Virus BugZZe

Résolu
christophe -  
 Utilisateur anonyme -
Bonjour,

Je pense que mon PC a un virus mais je ne sais pas s'il est dangereux. Toujours est-il que j'ouvre internet la page d'accueil renvoie sur le site www.bugzze.fr. On dirait un moteur de recherche. J'ai voulu remettre ma page d'accueil ordinaire mais je n'ai plus accès aux options internet dans la barre internet explorer et quend je le fais à partir du panneau de configuration, l'action s'annule au redémarrage. De plus le pointeur de souris fonctionne comme si une application utilisant de la mémoire était lancé. J'ai utilisé Spybot, Avast, et Malawarebytes. J'ai supprimé à chaque fois ce que ces applications avaient trouvé mais rien n'y fait. Qu'est ce que je peux faire ?
Merci de votre réponse

A voir également:

76 réponses

Précédent
Réponse 41 / 76
christophe
 
Bonjour,
celui est tout frais de ce matin :

http://www.cijoint.fr/cjlink.php?file=cj201105/cijjHSur1q.txt
0
Réponse 42 / 76
Utilisateur anonyme
 
tu n'as pas compris

retelecharge-le ta version n'est pas à jour et supprime C:\Pre_scan.txt
G3?-?@¢??@?......Concepteur de List_Kill'em...Pre_Scan....MBR_Repair....
0
Réponse 43 / 76
christophe
 
J'ai retéléchargé Pre_scan et voici le rapport :

http://www.cijoint.fr/cjlink.php?file=cj201105/cijm7WNny0.txt
0
Réponse 44 / 76
Utilisateur anonyme
 
une question tu l'executes dans la sandbox d'avast ?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 76
christophe
 
oui je crois, je viens de regarder, j'ai télécharger la nouvelle version avast hier et il y a l'autosandbox que je n'avais pas avant. Il faut l'enlever également avant Pre_scan ?
0
Réponse 46 / 76
Utilisateur anonyme
 
ah ben oui sinon ........
0
Réponse 47 / 76
christophe
 
j'espère que ça ira :

http://www.cijoint.fr/cjlink.php?file=cj201105/cij9b3s09j.txt
0
Réponse 48 / 76
Utilisateur anonyme
 
supprime combofix et refais comme plus haut avec , l infection bloque pre_scan
0
Réponse 49 / 76
christophe
 
Ok je supprime Combofix,

mais refait comme plus haut ça veut dire quoi :

- je refais Pre_scan
OU
- je retélécharge Combofix et fais toute la procédure qui suit ?
0
Réponse 50 / 76
Utilisateur anonyme
 
^pour combofix

0
Réponse 51 / 76
christophe
 
Rapport combofix :

