Sujet Précédent Sujet Suivant

Trojan Sirefef

Fermé
Lucy - 25 juin 2012 à 14:10
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 - 2 juil. 2012 à 20:33
Bonjour,

Depuis hier, mon ordinateur semble infecté par les Trojan suivants Sirefef.B et Sirefef.Y. Ceux-ci sont détectés par MSE mais il ne semble pas pouvoir m'en débarasser. L'analyse se termine avant la fin par le redémarrage du PC et le problème se représente un quart d'heure plus tard. Mes compétences en informatique étant plutôt faible, je serais très reconnaissante si quelqu'un pouvait m'aider à résoudre ce problème.
Voilà un scan ZHP http://cjoint.com/12jn/BFzoeln1GtQ.htm

Merci d'avance

A voir également:

22 réponses

  • 1
  • 2
Réponse 1 / 22
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
25 juin 2012 à 14:13
Hello,

Oublie MSE il saura jamais désinfecter ça.


▶ Fais un clic droit et "Enregistrer la cible (du lien sous) -> tonprenom.exe -> destination ton bureau (ET PAS AILLEURS) sur le lien suivant : ComboFix

Ferme les fenêtres de tous les programmes en cours.
Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.


si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur combofix renommé

Si tu es sur Windows XP, laisse-le installer la console de récupération.

▶ Ne touche à rien durant le scan

ComboFix devrait redémarrer ton PC.

▶ n'oublie pas de réactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.


▶▶▶ Si, après le redémarrage de votre pc par combofix, vous avez des erreurs "Clé marquée pour suppression" ou des soucis de connexion internet, redémarrez à nouveau votre ordinateur
0
Réponse 2 / 22
Lucy
25 juin 2012 à 14:48
Merci beaucoup,

Voilà le rapport Combofix : ComboFix 12-06-25.02 - Pauline 25/06/2012 14:27:25.1.4 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.6092.4713 [GMT 2:00]
Lancé depuis: c:\users\Pauline\Desktop\Pauline.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Windows
c:\programdata\windows\ccdxmmde.dat
c:\programdata\Windows\drss.dat
c:\programdata\Windows\xessmsxe.dat
c:\users\Pauline\AppData\Local\{b44db156-3a04-b8d5-56ac-d2af6451fa3a}\@
c:\users\Pauline\AppData\Local\{b44db156-3a04-b8d5-56ac-d2af6451fa3a}\n
c:\users\Pauline\AppData\Local\{b44db156-3a04-b8d5-56ac-d2af6451fa3a}\U\00000001.@
c:\users\Pauline\AppData\Local\{b44db156-3a04-b8d5-56ac-d2af6451fa3a}\U\80000000.@
c:\users\Pauline\AppData\Local\{b44db156-3a04-b8d5-56ac-d2af6451fa3a}\U\800000cb.@
c:\users\Pauline\AppData\Roaming\Microsoft\~DFK316548.tmp
c:\users\Pauline\AppData\Roaming\Microsoft\~DFK355447.tmp
c:\users\Pauline\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Pauline\AppData\Roaming\Microsoft\bass.dll
c:\users\Pauline\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\Pauline\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Pauline\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Pauline\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Pauline\AppData\Roaming\Microsoft\rsaadjd.dll
c:\users\Pauline\AppData\Roaming\OfferBox
c:\users\Pauline\AppData\Roaming\OfferBox\config.xml
c:\users\Pauline\AppData\Roaming\OfferBox\http_app.offerbox.com\country.sxe
c:\users\Pauline\AppData\Roaming\OfferBox\http_app.offerbox.com\history.db
c:\users\Pauline\AppData\Roaming\OfferBox\http_app.offerbox.com\profile.sxe
c:\users\Pauline\AppData\Roaming\OfferBox\http_app.offerbox.com\update.sxe
c:\users\Pauline\AppData\Roaming\OfferBox\http_app.offerbox.com\update.xml
c:\windows\Installer\{b44db156-3a04-b8d5-56ac-d2af6451fa3a}\@
c:\windows\Installer\{b44db156-3a04-b8d5-56ac-d2af6451fa3a}\n
c:\windows\Installer\{b44db156-3a04-b8d5-56ac-d2af6451fa3a}\U\00000001.@
c:\windows\Installer\{b44db156-3a04-b8d5-56ac-d2af6451fa3a}\U\80000000.@
c:\windows\Installer\{b44db156-3a04-b8d5-56ac-d2af6451fa3a}\U\800000cb.@
c:\users\Pauline\0i763f66bz.exe . . . . impossible à supprimer
.
Une copie infectée de c:\windows\system32\services.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-05-25 au 2012-06-25 ))))))))))))))))))))))))))))))))))))
.
.
2012-06-25 12:35 . 2012-06-25 12:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-25 11:59 . 2012-06-25 12:01 -------- d-----w- C:\ZHP
2012-06-25 11:59 . 2012-06-25 11:59 -------- d-----w- c:\program files (x86)\ZHPDiag
2012-06-25 11:41 . 2012-06-25 11:41 328704 ----a-w- c:\windows\system32\services.exe.68E629D96FFF399D
2012-06-25 11:24 . 2012-06-25 11:24 328704 ----a-w- c:\windows\system32\services.exe.1E6037EDE994BE96
2012-06-25 09:50 . 2012-06-25 09:50 328704 ----a-w- c:\windows\system32\services.exe.A24A22459F0727CA
2012-06-25 09:35 . 2012-06-25 09:35 328704 ----a-w- c:\windows\system32\services.exe.4E94F7940A920DA9
2012-06-25 08:54 . 2012-06-25 08:54 328704 ----a-w- c:\windows\system32\services.exe.20F23B3D33214E86
2012-06-25 08:52 . 2012-02-09 12:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A58632DD-C5A8-49C7-87A4-A19F4AF3460B}\gapaengine.dll
2012-06-25 08:52 . 2012-06-18 01:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1AE51CB-BA63-42FB-8F5A-D482B9997310}\mpengine.dll
2012-06-25 08:48 . 2012-06-25 08:48 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-25 08:48 . 2012-06-25 08:48 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-25 08:33 . 2012-06-25 08:33 100 ---ha-w- C:\aaw7boot.cmd
2012-06-23 09:47 . 2012-06-23 09:47 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-23 09:38 . 2012-06-23 09:38 40960 ----a-w- c:\users\Pauline\0i763f66bz.exe
2012-06-22 08:23 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 08:23 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 08:23 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 08:23 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 08:22 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 08:22 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 08:22 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 08:22 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 08:22 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 08:52 . 2012-06-21 08:52 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-21 08:52 . 2012-06-21 08:52 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-18 09:50 . 2012-06-18 09:50 -------- d-----w- c:\users\Pauline\AppData\Local\Macromedia
2012-06-17 08:10 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-17 08:10 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-17 08:10 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 09:40 . 2012-04-23 16:59 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 09:40 . 2011-09-06 20:30 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-18 06:41 . 2012-04-21 15:53 955848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-18 06:41 . 2011-04-07 08:44 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-20 13:47 . 2011-04-07 08:44 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 13:56 . 2012-04-23 18:26 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 11:35 . 2012-05-09 19:28 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
"0i763f66bz"="c:\users\Pauline\0i763f66bz.exe" [2012-06-23 40960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-14 336384]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-03-11 1502776]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Pauline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 257224]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\3C48.tmp [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-01 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-01 76448]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-17 265544]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-04 2375168]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*Deregistered* - f660a3cd50c17a8b
.
Contenu du dossier 'Tâches planifiées'
.
2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 09:40]
.
2012-06-21 c:\windows\Tasks\HPCeeScheduleForPauline.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-08 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-08 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-08 418328]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-01 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-01 379552]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-15 1128448]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2011-02-19 569200]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Pauline\AppData\Roaming\Mozilla\Firefox\Profiles\eedclg8c.default\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\3C48.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\f660a3cd50c17a8b]
"ImagePath"="\SystemRoot\System32\Drivers\f660a3cd50c17a8b.sys"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Heure de fin: 2012-06-25 14:42:37 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-06-25 12:42
.
Avant-CF: 587 229 380 608 octets libres
Après-CF: 586 866 053 120 octets libres
.
- - End Of File - - E4896E79B449280453AEACBB8443B25F
0
Réponse 3 / 22
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
25 juin 2012 à 17:10
Y'a du monde sur ton PC !!!!! Une poubelle numérique !!!!

