Page 80.87.199.15

Bonjour à tous.

Voici quelque jour que Malwrebyte bloque une page sortante à l'adresse 80.87.199.15.

J'ai fait quelques recherches et j'ai trouvé ici un tuto bien détaillé sur l'utilisation de ComboFix.

Je l'ai donc installé et exécuté, mais je suis incapable de débroussailler le rapport.

Si une bonne âme pouvait me filer un coup de main ça ne serait pas de refus.

Merci d'avance

Trophinou

le voici :

ComboFix 12-07-13.01 - Palud 13/07/2012 11:33:56.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3071.2469 [GMT 2:00]
Lancé depuis: c:\documents and settings\Palud\Bureau\asdehi.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Palud\Application Data\Nyxau
c:\documents and settings\Palud\Application Data\Nyxau\duhee.tab
c:\documents and settings\Palud\Application Data\Toolbar4
c:\documents and settings\Palud\Application Data\Toolbar4\{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1}\amazon.png
c:\documents and settings\Palud\Application Data\Toolbar4\{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1}\doo.png
c:\documents and settings\Palud\Application Data\Toolbar4\{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1}\fb.png
c:\documents and settings\Palud\Application Data\Toolbar4\{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1}\games.png
c:\documents and settings\Palud\Application Data\Toolbar4\{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1}\logo.png
c:\documents and settings\Palud\Application Data\Toolbar4\{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1}\moviess.png
c:\documents and settings\Palud\Application Data\Toolbar4\{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1}\pluss.png
c:\documents and settings\Palud\Application Data\Toolbar4\{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1}\search.png
c:\documents and settings\Palud\Application Data\Toolbar4\{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1}\tv2.png
c:\documents and settings\Palud\Application Data\Toolbar4\{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1}\tw.png
c:\documents and settings\Palud\WINDOWS
c:\progra~1\FICHIE~1\{7CC06~1
c:\program files\Complitly
c:\program files\Complitly\chrome\ComplitlyChrome.crx
c:\program files\Complitly\FireFoxExtension.exe
c:\program files\Complitly\InstTracker.exe
c:\program files\Complitly\support@Complitly.com\chrome.manifest
c:\program files\Complitly\support@Complitly.com\chrome\content\appIcon.png
c:\program files\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\options.js
c:\program files\Complitly\support@Complitly.com\chrome\content\options.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\utils.js
c:\program files\Complitly\support@Complitly.com\defaults\preferences\predictad.js
c:\program files\Complitly\support@Complitly.com\install.rdf
c:\program files\Complitly\unins000.dat
c:\program files\Complitly\unins000.exe
c:\program files\searchweb\tbunsr151C.tmp\tbHElper.dll
c:\windows\pack.epk
c:\windows\patch.exe
c:\windows\system32\%SYSTE~1
c:\windows\system32\avgfwdx.dll
c:\windows\system32\components
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-06-13 au 2012-07-13 ))))))))))))))))))))))))))))))))))))
.
.
2012-07-13 09:18 . 2012-07-13 09:18 -------- d-----w- C:\asdehi
2012-07-05 22:29 . 2012-07-05 22:29 -------- d-----w- c:\program files\TribalSync
2012-07-04 19:46 . 2012-07-04 19:46 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-07-04 19:46 . 2012-07-04 19:46 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-21 19:51 . 2012-06-21 19:57 26 ----a-w- c:\windows\space.vbs
2012-06-19 15:35 . 2012-06-19 15:35 4967624 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-13 23:56 . 2012-05-11 14:40 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-10 06:57 . 2012-04-10 17:05 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-10 06:57 . 2011-10-07 20:01 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 11:46 . 2012-02-15 23:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-30 12:24 . 2007-04-04 17:50 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-06-30 12:23 . 2007-04-04 17:50 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-06-30 12:23 . 2007-04-04 17:50 107832 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-06-13 13:55 . 2001-08-28 12:00 1866240 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2009-02-17 20:30 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2001-08-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2001-08-28 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2007-06-21 07:00 16408 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2006-04-07 20:09 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2006-04-07 20:09 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2006-04-07 20:09 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2006-04-07 21:53 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2006-04-07 20:09 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2006-04-06 23:52 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2001-08-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2007-06-21 07:00 19480 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2007-06-21 07:00 16408 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2006-04-07 20:09 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2007-06-21 07:00 25112 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2006-04-06 23:52 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2008-02-28 13:52 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2008-02-28 13:52 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2008-02-28 13:52 18672 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2001-08-28 12:00 606208 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:06 . 2001-08-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:40 . 2001-08-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:40 . 2001-08-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2006-04-07 20:09 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 03:15 . 2001-08-28 12:00 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2001-08-23 17:12 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:47 . 2006-04-06 23:52 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-04 19:46 . 2012-01-28 10:15 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 81920]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-21 3905408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"ChangeFilterMerit"="c:\program files\NewSoft\Presto! PVR\ChangeFilterMerit.exe" [2007-06-08 51280]
