Trojan Sirefef

Lucy -  
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,

Depuis hier, mon ordinateur semble infecté par les Trojan suivants Sirefef.B et Sirefef.Y. Ceux-ci sont détectés par MSE mais il ne semble pas pouvoir m'en débarasser. L'analyse se termine avant la fin par le redémarrage du PC et le problème se représente un quart d'heure plus tard. Mes compétences en informatique étant plutôt faible, je serais très reconnaissante si quelqu'un pouvait m'aider à résoudre ce problème.
Voilà un scan ZHP http://cjoint.com/12jn/BFzoeln1GtQ.htm

Merci d'avance

22 réponses

  • 1
  • 2
  1. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Hello,

    Oublie MSE il saura jamais désinfecter ça.


    ▶ Fais un clic droit et "Enregistrer la cible (du lien sous) -> tonprenom.exe -> destination ton bureau (ET PAS AILLEURS) sur le lien suivant : ComboFix

    Ferme les fenêtres de tous les programmes en cours.
    Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.


    si tu as XP => double clique
    si tu as Vista ou windows 7 => clic droit "executer en tant que...."


    sur combofix renommé

    Si tu es sur Windows XP, laisse-le installer la console de récupération.

    ▶ Ne touche à rien durant le scan

    ComboFix devrait redémarrer ton PC.

    ▶ n'oublie pas de réactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    ▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    ▶▶▶ Si, après le redémarrage de votre pc par combofix, vous avez des erreurs "Clé marquée pour suppression" ou des soucis de connexion internet, redémarrez à nouveau votre ordinateur
    0
  2. Lucy
     
    Merci beaucoup,

    Voilà le rapport Combofix : ComboFix 12-06-25.02 - Pauline 25/06/2012 14:27:25.1.4 - x64
    Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.6092.4713 [GMT 2:00]
    Lancé depuis: c:\users\Pauline\Desktop\Pauline.exe
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Windows
    c:\programdata\windows\ccdxmmde.dat
    c:\programdata\Windows\drss.dat
    c:\programdata\Windows\xessmsxe.dat
    c:\users\Pauline\AppData\Local\{b44db156-3a04-b8d5-56ac-d2af6451fa3a}\@
    c:\users\Pauline\AppData\Local\{b44db156-3a04-b8d5-56ac-d2af6451fa3a}\n
    c:\users\Pauline\AppData\Local\{b44db156-3a04-b8d5-56ac-d2af6451fa3a}\U\00000001.@
    c:\users\Pauline\AppData\Local\{b44db156-3a04-b8d5-56ac-d2af6451fa3a}\U\80000000.@
    c:\users\Pauline\AppData\Local\{b44db156-3a04-b8d5-56ac-d2af6451fa3a}\U\800000cb.@
    c:\users\Pauline\AppData\Roaming\Microsoft\~DFK316548.tmp
    c:\users\Pauline\AppData\Roaming\Microsoft\~DFK355447.tmp
    c:\users\Pauline\AppData\Roaming\Microsoft\1eaadjc.dll
    c:\users\Pauline\AppData\Roaming\Microsoft\bass.dll
    c:\users\Pauline\AppData\Roaming\Microsoft\engine_vx.dll
    c:\users\Pauline\AppData\Roaming\Microsoft\kfgresk.dll
    c:\users\Pauline\AppData\Roaming\Microsoft\peaadje.dll
    c:\users\Pauline\AppData\Roaming\Microsoft\qwadjb.dll
    c:\users\Pauline\AppData\Roaming\Microsoft\rsaadjd.dll
    c:\users\Pauline\AppData\Roaming\OfferBox
    c:\users\Pauline\AppData\Roaming\OfferBox\config.xml
    c:\users\Pauline\AppData\Roaming\OfferBox\http_app.offerbox.com\country.sxe
    c:\users\Pauline\AppData\Roaming\OfferBox\http_app.offerbox.com\history.db
    c:\users\Pauline\AppData\Roaming\OfferBox\http_app.offerbox.com\profile.sxe
    c:\users\Pauline\AppData\Roaming\OfferBox\http_app.offerbox.com\update.sxe
    c:\users\Pauline\AppData\Roaming\OfferBox\http_app.offerbox.com\update.xml
    c:\windows\Installer\{b44db156-3a04-b8d5-56ac-d2af6451fa3a}\@
    c:\windows\Installer\{b44db156-3a04-b8d5-56ac-d2af6451fa3a}\n
    c:\windows\Installer\{b44db156-3a04-b8d5-56ac-d2af6451fa3a}\U\00000001.@
    c:\windows\Installer\{b44db156-3a04-b8d5-56ac-d2af6451fa3a}\U\80000000.@
    c:\windows\Installer\{b44db156-3a04-b8d5-56ac-d2af6451fa3a}\U\800000cb.@
    c:\users\Pauline\0i763f66bz.exe . . . . impossible à supprimer
    .
    Une copie infectée de c:\windows\system32\services.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2012-05-25 au 2012-06-25 ))))))))))))))))))))))))))))))))))))
    .
    .
    2012-06-25 12:35 . 2012-06-25 12:35 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-06-25 11:59 . 2012-06-25 12:01 -------- d-----w- C:\ZHP
    2012-06-25 11:59 . 2012-06-25 11:59 -------- d-----w- c:\program files (x86)\ZHPDiag
    2012-06-25 11:41 . 2012-06-25 11:41 328704 ----a-w- c:\windows\system32\services.exe.68E629D96FFF399D
    2012-06-25 11:24 . 2012-06-25 11:24 328704 ----a-w- c:\windows\system32\services.exe.1E6037EDE994BE96
    2012-06-25 09:50 . 2012-06-25 09:50 328704 ----a-w- c:\windows\system32\services.exe.A24A22459F0727CA
    2012-06-25 09:35 . 2012-06-25 09:35 328704 ----a-w- c:\windows\system32\services.exe.4E94F7940A920DA9
    2012-06-25 08:54 . 2012-06-25 08:54 328704 ----a-w- c:\windows\system32\services.exe.20F23B3D33214E86
    2012-06-25 08:52 . 2012-02-09 12:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A58632DD-C5A8-49C7-87A4-A19F4AF3460B}\gapaengine.dll
    2012-06-25 08:52 . 2012-06-18 01:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1AE51CB-BA63-42FB-8F5A-D482B9997310}\mpengine.dll
    2012-06-25 08:48 . 2012-06-25 08:48 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-06-25 08:48 . 2012-06-25 08:48 -------- d-----w- c:\program files\Microsoft Security Client
    2012-06-25 08:33 . 2012-06-25 08:33 100 ---ha-w- C:\aaw7boot.cmd
    2012-06-23 09:47 . 2012-06-23 09:47 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-06-23 09:38 . 2012-06-23 09:38 40960 ----a-w- c:\users\Pauline\0i763f66bz.exe
    2012-06-22 08:23 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-22 08:23 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-22 08:23 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-22 08:23 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-22 08:22 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-22 08:22 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-22 08:22 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-22 08:22 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-22 08:22 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-21 08:52 . 2012-06-21 08:52 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-21 08:52 . 2012-06-21 08:52 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-18 09:50 . 2012-06-18 09:50 -------- d-----w- c:\users\Pauline\AppData\Local\Macromedia
    2012-06-17 08:10 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-17 08:10 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-17 08:10 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-23 09:40 . 2012-04-23 16:59 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-23 09:40 . 2011-09-06 20:30 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-18 06:41 . 2012-04-21 15:53 955848 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-05-18 06:41 . 2011-04-07 08:44 839112 ----a-w- c:\windows\system32\deployJava1.dll
    2012-04-20 13:47 . 2011-04-07 08:44 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-04-04 13:56 . 2012-04-23 18:26 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-30 11:35 . 2012-05-09 19:28 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
    "0i763f66bz"="c:\users\Pauline\0i763f66bz.exe" [2012-06-23 40960]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-14 336384]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
    "HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-03-11 1502776]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    .
    c:\users\Pauline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 257224]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\3C48.tmp [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-01 138400]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-01 76448]
    S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-17 265544]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-04 2375168]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
    S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    .
    .
    --- Autres Services/Pilotes en mémoire ---
    .
    *Deregistered* - f660a3cd50c17a8b
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 09:40]
    .
    2012-06-21 c:\windows\Tasks\HPCeeScheduleForPauline.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-08 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-08 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-08 418328]
    "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-01 615584]
    "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-01 379552]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-15 1128448]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2011-02-19 569200]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Pauline\AppData\Roaming\Mozilla\Firefox\Profiles\eedclg8c.default\
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\3C48.tmp"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\f660a3cd50c17a8b]
    "ImagePath"="\SystemRoot\System32\Drivers\f660a3cd50c17a8b.sys"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Heure de fin: 2012-06-25 14:42:37 - La machine a redémarré
    ComboFix-quarantined-files.txt 2012-06-25 12:42
    .
    Avant-CF: 587 229 380 608 octets libres
    Après-CF: 586 866 053 120 octets libres
    .
    - - End Of File - - E4896E79B449280453AEACBB8443B25F
    0
  3. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Y'a du monde sur ton PC !!!!! Une poubelle numérique !!!!

    Désinstalle AD-Aware qui sert à rien
    Même topo pour Sophos anti bidule chose

    ============================================


    __________________________________________________
    =>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
    =>il est fort déconseillé de le transposer sur un autre ordinateur !<=
    ----------------------------------------------------------------------------


    Toujours avec toutes les protections désactivées, fais ceci :

    ▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
    ▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

    ----------------------------------------------------------

    KillAll::

    ClearJavaCache::

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "0i763f66bz"=-

    Driver::
    MEMSWEEP2

    Rootkit::
    c:\users\Pauline\0i763f66bz.exe
    c:\windows\system32\3C48.tmp

    FileLook::
    c:\windows\system32\services.exe.68E629D96FFF399D
    c:\windows\system32\services.exe.1E6037EDE994BE96
    c:\windows\system32\services.exe.A24A22459F0727CA
    c:\windows\system32\services.exe.4E94F7940A920DA9
    c:\windows\system32\services.exe.20F23B3D33214E86
    c:\windows\System32\Drivers\f660a3cd50c17a8b.sys

    DirLook::
    c:\windows\system32\%APPDATA%

    ------------------------------------------------------------------

    ▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
    ▶ Quitte le Bloc Notes

    ▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix comme ceci : Illustration

    ▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
    ▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    ▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt

    0
  4. Lucy
     
    Bonjour,

    Mince, j'essaie pourtant de faire attention ...

    Voilà le rapport :

