Cheval de troie "Patched_c.LZI" services.exe

Salut,


Sauvegarde tes documents importants.
A lire en entier.


Désactive les logiciels de protection (Antivirus, Antispywares)
En Général, cela se fait par un clic droit sur l'icône de ton antivirus en bas à droite et désactiver protection/agent ou autres.

ensuite :

Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix, accepte la licence d'utilisation et laisse toi guider.

Eventuellement, installe la console de récupération comme cela est conseillé

Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Si le rapport ne passe pas, envoie le sur ce site : http://pjjoint.malekal.com/
et donne le lien ici :)

Tu as le tutorial sur ce lien pour t'aider : http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

PS : si Combofix ne se lance pas, renomme le fichier Combofix et retente.

Si pas mieux, tente en mode sans échec sans prise en charge du réseau : Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.

Si Combofix émet toujours une alerte sur l'antivirus : Si tu es en mode sans échec continue, si tu es en mode normal et que l'antivirus est bien désactivé. Continue.
Hébergement du rapport : Utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport, donne le lien pjjoint qui pointent vers ce rapport dans un nouveau message.

deja merci pour ton aide,alrs effectivement j'ai installer combofix mais il ne s execue pas ,malgré désactivation de avg, redémarrage en mode sans échec,en vain j'ai même essayé de désinstaller avg mais il ne se desinstalle plus,je sais plus quoi faire en + avec les deconnection internet intempestive.

j'ai reussi a avoir le rapport et le scan combofix avec "run as administrator" voici le rapport:



http://pjjoint.malekal.com/files.php?id=20120821_b12p6k8d6o11

humm \o
y a pas l'air d'y avoir de copie saine de services.exe sur ton PC \o

Sinon tu as installé plein de programmes parasites qu'il faut désinstaller.
Panneau de Configuration => Programmes et fonctionnalités.
Askbar
DriverCure
SpeedyPC Software
SweetIM / SweetPack
TVersitybar

~~

Je vais essayer de te trouver un services.exe sain pour qu'on puisse le restaurer.

voici le rapport re roguekilller:

RogueKiller V7.6.6 [10/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: ATTILA [Admin rights]
Mode: Remove -- Date: 21/08/2012 12:32:06

¤¤¤ Bad processes: 3 ¤¤¤
[SUSP PATH] MediaServer.exe -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -> KILLED [TermProc]
[RESIDUE] MediaServer.exe -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -> KILLED [TermProc]
[RESIDUE] MediaServer.exe -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 7 ¤¤¤
[SUSP PATH] Vista & XP Virtual Desktops.lnk @ATTILA : C:\Users\ATTILA\AppData\Roaming\Microsoft\Installer\{F4735C64-9A74-4E48-894B-1CA5D83B99C8}\MainIcon.ico -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : c:\windows\installer\{abab918e-bf15-bf58-9b4d-0a573c17fab9}\U --> REMOVED
[ZeroAccess][FOLDER] L : c:\windows\installer\{abab918e-bf15-bf58-9b4d-0a573c17fab9}\L --> REMOVED
[ZeroAccess][FILE] @ : c:\users\attila\appdata\local\{abab918e-bf15-bf58-9b4d-0a573c17fab9}\@ --> REMOVED
[ZeroAccess][FOLDER] U : c:\users\attila\appdata\local\{abab918e-bf15-bf58-9b4d-0a573c17fab9}\U --> REMOVED
[ZeroAccess][FOLDER] L : c:\users\attila\appdata\local\{abab918e-bf15-bf58-9b4d-0a573c17fab9}\L --> REMOVED
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> REMOVED AT REBOOT
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> REMOVED AT REBOOT
[Susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> REPLACED AT REBOOT (c:\windows\SysWOW64\services.exe)

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500320AS ATA Device +++++
--- User ---
[MBR] 3b30bed66ff16feae3612590968fa723
[BSP] 6a5d9a20e9fb34af288887e04eff3184 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Hitachi HDP725016GLAT80 SCSI Disk Device +++++
--- User ---
[MBR] 1d4b42081525cd5ecb162e175d5bea60
[BSP] c2327e95124cc7ff9edadb8cd45b6377 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[6].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt

TVersity ç'est un logiciel que j'ai acheté pour connecté ma ps3 a ma tv ça fait longtemps que je l'ai .
quant au virus a fait 4jours

oui j ai toujour services.exe qui s affiche,malgré roguekiller et combofix,j ai du mal help please.

Faut trouver un services.exe pour Vista pour pouvoir le remettre...

bonjour à tous !