Désinstalle AD-Aware qui sert à rien
Même topo pour Sophos anti bidule chose

============================================


__________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
----------------------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------

KillAll::

ClearJavaCache::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"0i763f66bz"=-

Driver::
MEMSWEEP2

Rootkit::
c:\users\Pauline\0i763f66bz.exe
c:\windows\system32\3C48.tmp

FileLook::
c:\windows\system32\services.exe.68E629D96FFF399D
c:\windows\system32\services.exe.1E6037EDE994BE96
c:\windows\system32\services.exe.A24A22459F0727CA
c:\windows\system32\services.exe.4E94F7940A920DA9
c:\windows\system32\services.exe.20F23B3D33214E86
c:\windows\System32\Drivers\f660a3cd50c17a8b.sys

DirLook::
c:\windows\system32\%APPDATA%

------------------------------------------------------------------

▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes

▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix comme ceci : Illustration

▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt


0
Réponse 4 / 22
Lucy
26 juin 2012 à 10:50
Bonjour,

Mince, j'essaie pourtant de faire attention ...

Voilà le rapport :

ComboFix 12-06-25.02 - Pauline 25/06/2012 21:00:31.2.4 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.6092.4311 [GMT 2:00]
Lancé depuis: c:\users\Pauline\Desktop\Pauline.exe
Commutateurs utilisés :: c:\users\Pauline\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Pauline\0i763f66bz.exe . . . . impossible à supprimer
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MEMSWEEP2
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-05-25 au 2012-06-25 ))))))))))))))))))))))))))))))))))))
.
.
2012-06-25 19:15 . 2012-06-25 19:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-25 11:59 . 2012-06-25 12:01 -------- d-----w- C:\ZHP
2012-06-25 11:59 . 2012-06-25 11:59 -------- d-----w- c:\program files (x86)\ZHPDiag
2012-06-25 11:41 . 2012-06-25 11:41 328704 ----a-w- c:\windows\system32\services.exe.68E629D96FFF399D
2012-06-25 11:24 . 2012-06-25 11:24 328704 ----a-w- c:\windows\system32\services.exe.1E6037EDE994BE96
2012-06-25 09:50 . 2012-06-25 09:50 328704 ----a-w- c:\windows\system32\services.exe.A24A22459F0727CA
2012-06-25 09:35 . 2012-06-25 09:35 328704 ----a-w- c:\windows\system32\services.exe.4E94F7940A920DA9
2012-06-25 08:54 . 2012-06-25 08:54 328704 ----a-w- c:\windows\system32\services.exe.20F23B3D33214E86
2012-06-25 08:52 . 2012-02-09 12:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A58632DD-C5A8-49C7-87A4-A19F4AF3460B}\gapaengine.dll
2012-06-25 08:52 . 2012-06-18 01:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1AE51CB-BA63-42FB-8F5A-D482B9997310}\mpengine.dll
2012-06-25 08:48 . 2012-06-25 08:48 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-25 08:48 . 2012-06-25 08:48 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-25 08:33 . 2012-06-25 08:33 100 ---ha-w- C:\aaw7boot.cmd
2012-06-23 09:47 . 2012-06-23 09:47 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-23 09:38 . 2012-06-23 09:38 40960 ----a-w- c:\users\Pauline\0i763f66bz.exe
2012-06-22 08:23 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 08:23 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 08:23 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 08:23 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 08:22 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 08:22 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 08:22 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 08:22 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 08:22 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 08:52 . 2012-06-21 08:52 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-21 08:52 . 2012-06-21 08:52 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-18 09:50 . 2012-06-18 09:50 -------- d-----w- c:\users\Pauline\AppData\Local\Macromedia
2012-06-17 08:10 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-17 08:10 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-17 08:10 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 09:40 . 2012-04-23 16:59 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 09:40 . 2011-09-06 20:30 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-18 06:41 . 2012-04-21 15:53 955848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-18 06:41 . 2011-04-07 08:44 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-20 13:47 . 2011-04-07 08:44 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 13:56 . 2012-04-23 18:26 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 11:35 . 2012-05-09 19:28 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\services.exe.1E6037EDE994BE96 ---
Company: Microsoft Corporation
File Description: Services and Controller app
File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: services.exe
File size: 328704
Created time: 2012-06-25 11:24
Modified time: 2012-06-25 11:24
MD5: 24ACB7E5BE595468E3B9AA488B9B4FCB
SHA1: A5B16A7D28D2BA79A9CCFC16ED480AD75A757166
.
.
--- c:\windows\system32\services.exe.20F23B3D33214E86 ---
Company: Microsoft Corporation
File Description: Services and Controller app
File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: services.exe
File size: 328704
Created time: 2012-06-25 08:54
Modified time: 2012-06-25 08:54
MD5: 24ACB7E5BE595468E3B9AA488B9B4FCB
SHA1: A5B16A7D28D2BA79A9CCFC16ED480AD75A757166
.
.
--- c:\windows\system32\services.exe.4E94F7940A920DA9 ---
Company: Microsoft Corporation
File Description: Services and Controller app
File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: services.exe
File size: 328704
Created time: 2012-06-25 09:35
Modified time: 2012-06-25 09:35
MD5: 24ACB7E5BE595468E3B9AA488B9B4FCB
