Trojan embêtant ... Fermé

Question

Bonjour à tous.
Mon ordinateur se comporte comme ceci:
-Lors du lancement, il fait un effet sconore répéter 3 fois, attend une dizaine de seconde puis se lance.
-ensuite, ce message s'afiche:
The following are warnings that were detected during this boot.
These can be viewed in setup on the event log page.
WARNING : Processor Thermal Trip 

Press the Enter key to continue.


Je continue et lance alors l'ordinateur soit en mode sans échec soit normalement mais dans les deux cas, il s'éteind au bout d'un petit quart d'heure.

-Le nom de ce virus que j'ai supprimer grâce à MSE et qui n'est donc pas parti se nomme: Trojan Downloader Java openstream.CL.


Espérant que vous puissiez m'aider.

Cordialement Sheep-Man

Sheep-Man · Answer

Voici le raport d'erreur:
ComboFix 13-02-07.02 - Bryan 10/02/2013  20:09:34.3.4 - x86
Microsoft Windows 7 Édition Familiale Premium   6.1.7601.1.1252.33.1036.18.3253.2321 [GMT 1:00]
Lancé depuis: z:\users\Bryan\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
C:\Install.exe
c:\users\Bryan\AppData\Roaming\app
c:\users\Bryan\AppData\Roaming\app\Jerakine_lang.dat
c:\users\Bryan\AppData\Roaming\app\Jerakine_lang_vesrion.dat
c:\users\Bryan\AppData\Roaming\key
c:\users\Kevin\AppData\Roaming\app
c:\users\Kevin\AppData\Roaming\app\Jerakine_lang.dat
c:\users\Kevin\AppData\Roaming\app\Jerakine_lang_vesrion.dat
c:\users\Utilisateur\AppData\Roaming\app
c:\users\Utilisateur\AppData\Roaming\app\Jerakine_lang.dat
c:\users\Utilisateur\AppData\Roaming\app\Jerakine_lang_vesrion.dat
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\~GLH00c0.TMP
c:\windows\system32\~GLH00c2.TMP
c:\windows\system32\DEBUG.log
c:\windows\system32\muzapp.exe
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2013-01-10 au 2013-02-10  ))))))))))))))))))))))))))))))))))))
.
.
2074-05-18 15:44 . 2008-03-21 12:46	607296	----a-w-	c:\program files\Microsoft Games\Age of Empires III\deformerdllyD.dll
2013-02-10 19:36 . 2013-02-10 19:36	--------	d-----w-	c:\users\Utilisateur\AppData\Local	emp
2013-02-10 19:36 . 2013-02-10 19:36	--------	d-----w-	c:\users\Kevin\AppData\Local	emp
2013-02-10 19:36 . 2013-02-10 19:36	--------	d-----w-	c:\users\Invité\AppData\Local	emp
2013-02-10 19:36 . 2013-02-10 19:36	--------	d-----w-	c:\users\Default\AppData\Local	emp
2013-02-10 18:51 . 2013-02-10 19:36	--------	d-----w-	c:\users\Bryan\AppData\Local	emp
2013-02-10 14:26 . 2013-02-10 14:26	--------	d-----w-	C:\2311a8cc3e182819a8e31be1
2013-02-09 14:43 . 2013-02-09 14:43	60872	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6320B143-46C2-4BB9-82ED-34368C5F14D1}\offreg.dll
2013-02-09 14:41 . 2013-02-09 14:41	181808	----a-w-	c:\windows\RegBootClean.exe
2013-02-09 14:30 . 2013-01-08 04:57	6991832	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6320B143-46C2-4BB9-82ED-34368C5F14D1}\mpengine.dll
2013-02-09 14:23 . 2011-06-21 04:09	200976	----a-w-	c:\windows\system32\drivers	mcomm.sys
2013-02-08 20:53 . 2013-02-08 20:53	--------	d-----w-	C:\8324e25c63eb302b8b787a07
2013-02-07 18:53 . 2013-01-08 04:57	6991832	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-07 18:41 . 2013-02-07 18:41	--------	d-----w-	C:\359fdbc5a4f2110c23cb67808be1
2013-02-07 18:28 . 2013-02-07 18:28	--------	d-----w-	C:\05f911c02f5274afa81f2118f0af
2013-02-07 06:55 . 2013-02-07 06:55	--------	d-----w-	c:\users\Bryan\AppData\Roaming\DealPly
2013-02-07 06:50 . 2013-02-07 06:50	--------	d-----w-	C:\3e1ab2d3560fb1052bdeeae9c9012d
2013-02-03 12:48 . 2013-02-03 12:48	--------	d-----w-	C:\00c643b130033b67ee
2013-02-02 10:42 . 2013-02-02 10:42	--------	d-----w-	C:\c7cbdf21775b6d61254c6bb936a62728
2013-01-25 15:43 . 2013-01-25 15:43	--------	d-----w-	C:\1e607942a6551b9f02ebb1ff45eff4
2013-01-23 19:01 . 2013-01-23 19:01	--------	d-----w-	C:\1e797989ab55516613e3d299e74cee
2013-01-18 04:19 . 2013-02-05 17:43	--------	d-----w-	c:\users\Invité\AppData\Roaming\Adobe
2013-01-18 04:19 . 2013-01-18 04:19	--------	d-----w-	c:\users\Invité\AppData\Local\Macromedia
2013-01-17 19:01 . 2013-01-17 19:01	--------	d-----w-	c:\users\Invité\AppData\Roaming\OpenOffice.org
2013-01-17 18:28 . 2013-01-17 18:28	--------	d-----w-	c:\users\Invité\AppData\Roaming\Mozilla
2013-01-17 18:28 . 2013-01-17 18:28	--------	d-----w-	c:\users\Invité\AppData\Local\Mozilla
