Virus webcam? - Page 4

Précédent
  • 1
  • 2
  • 3
  • 4
Réponse 61 / 72
naya46
 
Voila

ComboFix 11-02-17.02 - Nadia 18/02/2011 16:01:50.1.4 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.32.1036.18.3950.2448 [GMT 1:00]
Lancé depuis: c:\users\Nadia\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Desktop
c:\users\Nadia\AppData\Roaming\system32
c:\users\Nadia\AppData\Roaming\system32\svchost.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2011-01-18 au 2011-02-18 ))))))))))))))))))))))))))))))))))))
.

2011-02-18 15:05 . 2011-02-18 15:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-15 21:18 . 2011-02-15 21:18 -------- d-----w- c:\users\Nadia\AppData\Roaming\Malwarebytes
2011-02-15 21:17 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-15 21:17 . 2011-02-15 21:17 -------- d-----w- c:\programdata\Malwarebytes
2011-02-15 21:17 . 2011-02-15 21:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-02-15 21:17 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-15 20:48 . 2011-02-18 13:28 -------- d-----w- c:\program files (x86)\ZHPDiag
2011-02-15 19:26 . 2011-02-15 19:26 -------- d-----w- c:\program files\CCleaner
2011-02-14 01:30 . 2011-02-14 01:30 -------- d-----w- c:\users\Nadia\AppData\Roaming\vlc
2011-02-14 01:24 . 2011-02-14 01:24 469256 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e22aa04b1cbcbe51a\InstallManager_WLE_WLE.exe
2011-02-14 01:02 . 2011-02-14 01:04 -------- d-----w- c:\users\Nadia\AppData\Local\Graboid
2011-02-14 01:02 . 2011-02-14 01:02 -------- d-----w- c:\users\Nadia\AppData\Local\Geckofx
2011-02-14 01:01 . 2011-02-14 01:01 -------- d-----w- c:\program files (x86)\VideoLAN
2011-02-14 01:00 . 2011-02-14 01:32 -------- d-----w- c:\program files (x86)\Graboid
2011-02-09 11:58 . 2011-02-09 11:58 -------- d-----w- c:\windows\PCHEALTH
2011-02-09 11:58 . 2011-02-09 11:58 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2011-02-09 11:55 . 2011-02-09 11:55 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-02-09 11:54 . 2011-02-09 11:54 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-02-09 03:51 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll
2011-02-09 03:50 . 2010-11-02 05:18 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-08 22:33 . 2011-02-15 20:44 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-02-08 22:33 . 2011-02-15 20:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-02-06 18:03 . 2011-01-13 08:41 273488 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-06 18:03 . 2011-01-13 08:40 51792 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-06 18:03 . 2011-01-13 08:37 29264 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-06 18:03 . 2011-01-13 08:37 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-06 18:03 . 2011-01-13 08:47 237168 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-06 18:03 . 2011-01-13 08:37 62032 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-06 18:03 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-06 18:03 . 2011-01-13 08:47 188216 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-02-06 18:03 . 2011-02-06 18:03 -------- d-----w- c:\programdata\Alwil Software
2011-02-06 18:03 . 2011-02-06 18:03 -------- d-----w- c:\program files\Alwil Software
2011-01-31 23:31 . 2011-01-31 23:31 -------- d-----w- c:\users\Nadia\AppData\Local\Evernote
2011-01-30 13:57 . 2011-01-30 13:57 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 13:57 . 2011-01-30 13:57 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-01-27 13:07 . 2011-01-27 13:07 -------- d-----r- C:\MSOCache
2011-01-24 01:01 . 2011-01-24 01:01 -------- d-----w- c:\program files (x86)\bfgclient
2011-01-24 01:00 . 2011-01-24 01:31 -------- d-----w- C:\BigFishGamesCache
2011-01-21 02:00 . 2011-01-21 02:02 -------- d-----w- C:\49d63fc906ace0bb387d
2011-01-20 15:53 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-01-20 15:53 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-20 15:53 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-01-20 15:53 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-20 15:53 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-20 15:53 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-20 15:53 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-01-20 15:53 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-01-20 15:53 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-01-20 15:53 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 16:11 . 2010-08-16 23:29 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2006-10-12 03:09 94208 --sh--w- c:\windows\SysWOW64\SalaatTime.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SalaatTime"="c:\program files (x86)\Salaat Time\SalaatTime.exe" [2008-05-16 13496320]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-13 98304]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2010-06-04 26624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 133104]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-30 362992]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-11-13 151936]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-12-16 244736]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-30 313840]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-15 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-15 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-15 427304]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-15 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-15 91432]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-01 361840]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-02-19 115568]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-04-09 1223024]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-15 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-27 202752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 62032]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-14 2320920]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-14 642416]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-19 529776]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-12-14 56344]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-11-12 395264]

.
Contenu du dossier 'Tâches planifiées'

2011-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 20:49]

2011-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 20:49]
.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-16 9636896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.be/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Envoyer à OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
FF - ProfilePath - c:\users\Nadia\AppData\Roaming\Mozilla\Firefox\Profiles\5c323j8s.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Interest Recognizer for Crazyloader: crazyloader@spointer.com - c:\program files (x86)\CrazyLoader\spointer\extensions\crazyloader@spointer.com
.
- - - - ORPHELINS SUPPRIMES - - - -

Notify-VESWinlogon - VESWinlogon.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Sony\VAIO Care\VCSpt.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\SONY\VAIO Event Service\VESMgr.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
.
**************************************************************************
.
Heure de fin: 2011-02-18 16:11:56 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-02-18 15:11

