Sujet Précédent Sujet Suivant

Probleme virus/malware Pop up

Résolu/Fermé
mashable Messages postés 73 Date d'inscription dimanche 5 février 2012 Statut Membre Dernière intervention 9 mars 2014 - 21 nov. 2012 à 08:08
 Utilisateur anonyme - 25 nov. 2012 à 19:39
Bonjour,

Bonjour, j'ai un souci dernièrement une page web s'ouvre automatiquement dans mon navigateur et cela a intervalle différents .J'ai essaye toutes les méthodes pour supprimer: malwares antibytes, nod 32 scan, antivirus scan,nettoyage du cache.Cependant il persiste il s'agit du site fr ultigame m'informant d'un gain d'un bon d'achat -_-.
Merci d'avance

A voir également:

47 réponses

Précédent
Réponse 21 / 47
mashable Messages postés 73 Date d'inscription dimanche 5 février 2012 Statut Membre Dernière intervention 9 mars 2014
22 nov. 2012 à 06:46
ComboFix 12-11-21.01 - post89 22/11/2012 6:28.2.4 - x64
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.4094.2567 [GMT 1:00]
Lancé depuis: c:\users\post89\Desktop\V-Fraps.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-10-22 au 2012-11-22 ))))))))))))))))))))))))))))))))))))
.
.
2012-11-22 05:35 . 2012-11-22 05:35 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-22 05:35 . 2012-11-22 05:35 -------- d-----w- c:\users\post89\AppData\Local\temp
2012-11-22 05:35 . 2012-11-22 05:35 -------- d-----w- c:\users\hedev\AppData\Local\temp
2012-11-22 05:35 . 2012-11-22 05:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-22 05:24 . 2012-11-22 05:27 -------- d-----w- C:\32788R22FWJFW
2012-11-21 19:42 . 2012-11-21 19:42 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF454B80-E53B-4BF4-9632-630AE5485406}\offreg.dll
2012-11-21 16:12 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF454B80-E53B-4BF4-9632-630AE5485406}\mpengine.dll
2012-11-21 15:51 . 2012-11-21 16:09 -------- d-----w- C:\ComboFix
2012-11-21 08:41 . 2012-11-21 08:57 -------- d-----w- C:\Pre_Scan
2012-11-19 03:17 . 2012-11-19 03:17 -------- d-----w- C:\Riot Games
2012-11-19 02:03 . 2012-11-21 20:02 -------- d-----w- c:\users\post89\AppData\Local\PMB Files
2012-11-19 02:03 . 2012-11-21 20:02 -------- d-----w- c:\programdata\PMB Files
2012-11-19 00:38 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-17 04:34 . 2012-11-17 04:35 666720 ----a-w- c:\windows\SysWow64\xsherlock.xem
2012-11-17 02:24 . 2012-11-17 02:24 -------- d-----w- c:\users\post89\AppData\Local\Aeria Games
2012-11-17 02:23 . 2012-11-17 05:42 -------- d-----w- c:\programdata\Aeria Games
2012-11-17 01:44 . 2012-11-17 05:42 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2012-11-17 01:44 . 2012-11-17 01:44 -------- d-----w- c:\users\post89\AppData\Roaming\Aeria Games & Entertainment
2012-11-17 00:41 . 2012-11-17 00:45 282104 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-11-17 00:38 . 2012-11-17 00:38 -------- d-----w- c:\users\post89\AppData\Local\PunkBuster
2012-11-16 15:39 . 2012-11-16 15:39 -------- d-----w- c:\users\post89\.thumbnails
2012-11-16 09:17 . 2012-11-17 00:45 282104 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-11-16 09:17 . 2012-11-17 00:45 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-16 09:07 . 2012-11-17 00:35 -------- d-----w- c:\program files (x86)\EA Games
2012-11-16 06:22 . 2012-11-16 06:22 -------- d-----w- c:\users\post89\AppData\Local\Apps
2012-11-16 06:22 . 2012-11-16 06:22 -------- d-----w- c:\users\post89\AppData\Local\Deployment
2012-11-15 20:35 . 2012-11-15 20:35 -------- d--h--r- c:\users\post89\AppData\Roaming\SecuROM
2012-11-15 08:38 . 2012-11-15 08:38 -------- d-----w- c:\users\post89\AppData\Roaming\SynthMaker
2012-11-15 08:06 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2012-11-14 02:01 . 2012-10-04 02:08 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 01:35 . 2012-09-25 16:31 91648 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 01:35 . 2012-09-25 16:19 75776 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-14 01:34 . 2012-10-12 14:53 2769920 ----a-w- c:\windows\system32\win32k.sys
2012-11-12 22:41 . 2012-11-12 22:41 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-11-12 22:41 . 2012-11-12 22:41 18912 ----a-w- c:\program files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2012-11-12 22:41 . 2012-11-12 22:41 136672 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-11-12 22:41 . 2012-11-12 22:41 117728 ----a-w- c:\program files (x86)\Mozilla Firefox\crashreporter.exe