J'ai utilisé combofix pour supprimer ce cheval de troie et n'ayant que peu de connaissance en informatique, j'aimerais savoir si quelqu'un pouvait jeter un coup d'oeil sur le rapport pour savoir si tout est ok

Merci d'avance

ComboFix 12-09-03.04 - tristoun 03/09/2012 13:18:42.2.2 - x64
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.4094.2156 [GMT 2:00]
Lancé depuis: c:\users\tristoun\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\users\tristoun\AppData\Local\Temp\228ce296-4b78-49ce-b8e4-abde55f896ab\CliSecureRT64.dll
c:\users\tristoun\AppData\Roaming\app
c:\users\tristoun\AppData\Roaming\app\Jerakine_lang.dat
c:\users\tristoun\AppData\Roaming\app\Jerakine_lang_vesrion.dat
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\msvcr71.dll
.
c:\windows\system32\Services.exe . . . est infecté!!
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-08-03 au 2012-09-03 ))))))))))))))))))))))))))))))))))))
.
.
2012-09-03 12:20 . 2012-09-03 12:25 -------- d-----w- c:\users\tristoun\AppData\Local\temp
2012-09-03 12:20 . 2012-09-03 12:20 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-03 12:20 . 2012-09-03 12:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-22 14:53 . 2012-08-22 14:53 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-08-22 14:53 . 2012-08-22 14:53 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-08-22 14:51 . 2012-08-22 14:51 -------- d-----w- c:\users\tristoun\AppData\Roaming\AVG2012
2012-08-22 14:50 . 2012-08-22 15:00 -------- d-----w- c:\programdata\AVG2012
2012-08-19 23:25 . 2012-09-03 09:55 5290 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-08-11 22:03 . 2012-08-11 22:03 -------- d-----w- c:\users\tristoun\AppData\Roaming\QuickScan
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-03 12:23 . 2010-11-13 01:30 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-08-28 18:24 . 2012-05-19 11:23 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-28 18:24 . 2011-09-09 23:47 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-30 17:18 . 2012-04-27 11:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-30 17:18 . 2011-05-28 21:07 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-16 10:13 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
2012-07-03 11:46 . 2012-01-13 16:24 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:58 . 2012-07-16 10:09 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-06-08 17:59 . 2012-07-15 15:36 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-06-05 16:47 . 2012-07-15 15:36 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-05 16:47 . 2012-07-15 15:36 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-05 16:22 . 2012-07-15 15:36 1797120 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:22 . 2012-07-15 15:36 1869824 ----a-w- c:\windows\system32\msxml3.dll
2008-07-01 18:28 . 2008-07-01 18:28 61440 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-04-11 . BC81150939BD52DBC7A08C245F1FB229 . 384512 . . [6.0.6000.16386] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-22 14:53 2045024 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll" [2012-08-22 2045024]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 16:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Facebook Update"="c:\users\tristoun\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-15 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DirectConsole2"="c:\program files (x86)\ASUS\Direct Console\Direct Console.exe" [2008-08-20 2705976]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2008-09-02 8105984]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Copperhead"="c:\program files (x86)\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-08-22 1162848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-08-22 1020512]
.
c:\users\tristoun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contenu du dossier 'Tâches planifiées'
.
2012-09-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4052534032-1394959305-3422844324-1000Core.job
- c:\users\tristoun\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-08 15:30]
.
2012-09-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4052534032-1394959305-3422844324-1000UA.job
- c:\users\tristoun\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-08 15:30]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-11 13:13]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-11 13:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 15:52 159744 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-06-13 6342688]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1216808]
"SteelSeries Engine"="c:\program files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe" [2011-11-03 227328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: mswsock.dll
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20101216075330
DPF: {5AEF5128-FE70-49E8-9E86-45F0A2D7E4EE} - hxxp://go.opendisc.net/activex/OpendiscLight.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\tristoun\AppData\Roaming\Mozilla\Firefox\Profiles\5rmcz1p7.default\
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7Bc5a6e9b4-a17e-4794-99e6-28d9b6af640a%7D&mid=984c8c1d20c847d69516d16b537636af-a602df46526dc4505b424d1090c052e9df251380&ds=AVG&v=12.2.0.5&lang=fr&pr=fr&d=2012-08-22%2016%3A53%3A55&sap=ku&q=
.
- - - - ORPHELINS SUPPRIMES - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
SafeBoot-rpcnet
SafeBoot-SolutoService
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\Razer\Copperhead\razerofa.exe
c:\program files (x86)\AVG\AVG2012\avgcfgex.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Heure de fin: 2012-09-03 14:31:58 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-09-03 12:31
.
Avant-CF: 66 109 923 328 octets libres
Après-CF: 66 260 156 416 octets libres
.
- - End Of File - - 62F4062FAAC8F1C364C6738EF06ADA4D