ComboFix 11-05-31.01 - S&C 31/05/2011 21:33:16.2.4 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.3959.2683 [GMT 2:00]
Lancé depuis: c:\users\S&C\Desktop\christophe.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\host
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-04-28 au 2011-05-31 ))))))))))))))))))))))))))))))))))))
.
.
2011-05-31 19:37 . 2011-05-31 19:37 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-05-31 19:37 . 2011-05-31 19:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-31 18:34 . 2011-05-31 18:35 -------- d-----w- C:\Kill'em
2011-05-31 16:57 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9BAACA46-969E-4EB8-9B6F-2E3796AD766B}\mpengine.dll
2011-05-31 06:12 . 2011-05-10 12:04 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-29 20:26 . 2011-05-29 20:26 -------- d-----w- c:\windows\system32\drivers\etc\extensions
2011-05-28 14:36 . 2011-05-28 14:36 -------- d-----w- C:\christophe
2011-05-28 07:09 . 2011-05-28 07:09 -------- d-----w- c:\users\S&C\AppData\Roaming\Malwarebytes
2011-05-28 07:09 . 2011-05-28 07:09 -------- d-----w- c:\programdata\Malwarebytes
2011-05-28 07:08 . 2011-05-28 17:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-28 07:08 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-27 16:51 . 2011-05-27 18:41 2139 ----a-w- c:\windows\system32\drivers\etc\prefs.js
2011-05-27 15:16 . 2011-05-27 15:16 -------- d-----w- c:\windows\system32\drivers\etc\searchplugins
2011-05-27 15:16 . 2011-05-27 18:41 2139 ----a-w- c:\windows\prefs.js
2011-05-25 20:32 . 2011-05-25 20:32 -------- d-----w- c:\program files (x86)\Domination
2011-05-25 13:25 . 2011-05-25 13:25 -------- d-----w- c:\program files (x86)\Risk
2011-05-25 11:40 . 2011-05-25 11:40 -------- d-----w- c:\program files\Dell Support Center
2011-05-25 11:13 . 2011-05-25 11:13 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\ATI
2011-05-25 11:13 . 2011-05-25 11:13 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\ATI
2011-05-25 11:12 . 2011-05-25 11:12 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-05-25 06:45 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-17 12:06 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-17 12:06 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-17 05:38 . 2011-05-17 05:38 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-11 05:24 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 05:24 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 05:24 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 05:24 . 2011-03-29 03:32 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 05:24 . 2011-03-29 03:32 99328 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 05:24 . 2011-03-29 03:32 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 05:24 . 2011-03-29 03:32 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 05:24 . 2011-03-29 03:32 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 05:24 . 2011-03-29 03:32 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 05:24 . 2011-03-29 03:32 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-28 12:04 . 2010-08-26 06:48 1409 ----a-w- c:\windows\QTFont.for
2011-05-10 12:10 . 2010-08-24 08:08 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-08-24 08:08 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-05-10 12:10 . 2011-01-26 21:00 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:04 . 2010-08-24 08:09 287576 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-08-24 08:09 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 11:59 . 2010-08-24 08:09 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-08-24 08:09 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-10 11:59 . 2010-08-24 08:09 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-21 08:30 . 2011-04-21 08:30 2306328 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-21 08:29 . 2011-04-21 08:29 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-06 16:28 . 2010-12-08 15:57 212992 ----a-w- c:\windows\SysWow64\HA_Registration.dll
2011-04-06 16:28 . 2010-12-08 15:57 172032 ----a-w- c:\windows\SysWow64\HA_Inet.dll
2011-04-06 16:28 . 2010-12-08 15:57 143360 ----a-w- c:\windows\SysWow64\HA_Error.dll
2011-04-02 07:48 . 2011-04-02 07:48 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-04-02 07:48 . 2011-04-02 07:48 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-04-02 07:48 . 2011-04-02 07:48 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-02 07:48 . 2011-04-02 07:48 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-04-02 07:48 . 2011-04-02 07:48 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-04-02 07:48 . 2011-04-02 07:48 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-04-02 07:48 . 2011-04-02 07:48 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-04-02 07:48 . 2011-04-02 07:48 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-04-02 07:48 . 2011-04-02 07:48 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-04-02 07:48 . 2011-04-02 07:48 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-04-02 07:48 . 2011-04-02 07:48 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-04-02 07:48 . 2011-04-02 07:48 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-04-02 07:48 . 2011-04-02 07:48 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-02 07:48 . 2011-04-02 07:48 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-04-02 07:48 . 2011-04-02 07:48 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-04-02 07:48 . 2011-04-02 07:48 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-04-02 07:48 . 2011-04-02 07:48 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-04-02 07:48 . 2011-04-02 07:48 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-04-02 07:48 . 2011-04-02 07:48 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-04-02 07:48 . 2011-04-02 07:48 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-04-02 07:48 . 2011-04-02 07:48 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-04-02 07:48 . 2011-04-02 07:48 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-02 07:48 . 2011-04-02 07:48 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-02 07:48 . 2011-04-02 07:48 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-04-02 07:48 . 2011-04-02 07:48 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-04-02 07:48 . 2011-04-02 07:48 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-02 07:48 . 2011-04-02 07:48 448512 ----a-w- c:\windows\system32\html.iec
2011-04-02 07:48 . 2011-04-02 07:48 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-02 07:48 . 2011-04-02 07:48 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-04-02 07:48 . 2011-04-02 07:48 222208 ----a-w- c:\windows\system32\msls31.dll
2011-04-02 07:48 . 2011-04-02 07:48 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-02 07:48 . 2011-04-02 07:48 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-04-02 07:48 . 2011-04-02 07:48 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-02 07:48 . 2011-04-02 07:48 12288 ----a-w- c:\windows\system32\mshta.exe
2011-04-02 07:48 . 2011-04-02 07:48 114176 ----a-w- c:\windows\system32\admparse.dll
2011-04-02 07:48 . 2011-04-02 07:48 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-02 07:48 . 2011-04-02 07:48 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-04-02 07:48 . 2011-04-02 07:48 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-04-02 07:48 . 2011-04-02 07:48 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-02 07:48 . 2011-04-02 07:48 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-04-02 07:48 . 2011-04-02 07:48 160256 ----a-w- c:\windows\system32\wextract.exe