    ComboFix 12-06-25.02 - Pauline 25/06/2012 21:00:31.2.4 - x64
    Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.6092.4311 [GMT 2:00]
    Lancé depuis: c:\users\Pauline\Desktop\Pauline.exe
    Commutateurs utilisés :: c:\users\Pauline\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Pauline\0i763f66bz.exe . . . . impossible à supprimer
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_MEMSWEEP2
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2012-05-25 au 2012-06-25 ))))))))))))))))))))))))))))))))))))
    .
    .
    2012-06-25 19:15 . 2012-06-25 19:15 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-06-25 11:59 . 2012-06-25 12:01 -------- d-----w- C:\ZHP
    2012-06-25 11:59 . 2012-06-25 11:59 -------- d-----w- c:\program files (x86)\ZHPDiag
    2012-06-25 11:41 . 2012-06-25 11:41 328704 ----a-w- c:\windows\system32\services.exe.68E629D96FFF399D
    2012-06-25 11:24 . 2012-06-25 11:24 328704 ----a-w- c:\windows\system32\services.exe.1E6037EDE994BE96
    2012-06-25 09:50 . 2012-06-25 09:50 328704 ----a-w- c:\windows\system32\services.exe.A24A22459F0727CA
    2012-06-25 09:35 . 2012-06-25 09:35 328704 ----a-w- c:\windows\system32\services.exe.4E94F7940A920DA9
    2012-06-25 08:54 . 2012-06-25 08:54 328704 ----a-w- c:\windows\system32\services.exe.20F23B3D33214E86
    2012-06-25 08:52 . 2012-02-09 12:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A58632DD-C5A8-49C7-87A4-A19F4AF3460B}\gapaengine.dll
    2012-06-25 08:52 . 2012-06-18 01:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1AE51CB-BA63-42FB-8F5A-D482B9997310}\mpengine.dll
    2012-06-25 08:48 . 2012-06-25 08:48 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-06-25 08:48 . 2012-06-25 08:48 -------- d-----w- c:\program files\Microsoft Security Client
    2012-06-25 08:33 . 2012-06-25 08:33 100 ---ha-w- C:\aaw7boot.cmd
    2012-06-23 09:47 . 2012-06-23 09:47 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-06-23 09:38 . 2012-06-23 09:38 40960 ----a-w- c:\users\Pauline\0i763f66bz.exe
    2012-06-22 08:23 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-22 08:23 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-22 08:23 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-22 08:23 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-22 08:22 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-22 08:22 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-22 08:22 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-22 08:22 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-22 08:22 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-21 08:52 . 2012-06-21 08:52 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-21 08:52 . 2012-06-21 08:52 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-18 09:50 . 2012-06-18 09:50 -------- d-----w- c:\users\Pauline\AppData\Local\Macromedia
    2012-06-17 08:10 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-17 08:10 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-17 08:10 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-23 09:40 . 2012-04-23 16:59 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-23 09:40 . 2011-09-06 20:30 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-18 06:41 . 2012-04-21 15:53 955848 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-05-18 06:41 . 2011-04-07 08:44 839112 ----a-w- c:\windows\system32\deployJava1.dll
    2012-04-20 13:47 . 2011-04-07 08:44 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-04-04 13:56 . 2012-04-23 18:26 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-30 11:35 . 2012-05-09 19:28 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    --- c:\windows\system32\services.exe.1E6037EDE994BE96 ---
    Company: Microsoft Corporation
    File Description: Services and Controller app
    File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
    Product Name: Microsoft® Windows® Operating System
    Copyright: © Microsoft Corporation. All rights reserved.
    Original Filename: services.exe
    File size: 328704
    Created time: 2012-06-25 11:24
    Modified time: 2012-06-25 11:24
    MD5: 24ACB7E5BE595468E3B9AA488B9B4FCB
    SHA1: A5B16A7D28D2BA79A9CCFC16ED480AD75A757166
    .
    .
    --- c:\windows\system32\services.exe.20F23B3D33214E86 ---
    Company: Microsoft Corporation
    File Description: Services and Controller app
    File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
    Product Name: Microsoft® Windows® Operating System
    Copyright: © Microsoft Corporation. All rights reserved.
    Original Filename: services.exe
    File size: 328704
    Created time: 2012-06-25 08:54
    Modified time: 2012-06-25 08:54
    MD5: 24ACB7E5BE595468E3B9AA488B9B4FCB
    SHA1: A5B16A7D28D2BA79A9CCFC16ED480AD75A757166
    .
    .
    --- c:\windows\system32\services.exe.4E94F7940A920DA9 ---
    Company: Microsoft Corporation
    File Description: Services and Controller app
    File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
    Product Name: Microsoft® Windows® Operating System
    Copyright: © Microsoft Corporation. All rights reserved.
    Original Filename: services.exe
    File size: 328704
    Created time: 2012-06-25 09:35
    Modified time: 2012-06-25 09:35
    MD5: 24ACB7E5BE595468E3B9AA488B9B4FCB
    SHA1: A5B16A7D28D2BA79A9CCFC16ED480AD75A757166
    .
    .
    --- c:\windows\system32\services.exe.68E629D96FFF399D ---
    Company: Microsoft Corporation
    File Description: Services and Controller app
    File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
    Product Name: Microsoft® Windows® Operating System
    Copyright: © Microsoft Corporation. All rights reserved.
    Original Filename: services.exe
    File size: 328704
    Created time: 2012-06-25 11:41
    Modified time: 2012-06-25 11:41
    MD5: 24ACB7E5BE595468E3B9AA488B9B4FCB
    SHA1: A5B16A7D28D2BA79A9CCFC16ED480AD75A757166
    .
    .
    --- c:\windows\system32\services.exe.A24A22459F0727CA ---
    Company: Microsoft Corporation
    File Description: Services and Controller app
    File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
    Product Name: Microsoft® Windows® Operating System
    Copyright: © Microsoft Corporation. All rights reserved.
    Original Filename: services.exe
    File size: 328704
    Created time: 2012-06-25 09:50
    Modified time: 2012-06-25 09:50
    MD5: 24ACB7E5BE595468E3B9AA488B9B4FCB
    SHA1: A5B16A7D28D2BA79A9CCFC16ED480AD75A757166
    .
    ---- Directory of c:\windows\system32\%APPDATA% ----
    .
    1601-01-01 00:00 . 1601-01-01 00:00 0 --sha-w- c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-06-25_12.36.29 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-11-21 03:09 . 2012-06-25 12:47 56930 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-06-25 12:47 41728 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-09-06 16:08 . 2012-06-25 12:47 15122 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1912503649-411188616-2801711697-1000_UserData.bin
    - 2012-06-25 12:35 . 2012-06-25 12:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-06-25 19:17 . 2012-06-25 19:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-06-25 19:17 . 2012-06-25 19:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-06-25 12:35 . 2012-06-25 12:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-09-06 18:07 . 2012-06-25 18:13 281222 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    - 2011-04-07 18:11 . 2012-06-25 12:29 706842 c:\windows\system32\perfh00C.dat
    + 2011-04-07 18:11 . 2012-06-25 19:21 706842 c:\windows\system32\perfh00C.dat
    - 2009-07-14 02:36 . 2012-06-25 12:29 618370 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-06-25 19:21 618370 c:\windows\system32\perfh009.dat
    - 2011-04-07 18:11 . 2012-06-25 12:29 132016 c:\windows\system32\perfc00C.dat
    + 2011-04-07 18:11 . 2012-06-25 19:21 132016 c:\windows\system32\perfc00C.dat
    - 2009-07-14 02:36 . 2012-06-25 12:29 107650 c:\windows\system32\perfc009.dat
    + 2009-07-14 02:36 . 2012-06-25 19:21 107650 c:\windows\system32\perfc009.dat
    + 2009-07-14 05:01 . 2012-06-25 19:16 438484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-06-25 12:35 438484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2011-07-20 16:22 . 2012-06-25 12:21 2065856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-07-20 16:22 . 2012-06-25 19:16 2065856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-09-07 07:26 . 2012-06-25 19:16 35099824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1912503649-411188616-2801711697-1000-8192.dat
    - 2011-09-07 07:26 . 2012-06-25 12:21 35099824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1912503649-411188616-2801711697-1000-8192.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-14 336384]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
    "HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-03-11 1502776]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    .
    c:\users\Pauline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 257224]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-01 138400]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-01 76448]
    S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-17 265544]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-04 2375168]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
    S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    .
    .
    --- Autres Services/Pilotes en mémoire ---
    .
    *Deregistered* - f660a3cd50c17a8b
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 09:40]
    .
    2012-06-21 c:\windows\Tasks\HPCeeScheduleForPauline.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-08 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-08 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-08 418328]
    "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-01 615584]
    "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-01 379552]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-15 1128448]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2011-02-19 569200]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    "combofix"="c:\pauline\CF32509.3XE" [2010-11-21 345088]
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Pauline\AppData\Roaming\Mozilla\Firefox\Profiles\eedclg8c.default\
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\f660a3cd50c17a8b]
    "ImagePath"="\SystemRoot\System32\Drivers\f660a3cd50c17a8b.sys"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
    .
    **************************************************************************
    .
    Heure de fin: 2012-06-25 21:34:36 - La machine a redémarré
    ComboFix-quarantined-files.txt 2012-06-25 19:34
    ComboFix2.txt 2012-06-25 12:42
    .
    Avant-CF: 586 874 171 392 octets libres
    Après-CF: 586 421 952 512 octets libres
    .
    - - End Of File - - 81771B6199EEEC2549919790C85D1A0D

    Merci de ton aide.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Hello de retour

    OK j'ai eu certaines infos grâce au premier CFScript, on peut virer le tout maintenant :-)


    __________________________________________________
    =>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
    =>il est fort déconseillé de le transposer sur un autre ordinateur !<=
    ----------------------------------------------------------------------------


    Toujours avec toutes les protections désactivées, fais ceci :

    ▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
    ▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

    ----------------------------------------------------------

    KillAll::

    File::
    C:\aaw7boot.cmd

    Folder::
    c:\windows\system32\%APPDATA%

    Driver::
    f660a3cd50c17a8b

    Rootkit::
    c:\users\Pauline\0i763f66bz.exe
    C:\Windows\System32\Drivers\f660a3cd50c17a8b.sys

    RegLock::
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6EAE6D-11cf-96B8-444553540000}\InprocServer32]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

    ------------------------------------------------------------------

    ▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
    ▶ Quitte le Bloc Notes

    ▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix comme ceci : Illustration

    ▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
    ▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    ▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt

    0
  7. Lucy
     
    Re,

    voilà le rapport:
    ComboFix 12-06-25.02 - Pauline 26/06/2012 16:27:37.3.4 - x64
    Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.6092.3806 [GMT 2:00]
    Lancé depuis: c:\users\Pauline\Desktop\Pauline.exe
    Commutateurs utilisés :: c:\users\Pauline\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "C:\aaw7boot.cmd"
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\aaw7boot.cmd
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_F660A3CD50C17A8B
    -------\Service_f660a3cd50c17a8b
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2012-05-26 au 2012-06-26 ))))))))))))))))))))))))))))))))))))
    .
    .
    2012-06-26 14:40 . 2012-06-26 14:40 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-06-26 14:40 . 2012-06-26 14:40 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2012-06-25 11:59 . 2012-06-25 12:01 -------- d-----w- C:\ZHP
    2012-06-25 11:59 . 2012-06-25 11:59 -------- d-----w- c:\program files (x86)\ZHPDiag
    2012-06-25 11:41 . 2012-06-25 11:41 328704 ----a-w- c:\windows\system32\services.exe.68E629D96FFF399D
    2012-06-25 11:24 . 2012-06-25 11:24 328704 ----a-w- c:\windows\system32\services.exe.1E6037EDE994BE96
    2012-06-25 09:50 . 2012-06-25 09:50 328704 ----a-w- c:\windows\system32\services.exe.A24A22459F0727CA
    2012-06-25 09:35 . 2012-06-25 09:35 328704 ----a-w- c:\windows\system32\services.exe.4E94F7940A920DA9
    2012-06-25 08:54 . 2012-06-25 08:54 328704 ----a-w- c:\windows\system32\services.exe.20F23B3D33214E86
    2012-06-25 08:52 . 2012-02-09 12:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A58632DD-C5A8-49C7-87A4-A19F4AF3460B}\gapaengine.dll
    2012-06-25 08:52 . 2012-06-18 01:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1AE51CB-BA63-42FB-8F5A-D482B9997310}\mpengine.dll
    2012-06-25 08:48 . 2012-06-25 08:48 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-06-25 08:48 . 2012-06-25 08:48 -------- d-----w- c:\program files\Microsoft Security Client
    2012-06-23 09:47 . 2012-06-23 09:47 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-06-23 09:38 . 2012-06-23 09:38 40960 ----a-w- c:\users\Pauline\0i763f66bz.exe
    2012-06-22 08:23 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-22 08:23 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-22 08:23 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-22 08:23 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-22 08:22 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-22 08:22 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-22 08:22 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-22 08:22 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-22 08:22 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-21 08:52 . 2012-06-21 08:52 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-21 08:52 . 2012-06-21 08:52 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-18 09:50 . 2012-06-18 09:50 -------- d-----w- c:\users\Pauline\AppData\Local\Macromedia
    2012-06-17 08:10 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-17 08:10 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-17 08:10 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-23 09:40 . 2012-04-23 16:59 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-23 09:40 . 2011-09-06 20:30 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-18 06:41 . 2012-04-21 15:53 955848 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-05-18 06:41 . 2011-04-07 08:44 839112 ----a-w- c:\windows\system32\deployJava1.dll
    2012-04-20 13:47 . 2011-04-07 08:44 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-04-04 13:56 . 2012-04-23 18:26 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-30 11:35 . 2012-05-09 19:28 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-06-25_12.36.29 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-11-21 03:09 . 2012-06-25 20:09 57230 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-06-26 14:44 41768 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-09-06 16:08 . 2012-06-26 14:44 15218 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1912503649-411188616-2801711697-1000_UserData.bin
    - 2012-06-25 12:35 . 2012-06-25 12:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-06-26 14:42 . 2012-06-26 14:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-06-26 14:42 . 2012-06-26 14:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-06-25 12:35 . 2012-06-25 12:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-09-06 18:07 . 2012-06-26 14:19 281972 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    - 2011-04-07 18:11 . 2012-06-25 12:29 706842 c:\windows\system32\perfh00C.dat
    + 2011-04-07 18:11 . 2012-06-26 08:11 706842 c:\windows\system32\perfh00C.dat
    - 2009-07-14 02:36 . 2012-06-25 12:29 618370 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-06-26 08:11 618370 c:\windows\system32\perfh009.dat
    - 2011-04-07 18:11 . 2012-06-25 12:29 132016 c:\windows\system32\perfc00C.dat
    + 2011-04-07 18:11 . 2012-06-26 08:11 132016 c:\windows\system32\perfc00C.dat
    - 2009-07-14 02:36 . 2012-06-25 12:29 107650 c:\windows\system32\perfc009.dat
    + 2009-07-14 02:36 . 2012-06-26 08:11 107650 c:\windows\system32\perfc009.dat
    + 2009-07-14 05:01 . 2012-06-26 14:42 438484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-06-25 12:35 438484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2011-07-20 16:22 . 2012-06-25 12:21 2065856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-07-20 16:22 . 2012-06-26 14:42 2065856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-09-07 07:26 . 2012-06-26 14:42 35099824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1912503649-411188616-2801711697-1000-8192.dat
    - 2011-09-07 07:26 . 2012-06-25 12:21 35099824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1912503649-411188616-2801711697-1000-8192.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-14 336384]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
    "HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-03-11 1502776]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    .
    c:\users\Pauline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 257224]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-01 138400]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-01 76448]
    S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-17 265544]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-04 2375168]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
    S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    .
    .
    --- Autres Services/Pilotes en mémoire ---
    .
    *NewlyCreated* - F660A3CD50C17A8B
    *Deregistered* - f660a3cd50c17a8b
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2012-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 09:40]
    .
    2012-06-21 c:\windows\Tasks\HPCeeScheduleForPauline.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-08 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-08 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-08 418328]
    "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-01 615584]
    "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-01 379552]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-15 1128448]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2011-02-19 569200]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    "combofix"="c:\pauline\CF31750.3XE" [2010-11-21 345088]
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Pauline\AppData\Roaming\Mozilla\Firefox\Profiles\eedclg8c.default\
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\f660a3cd50c17a8b]
    "ImagePath"="\SystemRoot\System32\Drivers\f660a3cd50c17a8b.sys"
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\HP SimplePass 2011\TouchControl.exe
    c:\program files (x86)\HP SimplePass 2011\BioMonitor.exe
    .
    **************************************************************************
    .
    Heure de fin: 2012-06-26 17:01:55 - La machine a redémarré
    ComboFix-quarantined-files.txt 2012-06-26 15:01
    ComboFix2.txt 2012-06-25 19:34
    ComboFix3.txt 2012-06-25 12:42
    .
    Avant-CF: 586 095 079 424 octets libres
    Après-CF: 585 820 762 112 octets libres
    .
    - - End Of File - - C290D8A445E7E79BFEE664B0EEE7B2E2
    0
  8. Lucy
     
    Salut,

    Voilà le nouveau rapport :

