PRESENCE DE VERS

Fermé
vespasien Messages postés 4 Date d'inscription dimanche 16 mars 2008 Statut Membre Dernière intervention 9 février 2011 - 9 févr. 2011 à 17:07
Bonjour,
j'avias un probleme de connexion depuis plusieurs jours. Je n'arrivais plus à me connecter avec mon laptop et cela apres avoir intallé un utilitaire p2p. J'ai donc activé le vrai administrateur et effectué un scan avec combofix car il ne fonctionnait pas dans ma session normale qui est aussi administrateur. Là il se trouve j'ai pu me connecter à nouveau après le scan avec combofix, mais je vous envoie le log de combofix et HiJackThis, sait-on jamais.

COMBOFIX

ComboFix 11-02-08.03 - Administrateur 09/02/2011 12:06:57.4.2 - x86
Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1036.18.3003.1632 [GMT 0:00]
Lancé depuis: c:\users\Administrateur\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((( Fichiers créés du 2011-01-09 au 2011-02-09 ))))))))))))))))))))))))))))))))))))
.

2670-06-16 17:34 . 2010-09-13 18:20 -------- d-----w- C:\Gold Miner Vegas
2011-02-09 12:18 . 2011-02-09 12:18 -------- d-----w- c:\users\YAO\AppData\Local\temp
2011-02-09 12:18 . 2011-02-09 12:18 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-02-09 12:18 . 2011-02-09 12:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-09 11:59 . 2011-02-09 12:00 -------- d-----w- c:\users\Administrateur
2011-02-09 11:35 . 2011-02-09 11:35 -------- d-----w- c:\users\YAO\AppData\Local\Atheros
2011-02-01 15:34 . 2011-02-01 15:34 -------- d-----w- c:\program files\uTorrent
2011-01-19 01:15 . 2011-01-19 01:15 -------- d-----w- c:\users\YAO\AppData\Roaming\Subversion
2011-01-19 01:03 . 2011-01-19 01:03 -------- d-----w- c:\users\YAO\AppData\Roaming\Borland
2011-01-19 01:03 . 2011-01-19 01:03 -------- d-----w- c:\users\YAO\AppData\Local\Borland
2011-01-19 01:03 . 2011-01-19 01:03 -------- d-----w- c:\programdata\Borland
2011-01-19 01:03 . 2011-01-19 01:03 -------- d-----w- c:\users\YAO\JBuilder
2011-01-19 01:03 . 2011-01-19 01:03 -------- d-----w- c:\users\YAO\AppData\Roaming\CodeGear
2011-01-16 10:52 . 2010-10-16 04:34 573440 ----a-w- c:\windows\system32\odbc32.dll
2011-01-16 10:52 . 2010-10-16 04:33 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-16 10:52 . 2010-10-16 04:33 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-16 10:52 . 2010-10-16 04:33 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-16 10:52 . 2010-10-16 04:33 208896 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 11:55 . 2010-10-29 09:24 691 ----a-w- c:\users\YAO\AppData\Roaming\GetValue.vbs
2011-02-09 11:55 . 2010-10-29 09:24 35 ----a-w- c:\users\YAO\AppData\Roaming\SetValue.bat
2011-01-11 12:56 . 2011-01-03 01:10 889 ----a-w- C:\FindyKill_Upload_Me_YAO-PC.zip
2010-12-14 13:53 . 2010-12-27 14:26 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2010-12-14 13:48 . 2010-12-27 14:47 21312 ----a-w- c:\windows\system32\authuitu.dll
2010-12-14 13:48 . 2010-12-27 14:47 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2010-12-05 15:28 . 2010-07-26 21:17 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-11-29 17:38 . 2010-11-29 17:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 17:38 . 2010-11-29 17:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-12 18:53 . 2010-07-27 17:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
.