SHA1: A5B16A7D28D2BA79A9CCFC16ED480AD75A757166
.
.
--- c:\windows\system32\services.exe.68E629D96FFF399D ---
Company: Microsoft Corporation
File Description: Services and Controller app
File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: services.exe
File size: 328704
Created time: 2012-06-25 11:41
Modified time: 2012-06-25 11:41
MD5: 24ACB7E5BE595468E3B9AA488B9B4FCB
SHA1: A5B16A7D28D2BA79A9CCFC16ED480AD75A757166
.
.
--- c:\windows\system32\services.exe.A24A22459F0727CA ---
Company: Microsoft Corporation
File Description: Services and Controller app
File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: services.exe
File size: 328704
Created time: 2012-06-25 09:50
Modified time: 2012-06-25 09:50
MD5: 24ACB7E5BE595468E3B9AA488B9B4FCB
SHA1: A5B16A7D28D2BA79A9CCFC16ED480AD75A757166
.
---- Directory of c:\windows\system32\%APPDATA% ----
.
1601-01-01 00:00 . 1601-01-01 00:00 0 --sha-w- c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-25_12.36.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-25 12:47 56930 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-25 12:47 41728 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-06 16:08 . 2012-06-25 12:47 15122 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1912503649-411188616-2801711697-1000_UserData.bin
- 2012-06-25 12:35 . 2012-06-25 12:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-25 19:17 . 2012-06-25 19:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-25 19:17 . 2012-06-25 19:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-25 12:35 . 2012-06-25 12:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-06 18:07 . 2012-06-25 18:13 281222 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2011-04-07 18:11 . 2012-06-25 12:29 706842 c:\windows\system32\perfh00C.dat
+ 2011-04-07 18:11 . 2012-06-25 19:21 706842 c:\windows\system32\perfh00C.dat
- 2009-07-14 02:36 . 2012-06-25 12:29 618370 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-25 19:21 618370 c:\windows\system32\perfh009.dat
- 2011-04-07 18:11 . 2012-06-25 12:29 132016 c:\windows\system32\perfc00C.dat
+ 2011-04-07 18:11 . 2012-06-25 19:21 132016 c:\windows\system32\perfc00C.dat
- 2009-07-14 02:36 . 2012-06-25 12:29 107650 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-25 19:21 107650 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-06-25 19:16 438484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-25 12:35 438484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-07-20 16:22 . 2012-06-25 12:21 2065856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-07-20 16:22 . 2012-06-25 19:16 2065856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-09-07 07:26 . 2012-06-25 19:16 35099824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1912503649-411188616-2801711697-1000-8192.dat
- 2011-09-07 07:26 . 2012-06-25 12:21 35099824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1912503649-411188616-2801711697-1000-8192.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-14 336384]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-03-11 1502776]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Pauline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 257224]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-01 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-01 76448]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-17 265544]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-04 2375168]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*Deregistered* - f660a3cd50c17a8b
.
Contenu du dossier 'Tâches planifiées'
.
2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 09:40]
.
2012-06-21 c:\windows\Tasks\HPCeeScheduleForPauline.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-08 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-08 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-08 418328]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-01 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-01 379552]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-15 1128448]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2011-02-19 569200]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"combofix"="c:\pauline\CF32509.3XE" [2010-11-21 345088]
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Pauline\AppData\Roaming\Mozilla\Firefox\Profiles\eedclg8c.default\
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\f660a3cd50c17a8b]
"ImagePath"="\SystemRoot\System32\Drivers\f660a3cd50c17a8b.sys"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Heure de fin: 2012-06-25 21:34:36 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-06-25 19:34
ComboFix2.txt 2012-06-25 12:42
.
Avant-CF: 586 874 171 392 octets libres
Après-CF: 586 421 952 512 octets libres
.
- - End Of File - - 81771B6199EEEC2549919790C85D1A0D



Merci de ton aide.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 22
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
26 juin 2012 à 13:04
Hello de retour

OK j'ai eu certaines infos grâce au premier CFScript, on peut virer le tout maintenant :-)


__________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
----------------------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------

KillAll::

File::
C:\aaw7boot.cmd

Folder::
c:\windows\system32\%APPDATA%

Driver::
f660a3cd50c17a8b

Rootkit::
c:\users\Pauline\0i763f66bz.exe
C:\Windows\System32\Drivers\f660a3cd50c17a8b.sys

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6EAE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

------------------------------------------------------------------

▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes

▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix comme ceci : Illustration

▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt


0
Réponse 6 / 22
Lucy
26 juin 2012 à 17:06
Re,

voilà le rapport:
ComboFix 12-06-25.02 - Pauline 26/06/2012 16:27:37.3.4 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.6092.3806 [GMT 2:00]
Lancé depuis: c:\users\Pauline\Desktop\Pauline.exe
Commutateurs utilisés :: c:\users\Pauline\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"C:\aaw7boot.cmd"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\aaw7boot.cmd
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_F660A3CD50C17A8B
-------\Service_f660a3cd50c17a8b
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-05-26 au 2012-06-26 ))))))))))))))))))))))))))))))))))))
.
.
2012-06-26 14:40 . 2012-06-26 14:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-26 14:40 . 2012-06-26 14:40 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-25 11:59 . 2012-06-25 12:01 -------- d-----w- C:\ZHP
2012-06-25 11:59 . 2012-06-25 11:59 -------- d-----w- c:\program files (x86)\ZHPDiag
2012-06-25 11:41 . 2012-06-25 11:41 328704 ----a-w- c:\windows\system32\services.exe.68E629D96FFF399D
2012-06-25 11:24 . 2012-06-25 11:24 328704 ----a-w- c:\windows\system32\services.exe.1E6037EDE994BE96
2012-06-25 09:50 . 2012-06-25 09:50 328704 ----a-w- c:\windows\system32\services.exe.A24A22459F0727CA
2012-06-25 09:35 . 2012-06-25 09:35 328704 ----a-w- c:\windows\system32\services.exe.4E94F7940A920DA9
2012-06-25 08:54 . 2012-06-25 08:54 328704 ----a-w- c:\windows\system32\services.exe.20F23B3D33214E86
2012-06-25 08:52 . 2012-02-09 12:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A58632DD-C5A8-49C7-87A4-A19F4AF3460B}\gapaengine.dll
2012-06-25 08:52 . 2012-06-18 01:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1AE51CB-BA63-42FB-8F5A-D482B9997310}\mpengine.dll
2012-06-25 08:48 . 2012-06-25 08:48 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-25 08:48 . 2012-06-25 08:48 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-23 09:47 . 2012-06-23 09:47 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-23 09:38 . 2012-06-23 09:38 40960 ----a-w- c:\users\Pauline\0i763f66bz.exe
2012-06-22 08:23 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 08:23 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 08:23 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 08:23 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 08:22 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 08:22 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 08:22 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 08:22 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 08:22 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 08:52 . 2012-06-21 08:52 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-21 08:52 . 2012-06-21 08:52 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-18 09:50 . 2012-06-18 09:50 -------- d-----w- c:\users\Pauline\AppData\Local\Macromedia
2012-06-17 08:10 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-17 08:10 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-17 08:10 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 09:40 . 2012-04-23 16:59 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 09:40 . 2011-09-06 20:30 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-18 06:41 . 2012-04-21 15:53 955848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-18 06:41 . 2011-04-07 08:44 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-20 13:47 . 2011-04-07 08:44 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 13:56 . 2012-04-23 18:26 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 11:35 . 2012-05-09 19:28 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-25_12.36.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-25 20:09 57230 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-26 14:44 41768 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-06 16:08 . 2012-06-26 14:44 15218 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1912503649-411188616-2801711697-1000_UserData.bin
- 2012-06-25 12:35 . 2012-06-25 12:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-26 14:42 . 2012-06-26 14:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-26 14:42 . 2012-06-26 14:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-25 12:35 . 2012-06-25 12:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-06 18:07 . 2012-06-26 14:19 281972 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2011-04-07 18:11 . 2012-06-25 12:29 706842 c:\windows\system32\perfh00C.dat
+ 2011-04-07 18:11 . 2012-06-26 08:11 706842 c:\windows\system32\perfh00C.dat
- 2009-07-14 02:36 . 2012-06-25 12:29 618370 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-26 08:11 618370 c:\windows\system32\perfh009.dat
- 2011-04-07 18:11 . 2012-06-25 12:29 132016 c:\windows\system32\perfc00C.dat
+ 2011-04-07 18:11 . 2012-06-26 08:11 132016 c:\windows\system32\perfc00C.dat
- 2009-07-14 02:36 . 2012-06-25 12:29 107650 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-26 08:11 107650 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-06-26 14:42 438484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-25 12:35 438484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-07-20 16:22 . 2012-06-25 12:21 2065856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-07-20 16:22 . 2012-06-26 14:42 2065856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-09-07 07:26 . 2012-06-26 14:42 35099824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1912503649-411188616-2801711697-1000-8192.dat
- 2011-09-07 07:26 . 2012-06-25 12:21 35099824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1912503649-411188616-2801711697-1000-8192.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-14 336384]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-03-11 1502776]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Pauline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 257224]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-01 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-01 76448]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-17 265544]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-04 2375168]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - F660A3CD50C17A8B
*Deregistered* - f660a3cd50c17a8b
.
Contenu du dossier 'Tâches planifiées'
.
2012-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 09:40]
.
2012-06-21 c:\windows\Tasks\HPCeeScheduleForPauline.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-08 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-08 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-08 418328]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-01 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-01 379552]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-15 1128448]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2011-02-19 569200]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"combofix"="c:\pauline\CF31750.3XE" [2010-11-21 345088]
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Pauline\AppData\Roaming\Mozilla\Firefox\Profiles\eedclg8c.default\
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\f660a3cd50c17a8b]
"ImagePath"="\SystemRoot\System32\Drivers\f660a3cd50c17a8b.sys"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\HP SimplePass 2011\TouchControl.exe
c:\program files (x86)\HP SimplePass 2011\BioMonitor.exe
.
**************************************************************************
.
Heure de fin: 2012-06-26 17:01:55 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-06-26 15:01
ComboFix2.txt 2012-06-25 19:34
ComboFix3.txt 2012-06-25 12:42
.
Avant-CF: 586 095 079 424 octets libres
Après-CF: 585 820 762 112 octets libres
.
- - End Of File - - C290D8A445E7E79BFEE664B0EEE7B2E2
0
Réponse 7 / 22
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
26 juin 2012 à 19:26
Pire qu'un morpion ton truc, il squatte et veut pas dégager.

Refais ça : https://forums.commentcamarche.net/forum/affich-25455144-trojan-sirefef#5

En mode sans échec
(tapote F8 pour accéder aux options de démarrage avancée, juste après l'appui sur le bouton power du pc)
0
Réponse 8 / 22
Lucy
28 juin 2012 à 12:13
Salut,

Voilà le nouveau rapport :