2012-11-12 22:41 . 2012-11-12 22:41 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-11-12 22:41 . 2012-11-12 22:41 913888 ----a-w- c:\program files (x86)\Mozilla Firefox\firefox.exe
2012-11-12 22:41 . 2012-11-12 22:41 82400 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2012-11-12 22:41 . 2012-11-12 22:41 573920 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-11-12 22:41 . 2012-11-12 22:41 258528 ----a-w- c:\program files (x86)\Mozilla Firefox\freebl3.dll
2012-11-12 22:41 . 2012-11-12 22:41 425952 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2012-11-12 22:41 . 2012-11-12 22:41 113120 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-11-08 03:18 . 2012-11-08 03:18 -------- d-----w- c:\users\post89\AppData\Local\The Witcher 2
2012-11-08 00:49 . 2012-11-08 00:49 -------- d-----w- c:\users\post89\AppData\Local\Remove_Empty_Directories
2012-11-08 00:48 . 2012-11-08 00:48 -------- d-----w- c:\program files (x86)\Remove Empty Directories
2012-11-08 00:46 . 2012-11-08 00:51 -------- d-----w- c:\program files (x86)\Unlocker
2012-11-01 03:45 . 2012-11-01 03:45 -------- d-----w- c:\program files (x86)\Square Enix
2012-10-29 03:51 . 2012-10-29 03:51 -------- d-----w- c:\users\post89\AppData\Roaming\Hive Cluster
2012-10-25 16:17 . 2012-10-25 16:17 -------- d-----w- c:\users\post89\AppData\Local\FLT
2012-10-24 01:08 . 2012-10-24 01:08 -------- d-----w- c:\program files (x86)\Bethesda Softworks
2012-10-23 18:09 . 2012-10-31 18:59 -------- d-----w- c:\program files (x86)\Gameforge
2012-10-23 17:57 . 2012-10-23 17:57 -------- d-----w- c:\program files (x86)\VS Revo Group
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 02:04 . 2006-11-02 12:35 66395536 ----a-w- c:\windows\system32\mrt.exe
2012-11-13 21:48 . 2012-04-09 01:18 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-13 21:48 . 2011-05-25 12:43 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 20:23 . 2012-10-10 20:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-10 20:23 . 2012-02-22 19:57 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-10 20:23 . 2012-10-10 20:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-10 20:23 . 2012-10-10 20:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-10 20:23 . 2012-10-10 20:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-10 20:23 . 2012-10-10 20:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-10 20:23 . 2012-10-10 20:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-10 20:23 . 2010-07-10 04:38 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-10 20:23 . 2012-10-10 20:23 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-10 20:23 . 2012-10-10 20:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-10 20:23 . 2012-10-10 20:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-10 20:22 . 2012-10-10 20:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-10 20:22 . 2012-10-10 20:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-10 20:22 . 2012-02-22 19:57 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-10 20:22 . 2012-10-10 20:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-10 20:22 . 2012-10-10 20:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-10 20:22 . 2012-10-10 20:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-10 20:22 . 2012-10-10 20:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 20:22 . 2012-10-10 20:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-02 19:51 . 2011-04-07 21:18 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2011-04-07 21:19 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2011-04-07 21:19 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2011-04-07 21:19 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2011-04-07 21:19 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:50 . 2010-07-09 15:27 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 12:15 . 2012-10-02 12:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-09-29 18:54 . 2011-07-10 17:36 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 13:42 . 2012-10-20 22:45 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A9173233-47A9-439D-A2F7-31F2BD1C23F9}\gapaengine.dll
2012-09-28 13:42 . 2012-06-13 08:57 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-25 01:34 . 2012-09-25 00:45 235 ----a-w- c:\windows\SysWow64\nxEuUninstall.bat
