Sirefef
leozz
-
g3n-h@ckm@n Messages postés 14350 Statut Membre -
g3n-h@ckm@n Messages postés 14350 Statut Membre -
Bonjour,
Je viens demander de l'aide suite à une probable infection de Sirefef detecté par Chrome et Avast.
En naviguant sur les forum, j'ai essayé d'utiliser le logiciel RogueKiller. Il a trouvé des données que j'au supprimé, voici ce qui semble être le rapport :
RogueKiller V8.5.4 [Mar 18 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Demarrage : Mode normal
Utilisateur : Thibaut Cambon [Droits d'admin]
Mode : Suppression -- Date : 13/05/2013 20:19:33
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 1 ¤¤¤
[SUSP PATH] MusicManager.exe -- C:\Users\Thibaut Cambon\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [-] -> TUÉ [TermProc]
¤¤¤ Entrees de registre : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : MusicManager ("C:\Users\Thibaut Cambon\AppData\Local\Programs\Google\MusicManager\MusicManager.exe") [-] -> NON SELECTIONNÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-1526602329-3622394769-2401582177-1000[...]\Run : MusicManager ("C:\Users\Thibaut Cambon\AppData\Local\Programs\Google\MusicManager\MusicManager.exe") [-] -> NON SELECTIONNÉ
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REMPLACÉ (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REMPLACÉ (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][JUNCTION] C:\Windows\$NtUninstallKB51983$ >> \systemroot\system32\config --> SUPPRIMÉ
[Del.Parent][FILE] 1739758770 : C:\Windows\$NtUninstallKB51983$\1739758770 [-] --> SUPPRIMÉ
[Del.Parent][FILE] @ : C:\Windows\$NtUninstallKB51983$\71159602\@ [-] --> SUPPRIMÉ
[Del.Parent][FILE] Desktop.ini : C:\Windows\$NtUninstallKB51983$\71159602\Desktop.ini [-] --> SUPPRIMÉ
[Del.Parent][FILE] 00000004.@ : C:\Windows\$NtUninstallKB51983$\71159602\L\00000004.@ [-] --> SUPPRIMÉ
[Del.Parent][FILE] 201d3dde : C:\Windows\$NtUninstallKB51983$\71159602\L\201d3dde [-] --> SUPPRIMÉ
[Del.Parent][FILE] 76603ac3 : C:\Windows\$NtUninstallKB51983$\71159602\L\76603ac3 [-] --> SUPPRIMÉ
[Del.Parent][FILE] xadqgnnk : C:\Windows\$NtUninstallKB51983$\71159602\L\xadqgnnk [-] --> SUPPRIMÉ
[Del.Parent][FOLDER] ROOT : C:\Windows\$NtUninstallKB51983$\71159602\L --> SUPPRIMÉ
[Del.Parent][FILE] 00000004.@ : C:\Windows\$NtUninstallKB51983$\71159602\U\00000004.@ [-] --> SUPPRIMÉ
[Del.Parent][FILE] 00000008.@ : C:\Windows\$NtUninstallKB51983$\71159602\U\00000008.@ [-] --> SUPPRIMÉ
[Del.Parent][FILE] 000000cb.@ : C:\Windows\$NtUninstallKB51983$\71159602\U\000000cb.@ [-] --> SUPPRIMÉ
[Del.Parent][FILE] 80000000.@ : C:\Windows\$NtUninstallKB51983$\71159602\U\80000000.@ [-] --> SUPPRIMÉ
[Del.Parent][FILE] 80000032.@ : C:\Windows\$NtUninstallKB51983$\71159602\U\80000032.@ [-] --> SUPPRIMÉ
[Del.Parent][FOLDER] ROOT : C:\Windows\$NtUninstallKB51983$\71159602\U --> SUPPRIMÉ
[Del.Parent][FOLDER] ROOT : C:\Windows\$NtUninstallKB51983$\71159602 --> SUPPRIMÉ AU REBOOT