    ComboFix 12-06-25.02 - Pauline 28/06/2012 11:35:53.4.4 - x64 MINIMAL
    Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.6092.4656 [GMT 2:00]
    Lancé depuis: c:\users\Pauline\Desktop\Pauline.exe
    Commutateurs utilisés :: c:\users\Pauline\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Un nouveau point de restauration a été créé
    .
    FILE ::
    "C:\aaw7boot.cmd"
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Pauline\0i763f66bz.exe . . . . impossible à supprimer
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_F660A3CD50C17A8B
    -------\Service_f660a3cd50c17a8b
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2012-05-28 au 2012-06-28 ))))))))))))))))))))))))))))))))))))
    .
    .
    2012-06-28 09:42 . 2012-06-28 09:42 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-06-28 09:42 . 2012-06-28 09:42 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2012-06-25 11:59 . 2012-06-25 12:01 -------- d-----w- C:\ZHP
    2012-06-25 11:59 . 2012-06-25 11:59 -------- d-----w- c:\program files (x86)\ZHPDiag
    2012-06-25 11:41 . 2012-06-25 11:41 328704 ----a-w- c:\windows\system32\services.exe.68E629D96FFF399D
    2012-06-25 11:24 . 2012-06-25 11:24 328704 ----a-w- c:\windows\system32\services.exe.1E6037EDE994BE96
    2012-06-25 09:50 . 2012-06-25 09:50 328704 ----a-w- c:\windows\system32\services.exe.A24A22459F0727CA
    2012-06-25 09:35 . 2012-06-25 09:35 328704 ----a-w- c:\windows\system32\services.exe.4E94F7940A920DA9
    2012-06-25 08:54 . 2012-06-25 08:54 328704 ----a-w- c:\windows\system32\services.exe.20F23B3D33214E86
    2012-06-25 08:52 . 2012-02-09 12:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A58632DD-C5A8-49C7-87A4-A19F4AF3460B}\gapaengine.dll
    2012-06-25 08:52 . 2012-06-18 01:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1AE51CB-BA63-42FB-8F5A-D482B9997310}\mpengine.dll
    2012-06-25 08:48 . 2012-06-25 08:48 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-06-25 08:48 . 2012-06-25 08:48 -------- d-----w- c:\program files\Microsoft Security Client
    2012-06-23 09:47 . 2012-06-23 09:47 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-06-23 09:38 . 2012-06-23 09:38 40960 ----a-w- c:\users\Pauline\0i763f66bz.exe
    2012-06-22 08:23 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-22 08:23 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-22 08:23 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-22 08:23 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-22 08:22 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-22 08:22 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-22 08:22 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-22 08:22 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-22 08:22 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-21 08:52 . 2012-06-21 08:52 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-21 08:52 . 2012-06-21 08:52 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-18 09:50 . 2012-06-18 09:50 -------- d-----w- c:\users\Pauline\AppData\Local\Macromedia
    2012-06-17 08:10 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-17 08:10 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-17 08:10 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-23 09:40 . 2012-04-23 16:59 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-23 09:40 . 2011-09-06 20:30 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-18 06:41 . 2012-04-21 15:53 955848 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-05-18 06:41 . 2011-04-07 08:44 839112 ----a-w- c:\windows\system32\deployJava1.dll
    2012-04-20 13:47 . 2011-04-07 08:44 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-04-04 13:56 . 2012-04-23 18:26 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-30 11:35 . 2012-05-09 19:28 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-06-25_12.36.29 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-11-21 03:09 . 2012-06-27 17:42 57318 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-06-28 08:12 41800 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-09-06 16:08 . 2012-06-28 08:12 15258 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1912503649-411188616-2801711697-1000_UserData.bin
    + 2011-09-07 07:26 . 2012-06-26 15:02 5166 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    + 2012-06-28 09:43 . 2012-06-28 09:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-06-25 12:35 . 2012-06-25 12:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-06-25 12:35 . 2012-06-25 12:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-06-28 09:43 . 2012-06-28 09:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-09-06 18:07 . 2012-06-28 10:01 282596 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    - 2011-04-07 18:11 . 2012-06-25 12:29 706842 c:\windows\system32\perfh00C.dat
    + 2011-04-07 18:11 . 2012-06-28 09:47 706842 c:\windows\system32\perfh00C.dat
    + 2009-07-14 02:36 . 2012-06-28 09:47 618370 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-06-25 12:29 618370 c:\windows\system32\perfh009.dat
    - 2011-04-07 18:11 . 2012-06-25 12:29 132016 c:\windows\system32\perfc00C.dat
    + 2011-04-07 18:11 . 2012-06-28 09:47 132016 c:\windows\system32\perfc00C.dat
    - 2009-07-14 02:36 . 2012-06-25 12:29 107650 c:\windows\system32\perfc009.dat
    + 2009-07-14 02:36 . 2012-06-28 09:47 107650 c:\windows\system32\perfc009.dat
    + 2011-09-06 15:04 . 2012-06-27 16:25 131072 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-09-06 15:04 . 2012-06-25 12:19 131072 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 05:01 . 2012-06-28 09:28 438484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-06-25 12:35 438484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-09-06 15:04 . 2012-06-27 16:25 2244608 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-09-06 15:04 . 2012-06-25 12:19 2244608 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-06-27 16:25 2424832 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-06-25 12:19 2424832 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-07-20 16:22 . 2012-06-25 12:21 2065856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-07-20 16:22 . 2012-06-28 09:28 2065856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-09-07 07:26 . 2012-06-28 09:28 35099824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1912503649-411188616-2801711697-1000-8192.dat
    - 2011-09-07 07:26 . 2012-06-25 12:21 35099824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1912503649-411188616-2801711697-1000-8192.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-14 336384]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
    "HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-03-11 1502776]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    .
    c:\users\Pauline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 257224]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-01 138400]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-01 76448]
    S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-17 265544]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-04 2375168]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
    S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    .
    .
    --- Autres Services/Pilotes en mémoire ---
    .
    *NewlyCreated* - F660A3CD50C17A8B
    *Deregistered* - f660a3cd50c17a8b
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 09:40]
    .
    2012-06-27 c:\windows\Tasks\HPCeeScheduleForPauline.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-08 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-08 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-08 418328]
    "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-01 615584]
    "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-01 379552]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-15 1128448]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2011-02-19 569200]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    "combofix"="c:\pauline\CF14731.3XE" [2010-11-21 345088]
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Pauline\AppData\Roaming\Mozilla\Firefox\Profiles\eedclg8c.default\
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\f660a3cd50c17a8b]
    "ImagePath"="\SystemRoot\System32\Drivers\f660a3cd50c17a8b.sys"
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
    .
    **************************************************************************
    .
    Heure de fin: 2012-06-28 12:06:56 - La machine a redémarré
    ComboFix-quarantined-files.txt 2012-06-28 10:06
    ComboFix2.txt 2012-06-26 15:01
    ComboFix3.txt 2012-06-25 19:34
    ComboFix4.txt 2012-06-25 12:42
    .
    Avant-CF: 585 761 390 592 octets libres
    Après-CF: 585 434 701 824 octets libres
    .
    - - End Of File - - 43B11DF5CCF042784E1E14F64D8586D7
    0
  9. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    :(

    Va falloir y aller en live CD pour dégager tout ça, tu as un CD-R ou CD-RW pour graver un truc ?
    0
  10. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    ok suis cette procédure : https://www.commentcamarche.net/faq/34284-pre-scan-pe-sous-environnement-win-7-live
    0
  11. Lucy
     
    C'est fait, voilà le rapport : http://cjoint.com/12jn/BFCpLQVVnFd.htm
    0
  12. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    je me renseigne, reste en live cd pour le moment ;)
    0
  13. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    OK

    Déplace ce fichier :

    C:\Windows\System32\Drivers\f660a3cd50c17a8b.sys

    Dans C:\Pre_Scan\Quarantaine

    Et tu peux redémarrer normalement.
    0
  14. Lucy
     
    C'est fait !