2012-09-25 01:34 . 2012-09-25 00:45 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2012-09-24 21:16 . 2012-10-22 12:37 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-17 08:15 . 2012-09-17 08:16 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-17 08:15 . 2011-05-25 18:42 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-13 13:45 . 2012-10-10 13:39 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-13 13:28 . 2012-10-10 13:39 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-30 20:03 . 2012-08-30 20:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2011-04-27 13:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-29 11:40 . 2012-10-10 13:38 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 16:07 . 2012-10-10 13:39 218624 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 15:53 . 2012-10-10 13:39 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2009-12-06 09:18 26624 --sh--w- c:\windows\bfcs2.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
2012-07-29 09:23 165720 ----a-w- c:\program files\Web Assistant\Extension32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-19 18:29 208096 ----a-w- c:\users\post89\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-19 18:29 208096 ----a-w- c:\users\post89\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-19 18:29 208096 ----a-w- c:\users\post89\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Akamai NetSession Interface"="c:\users\post89\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-11-19 3092088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2012-04-18 646232]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contenu du dossier 'Tâches planifiées'
.
2012-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 21:48]
.
2012-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-207815923-15576146-1052668473-1000Core.job
- c:\users\post89\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-16 06:22]
.
2012-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-207815923-15576146-1052668473-1000UA.job
- c:\users\post89\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-16 06:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-19 18:29 232672 ----a-w- c:\users\post89\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-19 18:29 232672 ----a-w- c:\users\post89\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-19 18:29 232672 ----a-w- c:\users\post89\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-22 7833120]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-22 1833504]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://mystart.incredibar.com/mb178?a=6OyLwM9APb&i=26
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.searchs.at/searchResult.jsp?cx=partner-pub-9695538427146728:yvjqb5-xuvw&cof=FORID:11&ie=ISO-8859-1&q={searchTerms}&sa=Recherche+Google&siteurl=www.searchs.at/&lang=En
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\post89\AppData\Roaming\Mozilla\Firefox\Profiles\nwfbolc9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb178/?loc=IB_DS&a=6OyLwM9APb&&i=26&search=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyLwM9APb&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 24e2cc370000000000000022153da081
FF - user.js: extensions.incredibar_i.instlDay - 15571
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1420:31
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyLwM9APb
FF - user.js: extensions.incredibar_i.upn2n - 92261959092310893
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
AddRemove-RadLight MPC DirectShow Filter - c:\windows\system32\RadLightMPCUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va003]
"ImagePath"="\??\c:\users\post89\AppData\Local\Temp\0032201.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\05\03\19\17\12\14h"
.
Heure de fin: 2012-11-22 06:38:26
ComboFix-quarantined-files.txt 2012-11-22 05:38
.
Avant-CF: 525 193 166 848 octets libres
Après-CF: 525 149 679 616 octets libres
.
- - End Of File - - 83A4850832EF4861F39B452647B9BB34
0
Réponse 22 / 47
mashable Messages postés 73 Date d'inscription dimanche 5 février 2012 Statut Membre Dernière intervention 9 mars 2014
22 nov. 2012 à 13:51
Si c'est possible d'avoir un suivi j'ai pas envie de me traîné des Malware en tout genre.
En plus je ne connais pas la fonction de deffrog et ses conséquences.
Voila c'est pas un ordre je veux juste en finir avec cette "infection"
0
Réponse 23 / 47
Utilisateur anonyme
22 nov. 2012 à 15:06
désolé d'avoir une vie à coté