2013-01-16 18:50 . 2013-02-08 19:25	--------	d-----w-	c:\users	emplier-kevkevlebos
2013-01-15 15:31 . 2013-01-15 15:31	--------	d-----w-	c:\users\Bryan\AppData\Roaming\DofusTesting-6
2013-01-15 15:30 . 2013-01-15 15:30	--------	d-----w-	c:\users\Bryan\AppData\Roaming\DofusTesting-5
2013-01-15 15:20 . 2013-01-16 19:05	--------	d-----w-	c:\users\Invité\AppData\Roaming\Skype
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-10 14:08 . 2012-04-15 10:01	697712	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-02-10 14:08 . 2011-06-02 13:36	74096	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-30 10:53 . 2010-11-23 08:56	232336	------w-	c:\windows\system32\MpSigStub.exe
2012-12-16 14:13 . 2012-12-21 22:06	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 22:06	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-07 12:26 . 2013-01-09 12:42	308736	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 12:20 . 2013-01-09 12:42	2576384	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 10:46 . 2013-01-09 12:42	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 10:46 . 2013-01-09 12:42	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 10:46 . 2013-01-09 12:42	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 12:42	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 12:42	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 10:46 . 2013-01-09 12:42	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 12:42	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 12:42	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 10:46 . 2013-01-09 12:42	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 10:46 . 2013-01-09 12:42	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 10:46 . 2013-01-09 12:42	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 10:46 . 2013-01-09 12:42	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 10:46 . 2013-01-09 12:42	55296	----a-w-	c:\windows\system32\cero.rs
2012-12-07 10:46 . 2013-01-09 12:42	51712	----a-w-	c:\windows\system32\esrb.rs
2012-11-30 04:53 . 2013-01-09 12:42	169984	----a-w-	c:\windows\system32\winsrv.dll
2012-11-30 04:47 . 2013-01-09 12:42	293376	----a-w-	c:\windows\system32\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 12:42	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:42	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:42	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:42	4096	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:42	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:42	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:42	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:42	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:42	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:42	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:42	3584	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:42	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:42	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:42	3072	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:42	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:42	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:42	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:42	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:42	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:42	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:42	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:42	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:42	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:42	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 02:55 . 2013-01-09 12:42	271360	----a-w-	c:\windows\system32\conhost.exe
2012-11-30 02:38 . 2013-01-09 12:42	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 12:42	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 12:42	3584	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 12:42	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-28 18:49 . 2012-11-28 18:49	740840	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7470A87C-432B-4C2B-8F0D-649DE26637D2}\gapaengine.dll
2012-11-23 02:56 . 2013-01-09 12:42	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-11-23 02:48 . 2013-01-09 12:41	49152	----a-w-	c:\windows\system32	askhost.exe