Avant-CF: 431.166.541.824 octets libres
Après-CF: 430.797.447.168 octets libres

- - End Of File - - 068207391CC72E522EEFA787CD46CFB4
0
Réponse 62 / 72
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

on suit la procédure de vérif :

tu fais redémarrer l'ordi et tu relances ZHPFix avec les mêmes lignes que ci-dessus.
0
Réponse 63 / 72
naya46
 
Rapport de ZHPFix 1.12.3251 par Nicolas Coolman, Update du 07/02/2011
Fichier d'export Registre : C:\ZHPExportRegistry-18-02-2011-22-37-23.txt
Run by Nadia at 18/02/2011 22:37:23
Windows 7 Home Premium Edition, 64-bit (Build 7600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Contact : nicolascoolman@yahoo.fr

========== Clé(s) du Registre ==========
HKCU\Software\Spointer => Clé supprimée avec succès
HKCU\Software\20ta7 => Clé supprimée avec succès
O23 - Service: (SampleCollector) - Clé orpheline => Clé absente

========== Valeur(s) du Registre ==========
O4 - HKCU\..\Run: [HKCU] . (.Pas de propriétaire - Pas de description.) -- C:\Users\Nadia\AppData\Roaming\System32\svchost.exe => Valeur absente
O4 - HKUS\S-1-5-21-2647527995-658499839-1571004013-1001\..\Run: [HKCU] . (.Pas de propriétaire - Pas de description.) -- C:\Users\Nadia\AppData\Roaming\System32\svchost.exe => Valeur absente
TCP Query User{0D70672D-479A-425F-8BFB-67C696E35906}C:\windows\kmsemulator.exe => Valeur absente
UDP Query User{A9BB6D46-49C8-44BC-A554-25D5EDEFE26A}C:\windows\kmsemulator.exe => Valeur absente

========== Fichier(s) ==========
c:\users\nadia\appdata\roaming\system32\svchost.exe => Fichier absent
c:\users\nadia\appdata\local\temp\svchost.exe => Fichier absent
c:\users\nadia\appdata\local\temp\847163_svchost.exe => Fichier absent
c:\windows\tasks\autokms.job => Supprimé et mis en quarantaine
c:\windows\autokms.exe => Supprimé et mis en quarantaine
c:\windows\autokms.ini => Supprimé et mis en quarantaine

========== Récapitulatif ==========
3 : Clé(s) du Registre
4 : Valeur(s) du Registre
6 : Fichier(s)

End of the scan
0
Réponse 64 / 72
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

relance ZHPDiag, clique sur les jumelles pour ouvrir ZHPSearch.

coche les 4 cases de la colonne mode de recherche.

tape AutoKMS.* dans la fenêtre et clique sur la loupe.

Poste le rapport en fin d'analyse.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 65 / 72
naya46
 
J'ai essayé avec AutoKMS.* et AutoKMS*.
Je pensais avoir fait une faute de frappe mais pour les 2 j'obtiens le même rapport

Rapport de ZHPSearch 1.23.17 par Nicolas Coolman, Update du 07/02/2011
Run by Nadia at 18/02/2011 23:42:14
Windows 7 Home Premium Edition, 64-bit (Build 7600)

---\\ Elément(s) de recherche
AutoKMS*.

---\\ Liste des Fichiers & Dossiers:
Aucune ligne trouvée

---\\ Bilan de la recherche
Mode de recherche : Fichiers, Dossiers, Registre
Elément(s) trouvé(s) : 0
Nombre de fichiers analysés : 136360
Nombre de clés, valeurs ou données analysées : 294187
Mode : Recherche complète
End of the scan (04mn 08s)
0
Réponse 66 / 72
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

fais redémarrer l'ordi et relance la recherche sur AutoKMS.*

0
Réponse 67 / 72
naya46
 
Pareil il me semble

Rapport de ZHPSearch 1.23.17 par Nicolas Coolman, Update du 07/02/2011
Run by Nadia at 18/02/2011 23:59:29
Windows 7 Home Premium Edition, 64-bit (Build 7600)

---\\ Elément(s) de recherche
AutoKMS.*

---\\ Liste des Fichiers & Dossiers:
Aucune ligne trouvée

---\\ Bilan de la recherche
Mode de recherche : Fichiers, Dossiers, Registre
Elément(s) trouvé(s) : 0
Nombre de fichiers analysés : 136826
Nombre de clés, valeurs ou données analysées : 294058
Mode : Recherche complète
End of the scan (54mn 56s)
0
Réponse 68 / 72
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

tu refais tourner ZHPDiag et tu postes le rapport dans un lien Cijoint.
0
Réponse 69 / 72
naya46
 
http://www.cijoint.fr/cjlink.php?file=cj201102/cijkE3JpWD.txt
0
Réponse 70 / 72
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

bonne nouvelle, plus rien n'est revenu.

D'autant mieux que je suis absent toute la semaine.

On finalisera après.

Le point le plus important est de mettre à jour ta console java.

Ensuite, on enlèvera les outils (avec ZHPFix, merci de ne pas le faire autrement).
0
Réponse 71 / 72
naya46
 
Super je te remercie mille fois pour le temps que tu m'a consacré ;-)

Donc je suis supposée faire quoi mtn?? Pour mettre java a jour c'est mon pc qui me proposait de le faire a chaque fois et je le fesais... sur quelle site de confiance je peux aller pour cette mise a jour?

Et pour le reste j'attend tes instructions!
0
Réponse 72 / 72
cs-bilou Messages postés 836 Statut Membre 164
 
Merci ComboFix !
-1
Précédent
  • 1
  • 2
  • 3
  • 4

Discussions similaires

Chrome://newtab
Nova -
snoopy35_ -

14 réponses
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses