Bonjour,
Voilà quelques années que je suis infecté par le virus Jeefo, que j'ai dû attraper à l'époque en téléchargeant bêtement un exécutable infecté.
Par le biais d'un disque dur externe, ce virus me suit maintenant sur mes différents PC depuis 4 ans.
Les formatages n'y ont rien fait et les changements de machine non plus, ni même les
antivirus successifs.
Chaque fois que j'essaie de le supprimer les .exe infectés se multiplient, rendant peu à peu l'utilisation de ma machine extrêmement laborieuse.
J'ai donc décidé de baser mes relations avec Jeefo sur une entente cordiale: je le laisse roupiller sur ma machine en échange de quoi il reste tranquillement dans son coin.
Seulement voilà, aujourd'hui, allez savoir pourquoi, j'ai bien envie de me débarrasser de ce virus une bonne fois pour toutes, puisqu'il commence à se faire gênant.
En effet, je viens d'installer un nouvel antivirus (Ad-Aware) qui a réveillé mon hôte gênant.
En quelques minutes je me suis retrouvé avec une trentaine d'exécutables infectés, et j'ai peur que la liste ne continue de s'allonger.
Ma config:
Windows 7 (x64) sur processeur Intel I7 3.20GHz
Voici un scan
HijackThis Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:48:14, on 20/08/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\TuneUpMedia\TuneUpApp.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASC.exe
C:\Users\Guizmo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Guizmo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Guizmo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Guizmo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Guizmo\Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-21-2391751390-3036256288-199651804-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2391751390-3036256288-199651804-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files (x86)\BitComet\tools\BitCometService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
End of file - 8888 bytes
Suivi d'un scan
ComboFix ComboFix 12-08-18.03 - Guizmo 20/08/2012 1:34.1.8 - x64
Microsoft Windows 7 Intégrale Édition Spéciale 6.1.7601.1.1252.33.1036.18.6135.4035 [GMT 2:00]
Lancé depuis: c:\users\Guizmo\Downloads\ComboFix.exe
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-07-19 au 2012-08-19 ))))))))))))))))))))))))))))))))))))
.
.
2012-08-19 23:41 . 2012-08-19 23:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-19 12:02 . 2011-12-19 10:44 60536 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-08-19 12:02 . 2012-08-19 22:33 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-08-19 12:02 . 2012-08-19 12:02 -------- d-----w- c:\programdata\Lavasoft
2012-08-19 12:02 . 2011-12-19 11:21 45936 ----a-w- c:\windows\system32\sbbd.exe
2012-08-19 12:02 . 2011-10-26 12:23 57976 ----a-w- c:\windows\system32\drivers\sbredrv.sys
2012-08-17 18:11 . 2012-07-16 00:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3654AC92-B4CE-4537-B746-E4C0DAC35B63}\mpengine.dll
2012-08-17 18:03 . 2012-08-17 18:03 -------- d-sh--w- c:\programdata\DSS
2012-08-17 17:47 . 2012-08-17 17:47 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-08-17 17:47 . 2012-08-17 17:47 -------- d-----w- c:\windows\SysWow64\xlive
2012-08-17 17:34 . 2012-08-17 17:34 -------- d-----w- c:\program files (x86)\Microsoft Games
2012-08-17 17:07 . 2012-08-17 17:07 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-17 17:07 . 2012-08-17 17:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-17 17:07 . 2012-08-17 17:07 -------- d-----w- c:\windows\system32\Macromed
2012-08-17 16:38 . 2012-08-17 16:38 -------- d-----w- c:\windows\SysWow64\Macromed
2012-08-17 16:38 . 2012-08-17 16:38 -------- d-----w- c:\program files (x86)\TuneUpMedia
2012-08-17 16:36 . 2012-08-19 19:33 -------- d-----w- c:\programdata\TuneUpMedia
2012-08-17 16:33 . 2012-08-17 16:33 -------- d-----w- c:\program files (x86)\Firestorm-Release
2012-08-17 16:27 . 2012-08-17 16:27 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-17 16:27 . 2012-08-17 16:27 -------- d-----w- c:\program files (x86)\Oracle
2012-08-17 16:26 . 2012-07-05 20:06 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-17 16:26 . 2012-07-05 20:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-17 16:26 . 2012-08-17 16:26 -------- d-----w- c:\program files (x86)\Java
2012-08-17 15:34 . 2012-08-17 15:34 -------- d-----w- c:\windows\system32\SPReview
2012-08-17 15:33 . 2012-08-17 15:33 -------- d-----w- c:\windows\system32\EventProviders
2012-08-17 15:26 . 2012-08-17 15:30 -------- d-----w- C:\Downloads
2012-08-17 15:26 . 2012-08-17 15:26 -------- d-----w- c:\program files (x86)\BitComet
2012-08-14 23:01 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-14 23:01 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-14 23:01 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-14 23:01 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-14 23:00 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-14 23:00 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 23:00 . 2010-11-20 13:27 39424 ----a-w- c:\windows\system32\Spool\prtprocs\x64\winprint.dll
2012-08-12 20:15 . 2010-11-20 13:27 1363968 ----a-w- c:\windows\system32\wdc.dll
2012-08-12 20:13 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-08-12 20:13 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-08-12 20:13 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-08-11 11:32 . 2011-04-28 03:55 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-11 11:32 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2012-08-11 11:32 . 2010-11-20 13:24 229376 ----a-w- c:\windows\system32\fsquirt.exe
2012-08-10 09:42 . 2012-08-10 09:42 -------- d-----w- c:\users\Default\AppData\Roaming\IObit
2012-08-09 10:33 . 2012-08-09 10:33 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2012-08-09 10:11 . 2012-08-09 10:11 -------- d-----w- c:\windows\SysWow64\BestPractices
2012-08-09 10:11 . 2012-08-09 10:11 -------- d-----w- c:\windows\system32\BestPractices
2012-08-09 10:11 . 2012-08-09 10:11 -------- d-----w- C:\inetpub
2012-08-09 10:11 . 2012-08-09 10:11 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2012-08-09 10:11 . 2012-08-09 10:11 -------- d-----w- c:\windows\system32\wbem\en-US
2012-08-09 09:31 . 2012-08-09 09:31 -------- d-----w- c:\windows\SysWow64\Wat
2012-08-09 09:31 . 2012-08-09 09:31 -------- d-----w- c:\windows\system32\Wat
2012-08-09 09:30 . 2012-08-15 01:00 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-09 09:27 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-08-09 09:27 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2012-08-08 21:42 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-08-08 21:37 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-08 21:37 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-08-08 21:37 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-08 21:37 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-08 21:37 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-08 21:37 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-08-08 21:37 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-08-08 21:15 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-08-08 20:51 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-08 20:51 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-08 20:46 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-08 20:46 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-08 20:46 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-08 20:46 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-08-08 20:46 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-08-08 20:42 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-08-08 20:42 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-08-08 20:42 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-08-08 20:42 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-08-08 20:42 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-08-08 20:42 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-08-08 20:42 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-08-08 20:42 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-08-08 20:42 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-08-08 20:42 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-08-08 20:42 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-08-08 20:42 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-08-08 20:42 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-08-08 20:40 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-08 20:40 . 2010-11-20 13:33 288640 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-08 20:40 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-08-08 20:40 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-08-08 20:40 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-08-08 20:40 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-08-08 20:40 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-08-08 20:40 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-08-08 20:39 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2012-08-08 20:39 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-08-08 20:39 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-08-08 20:37 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-08-08 20:36 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-08-08 20:36 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-08-08 20:36 . 2012-04-28 05:32 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-08-08 20:36 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-08-08 20:36 . 2010-11-20 11:07 162816 ----a-w- c:\windows\system32\rdpudd.dll
2012-08-08 20:36 . 2010-11-20 11:03 20992 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-08-08 20:34 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-08-08 20:34 . 2010-11-20 13:24 2164224 ----a-w- c:\program files\Windows Journal\Journal.exe
2012-08-08 20:34 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-08-08 20:34 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-08-08 20:34 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-08-08 20:34 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-08-08 20:33 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-08-08 20:33 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-08-08 20:32 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll
2012-08-08 20:32 . 2010-12-23 05:54 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2012-08-08 20:32 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll
2012-08-08 20:32 . 2010-12-23 10:36 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2012-08-08 20:32 . 2010-12-23 05:54 850944 ----a-w- c:\windows\SysWow64\sbe.dll
2012-08-08 20:32 . 2010-12-23 05:50 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2012-08-08 20:30 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-08-08 20:30 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-08-08 20:30 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-08-08 20:30 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-08-08 20:30 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-08-08 20:30 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-08-08 20:30 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-08-08 20:29 . 2011-02-05 17:10 642944 ----a-w- c:\windows\system32\winload.efi
2012-08-08 20:29 . 2011-02-05 17:06 605552 ----a-w- c:\windows\system32\winload.exe
2012-08-08 20:29 . 2011-02-05 17:06 518672 ----a-w- c:\windows\system32\winresume.exe
2012-08-08 20:29 . 2011-02-05 17:10 20352 ----a-w- c:\windows\system32\kdusb.dll
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-19 23:36 . 2012-06-28 15:44 428904 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-08-17 18:01 . 2009-08-18 10:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-08-17 18:01 . 2009-08-18 09:24 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-17 15:39 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-08-17 15:39 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 2646128]
"SuperCopier2.exe"="c:\program files (x86)\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-07-02 4473728]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SBBD.exe /d \Device\HarddiskVolume4\Program Files (x86)\Ad-Aware Antivirus\Definitions
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-07-12 1239952]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-17 250056]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-25 114144]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-09 1255736]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2009-12-25 297512]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-06-29 1258856]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-06-28 382312]
S3 e1yexpress;Pilote de connexions réseau Intel(R) Gigabit;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
S3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-05-21 188776]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-06 24176]
S3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-07-05 33224]
S3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-07-05 21904]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - PBFILTER
*NewlyCreated* - SBAPIFS
*NewlyCreated* - SBRE
*Deregistered* - SBRE
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contenu du dossier 'Tâches planifiées'
.
2012-08-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-17 17:07]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2391751390-3036256288-199651804-1000Core.job
- c:\users\Guizmo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-17 15:21]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2391751390-3036256288-199651804-1000UA.job
- c:\users\Guizmo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-17 15:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"SBRegRebootCleaner"="c:\program files (x86)\Ad-Aware Antivirus\SBRC.exe" [2011-12-19 200560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Tout télécharger avec BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: Télécharger avec BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Guizmo\AppData\Roaming\Mozilla\Firefox\Profiles\6qyse5vd.default\
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2012-08-20 01:44:50
ComboFix-quarantined-files.txt 2012-08-19 23:44
.
Avant-CF: 886 190 030 848 octets libres
Après-CF: 886 053 474 304 octets libres
.
- - End Of File - - 75DB2B6C5F487B153B9217440AF6FF46
Je vous remercie de votre intérêt.
Toute aide est la bienvenue.
Afficher la suite