    Ça a l'air d'avoir marché en apparence ... Merci !
    0
  15. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Ok relance un combofix pour voir ?
    0
  16. Lucy
     
    Salut,

    Voilà le rapport

    ComboFix 12-06-25.02 - Pauline 29/06/2012 10:14:24.5.4 - x64
    Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.6092.4442 [GMT 2:00]
    Lancé depuis: c:\users\Pauline\Desktop\Pauline.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2012-05-28 au 2012-06-29 ))))))))))))))))))))))))))))))))))))
    .
    .
    2012-06-29 08:28 . 2012-06-29 08:28 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-06-29 08:28 . 2012-06-29 08:28 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2012-06-28 15:52 . 2012-06-18 01:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5AA6A107-9070-4FDA-BD96-F59A9BB42B31}\mpengine.dll
    2012-06-28 14:31 . 2012-06-28 16:38 -------- d-----w- C:\Pre_Scan
    2012-06-28 14:22 . 2012-06-28 14:31 -------- d-----w- c:\windows\Pre_Scan
    2012-06-25 11:59 . 2012-06-25 12:01 -------- d-----w- C:\ZHP
    2012-06-25 11:59 . 2012-06-25 11:59 -------- d-----w- c:\program files (x86)\ZHPDiag
    2012-06-25 11:41 . 2012-06-25 11:41 328704 ----a-w- c:\windows\system32\services.exe.68E629D96FFF399D
    2012-06-25 11:24 . 2012-06-25 11:24 328704 ----a-w- c:\windows\system32\services.exe.1E6037EDE994BE96
    2012-06-25 09:50 . 2012-06-25 09:50 328704 ----a-w- c:\windows\system32\services.exe.A24A22459F0727CA
    2012-06-25 09:35 . 2012-06-25 09:35 328704 ----a-w- c:\windows\system32\services.exe.4E94F7940A920DA9
    2012-06-25 08:54 . 2012-06-25 08:54 328704 ----a-w- c:\windows\system32\services.exe.20F23B3D33214E86
    2012-06-25 08:52 . 2012-02-09 12:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A58632DD-C5A8-49C7-87A4-A19F4AF3460B}\gapaengine.dll
    2012-06-25 08:52 . 2012-06-18 01:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-06-25 08:48 . 2012-06-25 08:48 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-06-25 08:48 . 2012-06-25 08:48 -------- d-----w- c:\program files\Microsoft Security Client
    2012-06-22 08:23 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-22 08:23 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-22 08:23 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-22 08:23 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-22 08:22 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-22 08:22 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-22 08:22 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-22 08:22 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-22 08:22 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-21 08:52 . 2012-06-21 08:52 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-21 08:52 . 2012-06-21 08:52 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-18 09:50 . 2012-06-18 09:50 -------- d-----w- c:\users\Pauline\AppData\Local\Macromedia
    2012-06-17 08:10 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-17 08:10 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-17 08:10 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-23 09:40 . 2012-04-23 16:59 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-23 09:40 . 2011-09-06 20:30 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-18 06:41 . 2012-04-21 15:53 955848 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-05-18 06:41 . 2011-04-07 08:44 839112 ----a-w- c:\windows\system32\deployJava1.dll
    2012-04-20 13:47 . 2011-04-07 08:44 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-04-04 13:56 . 2012-04-23 18:26 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-06-25_12.36.29 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-11-21 03:09 . 2012-06-29 08:10 57880 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-06-29 08:10 41800 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-09-06 16:08 . 2012-06-28 15:48 15466 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1912503649-411188616-2801711697-1000_UserData.bin
    + 2012-05-09 05:02 . 2010-02-27 14:15 81920 c:\windows\Pre_Scan\swxcacls.com
    + 2012-06-23 09:47 . 2012-06-25 11:56 16384 c:\windows\Pre_Scan\Quarantine\%APPDATA%.P_S\Microsoft\Windows\IETldCache\index.dat
    + 2012-05-09 05:02 . 2003-11-13 00:52 74240 c:\windows\Pre_Scan\MBRWiz.exe
    + 2011-09-07 07:26 . 2012-06-28 10:10 5260 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    - 2012-06-25 12:35 . 2012-06-25 12:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-06-29 08:08 . 2012-06-29 08:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-06-29 08:08 . 2012-06-29 08:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-06-25 12:35 . 2012-06-25 12:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-12-30 15:27 . 2012-01-05 12:43 9110 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\Analytics\WTAnalytics.dat
    + 2011-09-06 18:07 . 2012-06-28 11:43 282620 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2011-04-07 18:11 . 2012-06-29 08:12 706842 c:\windows\system32\perfh00C.dat
    - 2011-04-07 18:11 . 2012-06-25 12:29 706842 c:\windows\system32\perfh00C.dat
    - 2009-07-14 02:36 . 2012-06-25 12:29 618370 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-06-29 08:12 618370 c:\windows\system32\perfh009.dat
    + 2011-04-07 18:11 . 2012-06-29 08:12 132016 c:\windows\system32\perfc00C.dat
    - 2011-04-07 18:11 . 2012-06-25 12:29 132016 c:\windows\system32\perfc00C.dat
    + 2009-07-14 02:36 . 2012-06-29 08:12 107650 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2012-06-25 12:29 107650 c:\windows\system32\perfc009.dat
    + 2011-09-06 15:04 . 2012-06-27 16:25 131072 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-09-06 15:04 . 2012-06-25 12:19 131072 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 05:01 . 2012-06-25 12:35 438484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-06-28 18:27 438484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-05-09 05:02 . 2010-02-27 14:15 872960 c:\windows\Pre_Scan\Swreg.exe
    + 2011-12-30 15:27 . 2011-11-11 02:55 569544 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\WildTangent Games\App\Update\Updater.exe
    + 2011-12-30 15:27 . 2012-01-05 12:43 983336 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\WildTangent Games\App\DPConfig\InstallTouchpoints-wildgames.exe
    - 2011-09-06 15:04 . 2012-06-25 12:19 2244608 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-09-06 15:04 . 2012-06-27 16:25 2244608 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-06-25 12:19 2424832 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-06-27 16:25 2424832 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-07-20 16:22 . 2012-06-25 12:21 2065856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-07-20 16:22 . 2012-06-28 18:27 2065856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-09-07 07:26 . 2012-06-28 18:27 35099824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1912503649-411188616-2801711697-1000-8192.dat
    - 2011-09-07 07:26 . 2012-06-25 12:21 35099824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1912503649-411188616-2801711697-1000-8192.dat
    + 2010-03-19 02:33 . 2010-03-19 02:33 49026264 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\f405496e-4cd5-4891-a8bc-3e58bd47b25c-extr.exe
    + 2010-06-25 03:18 . 2010-06-25 03:18 76793224 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\f10f89f1-9c08-4d85-9169-a28ba1fc6ab0-extr.exe
    + 2010-03-19 02:31 . 2010-03-19 02:31 15093888 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\e551d534-a4ef-4dac-9c20-c80b2c806ad8-extr.exe
    + 2010-03-19 00:08 . 2010-03-19 00:08 19081576 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\CB81C112-133D-4C53-B0F2-9A8F378D0D06-extr.exe
    + 2010-03-19 12:38 . 2010-03-19 12:38 35201256 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\C8DEFEB5-AFE9-48D0-A9E6-355F537F0BAD-extr.exe
    + 2010-10-22 21:52 . 2010-10-22 21:52 69948160 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\BC3D43F7-BC64-490D-92B5-D2AABEC7FA85-extr.exe
    + 2010-07-13 21:34 . 2010-07-13 21:34 96415952 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\af7a9bad-f0f1-4fe3-87a1-676657bed867-extr.exe
    + 2010-03-19 11:19 . 2010-03-19 11:19 65467176 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\a382b548-99a3-4dca-9a58-62b8e08af23d-extr.exe
    + 2010-03-19 02:38 . 2010-03-19 02:38 24302776 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\951226E3-26FC-40BC-8085-3677B1128F59-extr.exe
    + 2010-03-19 12:52 . 2010-03-19 12:52 79848240 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\7c599483-924b-4639-bf41-5308bc517100-extr.exe
    + 2010-10-22 21:40 . 2010-10-22 21:40 64989584 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\6E7DD52D-205E-4D6D-AF6A-0C34703DFA61-extr.exe
    + 2010-11-07 05:46 . 2010-11-07 05:46 20468024 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\38aa0b18-f7b9-4242-8357-b9fb23ab62d9-extr.exe
    + 2010-03-19 13:04 . 2010-03-19 13:04 65582536 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\29556c6b-abba-4173-8102-4642846d5b4f-extr.exe
    + 2010-11-08 18:32 . 2010-11-08 18:32 98543704 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\2517a196-153c-4855-b7f6-659c6a1581ec-extr.exe
    + 2010-10-22 21:26 . 2010-10-22 21:26 97931664 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\134726E5-0682-43C5-8AA2-DD4D6A866DD4-extr.exe
    + 2010-06-25 01:09 . 2010-06-25 01:09 26345176 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\10dbb1bc-ef1b-4c2e-9bea-aaba3f42532c-extr.exe
    + 2010-11-05 21:42 . 2010-11-05 21:42 129943864 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\f45679ee-0afc-4fce-93cd-897d5590286b-extr.exe
    + 2010-11-13 00:01 . 2010-11-13 00:01 441012856 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\b7e5ecb8-924f-4b53-be77-3d7276a18780-extr.exe
    + 2010-11-08 17:52 . 2010-11-08 17:52 159627992 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\998eda55-a87a-42ab-95c2-d20fc515518d-extr.exe
    + 2010-03-19 01:16 . 2010-03-19 01:16 246562168 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\6BDF3201-10E6-46ED-9A87-7FD18C418CFD-extr.exe
    + 2010-11-05 21:34 . 2010-11-05 21:34 270498304 c:\windows\Pre_Scan\Quarantine\WildTangent.P_S\5ae0d760-ddcf-4247-85df-eacefd518e86-extr.exe
    .
    -- Instantané actualisé --
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-14 336384]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
    "HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-03-11 1502776]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    .
    c:\users\Pauline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
    @="FSFilter System Recovery"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R0 f660a3cd50c17a8b;0i763f66bz.exe;c:\windows\\SystemRoot\System32\Drivers\f660a3cd50c17a8b.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 257224]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-01 138400]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-01 76448]
    S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-17 265544]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-04 2375168]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
    S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    .
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 09:40]
    .
    2012-06-27 c:\windows\Tasks\HPCeeScheduleForPauline.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-08 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-08 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-08 418328]
    "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-01 615584]
    "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-01 379552]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-15 1128448]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2011-02-19 569200]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Pauline\AppData\Roaming\Mozilla\Firefox\Profiles\eedclg8c.default\
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    SafeBoot-dmboot.sys
    SafeBoot-dmio.sys
    SafeBoot-dmload.sys
    SafeBoot-dmadmin
    SafeBoot-dmserver
    SafeBoot-SRService
    .
    .
    .
    Heure de fin: 2012-06-29 10:41:07
    ComboFix-quarantined-files.txt 2012-06-29 08:41
    ComboFix2.txt 2012-06-28 10:06
    ComboFix3.txt 2012-06-26 15:01
    ComboFix4.txt 2012-06-25 19:34
    ComboFix5.txt 2012-06-29 08:13
    .
    Avant-CF: 585 682 337 792 octets libres
    Après-CF: 585 260 949 504 octets libres
    .
    - - End Of File - - 34F8BE0799384CE7F5D0108AA07371B3
    0
  17. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Salut de retour