[ZeroAccess][FOLDER] ROOT : C:\Windows\$NtUninstallKB51983$ --> SUPPRIMÉ AU REBOOT
[Faked.Drv][FILE] csc.sys : C:\Windows\system32\drivers\csc.sys [-] --> IMPOSSIBLE DE REPARER
¤¤¤ Driver : [CHARGE] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: FUJITSU MHX2300BT ATA Device +++++
--- User ---
[MBR] c82d8438ba2479c2c513966a99dfc176
[BSP] 3f5889865b7e80f15b9509b049480514 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 11125 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 22786048 | Size: 275042 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: PIXIKA USB Flash Drive USB Device +++++
--- User ---
[MBR] 334f879b7b3c18a4590f5dab9fe2b3ea
[BSP] 25f3024595f3b7dfbbc81cdc98cec57c : Empty MBR Code
Partition table:
0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 1007 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Termine : << RKreport[2]_D_13052013_201933.txt >>
RKreport[1]_S_13052013_201657.txt ; RKreport[2]_D_13052013_201933.txt
Maintenant, Chrome et Avast ne detectent plus rien. Par contre, je ne peux plus télécharger de fichier (problème analyse antivirus) et je ne peux plus activer le pare feu windows (erreur : 0x80070424).
Que faire ?
Merci de votre aide
Je viens demander de l'aide suite à une probable infection de Sirefef detecté par Chrome et Avast.
En naviguant sur les forum, j'ai essayé d'utiliser le logiciel RogueKiller. Il a trouvé des données que j'au supprimé, voici ce qui semble être le rapport :
RogueKiller V8.5.4 [Mar 18 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Demarrage : Mode normal
Utilisateur : Thibaut Cambon [Droits d'admin]
Mode : Suppression -- Date : 13/05/2013 20:19:33
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 1 ¤¤¤
[SUSP PATH] MusicManager.exe -- C:\Users\Thibaut Cambon\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [-] -> TUÉ [TermProc]
¤¤¤ Entrees de registre : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : MusicManager ("C:\Users\Thibaut Cambon\AppData\Local\Programs\Google\MusicManager\MusicManager.exe") [-] -> NON SELECTIONNÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-1526602329-3622394769-2401582177-1000[...]\Run : MusicManager ("C:\Users\Thibaut Cambon\AppData\Local\Programs\Google\MusicManager\MusicManager.exe") [-] -> NON SELECTIONNÉ
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REMPLACÉ (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REMPLACÉ (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][JUNCTION] C:\Windows\$NtUninstallKB51983$ >> \systemroot\system32\config --> SUPPRIMÉ
[Del.Parent][FILE] 1739758770 : C:\Windows\$NtUninstallKB51983$\1739758770 [-] --> SUPPRIMÉ
[Del.Parent][FILE] @ : C:\Windows\$NtUninstallKB51983$\71159602\@ [-] --> SUPPRIMÉ
[Del.Parent][FILE] Desktop.ini : C:\Windows\$NtUninstallKB51983$\71159602\Desktop.ini [-] --> SUPPRIMÉ
[Del.Parent][FILE] 00000004.@ : C:\Windows\$NtUninstallKB51983$\71159602\L\00000004.@ [-] --> SUPPRIMÉ
[Del.Parent][FILE] 201d3dde : C:\Windows\$NtUninstallKB51983$\71159602\L\201d3dde [-] --> SUPPRIMÉ
[Del.Parent][FILE] 76603ac3 : C:\Windows\$NtUninstallKB51983$\71159602\L\76603ac3 [-] --> SUPPRIMÉ
[Del.Parent][FILE] xadqgnnk : C:\Windows\$NtUninstallKB51983$\71159602\L\xadqgnnk [-] --> SUPPRIMÉ
[Del.Parent][FOLDER] ROOT : C:\Windows\$NtUninstallKB51983$\71159602\L --> SUPPRIMÉ
[Del.Parent][FILE] 00000004.@ : C:\Windows\$NtUninstallKB51983$\71159602\U\00000004.@ [-] --> SUPPRIMÉ
[Del.Parent][FILE] 00000008.@ : C:\Windows\$NtUninstallKB51983$\71159602\U\00000008.@ [-] --> SUPPRIMÉ
[Del.Parent][FILE] 000000cb.@ : C:\Windows\$NtUninstallKB51983$\71159602\U\000000cb.@ [-] --> SUPPRIMÉ
[Del.Parent][FILE] 80000000.@ : C:\Windows\$NtUninstallKB51983$\71159602\U\80000000.@ [-] --> SUPPRIMÉ
[Del.Parent][FILE] 80000032.@ : C:\Windows\$NtUninstallKB51983$\71159602\U\80000032.@ [-] --> SUPPRIMÉ
[Del.Parent][FOLDER] ROOT : C:\Windows\$NtUninstallKB51983$\71159602\U --> SUPPRIMÉ
[Del.Parent][FOLDER] ROOT : C:\Windows\$NtUninstallKB51983$\71159602 --> SUPPRIMÉ AU REBOOT
[ZeroAccess][FOLDER] ROOT : C:\Windows\$NtUninstallKB51983$ --> SUPPRIMÉ AU REBOOT
[Faked.Drv][FILE] csc.sys : C:\Windows\system32\drivers\csc.sys [-] --> IMPOSSIBLE DE REPARER
¤¤¤ Driver : [CHARGE] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: FUJITSU MHX2300BT ATA Device +++++
--- User ---
[MBR] c82d8438ba2479c2c513966a99dfc176
[BSP] 3f5889865b7e80f15b9509b049480514 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 11125 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 22786048 | Size: 275042 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: PIXIKA USB Flash Drive USB Device +++++
--- User ---
[MBR] 334f879b7b3c18a4590f5dab9fe2b3ea
[BSP] 25f3024595f3b7dfbbc81cdc98cec57c : Empty MBR Code
Partition table:
0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 1007 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Termine : << RKreport[2]_D_13052013_201933.txt >>
RKreport[1]_S_13052013_201657.txt ; RKreport[2]_D_13052013_201933.txt
Maintenant, Chrome et Avast ne detectent plus rien. Par contre, je ne peux plus télécharger de fichier (problème analyse antivirus) et je ne peux plus activer le pare feu windows (erreur : 0x80070424).
Que faire ?
Merci de votre aide
108 réponses
Voici le rapport :
ComboFix 13-05-15.01 - Thibaut Cambon 15/05/2013 22:02:23.1.2 - x86
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.3070.2275 [GMT 2:00]
Lancé depuis: c:\users\Thibaut Cambon\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\boot.inf
c:\users\Mcx1-THIBAUTCAMBON\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\Mcx1-THIBAUTCAMBON\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\users\Thibaut Cambon\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\Thibaut Cambon\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2013-04-15 au 2013-05-15 ))))))))))))))))))))))))))))))))))))
.
.