((((((((((((((((((((((((((((( SnapShot_2011-02-09_11.12.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-26 18:45 . 2011-02-09 11:54 57582 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2011-02-09 11:54 51382 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-26 18:40 . 2011-02-09 11:54 16346 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3752546514-2127189723-573387282-1000_UserData.bin
- 2010-07-26 18:40 . 2011-02-09 08:54 16346 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3752546514-2127189723-573387282-1000_UserData.bin
- 2010-07-26 16:00 . 2011-02-07 13:14 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-26 16:00 . 2011-02-09 12:00 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-26 16:00 . 2011-02-07 13:14 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-26 16:00 . 2011-02-09 12:00 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2011-02-09 12:00 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2011-02-07 13:14 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-26 18:14 . 2011-02-09 10:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-26 18:14 . 2011-02-09 12:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-26 18:14 . 2011-02-09 12:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-26 18:14 . 2011-02-09 10:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-09 10:59 . 2011-02-09 10:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-02-09 11:51 . 2011-02-09 11:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-02-09 10:59 . 2011-02-09 10:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-09 11:51 . 2011-02-09 11:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 08:39 . 2011-02-09 09:51 814230 c:\windows\System32\perfh00C.dat
+ 2009-07-14 08:39 . 2011-02-09 12:02 814230 c:\windows\System32\perfh00C.dat
+ 2009-07-14 02:05 . 2011-02-09 12:02 721072 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2011-02-09 09:51 721072 c:\windows\System32\perfh009.dat
- 2009-07-14 08:39 . 2011-02-09 09:51 174732 c:\windows\System32\perfc00C.dat
+ 2009-07-14 08:39 . 2011-02-09 12:02 174732 c:\windows\System32\perfc00C.dat
- 2009-07-14 02:05 . 2011-02-09 09:51 147020 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2011-02-09 12:02 147020 c:\windows\System32\perfc009.dat
- 2010-07-26 18:04 . 2011-01-03 15:43 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-07-26 18:04 . 2011-02-09 12:00 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 02:03 . 2011-02-09 01:53 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:03 . 2011-02-09 12:06 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-10-25 1668664]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-12-24 210216]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-23 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-08-16 798720]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-23 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-23 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-23 170520]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"PWRISOVM.EXE"="d:\power iso\PWRISOVM.EXE" [2008-11-02 167936]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-13 467036]

c:\users\YAO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\magicdisc\MagicDisc.exe [2010-7-26 576000]
SynTPEnh.exe - Raccourci.lnk - c:\program files\Synaptics\SynTP\SynTPEnh.exe [2010-5-27 1721640]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hyperappel du Petit Larousse 2008.lnk - d:\petit larousse\Petit Larousse 2008\bin\Hyperappel.exe [2010-8-2 237568]
OSF Traitements.lnk - c:\program files\Oniris Sigma\Traitements\OSF Traitements.exe [2010-7-26 12363349]
Register Mask Pro 3.0.lnk - [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"UacDisableNotify"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="d:\quicktime\QTTask.exe" -atboottime