ComboFix 12-06-25.02 - Pauline 28/06/2012 11:35:53.4.4 - x64 MINIMAL
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.6092.4656 [GMT 2:00]
Lancé depuis: c:\users\Pauline\Desktop\Pauline.exe
Commutateurs utilisés :: c:\users\Pauline\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
FILE ::
"C:\aaw7boot.cmd"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Pauline\0i763f66bz.exe . . . . impossible à supprimer
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_F660A3CD50C17A8B
-------\Service_f660a3cd50c17a8b
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-05-28 au 2012-06-28 ))))))))))))))))))))))))))))))))))))
.
.
2012-06-28 09:42 . 2012-06-28 09:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-28 09:42 . 2012-06-28 09:42 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-25 11:59 . 2012-06-25 12:01 -------- d-----w- C:\ZHP
2012-06-25 11:59 . 2012-06-25 11:59 -------- d-----w- c:\program files (x86)\ZHPDiag
2012-06-25 11:41 . 2012-06-25 11:41 328704 ----a-w- c:\windows\system32\services.exe.68E629D96FFF399D
2012-06-25 11:24 . 2012-06-25 11:24 328704 ----a-w- c:\windows\system32\services.exe.1E6037EDE994BE96
2012-06-25 09:50 . 2012-06-25 09:50 328704 ----a-w- c:\windows\system32\services.exe.A24A22459F0727CA
2012-06-25 09:35 . 2012-06-25 09:35 328704 ----a-w- c:\windows\system32\services.exe.4E94F7940A920DA9
2012-06-25 08:54 . 2012-06-25 08:54 328704 ----a-w- c:\windows\system32\services.exe.20F23B3D33214E86
2012-06-25 08:52 . 2012-02-09 12:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A58632DD-C5A8-49C7-87A4-A19F4AF3460B}\gapaengine.dll
2012-06-25 08:52 . 2012-06-18 01:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1AE51CB-BA63-42FB-8F5A-D482B9997310}\mpengine.dll
2012-06-25 08:48 . 2012-06-25 08:48 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-25 08:48 . 2012-06-25 08:48 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-23 09:47 . 2012-06-23 09:47 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-23 09:38 . 2012-06-23 09:38 40960 ----a-w- c:\users\Pauline\0i763f66bz.exe
2012-06-22 08:23 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 08:23 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 08:23 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 08:23 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 08:22 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 08:22 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 08:22 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 08:22 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 08:22 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 08:52 . 2012-06-21 08:52 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-21 08:52 . 2012-06-21 08:52 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-18 09:50 . 2012-06-18 09:50 -------- d-----w- c:\users\Pauline\AppData\Local\Macromedia
2012-06-17 08:10 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-17 08:10 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-17 08:10 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 09:40 . 2012-04-23 16:59 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 09:40 . 2011-09-06 20:30 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-18 06:41 . 2012-04-21 15:53 955848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-18 06:41 . 2011-04-07 08:44 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-20 13:47 . 2011-04-07 08:44 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 13:56 . 2012-04-23 18:26 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 11:35 . 2012-05-09 19:28 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-25_12.36.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-27 17:42 57318 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-28 08:12 41800 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-06 16:08 . 2012-06-28 08:12 15258 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1912503649-411188616-2801711697-1000_UserData.bin
+ 2011-09-07 07:26 . 2012-06-26 15:02 5166 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-06-28 09:43 . 2012-06-28 09:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-25 12:35 . 2012-06-25 12:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-25 12:35 . 2012-06-25 12:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-28 09:43 . 2012-06-28 09:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-06 18:07 . 2012-06-28 10:01 282596 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2011-04-07 18:11 . 2012-06-25 12:29 706842 c:\windows\system32\perfh00C.dat
+ 2011-04-07 18:11 . 2012-06-28 09:47 706842 c:\windows\system32\perfh00C.dat
+ 2009-07-14 02:36 . 2012-06-28 09:47 618370 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-25 12:29 618370 c:\windows\system32\perfh009.dat
- 2011-04-07 18:11 . 2012-06-25 12:29 132016 c:\windows\system32\perfc00C.dat
+ 2011-04-07 18:11 . 2012-06-28 09:47 132016 c:\windows\system32\perfc00C.dat
- 2009-07-14 02:36 . 2012-06-25 12:29 107650 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-28 09:47 107650 c:\windows\system32\perfc009.dat
+ 2011-09-06 15:04 . 2012-06-27 16:25 131072 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-06 15:04 . 2012-06-25 12:19 131072 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 05:01 . 2012-06-28 09:28 438484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-25 12:35 438484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-09-06 15:04 . 2012-06-27 16:25 2244608 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-06 15:04 . 2012-06-25 12:19 2244608 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-27 16:25 2424832 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-25 12:19 2424832 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-20 16:22 . 2012-06-25 12:21 2065856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-07-20 16:22 . 2012-06-28 09:28 2065856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-09-07 07:26 . 2012-06-28 09:28 35099824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1912503649-411188616-2801711697-1000-8192.dat
- 2011-09-07 07:26 . 2012-06-25 12:21 35099824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1912503649-411188616-2801711697-1000-8192.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-14 336384]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-03-11 1502776]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Pauline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 257224]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-01 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-01 76448]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-17 265544]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-04 2375168]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - F660A3CD50C17A8B
*Deregistered* - f660a3cd50c17a8b
.
Contenu du dossier 'Tâches planifiées'
.
2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 09:40]
.
2012-06-27 c:\windows\Tasks\HPCeeScheduleForPauline.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-08 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-08 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-08 418328]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-01 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-01 379552]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-15 1128448]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2011-02-19 569200]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"combofix"="c:\pauline\CF14731.3XE" [2010-11-21 345088]
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Pauline\AppData\Roaming\Mozilla\Firefox\Profiles\eedclg8c.default\
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\f660a3cd50c17a8b]
"ImagePath"="\SystemRoot\System32\Drivers\f660a3cd50c17a8b.sys"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Heure de fin: 2012-06-28 12:06:56 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-06-28 10:06
ComboFix2.txt 2012-06-26 15:01
ComboFix3.txt 2012-06-25 19:34
ComboFix4.txt 2012-06-25 12:42
.
Avant-CF: 585 761 390 592 octets libres
Après-CF: 585 434 701 824 octets libres
.
- - End Of File - - 43B11DF5CCF042784E1E14F64D8586D7
0
Réponse 9 / 22
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
28 juin 2012 à 12:15
:(

Va falloir y aller en live CD pour dégager tout ça, tu as un CD-R ou CD-RW pour graver un truc ?
0
Réponse 10 / 22
Lucy
28 juin 2012 à 14:05
:(

C'est bon, j'en ai un !
0
Réponse 11 / 22
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
28 juin 2012 à 14:09
ok suis cette procédure : https://www.commentcamarche.net/faq/34284-pre-scan-pe-sous-environnement-win-7-live
0
Réponse 12 / 22
Lucy
28 juin 2012 à 15:38
C'est fait, voilà le rapport : http://cjoint.com/12jn/BFCpLQVVnFd.htm
0
Réponse 13 / 22
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
28 juin 2012 à 16:03
je me renseigne, reste en live cd pour le moment ;)
0
Réponse 14 / 22
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
28 juin 2012 à 17:20
OK

Déplace ce fichier :

C:\Windows\System32\Drivers\f660a3cd50c17a8b.sys

Dans C:\Pre_Scan\Quarantaine

Et tu peux redémarrer normalement.
0
Réponse 15 / 22
Lucy
28 juin 2012 à 18:50
C'est fait !