2013-05-15 20:13 . 2013-05-15 20:13 -------- d-----w- c:\users\Mcx1-THIBAUTCAMBON\AppData\Local\temp
2013-05-15 20:13 . 2013-05-15 20:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-13 22:52 . 2013-05-13 22:51 0 ----a-w- c:\windows\system32\drivers\csc.sys
2013-05-13 22:11 . 2013-05-13 22:11 -------- d--h--w- c:\windows\PIF
2013-05-13 20:23 . 2013-05-14 18:05 -------- d-----w- C:\Pre_Scan
2013-05-13 19:45 . 2013-05-13 19:45 388096 ----a-r- c:\users\Thibaut Cambon\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-05-13 19:45 . 2013-05-13 19:45 -------- d-----w- c:\program files\Trend Micro
2013-05-13 19:31 . 2013-05-13 19:31 -------- d-----w- C:\TDSSKiller_Quarantine
2013-05-13 18:15 . 2013-05-13 18:15 -------- d-----w- c:\windows\snack
2013-05-12 22:23 . 2013-05-12 22:23 225280 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
2013-05-12 19:43 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E1B62869-236A-4C08-A5BD-B544CF3F023B}\mpengine.dll
2013-04-26 09:05 . 2013-04-26 09:05 -------- d-----w- c:\program files\Common Files\Java
2013-04-26 09:04 . 2013-04-04 03:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-23 17:05 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 19:32 . 2012-06-10 13:34 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 19:32 . 2012-02-05 10:28 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-14 20:49 . 2012-07-17 12:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2012-01-08 16:30 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-03-31 14:07 . 2013-03-31 14:07 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2013-03-19 05:04 . 2013-04-09 20:51 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-09 20:51 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-09 20:51 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-09 20:51 69632 ----a-w- c:\windows\system32\smss.exe
2013-03-11 23:05 . 2013-03-11 23:06 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-11 23:05 . 2012-01-08 19:01 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-06 22:33 . 2013-03-31 11:38 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-06 22:33 . 2013-03-31 11:38 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-06 22:33 . 2012-01-14 11:35 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 22:33 . 2012-01-14 11:35 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 22:33 . 2012-01-14 11:35 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 22:33 . 2012-03-23 18:14 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 22:33 . 2012-01-14 11:35 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 22:33 . 2012-01-14 11:35 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 22:32 . 2012-01-14 11:33 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 22:32 . 2012-01-14 11:33 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-01 03:09 . 2013-04-09 20:50 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-02-22 03:46 . 2013-04-10 16:56 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-22 03:38 . 2013-04-10 16:56 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-02-22 03:37 . 2013-04-10 16:56 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-22 03:34 . 2013-04-10 16:56 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-22 03:34 . 2013-04-10 16:56 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-02-22 03:31 . 2013-04-10 16:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-15 04:37 . 2013-04-09 20:49 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-02-15 04:34 . 2013-04-09 20:49 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-02-15 03:25 . 2013-04-09 20:49 36864 ----a-w- c:\windows\system32\tsgqec.dll
2011-12-21 07:49 . 2012-01-10 21:23 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaIconsOverlay]
@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
2013-05-12 22:23 225280 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Thibaut Cambon\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Thibaut Cambon\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Thibaut Cambon\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Thibaut Cambon\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-04-16 19662744]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Thibaut Cambon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Thibaut Cambon\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 13:13 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CANAL+ CANALSAT A LA DEMANDE]
2011-10-20 10:13 163992 ----a-w- c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-01-08 16:25 136176 ----atw- c:\users\Thibaut Cambon\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 12:57 152544 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-12-10 16:29 2254768 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2012-11-13 13:08 3825176 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-02-28 16:50 18642024 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Protocole Intel® Centrino® Wireless Bluetooth® + High Speed;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 aswVmm;aswVmm; [x]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [x]
R3 netw5v32;Pilote de carte de liaison WiFi sans fil Intel(R) 5000 Series pour Windows Vista 32 bits;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 ZSMC302;V-Gear TalkCam 1.1;c:\windows\system32\Drivers\usbvm302.sys [x]
S0 aswRvrt;aswRvrt; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S3 AMPPAL;Carte réseau virtuelle Intel® Centrino® Wireless Bluetooth® + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 NETwNs32;___ Pilote de carte de la série Intel(R) Wireless WiFi Link 5000 pour Windows 7 32 bits ;c:\windows\system32\DRIVERS\NETwNs32.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 yukonw7;Pilote Miniport NDIS6.2 pour contrôleur Ethernet Marvell Yukon;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Contenu du dossier 'Tâches planifiées'
.