2011-04-02 07:48 . 2011-04-02 07:48 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-24 06:38 . 2011-03-24 06:38 0 ----a-w- c:\windows\SysWow64\shoFF36.tmp
2011-03-12 12:03 . 2011-04-27 06:33 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-12 11:31 . 2011-04-27 06:33 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-03-11 06:23 . 2011-04-27 06:33 187264 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-11 06:23 . 2011-04-27 06:33 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-11 06:23 . 2011-04-27 06:33 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-11 06:23 . 2011-04-27 06:33 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-11 06:23 . 2011-04-27 06:33 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-11 06:22 . 2011-04-27 06:33 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-11 06:22 . 2011-04-27 06:33 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-11 06:19 . 2011-04-13 15:56 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 06:19 . 2011-04-13 15:56 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:18 . 2011-04-27 06:33 2566144 ----a-w- c:\windows\system32\esent.dll
2011-03-11 06:15 . 2011-04-27 06:33 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-03-11 05:40 . 2011-04-13 15:56 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:40 . 2011-04-13 15:56 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-11 05:39 . 2011-04-27 06:33 1686016 ----a-w- c:\windows\SysWow64\esent.dll
2011-03-11 05:37 . 2011-04-27 06:33 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-03-10 05:28 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-08 06:14 . 2011-04-13 15:56 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:38 . 2011-04-13 15:56 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-04 06:17 . 2011-04-27 06:33 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-04-27 06:33 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:17 . 2011-04-13 15:56 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 06:14 . 2011-04-13 15:56 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 05:27 . 2011-04-13 15:56 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58 . 2011-04-13 15:56 3133440 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-28_12.02.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-31 18:36 . 2011-05-31 18:36 25118 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2011-05-28 09:55 . 2011-05-28 09:55 25118 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2009-07-14 04:54 . 2011-05-31 18:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-05-28 09:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-05-31 18:37 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-05-28 09:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-05-31 18:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-05-28 09:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-18 18:08 . 2011-05-31 18:38 41280 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-05-31 18:38 29474 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-23 18:18 . 2011-05-31 18:38 16188 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-33308840-3010105916-2485681484-1000_UserData.bin
- 2010-08-23 10:22 . 2011-05-28 10:09 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-23 10:22 . 2011-05-31 18:42 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-05-28 10:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-05-31 18:42 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-31 18:36 . 2011-05-31 18:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-05-28 09:56 . 2011-05-28 09:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-05-31 18:36 . 2011-05-31 18:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-05-28 09:56 . 2011-05-28 09:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-31 11:24 . 2011-05-29 08:56 264886 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 05:12 . 2011-05-18 07:28 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2011-05-31 17:54 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2011-05-28 09:55 419408 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-05-31 18:36 419408 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-08-24 09:25 . 2011-05-27 15:16 1535672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-08-24 09:25 . 2011-05-31 17:08 1535672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 02:34 . 2011-05-31 18:08 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-05-28 08:22 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-11-15 23:37 . 2011-05-31 18:36 53553736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-33308840-3010105916-2485681484-1000-12288.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-09 98304]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-01-27 237568]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2006-12-14 520192]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-25 77824]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2010-12-25 274608]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\users\S&C\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
OneNote 2010 - Capture d''cran et lancement.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HD Writer.lnk - c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2010-7-6 308640]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-05-12 25072]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-23 483688]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 netr7364;Pilote de carte LAN sans fil USB RT73 pour Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-23 209768]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contenu du dossier 'Tâches planifiées'
.
2011-05-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-05-16 22:16]
.
2011-05-31 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-05-16 22:16]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\SysWOW64\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.fr/cse?cx=partner-pub-7524939221331640%3Ais1dmp2m2l7&ie=ISO-8859-1&q=s
IE: &Envoyer à OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: E&xporter vers Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
Trusted Zone: ikea.com\kitchenplanner
Trusted Zone: orange.fr\logicielsgratuits
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
DPF: {5A779DC0-837B-4590-AC42-C7C0847478C5} - hxxp://logicielsgratuits.orange.fr/download_service/Install/OrangeInstaller.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-usbsafe - c:\windows\usbsafe.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-33308840-3010105916-2485681484-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-33308840-3010105916-2485681484-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-33308840-3010105916-2485681484-1000\Software\SecuROM\License information*]
"datasecu"=hex:a0,ad,c8,6a,ab,ac,c3,71,d9,dd,06,3e,6e,cd,d5,45,3b,fc,dd,29,7e,
51,3a,1e,24,b7,fc,10,60,9c,38,09,3b,cc,1f,ca,d9,87,80,d0,37,67,67,99,6f,6e,\
"rkeysecu"=hex:a5,de,01,5f,63,b0,a7,5c,e7,f7,9f,4d,c6,81,d1,8d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2011-05-31 21:38:57
ComboFix-quarantined-files.txt 2011-05-31 19:38
ComboFix2.txt 2011-05-28 12:04
.
Avant-CF: 743 818 260 480 octets libres
Après-CF: 743 854 895 104 octets libres
.
- - End Of File - - A341BCA472D85E483A9479C2FF5E72A5
0
Réponse 52 / 76
Utilisateur anonyme
 

__________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
----------------------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
KillAll::

File::
c:\windows\SysWow64\shoFF36.tmp

Folder::
c:\windows\system32\drivers\etc\extensions
c:\windows\system32\drivers\etc\prefs.js
c:\windows\system32\drivers\etc\searchplugins
c:\windows\prefs.js
c:\windows\usbsafe.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"TkBellExe"=-
"SunJavaUpdateSched"=-
"Adobe Reader Speed Launcher"=-

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
[HKEY_USERS\S-1-5-21-33308840-3010105916-2485681484-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
[HKEY_USERS\S-1-5-21-33308840-3010105916-2485681484-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
[HKEY_USERS\S-1-5-21-33308840-3010105916-2485681484-1000\Software\SecuROM\License information*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]


------------------------------------------------------------------

▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes

▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix

▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt



G3?-?@¢??@?......Concepteur de List_Kill'em...Pre_Scan....MBR_Repair....
0
Réponse 53 / 76
christophe
 
Voilà j'ai glissé/déposé le fichier copié dans le blocnotes sur Combofix et ça m'a fait comme la dernière fois :
"Erreur de nom CFScript - Etiez-vous en train d'exécuter CFScript ? Le nom CFScript semble être mal écrit."
0
Réponse 54 / 76
Utilisateur anonyme
 
reessaie avec ca voir

KillAll::

File::
c:\windows\SysWow64\shoFF36.tmp\*.*
c:\windows\system32\drivers\etc\extensions\*.*
c:\windows\system32\drivers\etc\prefs.js
c:\windows\system32\drivers\etc\searchplugins\*.*
c:\windows\prefs.js
c:\windows\usbsafe.exe

Folder::
c:\windows\system32\drivers\etc\extensions
c:\windows\system32\drivers\etc\searchplugins


Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"TkBellExe"=-
"SunJavaUpdateSched"=-
"Adobe Reader Speed Launcher"=-

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
[HKEY_USERS\S-1-5-21-33308840-3010105916-2485681484-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
[HKEY_USERS\S-1-5-21-33308840-3010105916-2485681484-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
[HKEY_USERS\S-1-5-21-33308840-3010105916-2485681484-1000\Software\SecuROM\License information*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
0
Réponse 55 / 76
christophe
 
Pareil, ça m'écrit le même message
0
Réponse 56 / 76
Utilisateur anonyme
 
le fichier texte s'apelle bien CFScript.txt ?

possible que tu ne voies pas l'extension auquel cas tu ne vois que CFScript
0
Réponse 57 / 76
christophe
 
J'ai enregistré sur le bureau le fichier en écrivant CFScript.txt et effectivement je ne vois que CFScript
0
Réponse 58 / 76
Utilisateur anonyme
 
alors je comprends pas ce qui lui arrive.....
0
Réponse 59 / 76
christophe
 
Le texte à copier/coller dans le bloc notes je l'enregistre sur le bureau. Au moment de l'enregistrer il faut choisir l'encodage, je laisse celui qui y est par défaut = ANSI . Est ce que ça peut avoir une incidence ?
Sinon est ce que c'est possible de supprimer les éléments d'une autre façon ?
0
Réponse 60 / 76
Utilisateur anonyme
 
salut

Au moment de l'enregistrer il faut choisir l'encodage,

?????????,, c'est quoi ton bloc notes ?
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses