fredouille0756
-
Compteur de contenus
3 -
Inscription
-
Dernière visite
fredouille0756's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
Virus – j'ai utilisé ComboFix
fredouille0756 a répondu à un(e) sujet de fredouille0756 dans Analyses et éradication malwares
Voici le lien que vous m'avez demander: pjjoint.malekal.com - Submit a file Merci encore cordialement -
Virus – j'ai utilisé ComboFix
fredouille0756 a répondu à un(e) sujet de fredouille0756 dans Analyses et éradication malwares
Tout d'abord merci de cette réponse rapide et de m'aider, Voici le lien n°1 : C:\AdwCleaner[s1].txt Voici le lien n°2 : Jrt.txt Je te remercie encore une fois de me consacrer du temps. -
Bonjour a tous, J'ai eu un virus sur mon pc (ouverture intempestif du site ebay a chaque fois que je cliquais sur un lien et plus d'accès à gmail)après quelques recherche j'ai utilisé combo fix qui a detecter le virus, j'ai suivi les instructions et j'ai eu un rapport mais à priori d'après ce que je lis sur ce site: Un guide et un tutoriel sur l'utilisation de ComboFix il faut faire analyse le rapport par un expert, que je suis pas, pour savoir s'il ne reste pas des débris du virus. Il conseille votre site alors me voici...si quelqu'un peut m'aider et me dire, merci par avance. Cordialement. fred Voici le rapport: ComboFix 13-02-24.01 - frederique 25/02/2013 14:26:18.1.2 - x86 Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.3071.2169 [GMT 1:00] Lancé depuis: c:\users\frederique\Pictures\Documents\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\AutocompletePro c:\program files\AutocompletePro\InstTracker.exe c:\program files\Common Files\ASPG_icon.ico c:\program files\DealPly c:\program files\DealPly\DealPly.crx c:\program files\DealPly\DealPlyUpdate.exe c:\program files\DealPly\DealPlyUpdateRun.exe c:\program files\DealPly\icon.ico c:\program files\DealPly\uninst.exe c:\program files\Fast Browser Search c:\program files\Fast Browser Search\IE\1.bat c:\program files\Fast Browser Search\IE\about.html c:\program files\Fast Browser Search\IE\affid.dat c:\program files\Fast Browser Search\IE\basis.xml c:\program files\Fast Browser Search\IE\basis_br.xml c:\program files\Fast Browser Search\IE\basis_de.xml c:\program files\Fast Browser Search\IE\basis_en.xml c:\program files\Fast Browser Search\IE\basis_es.xml c:\program files\Fast Browser Search\IE\basis_fr.xml c:\program files\Fast Browser Search\IE\basis_it.xml c:\program files\Fast Browser Search\IE\basis_nr.xml c:\program files\Fast Browser Search\IE\basis_pt.xml c:\program files\Fast Browser Search\IE\basis_ru.xml c:\program files\Fast Browser Search\IE\basis_tr.xml c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe c:\program files\Fast Browser Search\IE\error.html c:\program files\Fast Browser Search\IE\fbsProtection.xml c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml c:\program files\Fast Browser Search\IE\FBStoolbar.dll c:\program files\Fast Browser Search\IE\fbstoolbar.jar c:\program files\Fast Browser Search\IE\fbstoolbar.manifest c:\program files\Fast Browser Search\IE\icons.bmp c:\program files\Fast Browser Search\IE\IE3SH.exe c:\program files\Fast Browser Search\IE\info.txt c:\program files\Fast Browser Search\IE\local.xml c:\program files\Fast Browser Search\IE\logobg.bmp c:\program files\Fast Browser Search\IE\MTWB3SH.dll c:\program files\Fast Browser Search\IE\MTWBtoolbar.html c:\program files\Fast Browser Search\IE\search.bmp c:\program files\Fast Browser Search\IE\search_br.bmp c:\program files\Fast Browser Search\IE\search_de.bmp c:\program files\Fast Browser Search\IE\search_es.bmp c:\program files\Fast Browser Search\IE\search_fr.bmp c:\program files\Fast Browser Search\IE\search_it.bmp c:\program files\Fast Browser Search\IE\search_pt.bmp c:\program files\Fast Browser Search\IE\search_ru.bmp c:\program files\Fast Browser Search\IE\SearchAssistant.dll c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico c:\program files\Fast Browser Search\IE\SGPU.ico c:\program files\Fast Browser Search\IE\sgpUpdater.exe c:\program files\Fast Browser Search\IE\sgpUpdater.xml c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe c:\program files\Fast Browser Search\IE\tbhelper.dll c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js c:\program files\Fast Browser Search\IE\Toolbar Help.htm c:\program files\Fast Browser Search\IE\update.exe c:\program files\Fast Browser Search\IE\version.txt c:\program files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml c:\program files\OfferBox c:\program files\OfferBox\[email protected]\components\OfferBoxXpCom.dll c:\program files\SGPSA c:\program files\SGPSA\ie3sh.exe c:\program files\SGPSA\mtWB3sh.dll c:\program files\SGPSA\SearchAssistant.dll c:\programdata\#Short company name# c:\programdata\#Short company name#\#settings_subfolder#\Timerlist.xml c:\programdata\Download and Sa c:\programdata\Download and Sa\50bf6f830690e.ocx c:\programdata\Download and Sa\50bf6f8306946.html c:\programdata\Download and Sa\50bf6f830697f.js c:\programdata\Download and Sa\data\50bf6f830697f.js c:\programdata\Download and Sa\data\jsondb.js c:\programdata\Download and Sa\nadmobdmmpohfgopaochlcacpgcbkhga.crx c:\programdata\Download and Sa\settings.ini c:\programdata\windows c:\programdata\Windows\dumd.dat c:\programdata\windows\xdor.dat c:\users\frederique\AppData\Local\lollipop c:\users\frederique\AppData\Local\WahOO\Wahoo.exe --autoLaunch c:\users\frederique\AppData\Roaming\#Short company name# c:\users\frederique\AppData\Roaming\#Short company name#\#settings_subfolder#\#dvr.ini c:\users\frederique\AppData\Roaming\#Short company name#\#settings_subfolder#\Log\VersionCheck.log c:\users\frederique\AppData\Roaming\#Short company name#\#settings_subfolder#\Log\VersionCheck01.log c:\users\frederique\AppData\Roaming\cacaoweb c:\users\frederique\AppData\Roaming\cacaoweb\cacaoweb.exe c:\users\frederique\AppData\Roaming\cacaoweb\npdfile.dat c:\users\frederique\AppData\Roaming\cacaoweb\storage.db c:\users\frederique\AppData\Roaming\OfferBox c:\users\frederique\AppData\Roaming\OfferBox\config.xml c:\users\frederique\Pictures\Documents\~WRL0224.tmp c:\users\frederique\Pictures\Documents\~WRL0487.tmp c:\users\frederique\Pictures\Documents\~WRL0652.tmp c:\users\frederique\Pictures\Documents\~WRL0746.tmp c:\users\frederique\Pictures\Documents\~WRL0851.tmp c:\users\frederique\Pictures\Documents\~WRL0866.tmp c:\users\frederique\Pictures\Documents\~WRL3974.tmp c:\users\frederique\Pictures\Documents\Desktop\cacaoweb.exe c:\users\Public\RemoveSGP.exe c:\windows\$NtUninstallKB26998$ c:\windows\$NtUninstallKB26998$\3123320902 c:\windows\$NtUninstallKB26998$\3142242876\@ c:\windows\$NtUninstallKB26998$\3142242876\Desktop.ini c:\windows\$NtUninstallKB26998$\3142242876\L\00000004.@ c:\windows\$NtUninstallKB26998$\3142242876\L\201d3dde c:\windows\$NtUninstallKB26998$\3142242876\L\76603ac3 c:\windows\$NtUninstallKB26998$\3142242876\L\diiuturh c:\windows\$NtUninstallKB26998$\3142242876\U\00000004.@ c:\windows\$NtUninstallKB26998$\3142242876\U\00000008.@ c:\windows\$NtUninstallKB26998$\3142242876\U\000000cb.@ c:\windows\$NtUninstallKB26998$\3142242876\U\80000000.@ c:\windows\$NtUninstallKB26998$\3142242876\U\80000032.@ c:\windows\msvcr71.dll c:\windows\system32\~.inf c:\windows\system32\cc32100mt.dll c:\windows\system32\ijl11.dll c:\windows\system32\URTTemp c:\windows\system32\URTTemp\regtlib.exe c:\windows\TEMP\MPENGINE.DLL c:\windows\TEMP\offreg.dll . Une copie infectée de c:\windows\system32\drivers\tdx.sys a été trouvée et désinfectée Copie restaurée à partir de - The cat found it . ((((((((((((((((((((((((((((( Fichiers créés du 2013-01-25 au 2013-02-25 )))))))))))))))))))))))))))))))))))) . . 2013-02-25 13:45 . 2013-02-25 13:48 -------- d-----w- c:\users\frederique\AppData\Local\temp 2013-02-25 13:45 . 2013-02-25 13:45 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-25 13:34 . 2013-02-25 13:34 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C860C00-60C9-49A0-B232-9BCAA1939EBE}\offreg.dll 2013-02-25 13:22 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys 2013-02-24 19:16 . 2013-02-24 19:16 -------- d-sh--w- c:\windows\system32\%APPDATA% 2013-02-24 18:30 . 2013-02-25 13:26 -------- d-----w- c:\users\frederique\AppData\Roaming\Yontoo 2013-02-24 18:30 . 2013-02-24 18:30 -------- d-----w- c:\program files\Yontoo 2013-02-24 18:30 . 2013-02-24 18:30 -------- d-----w- c:\users\frederique\AppData\Roaming\Funmoods 2013-02-24 18:28 . 2013-02-24 19:04 -------- d-----w- c:\program files\TornTV.com 2013-02-22 07:58 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C860C00-60C9-49A0-B232-9BCAA1939EBE}\mpengine.dll 2013-02-20 17:00 . 