2013-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 19:33]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-25 17:51]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-25 17:51]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1526602329-3622394769-2401582177-1000Core.job
- c:\users\Thibaut Cambon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-08 16:25]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1526602329-3622394769-2401582177-1000UA.job
- c:\users\Thibaut Cambon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-08 16:25]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &Envoyer à OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Thibaut Cambon\AppData\Roaming\Mozilla\Firefox\Profiles\yjce378a.default\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
URLSearchHooks-{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - (no file)
Notify-SDWinLogon - SDWinLogon.dll
MSConfigStartUp-Java Updater System - c:\users\Thibaut Cambon\AppData\Local\Temp\javaw.exe
MSConfigStartUp-Service - c:\users\Thibaut Cambon\AppData\Local\Temp\Service.exe
AddRemove-5513-1208-7298-9440 - c:\program files\JDownloader\JDUninstall.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1526602329-3622394769-2401582177-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ab,38,ee,87,79,32,d9,f3,08,60,82,d7,8f,4a,5d,32,61,77,cf,58,7f,0f,89,
e8,f5,ad,33,f1,6c,fd,3c,19,77,5e,fc,3d,ee,5c,38,ae,e1,54,28,29,2f,e7,bf,8d,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2013-05-15 22:16:22
ComboFix-quarantined-files.txt 2013-05-15 20:16
.
Avant-CF: 32 794 074 112 octets libres
Après-CF: 36 969 699 328 octets libres
.
- - End Of File - - DD811CA4DF563873CC12966E87C13CE6
ComboFix 13-05-15.01 - Thibaut Cambon 15/05/2013 22:02:23.1.2 - x86
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.3070.2275 [GMT 2:00]
Lancé depuis: c:\users\Thibaut Cambon\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\boot.inf
c:\users\Mcx1-THIBAUTCAMBON\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\Mcx1-THIBAUTCAMBON\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\users\Thibaut Cambon\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\Thibaut Cambon\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2013-04-15 au 2013-05-15 ))))))))))))))))))))))))))))))))))))
.
.
2013-05-15 20:13 . 2013-05-15 20:13 -------- d-----w- c:\users\Mcx1-THIBAUTCAMBON\AppData\Local\temp
2013-05-15 20:13 . 2013-05-15 20:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-13 22:52 . 2013-05-13 22:51 0 ----a-w- c:\windows\system32\drivers\csc.sys
2013-05-13 22:11 . 2013-05-13 22:11 -------- d--h--w- c:\windows\PIF
2013-05-13 20:23 . 2013-05-14 18:05 -------- d-----w- C:\Pre_Scan
2013-05-13 19:45 . 2013-05-13 19:45 388096 ----a-r- c:\users\Thibaut Cambon\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-05-13 19:45 . 2013-05-13 19:45 -------- d-----w- c:\program files\Trend Micro
2013-05-13 19:31 . 2013-05-13 19:31 -------- d-----w- C:\TDSSKiller_Quarantine
2013-05-13 18:15 . 2013-05-13 18:15 -------- d-----w- c:\windows\snack
2013-05-12 22:23 . 2013-05-12 22:23 225280 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
2013-05-12 19:43 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E1B62869-236A-4C08-A5BD-B544CF3F023B}\mpengine.dll
2013-04-26 09:05 . 2013-04-26 09:05 -------- d-----w- c:\program files\Common Files\Java
2013-04-26 09:04 . 2013-04-04 03:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-23 17:05 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 19:32 . 2012-06-10 13:34 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 19:32 . 2012-02-05 10:28 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-14 20:49 . 2012-07-17 12:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2012-01-08 16:30 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-03-31 14:07 . 2013-03-31 14:07 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2013-03-19 05:04 . 2013-04-09 20:51 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-09 20:51 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-09 20:51 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-09 20:51 69632 ----a-w- c:\windows\system32\smss.exe
2013-03-11 23:05 . 2013-03-11 23:06 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-11 23:05 . 2012-01-08 19:01 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-06 22:33 . 2013-03-31 11:38 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-06 22:33 . 2013-03-31 11:38 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-06 22:33 . 2012-01-14 11:35 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 22:33 . 2012-01-14 11:35 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 22:33 . 2012-01-14 11:35 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 22:33 . 2012-03-23 18:14 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 22:33 . 2012-01-14 11:35 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 22:33 . 2012-01-14 11:35 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 22:32 . 2012-01-14 11:33 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 22:32 . 