Sujet Précédent Sujet Suivant

Win32:VB EIK

Fermé
ricofax Messages postés 1 Date d'inscription lundi 22 octobre 2012 Statut Membre Dernière intervention 22 octobre 2012 - 22 oct. 2012 à 17:50
 Utilisateur anonyme - 22 oct. 2012 à 17:58
Bonjour,

j'ai un problème avec un virus également. Un connaissance (gentille) a emprunté ma clef USB et me l'a rendu visiblement avec une saloperie dessus... J'ai exécuté combofix, voici le rapport, pouvez m'aider? merci
ComboFix 12-10-22.01 - Yves 22/10/2012 17:17:40.1.8 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.32.1036.18.8097.5399 [GMT 2:00]
Lancé depuis: c:\users\Yves\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\AsPatch10430001.exe
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvsvc
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-09-22 au 2012-10-22 ))))))))))))))))))))))))))))))))))))
.
.
2012-10-16 15:26 . 2012-10-16 15:26 -------- d-----w- c:\users\Yves\AppData\Roaming\U3
2012-10-16 14:40 . 2012-10-16 14:40 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-10-15 16:11 . 2012-10-15 16:11 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-10-15 16:11 . 2012-10-15 16:11 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-10-15 16:09 . 2012-10-15 16:09 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-10-15 16:08 . 2012-10-15 16:08 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-10-15 16:07 . 2012-10-15 16:07 -------- d-----w- c:\users\Yves\AppData\Local\Microsoft Help
2012-10-15 16:06 . 2012-10-16 14:43 -------- d-----w- c:\programdata\Microsoft Help
2012-09-27 09:29 . 2012-09-27 09:37 -------- d-----w- c:\users\Yves\AppData\Roaming\pdfforge
2012-09-27 09:29 . 2012-09-27 09:29 -------- d-----w- c:\users\Yves\AppData\Local\AVG Secure Search
2012-09-27 09:29 . 2012-07-29 11:59 96768 ----a-w- c:\windows\system32\pdfcmon.dll
2012-09-27 09:29 . 2012-05-05 09:54 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2012-09-27 09:29 . 2012-09-27 09:29 -------- d-----w- c:\program files (x86)\PDFCreator
2012-09-27 09:29 . 2012-09-27 09:29 -------- d-----w- c:\programdata\AVG Secure Search
2012-09-27 09:29 . 2012-05-05 09:54 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2012-09-27 09:29 . 2012-09-27 09:29 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-09-27 09:29 . 2012-09-27 09:29 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-09-27 09:29 . 2012-09-27 09:29 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-09-27 09:29 . 2012-09-27 09:29 -------- d--h--w- c:\programdata\Common Files
2012-09-27 09:25 . 2012-09-27 09:25 -------- d-----w- c:\program files (x86)\RIFT Technologies
2012-09-26 13:02 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 15:26 . 2012-07-14 15:00 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe
2012-10-10 11:22 . 2012-07-24 11:01 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-10 06:47 . 2012-07-14 18:01 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 06:47 . 2012-07-14 18:01 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-09 16:31 . 2012-09-09 16:31 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-09 16:31 . 2012-09-09 16:31 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-09 16:31 . 2012-09-09 16:31 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-22 18:12 . 2012-09-12 07:17 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 07:17 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 07:17 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 07:17 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 09:13 . 2012-07-15 09:40 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-07-15 09:39 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-07-15 09:39 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-07-15 09:39 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2012-07-15 09:39 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-07-15 09:40 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-07-15 09:38 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-07-15 09:38 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-21 09:12 . 2012-07-15 09:39 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-20 17:38 . 2012-10-10 10:17 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 07:17 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 07:17 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}"= "c:\program files (x86)\uTorrentBar_FR\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar_FR\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-09-27 09:29 1734240 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}"= "c:\program files (x86)\uTorrentBar_FR\prxtbuTor.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll" [2012-09-27 1734240]
.
[HKEY_CLASSES_ROOT\clsid\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Yves\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-07-17 895376]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 2676584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-10-19 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"FLxHCIm64"="c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [2011-10-17 47616]
"SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-07-21 5716608]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-09-13 2317312]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-10-31 27528]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-05-25 75048]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-11-24 222504]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-09-27 947808]
"ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" [2012-09-27 856160]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\users\Yves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Alertes de surveillance de l'encre - HP Photosmart 5510 series (réseau).lnk - c:\windows\system32\RunDll32.exe [2009-7-14 45568]
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-30 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-10-19 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/07/14 16:29;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-04-20 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-15 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-10 250808]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2011-03-18 74840]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-15 136176]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2012-07-15 674304]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-03-02 27584]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-15 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-09-28 28992]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-27 31080]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-01-25 379520]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-08-02 146592]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-08-02 103584]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-01-14 1839616]
S2 InstallClick;InstallClick Connector;c:\program files (x86)\RIFT Technologies\InstallClick Connector\installclick.exe [2012-06-06 149872]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-09-28 2253120]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2009-07-10 36864]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-03-02 25504]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2011-10-31 83336]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-27 722528]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2011-09-20 16768]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-08-02 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-08-02 330912]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-08-02 110240]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-08-02 30368]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-08-02 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-08-02 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-08-02 280992]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-08-02 511136]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-09-08 129024]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2011-10-17 202496]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2011-10-17 69888]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-16 428136]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_38F51D56
.
Contenu du dossier 'Tâches planifiées'
.
2012-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 06:47]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-15 09:40]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-15 09:40]
.
2012-10-22 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2012-09-08 11:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-08-02 961184]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-08-02 798880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-28 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-28 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-28 416024]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-09-19 2278504]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://isearch.avg.com/?cid={4748920C-1537-4E9B-AA86-F3F4A322CB89}&mid=1dc906803e9c47d0ad54d1418cd612f7-04c7dfbc200284293ac476e13928ba74324c1912&lang=fr&ds=pd011&pr=sa&d=2012-09-27 11:29&v=12.2.5.34&sap=hp
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: &Envoyer à OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
FF - ProfilePath - c:\users\Yves\AppData\Roaming\Mozilla\Firefox\Profiles\mpuupo3k.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-09-07 16:37; {8e5025c2-8ea3-430d-80b8-a14151068a6d}; c:\users\Yves\AppData\Roaming\Mozilla\Firefox\Profiles\mpuupo3k.default\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}
FF - ExtSQL: 2012-09-27 11:29; avg@toolbar; c:\programdata\AVG Secure Search\12.2.5.34
.
- - - - ORPHELINS SUPPRIMES - - - -
.
URLSearchHooks-{8e5025c2-8ea3-430d-80b8-a14151068a6d} - (no file)
BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
Toolbar-Locked - (no file)
Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-SessionLogon - c:\expressgateutil\SessionLogon.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\RIFT Technologies\InstallClick Connector\installclick-connector.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
c:\program files (x86)\ASUS\Splendid\ACMON.exe
c:\windows\SysWOW64\ACEngSvr.exe
c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Heure de fin: 2012-10-22 17:31:58 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-10-22 15:31
.
Avant-CF: 209.127.940.096 octets libres
Après-CF: 209.385.693.184 octets libres
.
- - End Of File - - DF4447FEBA6511BFFB92BD31D2CA208E


1 réponse

Réponse 1 / 1
Utilisateur anonyme
22 oct. 2012 à 17:58
bonjour,

Combofix ne traite pas les infections de supports externes !!!


* Télécharge USBFIX sur ton bureau (Merci à El Desaparecido)

http://sosvirus.org/viewtopic.php?f=52&t=192

ou :

http://services.service-webmaster.fr/cpt-clics/clics-30453-6505.html

ou ici :

http://general-changelog-team.fr/fr/downloads/viewdownload/15-outils-de-el-desaparecido/19-usbfix



/!\ Désactive provisoirement et seulement le temps de l'utilisation d'USBFIX, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

- Double-clique sur l'icône Usbfix située sur ton Bureau.
- Sur la page, clique sur le bouton :
« Recherche »

/!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
- puis clique sur OK
- Laisse travailler l'outil.
- Poste le rapport qui apparaît à la fin.
le rapport se trouve sur C:\ UsbFix.txt

0

Discussions similaires

Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
Menaces HackTool:Win32
LeMax5993 -
lisa4777 -

4 réponses
Detection PUA: win32 Installcore
Nat -
bazfile -

13 réponses
PUABundler:Win32/CandyOpen : dangereux ?
joubine -
bazfile -

2 réponses
infecté par HackTool:Win32/AutoKMS
fredo1968 -
fredo1968 -

5 réponses