2013-02-20 17:05 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-02-20 17:00 . 2013-02-20 17:05 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll 2013-02-06 17:16 . 2013-02-12 12:24 -------- d-----w- c:\users\frederique\AppData\Roaming\DealPly 2013-02-04 12:43 . 2013-02-04 12:43 -------- d-----w- c:\users\frederique\AppData\Roaming\inkscape 2013-02-04 12:31 . 2013-02-04 12:38 -------- d-----w- c:\program files\Inkscape 2013-02-03 15:08 . 2010-01-08 11:51 212480 ----a-w- c:\windows\system32\PCDLIB32.DLL 2013-02-03 15:08 . 2010-01-08 11:51 210944 ----a-w- c:\windows\system32\msvcrt10.dll 2013-02-03 15:08 . 2003-03-19 07:04 618496 ----a-w- c:\windows\system32\stlpmt45.dll 2013-02-03 15:08 . 2009-08-19 13:05 159744 ----a-w- c:\windows\system32\MFCANS32.DLL 2013-02-03 15:08 . 2009-08-19 13:02 29952 ----a-w- c:\windows\system32\borlndmm.dll 2013-02-03 15:08 . 2013-02-03 18:54 -------- d-----w- c:\program files\StudioScrap4-Decouverte 2013-02-03 13:34 . 2013-02-03 13:34 -------- d-----w- c:\users\Utilisateur 2013-02-03 10:30 . 2013-02-03 10:30 -------- d-----w- c:\users\frederique\AppData\Roaming\GoforFiles 2013-02-02 22:29 . 2013-02-02 22:29 -------- d-----w- c:\users\frederique\AppData\Roaming\ExpressFiles 2013-02-02 16:22 . 2013-02-02 16:22 -------- d-----w- c:\program files\VIRTUELSOFT 2013-02-01 15:23 . 2013-02-01 16:07 -------- d-----w- c:\programdata\Studio-Scrap4 2013-02-01 15:21 . 2013-02-08 15:19 -------- d-----w- c:\users\frederique\AppData\Roaming\Studio-Scrap4 2013-02-01 15:20 . 2013-02-01 15:20 -------- d-----w- c:\users\frederique\AppData\Local\Programs 2013-02-01 15:08 . 2013-02-02 23:50 -------- d-----w- c:\programdata\WSS 2013-02-01 15:08 . 2013-02-01 15:08 -------- d-----w- c:\program files\Wondershare . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-25 13:47 . 2009-03-08 12:24 45056 ----a-w- c:\windows\system32\acovcnt.exe 2013-02-25 12:12 . 2012-08-31 21:42 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-02-25 12:12 . 2010-11-01 21:44 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-02-15 11:08 . 2012-07-03 12:04 1420588 ----a-w- c:\windows\system32\~.tmp 2013-01-17 00:28 . 2009-10-03 08:27 232336 ------w- c:\windows\system32\MpSigStub.exe 2012-12-16 14:25 . 2012-12-21 17:52 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:25 . 2012-12-21 17:52 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-07 05:04 . 2013-01-09 20:18 308736 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 04:57 . 2013-01-09 20:18 2576384 ----a-w- c:\windows\system32\gameux.dll 2012-12-07 03:21 . 2013-01-09 20:18 45568 ----a-w- c:\windows\system32\oflc-nz.rs 2012-12-07 03:21 . 2013-01-09 20:18 44544 ----a-w- c:\windows\system32\pegibbfc.rs 2012-12-07 03:21 . 2013-01-09 20:18 43520 ----a-w- c:\windows\system32\csrr.rs 2012-12-07 03:21 . 2013-01-09 20:18 30720 ----a-w- c:\windows\system32\usk.rs 2012-12-07 03:21 . 2013-01-09 20:18 23552 ----a-w- c:\windows\system32\oflc.rs 2012-12-07 03:21 . 2013-01-09 20:18 20480 ----a-w- c:\windows\system32\pegi-pt.rs 2012-12-07 03:21 . 2013-01-09 20:18 20480 ----a-w- c:\windows\system32\pegi.rs 2012-12-07 03:21 . 2013-01-09 20:18 20480 ----a-w- c:\windows\system32\pegi-fi.rs 2012-12-07 03:21 . 2013-01-09 20:18 46592 ----a-w- c:\windows\system32\fpb.rs 2012-12-07 03:21 . 2013-01-09 20:18 21504 ----a-w- c:\windows\system32\grb.rs 2012-12-07 03:21 . 2013-01-09 20:18 55296 ----a-w- c:\windows\system32\cero.rs 2012-12-07 03:21 . 2013-01-09 20:18 51712 ----a-w- c:\windows\system32\esrb.rs 2012-12-07 03:21 . 2013-01-09 20:18 40960 ----a-w- c:\windows\system32\cob-au.rs 2012-12-07 03:21 . 2013-01-09 20:18 15360 ----a-w- c:\windows\system32\djctq.rs 2012-11-30 05:06 . 2013-01-09 20:19 169984 ----a-w- c:\windows\system32\winsrv.dll 2012-11-30 05:00 . 2013-01-09 20:19 293376 ----a-w- c:\windows\system32\KernelBase.dll 2012-11-30 04:56 . 2013-01-09 20:19 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-11-30 04:56 . 2013-01-09 20:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-11-30 04:56 . 2013-01-09 20:19 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-11-30 04:56 . 2013-01-09 20:19 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-11-30 04:56 . 2013-01-09 20:19 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-11-30 04:56 . 2013-01-09 20:19 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-11-30 04:56 . 