2012-01-14 11:33 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-01 03:09 . 2013-04-09 20:50 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-02-22 03:46 . 2013-04-10 16:56 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-22 03:38 . 2013-04-10 16:56 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-02-22 03:37 . 2013-04-10 16:56 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-22 03:34 . 2013-04-10 16:56 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-22 03:34 . 2013-04-10 16:56 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-02-22 03:31 . 2013-04-10 16:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-15 04:37 . 2013-04-09 20:49 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-02-15 04:34 . 2013-04-09 20:49 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-02-15 03:25 . 2013-04-09 20:49 36864 ----a-w- c:\windows\system32\tsgqec.dll
2011-12-21 07:49 . 2012-01-10 21:23 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaIconsOverlay]
@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
2013-05-12 22:23 225280 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Thibaut Cambon\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Thibaut Cambon\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Thibaut Cambon\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Thibaut Cambon\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-04-16 19662744]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Thibaut Cambon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Thibaut Cambon\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 13:13 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CANAL+ CANALSAT A LA DEMANDE]
2011-10-20 10:13 163992 ----a-w- c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-01-08 16:25 136176 ----atw- c:\users\Thibaut Cambon\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 12:57 152544 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-12-10 16:29 2254768 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2012-11-13 13:08 3825176 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-02-28 16:50 18642024 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Protocole Intel® Centrino® Wireless Bluetooth® + High Speed;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 aswVmm;aswVmm; [x]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [x]
R3 netw5v32;Pilote de carte de liaison WiFi sans fil Intel(R) 5000 Series pour Windows Vista 32 bits;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 ZSMC302;V-Gear TalkCam 1.1;c:\windows\system32\Drivers\usbvm302.sys [x]
S0 aswRvrt;aswRvrt; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S3 AMPPAL;Carte réseau virtuelle Intel® Centrino® Wireless Bluetooth® + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 NETwNs32;___ Pilote de carte de la série Intel(R) Wireless WiFi Link 5000 pour Windows 7 32 bits ;c:\windows\system32\DRIVERS\NETwNs32.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 yukonw7;Pilote Miniport NDIS6.2 pour contrôleur Ethernet Marvell Yukon;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Contenu du dossier 'Tâches planifiées'
.
2013-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 19:33]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-25 17:51]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-25 17:51]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1526602329-3622394769-2401582177-1000Core.job
- c:\users\Thibaut Cambon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-08 16:25]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1526602329-3622394769-2401582177-1000UA.job
- c:\users\Thibaut Cambon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-08 16:25]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &Envoyer à OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Thibaut Cambon\AppData\Roaming\Mozilla\Firefox\Profiles\yjce378a.default\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
URLSearchHooks-{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - (no file)
Notify-SDWinLogon - SDWinLogon.dll
MSConfigStartUp-Java Updater System - c:\users\Thibaut Cambon\AppData\Local\Temp\javaw.exe
MSConfigStartUp-Service - c:\users\Thibaut Cambon\AppData\Local\Temp\Service.exe
AddRemove-5513-1208-7298-9440 - c:\program files\JDownloader\JDUninstall.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1526602329-3622394769-2401582177-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ab,38,ee,87,79,32,d9,f3,08,60,82,d7,8f,4a,5d,32,61,77,cf,58,7f,0f,89,
e8,f5,ad,33,f1,6c,fd,3c,19,77,5e,fc,3d,ee,5c,38,ae,e1,54,28,29,2f,e7,bf,8d,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2013-05-15 22:16:22
ComboFix-quarantined-files.txt 2013-05-15 20:16
.
Avant-CF: 32 794 074 112 octets libres
Après-CF: 36 969 699 328 octets libres
.
- - End Of File - - DD811CA4DF563873CC12966E87C13CE6
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
y'a un probleme : 2013-05-13 22:52 . 2013-05-13 22:51 0 ----a-w- c:\windows\system32\drivers\csc.sys
csc.sys fait 0 octets...
csc.sys fait 0 octets...