Ça a l'air d'avoir marché en apparence ... Merci !
0
Réponse 16 / 22
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
28 juin 2012 à 19:34
Ok relance un combofix pour voir ?
0
Réponse 17 / 22
Lucy
29 juin 2012 à 10:49
Salut,

Voilà le rapport

ComboFix 12-06-25.02 - Pauline 29/06/2012 10:14:24.5.4 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.6092.4442 [GMT 2:00]
Lancé depuis: c:\users\Pauline\Desktop\Pauline.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-05-28 au 2012-06-29 ))))))))))))))))))))))))))))))))))))
.
.
2012-06-29 08:28 . 2012-06-29 08:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-29 08:28 . 2012-06-29 08:28 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-28 15:52 . 2012-06-18 01:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5AA6A107-9070-4FDA-BD96-F59A9BB42B31}\mpengine.dll
2012-06-28 14:31 . 2012-06-28 16:38 -------- d-----w- C:\Pre_Scan
2012-06-28 14:22 . 2012-06-28 14:31 -------- d-----w- c:\windows\Pre_Scan
2012-06-25 11:59 . 2012-06-25 12:01 -------- d-----w- C:\ZHP
2012-06-25 11:59 . 2012-06-25 11:59 -------- d-----w- c:\program files (x86)\ZHPDiag
2012-06-25 11:41 . 2012-06-25 11:41 328704 ----a-w- c:\windows\system32\services.exe.68E629D96FFF399D
2012-06-25 11:24 . 2012-06-25 11:24 328704 ----a-w- c:\windows\system32\services.exe.1E6037EDE994BE96
2012-06-25 09:50 . 2012-06-25 09:50 328704 ----a-w- c:\windows\system32\services.exe.A24A22459F0727CA
2012-06-25 09:35 . 2012-06-25 09:35 328704 ----a-w- c:\windows\system32\services.exe.4E94F7940A920DA9
2012-06-25 08:54 . 2012-06-25 08:54 328704 ----a-w- c:\windows\system32\services.exe.20F23B3D33214E86
2012-06-25 08:52 . 2012-02-09 12:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A58632DD-C5A8-49C7-87A4-A19F4AF3460B}\gapaengine.dll
2012-06-25 08:52 . 2012-06-18 01:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-25 08:48 . 2012-06-25 08:48 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-25 08:48 . 2012-06-25 08:48 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-22 08:23 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 08:23 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 08:23 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 08:23 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 08:22 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 08:22 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 08:22 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 08:22 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 08:22 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 08:52 . 2012-06-21 08:52 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-21 08:52 . 2012-06-21 08:52 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-18 09:50 . 2012-06-18 09:50 -------- d-----w- c:\users\Pauline\AppData\Local\Macromedia
2012-06-17 08:10 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-17 08:10 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-17 08:10 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 09:40 . 2012-04-23 16:59 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 09:40 . 2011-09-06 20:30 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-18 06:41 . 2012-04-21 15:53 955848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-18 06:41 . 2011-04-07 08:44 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-20 13:47 . 2011-04-07 08:44 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 13:56 . 2012-04-23 18:26 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-25_12.36.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-29 08:10 57880 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-29 08:10 41800 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-06 16:08 . 2012-06-28 15:48 15466 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1912503649-411188616-2801711697-1000_UserData.bin
+ 2012-05-09 05:02 . 2010-02-27 14:15 81920 c:\windows\Pre_Scan\swxcacls.com
+ 2012-06-23 09:47 . 2012-06-25 11:56 16384 c:\windows\Pre_Scan\Quarantine\%APPDATA%.P_S\Microsoft\Windows\IETldCache\index.dat
+ 2012-05-09 05:02 . 2003-11-13 00:52 74240 c:\windows\Pre_Scan\MBRWiz.exe
+ 2011-09-07 07:26 . 2012-06-28 10:10 5260 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-06-25 12:35 . 2012-06-25 12:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-29 08:08 . 2012-06-29 08:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-29 08:08 . 2012-06-29 08:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-25 12:35 . 2012-06-25 12:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-30 15:27 . 2012-01-05 12:43 9110 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\Analytics\WTAnalytics.dat
+ 2011-09-06 18:07 . 2012-06-28 11:43 282620 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2011-04-07 18:11 . 2012-06-29 08:12 706842 c:\windows\system32\perfh00C.dat
- 2011-04-07 18:11 . 2012-06-25 12:29 706842 c:\windows\system32\perfh00C.dat
- 2009-07-14 02:36 . 2012-06-25 12:29 618370 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-29 08:12 618370 c:\windows\system32\perfh009.dat
+ 2011-04-07 18:11 . 2012-06-29 08:12 132016 c:\windows\system32\perfc00C.dat
- 2011-04-07 18:11 . 2012-06-25 12:29 132016 c:\windows\system32\perfc00C.dat
+ 2009-07-14 02:36 . 2012-06-29 08:12 107650 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-25 12:29 107650 c:\windows\system32\perfc009.dat
+ 2011-09-06 15:04 . 2012-06-27 16:25 131072 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-06 15:04 . 2012-06-25 12:19 131072 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 05:01 . 2012-06-25 12:35 438484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-28 18:27 438484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-09 05:02 . 2010-02-27 14:15 872960 c:\windows\Pre_Scan\Swreg.exe
+ 2011-12-30 15:27 . 2011-11-11 02:55 569544 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\WildTangent Games\App\Update\Updater.exe
