Software\Components\ffmpeg3\avcodec-51.dll
2010-05-20 21:27 . 2010-05-20 21:27 -------- d-----w- c:\program files\NCH Software
2010-05-12 05:09 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-02 15:12 . 2008-01-21 08:40 671944 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-02 15:12 . 2008-01-21 08:40 124564 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-02 15:09 . 2009-05-13 22:08 -------- d-----w- c:\users\delphine\AppData\Roaming\uTorrent
2010-06-02 06:01 . 2009-05-14 15:10 -------- d-----w- c:\program files\CCleaner
2010-05-30 22:34 . 2009-07-19 18:39 -------- d-----w- c:\program files\EoRezo
2010-05-30 20:16 . 2009-07-17 09:15 1356 ----a-w- c:\users\delphine\AppData\Local\d3d9caps.dat
2010-05-28 13:40 . 2009-05-14 15:21 -------- d-----w- c:\users\delphine\AppData\Roaming\mp3rocket
2010-05-27 13:04 . 2009-06-22 05:56 -------- d-----w- c:\programdata\HP Product Assistant
2010-05-27 06:02 . 2010-01-08 09:38 -------- d-----w- c:\users\delphine\AppData\Roaming\Sports Interactive
2010-05-26 20:42 . 2009-09-14 20:11 -------- d-----w- c:\program files\PopCap Games
2010-05-26 14:57 . 2009-05-14 10:53 -------- d-----w- c:\program files\Microsoft
2010-05-20 21:33 . 2010-01-21 19:09 -------- d-----w- c:\users\delphine\AppData\Roaming\NCH Software
2010-05-20 21:23 . 2009-10-06 13:39 -------- d-----w- c:\program files\NCH Swift Sound
2010-05-20 20:58 . 2009-05-13 22:09 -------- d-----w- c:\program files\uTorrent
2010-05-12 15:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-12 15:02 . 2008-05-09 02:16 -------- d-----w- c:\programdata\Microsoft Help
2010-05-12 09:21 . 2009-10-03 00:09 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-28 15:00 . 2008-05-09 01:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-28 14:54 . 2010-04-28 14:54 -------- d-----w- c:\users\delphine\AppData\Roaming\ArcSoft
2010-04-28 14:46 . 2010-04-28 14:46 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-04-23 21:26 . 2009-07-19 18:39 -------- d-----w- c:\users\delphine\AppData\Roaming\EoRezo
2010-04-21 22:27 . 2010-04-21 22:27 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2010-04-20 15:26 . 2009-05-14 10:52 -------- d-----w- c:\program files\Windows Live
2010-04-09 13:11 . 2010-04-09 13:11 653576 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-03-20 20:56 . 2010-03-20 20:17 2871296 ----a-w- c:\users\delphine\AppData\Roaming\EoRezo\install.exe
2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\users\delphine\AppData\Roaming\Facebook\axfbootloader.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\users\delphine\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-03-05 14:01 . 2010-04-14 05:10 420352 ----a-w- c:\windows\system32\vbscript.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-08 20:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-14 322352]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MP3 Rocket (Minimized).lnk - c:\program files\MP3 Rocket\MP3Rocket.exe [2010-1-28 174080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):46,c5,b1,68,1a,0b,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1055406133-2688932265-3617840988-1000]
"EnableNotificationsRef"=dword:00000001

R0 knsf;knsf;c:\windows\System32\drivers\aensnr.sys [x]
R2 aswFsBlk;aswFsBlk;aswFsBlk.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]
R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224]
R3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\DRIVERS\xpadfl02.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-22 691696]
S1 aswSP;aswSP; [x]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2009-05-11 194817]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-05-12 434945]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-04-25 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-04-22 43552]


--- Autres Services/Pilotes en mémoire ---

*Deregistered* - czeenouu

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contenu du dossier 'Tâches planifiées'

2010-06-02 c:\windows\Tasks\User_Feed_Synchronization-{A5B3CAD8-20D4-4414-8F4B-0317E8EBC0BB}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.ask.com/web?o=13110&l=dis
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Recherche sur eBay - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\users\delphine\AppData\Roaming\Mozilla\Firefox\Profiles\mf90pe27.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:o fficial
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIAWB1&q=
FF - component: c:\users\delphine\AppData\Roaming\Mozilla\Firefox\Profiles\mf90pe27.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\delphine\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\delphine\AppData\Roaming\Mozilla\Firefox\Profiles\mf90pe27.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-soft2PC - (no file)
HKLM-Run-eorezo - (no file)
AddRemove-eBay Icon - c:\users\delphine\AppData\Roaming\Desktopicon\uninst.exe



**************************************************************************
Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés:

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\czeenouu]

.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1055406133-2688932265-3617840988-1000\Software\SecuROM\License information*]
"datasecu"=hex:15,fe,2e,71,d4,0b,72,70,fc,ba,98,95,03,7f,e2,70,ae,9f,c3,a7,30,
df,af,01,47,0b,44,27,fb,4f,27,38,0d,a8,76,b3,23,e7,29,4b,6e,d5,43,da,53,51,\
"rkeysecu"=hex:D b,de,5f,6e,ff,c0,13,88,51,2c,e9,f8,6a,e9,dd,db

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(3872)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Heure de fin: 2010-06-02 17:26:59 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-06-02 15:26

Avant-CF: 97 909 841 920 octets libres
Après-CF: 97 884 708 864 octets libres

- - End Of File - - 7152967EF411ED6D47C9C1BB3E100159
Lassé par la pub ? Créez un compte

Créer un nouveau sujet