"Presto! PVR Monitor"="c:\program files\NewSoft\Presto! PVR\Monitor.exe" [2009-01-15 157520]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-05 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-06 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-06 86016]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"APSDaemon"="c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-10-07 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-10-07 19:58 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ pdboot.exe\0autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Palud^Menu Démarrer^Programmes^Démarrage^Microsoft Recherche accélérée.lnk]
path=c:\documents and settings\Palud\Menu Démarrer\Programmes\Démarrage\Microsoft Recherche accélérée.lnk
backup=c:\windows\pss\Microsoft Recherche accélérée.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Palud^Menu Démarrer^Programmes^Démarrage^Moniteur Fax-Voix.lnk]
path=c:\documents and settings\Palud\Menu Démarrer\Programmes\Démarrage\Moniteur Fax-Voix.lnk
backup=c:\windows\pss\Moniteur Fax-Voix.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-16 09:45 63712 ----a-w- c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-03-24 23:04 122939 ----a-w- c:\windows\system32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 00:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 09:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-01-31 22:13 385024 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 11:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-16 20:21 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-18 23:01 110592 ----a-w- c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TuneUp.ProgramStatisticsSvc"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Origin Games\\FIFA 12\\Game\\fifa.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/07/2011 02:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 07:30 32592]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [06/12/2005 17:11 35328]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09/09/2007 13:29 685816]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/10/2011 07:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/07/2011 02:14 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [13/05/2008 13:43 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/05/2008 13:43 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [07/10/2011 21:59 116608]
R2 avgfws;Pare-feu AVG;c:\program files\AVG\AVG2012\avgfws.exe [23/11/2011 03:36 2391832]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 07:09 192776]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [16/02/2012 01:04 655944]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [23/05/2011 02:03 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11/07/2011 02:14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11/07/2011 02:14 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [04/10/2011 07:21 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16/02/2012 01:04 22344]
S0 Vax347b;Vax347b;c:\windows\system32\DRIVERS\Vax347b.sys --> c:\windows\system32\DRIVERS\Vax347b.sys [?]
S0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [29/01/2007 01:51 5248]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [09/10/2011 02:09 135664]
S2 PDSched;PDScheduler;c:\program files\RAXCO\PerfectDisk\PDSched.exe [11/05/2003 08:16 200771]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [19/06/2012 17:32 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [03/05/2012 08:31 158856]
S3 adiusbae;USB ADSL LAN Adapter;c:\windows\system32\DRIVERS\adiusbae.sys --> c:\windows\system32\DRIVERS\adiusbae.sys [?]
S3 AEXPAM;Philips SmartManage Service;c:\windows\system32\drivers\aexpamdrv.sys [01/09/2004 14:10 21824]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [23/05/2011 02:03 30944]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 07:25 4433248]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [05/10/2011 09:56 27760]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [20/10/2004 14:23 21344]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [09/10/2011 02:09 135664]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [25/11/2011 16:36 311928]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [02/06/2012 11:11 113120]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [13/05/2008 13:44 12872]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'
.
2011-11-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-09 00:09]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-09 00:09]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-884357618-651377827-725345543-1003Core.job
- c:\documents and settings\Palud\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-18 21:20]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-884357618-651377827-725345543-1003UA.job
- c:\documents and settings\Palud\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-18 21:20]
.
2012-07-13 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:42]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://pageinternet.be/ts2.php
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.27.40.241 212.27.40.240
FF - ProfilePath - c:\documents and settings\Palud\Application Data\Mozilla\Firefox\Profiles\0v3cpu0r.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://portail.free.fr
FF - prefs.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108988
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 7cc060900000000000000013d4bd66f4
FF - user.js: extensions.BabylonToolbar_i.hardId - 7cc060900000000000000013d4bd66f4
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15405
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.172:09
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHELINS SUPPRIMES - - - -
.
URLSearchHooks-{6571950c-6eb2-4d8b-975e-5a25053ff845} - (no file)
WebBrowser-{6571950C-6EB2-4D8B-975E-5A25053FF845} - (no file)
MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe
MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
AddRemove-Scooby-Doo (TM), Le Mystère du Château hanté(TM) - c:\program files\The Learning Company\Scooby-Doo (TM)
AddRemove-Scooby-Doo(TM), Panique dans la Ville fantôme(TM) - c:\program files\Mindscape\Scooby-Doo(TM)
AddRemove-toolplugin - c:\docume~1\Palud\LOCALS~1\Temp\WZSE0.TMP\setup.exe
AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files\Complitly\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-13 11:41
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-884357618-651377827-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø*€|ÿÿÿÿ*€|ù*9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€-€|ÿÿÿÿÀ*€|ù*9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(400)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Heure de fin: 2012-07-13 11:44:29
ComboFix-quarantined-files.txt 2012-07-13 09:44
.
Avant-CF: 20 348 334 080 octets libres
Après-CF: 21 018 353 664 octets libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /usepmtimer
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 545849D886C6979856E1442A36B44093