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

clique sur "Parcourir" et trouve puis selectionne ce(s) fichier(s) :

c:\windows\bfcs2.dll

* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
0
Réponse 24 / 47
mashable Messages postés 73 Date d'inscription dimanche 5 février 2012 Statut Membre Dernière intervention 9 mars 2014
22 nov. 2012 à 15:46
C'est quoi ce délire je trouve pas le fichier dans le dossier.
Par contre quand je fais recherche ds le menu démarrer il apparaît.
J'ai beau le déplacer il reste invisible pourtant l'option voir les fichiers caché est activé.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 47
Utilisateur anonyme
22 nov. 2012 à 16:02
copie-le sur ton bureau
0
Réponse 26 / 47
mashable Messages postés 73 Date d'inscription dimanche 5 février 2012 Statut Membre Dernière intervention 9 mars 2014
22 nov. 2012 à 16:24
https://www.virustotal.com/gui/file/52b8e1f958fd0a352b7a9192d73a72d1c32711ff1740ded3e80009eb44d48575
0
Réponse 27 / 47
Utilisateur anonyme
22 nov. 2012 à 16:31
tu peux le supprimer ce fichier à son emplacement d'origine ?
0
Réponse 28 / 47
mashable Messages postés 73 Date d'inscription dimanche 5 février 2012 Statut Membre Dernière intervention 9 mars 2014
22 nov. 2012 à 16:39
Le Probleme c'est qu'il est invisible et vu qu'il est sur le bureau ca me fait 2 examplaire :(
0
Réponse 29 / 47
Utilisateur anonyme
22 nov. 2012 à 16:47
celui du bureau aussi est invisible ?
0
Réponse 30 / 47
mashable Messages postés 73 Date d'inscription dimanche 5 février 2012 Statut Membre Dernière intervention 9 mars 2014
22 nov. 2012 à 16:52
Oui.Je l'ai supprimer en passant par la recherche de la barre Windows mais si j'ai fait une copie bizarre que je ne trouve qu'un seul exemplaire enfin bref.
Peut tu me dire ce que deffrog peut provoquer ?
0
Réponse 31 / 47
Utilisateur anonyme
22 nov. 2012 à 17:08

__________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
----------------------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
KillAll::

ClearJavaCache::

Folder::
c:\windows\SysWow64\AI_RecycleBin

DDs::
uStart Page = hxxp://mystart.incredibar.com/mb178?a=6OyLwM9APb&i=26
uSearchMigratedDefaultURL = hxxp://www.searchs.at/searchResult.jsp?cx=partner-pub-9695538427146728:yvjqb5-xuvw&cof=FORID:11&ie=ISO-8859-1&q={searchTerms}&sa=Recherche+Google&siteurl=www.searchs.at/&lang=En
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

Firefox::
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb178/?loc=IB_DS&a=6OyLwM9APb&&i=26&search=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyLwM9APb&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 24e2cc370000000000000022153da081
FF - user.js: extensions.incredibar_i.instlDay - 15571
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1420:31
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyLwM9APb
FF - user.js: extensions.incredibar_i.upn2n - 92261959092310893
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1

Driver::
X6va003

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]


------------------------------------------------------------------

▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes

▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix comme sur cette : illustration

▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt



0
Réponse 32 / 47
mashable Messages postés 73 Date d'inscription dimanche 5 février 2012 Statut Membre Dernière intervention 9 mars 2014
23 nov. 2012 à 05:31
ComboFix 12-11-21.01 - post89 22/11/2012 19:34:58.3.4 - x64
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.4094.2514 [GMT 1:00]
Lancé depuis: c:\users\post89\Desktop\V-Fraps.exe
Commutateurs utilisés :: c:\users\post89\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\AI_RecycleBin
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA003
-------\Service_X6va003
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-10-22 au 2012-11-22 ))))))))))))))))))))))))))))))))))))
.
.
2012-11-22 18:42 . 2012-11-22 18:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-22 18:42 . 2012-11-22 18:42 -------- d-----w- c:\users\hedev\AppData\Local\temp
2012-11-22 18:42 . 2012-11-22 18:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-22 15:53 . 2012-11-22 15:53 -------- d-----w- c:\users\post89\AppData\Roaming\Theta
2012-11-22 15:40 . 2012-11-22 15:40 -------- d-----w- c:\users\post89\AppData\Roaming\Assassin's Creed III
2012-11-22 15:38 . 2012-11-22 15:38 -------- d-----w- c:\program files (x86)\Ubisoft
2012-11-22 15:26 . 2012-11-22 15:26 -------- d-----w- c:\program files (x86)\R.G. Mechanics
2012-11-22 05:51 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74FCC741-8EDC-4781-A558-950C0E79B08F}\mpengine.dll
2012-11-21 15:51 . 2012-11-21 16:09 -------- d-----w- C:\ComboFix
2012-11-21 08:41 . 2012-11-21 08:57 -------- d-----w- C:\Pre_Scan
2012-11-19 03:17 . 2012-11-19 03:17 -------- d-----w- C:\Riot Games
2012-11-19 02:03 . 2012-11-21 20:02 -------- d-----w- c:\users\post89\AppData\Local\PMB Files
2012-11-19 02:03 . 2012-11-21 20:02 -------- d-----w- c:\programdata\PMB Files
2012-11-19 00:38 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-17 04:34 . 2012-11-17 04:35 666720 ----a-w- c:\windows\SysWow64\xsherlock.xem
2012-11-17 02:24 . 2012-11-17 02:24 -------- d-----w- c:\users\post89\AppData\Local\Aeria Games
2012-11-17 02:23 . 2012-11-17 05:42 -------- d-----w- c:\programdata\Aeria Games
2012-11-17 01:44 . 2012-11-17 01:44 -------- d-----w- c:\users\post89\AppData\Roaming\Aeria Games & Entertainment
2012-11-17 00:41 . 2012-11-17 00:45 282104 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-11-17 00:38 . 2012-11-17 00:38 -------- d-----w- c:\users\post89\AppData\Local\PunkBuster
2012-11-16 15:39 . 2012-11-16 15:39 -------- d-----w- c:\users\post89\.thumbnails
2012-11-16 09:17 . 2012-11-17 00:45 282104 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-11-16 09:17 . 2012-11-17 00:45 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-16 09:07 . 2012-11-17 00:35 -------- d-----w- c:\program files (x86)\EA Games
2012-11-16 06:22 . 2012-11-16 06:22 -------- d-----w- c:\users\post89\AppData\Local\Apps
2012-11-16 06:22 . 2012-11-16 06:22 -------- d-----w- c:\users\post89\AppData\Local\Deployment
2012-11-15 20:35 . 2012-11-15 20:35 -------- d--h--r- c:\users\post89\AppData\Roaming\SecuROM
2012-11-15 08:38 . 2012-11-15 08:38 -------- d-----w- c:\users\post89\AppData\Roaming\SynthMaker
2012-11-15 08:06 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2012-11-14 02:01 . 2012-10-04 02:08 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 01:35 . 2012-09-25 16:31 91648 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 01:35 . 2012-09-25 16:19 75776 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-14 01:34 . 2012-10-12 14:53 2769920 ----a-w- c:\windows\system32\win32k.sys
2012-11-12 22:41 . 2012-11-12 22:41 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-11-12 22:41 . 2012-11-12 22:41 18912 ----a-w- c:\program files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2012-11-12 22:41 . 2012-11-12 22:41 136672 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-11-12 22:41 . 2012-11-12 22:41 117728 ----a-w- c:\program files (x86)\Mozilla Firefox\crashreporter.exe
2012-11-12 22:41 . 2012-11-12 22:41 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-11-12 22:41 . 2012-11-12 22:41 913888 ----a-w- c:\program files (x86)\Mozilla Firefox\firefox.exe
2012-11-12 22:41 . 2012-11-12 22:41 82400 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2012-11-12 22:41 . 2012-11-12 22:41 573920 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-11-12 22:41 . 2012-11-12 22:41 258528 ----a-w- c:\program files (x86)\Mozilla Firefox\freebl3.dll
2012-11-12 22:41 . 2012-11-12 22:41 425952 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2012-11-12 22:41 . 2012-11-12 22:41 113120 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-11-08 03:18 . 2012-11-08 03:18 -------- d-----w- c:\users\post89\AppData\Local\The Witcher 2
2012-11-08 00:49 . 2012-11-08 00:49 -------- d-----w- c:\users\post89\AppData\Local\Remove_Empty_Directories
2012-11-08 00:48 . 2012-11-08 00:48 -------- d-----w- c:\program files (x86)\Remove Empty Directories
2012-11-08 00:46 . 2012-11-08 00:51 -------- d-----w- c:\program files (x86)\Unlocker
2012-11-01 03:45 . 2012-11-01 03:45 -------- d-----w- c:\program files (x86)\Square Enix
2012-10-29 03:51 . 2012-10-29 03:51 -------- d-----w- c:\users\post89\AppData\Roaming\Hive Cluster
2012-10-25 16:17 . 2012-10-25 16:17 -------- d-----w- c:\users\post89\AppData\Local\FLT
2012-10-24 01:08 . 2012-10-24 01:08 -------- d-----w- c:\program files (x86)\Bethesda Softworks
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 02:04 . 2006-11-02 12:35 66395536 ----a-w- c:\windows\system32\mrt.exe