    Il me fait chi*r ton rootkit .........

    Refais un CFSCript avec ça :

    KillAll::

    Driver::
    f660a3cd50c17a8b

    File::
    c:\windows\System32\Drivers\f660a3cd50c17a8b.sys
    0
  18. Lucy
     
    Salut !

    Merci de ton aide ! J'espère que c'est bon maintenant ...

    Voilà le rapport :

    ComboFix 12-06-28.03 - Pauline 30/06/2012 14:21:25.6.4 - x64
    Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.6092.4441 [GMT 2:00]
    Lancé depuis: c:\users\Pauline\Desktop\Pauline.exe
    Commutateurs utilisés :: c:\users\Pauline\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\windows\System32\Drivers\f660a3cd50c17a8b.sys"
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_F660A3CD50C17A8B
    -------\Service_f660a3cd50c17a8b
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2012-05-28 au 2012-06-30 ))))))))))))))))))))))))))))))))))))
    .
    .
    2012-06-30 12:31 . 2012-06-30 12:31 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-06-30 12:31 . 2012-06-30 12:31 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2012-06-29 16:32 . 2012-06-18 01:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF6493D6-3B5D-4F05-956C-81856EB861D4}\mpengine.dll
    2012-06-29 14:01 . 2012-06-18 01:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-06-29 13:57 . 2012-06-29 14:03 -------- d-----w- c:\users\Pauline\AppData\Roaming\pdfforge
    2012-06-29 13:57 . 2012-06-15 04:51 95232 ----a-w- c:\windows\system32\pdfcmon.dll
    2012-06-29 13:57 . 2004-03-08 23:00 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
    2012-06-29 13:57 . 1998-06-23 23:00 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
    2012-06-29 13:57 . 2012-06-29 13:57 -------- d-----w- c:\program files (x86)\PDFCreator
    2012-06-29 13:57 . 1998-07-13 00:08 119568 ----a-w- c:\windows\SysWow64\VB6FR.DLL
    2012-06-29 13:57 . 1998-07-13 00:08 59904 ----a-w- c:\windows\SysWow64\MSCC2FR.DLL
    2012-06-29 13:57 . 1998-07-13 00:08 141312 ----a-w- c:\windows\SysWow64\MSCMCFR.DLL
    2012-06-29 13:57 . 1998-07-05 23:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
    2012-06-29 13:57 . 2012-06-29 13:57 -------- d-----w- c:\programdata\Premium
    2012-06-29 13:57 . 2012-06-29 13:57 -------- d-----w- c:\programdata\InstallMate
    2012-06-28 14:31 . 2012-06-28 16:38 -------- d-----w- C:\Pre_Scan
    2012-06-28 14:22 . 2012-06-28 14:31 -------- d-----w- c:\windows\Pre_Scan
    2012-06-25 11:59 . 2012-06-25 12:01 -------- d-----w- C:\ZHP
    2012-06-25 11:59 . 2012-06-25 11:59 -------- d-----w- c:\program files (x86)\ZHPDiag
    2012-06-25 11:41 . 2012-06-25 11:41 328704 ----a-w- c:\windows\system32\services.exe.68E629D96FFF399D
    2012-06-25 11:24 . 2012-06-25 11:24 328704 ----a-w- c:\windows\system32\services.exe.1E6037EDE994BE96
    2012-06-25 09:50 . 2012-06-25 09:50 328704 ----a-w- c:\windows\system32\services.exe.A24A22459F0727CA
    2012-06-25 09:35 . 2012-06-25 09:35 328704 ----a-w- c:\windows\system32\services.exe.4E94F7940A920DA9
    2012-06-25 08:54 . 2012-06-25 08:54 328704 ----a-w- c:\windows\system32\services.exe.20F23B3D33214E86
    2012-06-25 08:52 . 2012-02-09 12:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A58632DD-C5A8-49C7-87A4-A19F4AF3460B}\gapaengine.dll
    2012-06-25 08:48 . 2012-06-25 08:48 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-06-25 08:48 . 2012-06-25 08:48 -------- d-----w- c:\program files\Microsoft Security Client
    2012-06-22 08:23 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-22 08:23 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-22 08:23 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-22 08:23 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-22 08:22 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-22 08:22 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-22 08:22 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-22 08:22 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-22 08:22 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-21 08:52 . 2012-06-21 08:52 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-21 08:52 . 2012-06-21 08:52 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-18 09:50 . 2012-06-18 09:50 -------- d-----w- c:\users\Pauline\AppData\Local\Macromedia
    2012-06-17 08:10 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-17 08:10 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-17 08:10 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-23 09:40 . 2012-04-23 16:59 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-23 09:40 . 2011-09-06 20:30 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-18 06:41 . 2012-04-21 15:53 955848 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-05-18 06:41 . 2011-04-07 08:44 839112 ----a-w- c:\windows\system32\deployJava1.dll
    2012-04-20 13:47 . 2011-04-07 08:44 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-04-04 13:56 . 2012-04-23 18:26 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2012-06-29_08.29.38 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 05:10 . 2012-06-29 08:10 41800 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-06-30 12:34 41800 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    - 2011-09-06 16:08 . 2012-06-28 15:48 15466 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1912503649-411188616-2801711697-1000_UserData.bin
    + 2011-09-06 16:08 . 2012-06-29 14:02 15466 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1912503649-411188616-2801711697-1000_UserData.bin
    - 2012-06-29 08:08 . 2012-06-29 08:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-06-30 12:32 . 2012-06-30 12:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-06-29 08:08 . 2012-06-29 08:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-06-30 12:32 . 2012-06-30 12:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-10-08 05:45 . 2012-06-29 20:32 160074 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
    + 2011-09-06 18:07 . 2012-06-30 11:19 283050 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2011-04-07 18:11 . 2012-06-30 10:15 706842 c:\windows\system32\perfh00C.dat
    - 2011-04-07 18:11 . 2012-06-29 08:12 706842 c:\windows\system32\perfh00C.dat
    + 2009-07-14 02:36 . 2012-06-30 10:15 618370 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-06-29 08:12 618370 c:\windows\system32\perfh009.dat
    + 2011-04-07 18:11 . 2012-06-30 10:15 132016 c:\windows\system32\perfc00C.dat
    - 2011-04-07 18:11 . 2012-06-29 08:12 132016 c:\windows\system32\perfc00C.dat
    + 2009-07-14 02:36 . 2012-06-30 10:15 107650 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2012-06-29 08:12 107650 c:\windows\system32\perfc009.dat
    - 2009-07-14 05:01 . 2012-06-28 18:27 438484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-06-30 12:31 438484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-07-20 16:22 . 2012-06-30 12:31 2065856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2011-07-20 16:22 . 2012-06-28 18:27 2065856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2011-09-07 07:26 . 2012-06-28 18:27 35099824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1912503649-411188616-2801711697-1000-8192.dat
    + 2011-09-07 07:26 . 2012-06-30 12:31 35099824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1912503649-411188616-2801711697-1000-8192.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-14 336384]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
    "HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-03-11 1502776]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    .
    c:\users\Pauline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
    @="FSFilter System Recovery"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 257224]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
    R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-07 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-14 203776]
    S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-01 138400]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-01 76448]
    S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-17 265544]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-04 2375168]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-14 8281600]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-14 292864]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-01 36000]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-01 298656]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-01 28832]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-01 201376]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-01 55456]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-01 154272]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-01 280224]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
    S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
    S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-01-08 12262688]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-01-25 77424]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
    .
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2012-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 09:40]
    .
    2012-06-27 c:\windows\Tasks\HPCeeScheduleForPauline.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-08 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-08 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-08 418328]
    "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-01 615584]
    "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-01 379552]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-15 1128448]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2011-02-19 569200]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    "combofix"="c:\pauline\CF21404.3XE" [2010-11-21 345088]
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Pauline\AppData\Roaming\Mozilla\Firefox\Profiles\eedclg8c.default\
    .
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Heure de fin: 2012-06-30 14:38:12 - La machine a redémarré
    ComboFix-quarantined-files.txt 2012-06-30 12:38
    ComboFix2.txt 2012-06-29 08:41
    ComboFix3.txt 2012-06-28 10:06
    ComboFix4.txt 2012-06-26 15:01
    ComboFix5.txt 2012-06-30 12:18
    .
    Avant-CF: 585 319 436 288 octets libres
    Après-CF: 585 156 952 064 octets libres
    .
    - - End Of File - - 217ED4DBB550DA9AA89FAEFB251F5C51
    0
  19. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Salut

    Oooooooooh miracle il s'est décidé à bouger :D :D

    J'avais vu d'autres choses pas cool :)

    Dans l'ordre :

    Télécharge sur cette page : AdwCleaner (de Xplode)

    ▶ Une fois téléchargé, clique sur Suppression et patiente le temps du nettoyage.

    ▶ Poste le contenu du rapport que tu trouveras dans ton disque dur c:\ADwcleaner[Sx].txt ou son contenu s'il s'ouvre.

    =====================================================

    ▶ Télécharge et installe Malwarebytes' Anti-Malware (MBAM).

    ▶ Exécute-le. Accepte la mise à jour.

    Uniquement en cas de problème de mise à jour:

    Télécharger mises à jour manuelles MBAM

    ● Exécute le fichier après l'installation de MBAM

    ▶ Sélectionne "Exécuter un examen complet"
    ▶ Clique sur "Rechercher"
    ▶ L'analyse démarre, le scan est relativement long, c'est normal.

    A la fin de l'analyse, un message s'affiche :

    Citation :

    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

    ▶ Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
    ▶ Ferme tes navigateurs.
    ▶ Si des malwares ont été détectés, clique sur Afficher les résultats.
    ▶ Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
    MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse : ferme le.

    Si MBAM demande à redémarrer le pc : ▶ fais-le.

    Au redémarrage, relance MBAM, onglet "Rapport/Logs", copie/colle celui qui correspond à l'analyse effectuée.
    0
  • 1
  • 2