+ 2011-12-30 15:27 . 2012-01-05 12:43 983336 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\WildTangent Games\App\DPConfig\InstallTouchpoints-wildgames.exe
- 2011-09-06 15:04 . 2012-06-25 12:19 2244608 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-06 15:04 . 2012-06-27 16:25 2244608 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-25 12:19 2424832 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-27 16:25 2424832 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-20 16:22 . 2012-06-25 12:21 2065856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-07-20 16:22 . 2012-06-28 18:27 2065856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-09-07 07:26 . 2012-06-28 18:27 35099824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1912503649-411188616-2801711697-1000-8192.dat
- 2011-09-07 07:26 . 2012-06-25 12:21 35099824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1912503649-411188616-2801711697-1000-8192.dat
+ 2010-03-19 02:33 . 2010-03-19 02:33 49026264 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\f405496e-4cd5-4891-a8bc-3e58bd47b25c-extr.exe
+ 2010-06-25 03:18 . 2010-06-25 03:18 76793224 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\f10f89f1-9c08-4d85-9169-a28ba1fc6ab0-extr.exe
+ 2010-03-19 02:31 . 2010-03-19 02:31 15093888 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\e551d534-a4ef-4dac-9c20-c80b2c806ad8-extr.exe
+ 2010-03-19 00:08 . 2010-03-19 00:08 19081576 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\CB81C112-133D-4C53-B0F2-9A8F378D0D06-extr.exe
+ 2010-03-19 12:38 . 2010-03-19 12:38 35201256 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\C8DEFEB5-AFE9-48D0-A9E6-355F537F0BAD-extr.exe
+ 2010-10-22 21:52 . 2010-10-22 21:52 69948160 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\BC3D43F7-BC64-490D-92B5-D2AABEC7FA85-extr.exe
+ 2010-07-13 21:34 . 2010-07-13 21:34 96415952 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\af7a9bad-f0f1-4fe3-87a1-676657bed867-extr.exe
+ 2010-03-19 11:19 . 2010-03-19 11:19 65467176 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\a382b548-99a3-4dca-9a58-62b8e08af23d-extr.exe
+ 2010-03-19 02:38 . 2010-03-19 02:38 24302776 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\951226E3-26FC-40BC-8085-3677B1128F59-extr.exe
+ 2010-03-19 12:52 . 2010-03-19 12:52 79848240 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\7c599483-924b-4639-bf41-5308bc517100-extr.exe
+ 2010-10-22 21:40 . 2010-10-22 21:40 64989584 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\6E7DD52D-205E-4D6D-AF6A-0C34703DFA61-extr.exe
+ 2010-11-07 05:46 . 2010-11-07 05:46 20468024 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\38aa0b18-f7b9-4242-8357-b9fb23ab62d9-extr.exe
+ 2010-03-19 13:04 . 2010-03-19 13:04 65582536 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\29556c6b-abba-4173-8102-4642846d5b4f-extr.exe
+ 2010-11-08 18:32 . 2010-11-08 18:32 98543704 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\2517a196-153c-4855-b7f6-659c6a1581ec-extr.exe
+ 2010-10-22 21:26 . 2010-10-22 21:26 97931664 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\134726E5-0682-43C5-8AA2-DD4D6A866DD4-extr.exe
+ 2010-06-25 01:09 . 2010-06-25 01:09 26345176 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\10dbb1bc-ef1b-4c2e-9bea-aaba3f42532c-extr.exe
+ 2010-11-05 21:42 . 2010-11-05 21:42 129943864 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\f45679ee-0afc-4fce-93cd-897d5590286b-extr.exe
+ 2010-11-13 00:01 . 2010-11-13 00:01 441012856 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\b7e5ecb8-924f-4b53-be77-3d7276a18780-extr.exe
+ 2010-11-08 17:52 . 2010-11-08 17:52 159627992 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\998eda55-a87a-42ab-95c2-d20fc515518d-extr.exe
+ 2010-03-19 01:16 . 2010-03-19 01:16 246562168 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\6BDF3201-10E6-46ED-9A87-7FD18C418CFD-extr.exe
+ 2010-11-05 21:34 . 2010-11-05 21:34 270498304 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\5ae0d760-ddcf-4247-85df-eacefd518e86-extr.exe
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-14 336384]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-03-11 1502776]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Pauline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 f660a3cd50c17a8b;0i763f66bz.exe;c:\windows\\SystemRoot\System32\Drivers\f660a3cd50c17a8b.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 257224]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-01 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-01 76448]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-17 265544]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-04 2375168]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
Contenu du dossier 'Tâches planifiées'
.
2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 09:40]
.
2012-06-27 c:\windows\Tasks\HPCeeScheduleForPauline.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-08 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-08 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-08 418328]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-01 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-01 379552]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-15 1128448]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2011-02-19 569200]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Pauline\AppData\Roaming\Mozilla\Firefox\Profiles\eedclg8c.default\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
.
.
.
Heure de fin: 2012-06-29 10:41:07
ComboFix-quarantined-files.txt 2012-06-29 08:41
ComboFix2.txt 2012-06-28 10:06
ComboFix3.txt 2012-06-26 15:01
ComboFix4.txt 2012-06-25 19:34
ComboFix5.txt 2012-06-29 08:13
.
Avant-CF: 585 682 337 792 octets libres
Après-CF: 585 260 949 504 octets libres
.
- - End Of File - - 34F8BE0799384CE7F5D0108AA07371B3
0
Réponse 18 / 22
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
29 juin 2012 à 23:27
Salut de retour