2012-11-13 21:48 . 2012-04-09 01:18 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-13 21:48 . 2011-05-25 12:43 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 20:23 . 2012-10-10 20:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-10 20:23 . 2012-02-22 19:57 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-10 20:23 . 2012-10-10 20:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-10 20:23 . 2012-10-10 20:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-10 20:23 . 2012-10-10 20:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-10 20:23 . 2012-10-10 20:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-10 20:23 . 2012-10-10 20:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-10 20:23 . 2010-07-10 04:38 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-10 20:23 . 2012-10-10 20:23 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-10 20:23 . 2012-10-10 20:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-10 20:23 . 2012-10-10 20:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-10 20:22 . 2012-10-10 20:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-10 20:22 . 2012-10-10 20:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-10 20:22 . 2012-02-22 19:57 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-10 20:22 . 2012-10-10 20:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-10 20:22 . 2012-10-10 20:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-10 20:22 . 2012-10-10 20:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-10 20:22 . 2012-10-10 20:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 20:22 . 2012-10-10 20:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-02 19:51 . 2011-04-07 21:18 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2011-04-07 21:19 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2011-04-07 21:19 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2011-04-07 21:19 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2011-04-07 21:19 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:50 . 2010-07-09 15:27 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 12:15 . 2012-10-02 12:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-09-29 18:54 . 2011-07-10 17:36 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 13:42 . 2012-10-20 22:45 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A9173233-47A9-439D-A2F7-31F2BD1C23F9}\gapaengine.dll
2012-09-28 13:42 . 2012-06-13 08:57 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-25 01:34 . 2012-09-25 00:45 235 ----a-w- c:\windows\SysWow64\nxEuUninstall.bat
2012-09-25 01:34 . 2012-09-25 00:45 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2012-09-24 21:16 . 2012-10-22 12:37 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-17 08:15 . 2012-09-17 08:16 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-17 08:15 . 2011-05-25 18:42 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-13 13:45 . 2012-10-10 13:39 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-13 13:28 . 2012-10-10 13:39 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-30 20:03 . 2012-08-30 20:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2011-04-27 13:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-29 11:40 . 2012-10-10 13:38 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
2012-07-29 09:23 165720 ----a-w- c:\program files\Web Assistant\Extension32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-19 18:29 208096 ----a-w- c:\users\post89\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-19 18:29 208096 ----a-w- c:\users\post89\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-19 18:29 208096 ----a-w- c:\users\post89\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Akamai NetSession Interface"="c:\users\post89\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-11-19 3092088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2012-04-18 646232]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contenu du dossier 'Tâches planifiées'
.
2012-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 21:48]
.
2012-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-207815923-15576146-1052668473-1000Core.job
- c:\users\post89\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-16 06:22]
.
2012-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-207815923-15576146-1052668473-1000UA.job
- c:\users\post89\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-16 06:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-19 18:29 232672 ----a-w- c:\users\post89\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-19 18:29 232672 ----a-w- c:\users\post89\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-19 18:29 232672 ----a-w- c:\users\post89\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-22 7833120]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-22 1833504]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\post89\AppData\Roaming\Mozilla\Firefox\Profiles\nwfbolc9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb178/?loc=IB_DS&a=6OyLwM9APb&&i=26&search=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyLwM9APb&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 24e2cc370000000000000022153da081
FF - user.js: extensions.incredibar_i.instlDay - 15571
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1420:31
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyLwM9APb
FF - user.js: extensions.incredibar_i.upn2n - 92261959092310893
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
AddRemove-RadLight MPC DirectShow Filter - c:\windows\system32\RadLightMPCUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\05\03\19\17\12\14h"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\ASUS\AASP\1.00.58\aaCenter.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe
c:\program files\Web Assistant\ExtensionUpdaterService.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Heure de fin: 2012-11-22 19:50:18 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-11-22 18:50
ComboFix2.txt 2012-11-22 05:38
.
Avant-CF: 529 782 128 640 octets libres
Après-CF: 530 386 423 808 octets libres
.
- - End Of File - - C485E00D17211612CDACF27CF3E724B6
0
Réponse 33 / 47
Utilisateur anonyme
23 nov. 2012 à 09:24
Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