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ColdFusion 9 .NET Service;ColdFusion 9 .NET Service;c:\coldfusion9\jnbridge\CFDotNetsvc.exe [2007-04-05 77824]
R2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys [2007-01-04 69656]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys [2007-01-04 104344]
R3 Hyper File Server : YAO-PC;Hyper File Server : YAO-PC;c:\serveurhf\Manta.exe [2009-11-13 179200]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 174592]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-08 48128]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-27 1343400]
R4 MSSQLServerADHelper100;Service SQL Active Directory Helper;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-12-05 436792]
R4 SQLAgent$SQLEXPRESS;Agent SQL Server (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\aestsrv.exe [2009-03-02 81920]
S2 CF9Solr;ColdFusion 9 Solr Service;c:\coldfusion9\solr\solr.exe [2010-10-29 115712]
S2 ColdFusion 9 Application Server;ColdFusion 9 Application Server;c:\coldfusion9\runtime\bin\jrunsvc.exe [2009-09-10 58880]
S2 ColdFusion 9 ODBC Agent;ColdFusion 9 ODBC Agent;c:\coldfusion9\db\slserver54\bin\swagent.exe ColdFusion 9 ODBC Agent [x]
S2 ColdFusion 9 ODBC Server;ColdFusion 9 ODBC Server;c:\coldfusion9\db\slserver54\bin\swstrtr.exe ColdFusion 9 ODBC Server [x]
S2 ColdFusion 9 Search Server;ColdFusion 9 Search Server;c:\coldfusion9\verity\k2\_nti40\bin\k2admin.exe [2008-04-28 3677616]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 MantaManager;MantaManager;c:\serveurhf\MantaManager.exe [2009-10-08 249856]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\tuneup2011\TuneUpUtilitiesService32.exe [2010-12-14 1517376]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 127488]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\tuneup2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 10:38 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Examen supplémentaire -------
.
LSP: c:\windows\system32\idmmbc.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\YAO\AppData\Roaming\Mozilla\Firefox\Profiles\yry6tr3l.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - d:\firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - d:\firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - d:\firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - d:\firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - d:\firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\users\YAO\AppData\Roaming\IDM\idmmzcc3
FF - Ext: Adobe Contribute Toolbar: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9} - c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-connections-per-server - 6
.
"ImagePath"="System32\drivers\hwpolicy.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Hyper File Server : YAO-PC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2011-02-09 12:21:05
ComboFix-quarantined-files.txt 2011-02-09 12:21
ComboFix2.txt 2011-02-09 11:13
ComboFix3.txt 2011-01-12 12:06

Avant-CF: 12 047 708 160 octets libres
Après-CF: 11 743 129 600 octets libres

- - End Of File - - 986201C37DE808782FDD88FF7A370B81



HiJackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:04, on 09/02/2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
D:\TuneUp2011\TuneUpUtilitiesApp32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
D:\Power Iso\PWRISOVM.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Internet Download Manager\IDMan.exe
D:\Encarta 2009\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe
D:\Petit Larousse\Petit Larousse 2008\bin\Hyperappel.exe
C:\Program Files\Oniris Sigma\Traitements\OSF Traitements.exe
C:\MagicDisc\MagicDisc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
D:\Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\YAO\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Internet Download Manager\IDMIECC.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Programme d'assistance de Microsoft Web Test Recorder 10.0 - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WirelessAssistant] c:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Power Iso\PWRISOVM.EXE
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IDMan] D:\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [E09FXLRD_2273839] "D:\Encarta 2009\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [AdobeBridge] "C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -update plugin
O4 - Startup: MagicDisc.lnk = C:\MagicDisc\MagicDisc.exe
O4 - Startup: SynTPEnh.exe - Raccourci.lnk = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - Global Startup: Hyperappel du Petit Larousse 2008.lnk = D:\Petit Larousse\Petit Larousse 2008\bin\Hyperappel.exe
O4 - Global Startup: OSF Traitements.lnk = C:\Program Files\Oniris Sigma\Traitements\OSF Traitements.exe
O4 - Global Startup: Register Mask Pro 3.0.lnk = ?
O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - D:\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - D:\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - D:\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\aestsrv.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\SYSTEM32\astsrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ColdFusion 9 Solr Service (CF9Solr) - Acresso - C:\ColdFusion9\solr\solr.exe
O23 - Service: ColdFusion 9 .NET Service - Unknown owner - C:\ColdFusion9\jnbridge\CFDotNetsvc.exe
O23 - Service: ColdFusion 9 Application Server - Macromedia Inc. - C:\ColdFusion9\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion 9 ODBC Agent - Unknown owner - C:\ColdFusion9\db\slserver54\bin\swagent.exe
O23 - Service: ColdFusion 9 ODBC Server - Unknown owner - C:\ColdFusion9\db\slserver54\bin\swstrtr.exe
O23 - Service: ColdFusion 9 Search Server - Verity, Inc. - C:\ColdFusion9\verity\k2\_nti40\bin\k2admin.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Hyper File Server : YAO-PC - PC SOFT - C:\ServeurHF\Manta.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MantaManager - PC SOFT - C:\ServeurHF\MantaManager.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\STacSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - D:\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\TuneUp2011\TuneUpUtilitiesService32.exe