2012-11-22 04:45 . 2013-01-09 12:42	626688	----a-w-	c:\windows\system32\usp10.dll
2012-11-20 04:51 . 2013-01-09 12:41	220160	----a-w-	c:\windows\system32
crypt.dll
2012-11-14 02:09 . 2012-12-12 15:37	1800704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-12 15:37	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 15:37	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-12 15:37	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 15:37	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-12 15:37	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-30 20:46 . 2012-08-30 20:46	83176	----a-w-	c:\program files\Uninstal.exe
2010-07-08 09:37 . 2010-07-08 09:37	101544	----a-w-	c:\program files\Common Files\LinkInstaller.exe
2013-02-06 12:24 . 2013-02-06 12:24	262552	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 51712]
"Akamai NetSession Interface"="c:\users\Bryan\AppData\Local\Akamai
etsession_win.exe" [2012-10-09 4441920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-09-14 9726568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 177944]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\Invité\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\users\Bryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Canon IJ Status Monitor Canon Inkjet PIXMA iP3000.lnk - c:\windows\system32undll32.exe [2009-7-14 44544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 PAC207;Webcam 1200;c:\windows\system32\DRIVERS\PFC027.SYS [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers	susbflt.sys [x]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\Razer\Razer Game Booster\Driver\WinRing0.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x]
S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Contenu du dossier 'Tâches planifiées'
.
2013-02-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 14:08]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local
IE: Free YouTube Download - c:\users\Bryan\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9008D7A8-4ADC-4F14-9B19-9505688EC12D}: NameServer = 46.4.11.10,8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\68rc1jqc.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - ExtSQL: 2012-12-24 11:30; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\68rc1jqc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - user.js: extentions.y2layers.installId - 80910f1f-7f7d-45f2-9d5a-2028b20d01ce
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-10 - (no file)
Toolbar-!{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - (no file)
Toolbar-!{19803860-b306-423c-bbb5-f60a7d82cde5} - (no file)
HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
HKCU-Run-KiesPreload - c:\program files\Samsung\Kies\Kies.exe
HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
HKLM-Run-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services
pggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-4102282018-1135847935-1891623518-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-4102282018-1135847935-1891623518-1004)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4102282018-1135847935-1891623518-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*U*|*c%\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-4102282018-1135847935-1891623518-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-4102282018-1135847935-1891623518-1004)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-4102282018-1135847935-1891623518-1004_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):3e,46,be,40,03,c3,10,4b,27,09,c0,ff,be,39,e9,eb,97,7a,5e,6c,f4,
   bd,e2,85,4b,60,02,01,59,d7,d0,8e,b3,cb,64,0a,5b,5b,d0,b3,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-4102282018-1135847935-1891623518-1004_Classes\CLSID\{db8c56d3-7178-4181-88de-1edaf04a41f8}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000021
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,75,07,18,dd,fb,11,42,94,27,b7,99,0d,2a,ba,05,1a,a2,02,c9,3e,9b,f9,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2013-02-10  20:40:57
ComboFix-quarantined-files.txt  2013-02-10 19:40
.
Avant-CF: 189 128 581 120 octets libres
Après-CF: 190 570 455 040 octets libres
.
- - End Of File - - C3916CD062690FC3B42C31F0707D0F22

Trojan embêtant ...

1 réponse

Discussions similaires