clique sur "Parcourir" et trouve puis selectionne ce(s) fichier(s) :

c:\windows\system32\xsherlock.xem

* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
0
Réponse 34 / 47
mashable Messages postés 73 Date d'inscription dimanche 5 février 2012 Statut Membre Dernière intervention 9 mars 2014
23 nov. 2012 à 11:19
Petite question je vais analysez les fichiers 1 part 1 c'est ca ?
Si c'est ca donne moi toute la liste et je le fais en un coup.
0
Réponse 35 / 47
Utilisateur anonyme
23 nov. 2012 à 11:36
nan que celui-ci les autres c'est bon lol
0
Réponse 36 / 47
mashable Messages postés 73 Date d'inscription dimanche 5 février 2012 Statut Membre Dernière intervention 9 mars 2014
23 nov. 2012 à 15:26
https://www.virustotal.com/gui/file/fa75544b3abe97267905dd0ac42cc2b93bc95cc328f9383ca7dd97b72d60c23b
0
Réponse 37 / 47
Utilisateur anonyme
23 nov. 2012 à 16:35
c'est quoi comme jeu ?
0
Réponse 38 / 47
mashable Messages postés 73 Date d'inscription dimanche 5 février 2012 Statut Membre Dernière intervention 9 mars 2014
23 nov. 2012 à 17:30
hein ?
0
Réponse 39 / 47
Utilisateur anonyme
23 nov. 2012 à 17:39
ca te dit rien ca ?

XIGNCODE3 Game Start Service :

ublisher................: Wellbia.com Co., Ltd.
product..................: XIGNCODE3
internal name............: xsherlock
copyright................: Copyright (C) 2006-2011 Wellbia.com Co., Ltd.
signing date.............: 10:09 AM 10/15/2012
original name............: xsherlock.exe
comments.................: XIGNCODE3 Game Start Service
file version.............: 3, 1, 0, 1
signers..................: Wellbia.com Co., Ltd.; VeriSign Class 3 Code Signing 2010 CA; VeriSign Class 3 Public Primary Certification Authority - G5
description..............: XIGNCODE3 Game Start Service
0
Réponse 40 / 47
mashable Messages postés 73 Date d'inscription dimanche 5 février 2012 Statut Membre Dernière intervention 9 mars 2014
23 nov. 2012 à 18:04
apparemment d'après google ça doit être soit A.V.A soit Vindictus ,tous deux desinstallé.
Mais de nom non ca me dit rien ce XIGN...
0

Discussions similaires

Comment supprimer tor.jack sur Android
sabinelouisonbruno -
akaloupile -

4 réponses
Comment désactiver le mode sécurisé de la Freebox POP.
Cycy -
munstef676 -

11 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Comment lire un DVD avec un pop-up mobile external DVD-RW
Anna -
Anna -

2 réponses