Il me fait chi*r ton rootkit .........

Refais un CFSCript avec ça :

KillAll::

Driver::
f660a3cd50c17a8b

File::
c:\windows\System32\Drivers\f660a3cd50c17a8b.sys
0
Réponse 19 / 22
Lucy
30 juin 2012 à 14:48
Salut !

Merci de ton aide ! J'espère que c'est bon maintenant ...

Voilà le rapport :

ComboFix 12-06-28.03 - Pauline 30/06/2012 14:21:25.6.4 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.6092.4441 [GMT 2:00]
Lancé depuis: c:\users\Pauline\Desktop\Pauline.exe
Commutateurs utilisés :: c:\users\Pauline\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\System32\Drivers\f660a3cd50c17a8b.sys"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_F660A3CD50C17A8B
-------\Service_f660a3cd50c17a8b
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-05-28 au 2012-06-30 ))))))))))))))))))))))))))))))))))))
.
.
2012-06-30 12:31 . 2012-06-30 12:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-30 12:31 . 2012-06-30 12:31 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-29 16:32 . 2012-06-18 01:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF6493D6-3B5D-4F05-956C-81856EB861D4}\mpengine.dll
2012-06-29 14:01 . 2012-06-18 01:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-29 13:57 . 2012-06-29 14:03 -------- d-----w- c:\users\Pauline\AppData\Roaming\pdfforge
2012-06-29 13:57 . 2012-06-15 04:51 95232 ----a-w- c:\windows\system32\pdfcmon.dll
2012-06-29 13:57 . 2004-03-08 23:00 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2012-06-29 13:57 . 1998-06-23 23:00 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2012-06-29 13:57 . 2012-06-29 13:57 -------- d-----w- c:\program files (x86)\PDFCreator
2012-06-29 13:57 . 1998-07-13 00:08 119568 ----a-w- c:\windows\SysWow64\VB6FR.DLL
2012-06-29 13:57 . 1998-07-13 00:08 59904 ----a-w- c:\windows\SysWow64\MSCC2FR.DLL
2012-06-29 13:57 . 1998-07-13 00:08 141312 ----a-w- c:\windows\SysWow64\MSCMCFR.DLL
2012-06-29 13:57 . 1998-07-05 23:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2012-06-29 13:57 . 2012-06-29 13:57 -------- d-----w- c:\programdata\Premium
2012-06-29 13:57 . 2012-06-29 13:57 -------- d-----w- c:\programdata\InstallMate
2012-06-28 14:31 . 2012-06-28 16:38 -------- d-----w- C:\Pre_Scan
2012-06-28 14:22 . 2012-06-28 14:31 -------- d-----w- c:\windows\Pre_Scan
2012-06-25 11:59 . 2012-06-25 12:01 -------- d-----w- C:\ZHP
2012-06-25 11:59 . 2012-06-25 11:59 -------- d-----w- c:\program files (x86)\ZHPDiag
2012-06-25 11:41 . 2012-06-25 11:41 328704 ----a-w- c:\windows\system32\services.exe.68E629D96FFF399D
2012-06-25 11:24 . 2012-06-25 11:24 328704 ----a-w- c:\windows\system32\services.exe.1E6037EDE994BE96
2012-06-25 09:50 . 2012-06-25 09:50 328704 ----a-w- c:\windows\system32\services.exe.A24A22459F0727CA
2012-06-25 09:35 . 2012-06-25 09:35 328704 ----a-w- c:\windows\system32\services.exe.4E94F7940A920DA9
2012-06-25 08:54 . 2012-06-25 08:54 328704 ----a-w- c:\windows\system32\services.exe.20F23B3D33214E86
2012-06-25 08:52 . 2012-02-09 12:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A58632DD-C5A8-49C7-87A4-A19F4AF3460B}\gapaengine.dll
2012-06-25 08:48 . 2012-06-25 08:48 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-25 08:48 . 2012-06-25 08:48 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-22 08:23 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 08:23 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 08:23 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 08:23 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 08:22 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 08:22 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 08:22 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 08:22 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 08:22 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 08:52 . 2012-06-21 08:52 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-21 08:52 . 2012-06-21 08:52 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-18 09:50 . 2012-06-18 09:50 -------- d-----w- c:\users\Pauline\AppData\Local\Macromedia
2012-06-17 08:10 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-17 08:10 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-17 08:10 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 09:40 . 2012-04-23 16:59 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 09:40 . 2011-09-06 20:30 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-18 06:41 . 2012-04-21 15:53 955848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-18 06:41 . 2011-04-07 08:44 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-20 13:47 . 2011-04-07 08:44 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 13:56 . 2012-04-23 18:26 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-06-29_08.29.38 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 05:10 . 2012-06-29 08:10 41800 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-30 12:34 41800 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-09-06 16:08 . 2012-06-28 15:48 15466 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1912503649-411188616-2801711697-1000_UserData.bin
+ 2011-09-06 16:08 . 2012-06-29 14:02 15466 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1912503649-411188616-2801711697-1000_UserData.bin
- 2012-06-29 08:08 . 2012-06-29 08:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-30 12:32 . 2012-06-30 12:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-29 08:08 . 2012-06-29 08:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-30 12:32 . 2012-06-30 12:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-08 05:45 . 2012-06-29 20:32 160074 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-09-06 18:07 . 2012-06-30 11:19 283050 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2011-04-07 18:11 . 2012-06-30 10:15 706842 c:\windows\system32\perfh00C.dat
- 2011-04-07 18:11 . 2012-06-29 08:12 706842 c:\windows\system32\perfh00C.dat
+ 2009-07-14 02:36 . 2012-06-30 10:15 618370 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-29 08:12 618370 c:\windows\system32\perfh009.dat
+ 2011-04-07 18:11 . 2012-06-30 10:15 132016 c:\windows\system32\perfc00C.dat
- 2011-04-07 18:11 . 2012-06-29 08:12 132016 c:\windows\system32\perfc00C.dat
+ 2009-07-14 02:36 . 2012-06-30 10:15 107650 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-29 08:12 107650 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-06-28 18:27 438484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-30 12:31 438484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-20 16:22 . 2012-06-30 12:31 2065856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-07-20 16:22 . 2012-06-28 18:27 2065856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-09-07 07:26 . 2012-06-28 18:27 35099824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1912503649-411188616-2801711697-1000-8192.dat
+ 2011-09-07 07:26 . 2012-06-30 12:31 35099824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1912503649-411188616-2801711697-1000-8192.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-14 336384]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-03-11 1502776]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Pauline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 257224]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-07 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-14 203776]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-01 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-01 76448]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-17 265544]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-04 2375168]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-14 8281600]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-14 292864]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-01 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-01 298656]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-01 28832]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-01 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-01 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-01 154272]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-01 280224]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-01-08 12262688]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-01-25 77424]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
.
.
Contenu du dossier 'Tâches planifiées'
.
2012-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 09:40]
.
2012-06-27 c:\windows\Tasks\HPCeeScheduleForPauline.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-08 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-08 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-08 418328]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-01 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-01 379552]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-15 1128448]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2011-02-19 569200]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"combofix"="c:\pauline\CF21404.3XE" [2010-11-21 345088]
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Pauline\AppData\Roaming\Mozilla\Firefox\Profiles\eedclg8c.default\
.
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Heure de fin: 2012-06-30 14:38:12 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-06-30 12:38
ComboFix2.txt 2012-06-29 08:41
ComboFix3.txt 2012-06-28 10:06
ComboFix4.txt 2012-06-26 15:01
ComboFix5.txt 2012-06-30 12:18
.
Avant-CF: 585 319 436 288 octets libres
Après-CF: 585 156 952 064 octets libres
.
- - End Of File - - 217ED4DBB550DA9AA89FAEFB251F5C51
0
Réponse 20 / 22
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
1 juil. 2012 à 05:32
Salut

Oooooooooh miracle il s'est décidé à bouger :D :D

J'avais vu d'autres choses pas cool :)

Dans l'ordre :

Télécharge sur cette page : AdwCleaner (de Xplode)

▶ Une fois téléchargé, clique sur Suppression et patiente le temps du nettoyage.

▶ Poste le contenu du rapport que tu trouveras dans ton disque dur c:\ADwcleaner[Sx].txt ou son contenu s'il s'ouvre.

=====================================================

▶ Télécharge et installe Malwarebytes' Anti-Malware (MBAM).

▶ Exécute-le. Accepte la mise à jour.



Uniquement en cas de problème de mise à jour:

Télécharger mises à jour manuelles MBAM

● Exécute le fichier après l'installation de MBAM



▶ Sélectionne "Exécuter un examen complet"
▶ Clique sur "Rechercher"
▶ L'analyse démarre, le scan est relativement long, c'est normal.

A la fin de l'analyse, un message s'affiche :

Citation :

L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

▶ Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
▶ Ferme tes navigateurs.
▶ Si des malwares ont été détectés, clique sur Afficher les résultats.
▶ Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse : ferme le.

Si MBAM demande à redémarrer le pc : ▶ fais-le.

Au redémarrage, relance MBAM, onglet "Rapport/Logs", copie/colle celui qui correspond à l'analyse effectuée.
0

Discussions similaires

Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
Comment éliminer manuellement virus trojan?
ballag -
RClog -

12 réponses