2013-01-09 20:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-11-30 04:56 . 2013-01-09 20:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-11-30 04:56 . 2013-01-09 20:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-11-30 04:56 . 2013-01-09 20:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-11-30 04:56 . 2013-01-09 20:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-11-30 04:56 . 2013-01-09 20:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-11-30 04:56 . 2013-01-09 20:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-11-30 04:56 . 2013-01-09 20:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-11-30 04:56 . 2013-01-09 20:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-11-30 04:56 . 2013-01-09 20:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-11-30 04:56 . 2013-01-09 20:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-11-30 04:56 . 2013-01-09 20:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-11-30 04:56 . 2013-01-09 20:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-11-30 04:56 . 2013-01-09 20:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-11-30 04:56 . 2013-01-09 20:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-11-30 04:56 . 2013-01-09 20:19 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-11-30 04:56 . 2013-01-09 20:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-11-30 04:56 . 2013-01-09 20:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-11-30 03:07 . 2013-01-09 20:19 271360 ----a-w- c:\windows\system32\conhost.exe 2012-11-30 02:51 . 2013-01-09 20:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:51 . 2013-01-09 20:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:51 . 2013-01-09 20:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-11-30 02:51 . 2013-01-09 20:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2008-07-02 02:28 . 2008-07-02 02:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll 2009-07-14 00:16 . 2013-01-18 22:26 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-07-14 00:16 . 2013-01-18 22:26 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2013-02-06 13:41 . 2013-01-18 22:26 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2012-02-16 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll [7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{1F30D846-4BEF-4246-B19E-7E503B0E6639}] 2012-04-05 09:56 138240 ----a-w- c:\program files\FBFlicker\Extension32.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] 2013-02-21 23:43 197920 ----a-w- c:\program files\Yontoo\YontooIEClient.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\frederique\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\frederique\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\frederique\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\frederique\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384] "Facebook Update"="c:\users\frederique\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-10-31 138096] "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304] "Yontoo Desktop"="c:\users\frederique\AppData\Roaming\Yontoo\YontooDesktop.exe" [2013-02-02 42784] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416] "RtHDVCpl"="RtHDVCpl.exe" [2008-08-12 6265376] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344] "ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-03-08 47672] "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2009-03-08 33136] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744] "ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016] "HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-01 13789728] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-04-26 593920] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine" [X] . c:\users\frederique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\frederique\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . R1 DsaLwf;NDIS LightWeight Filter For DSA;c:\windows\system32\DRIVERS\dsalwf.sys [x] R2 gupdate1ca272d500171de;Service Google Update (gupdate1ca272d500171de);c:\program files\Google\Update\GoogleUpdate.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [x] R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [x] R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [x] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x] S2 FBFlicker Updater;FBFlicker Updater;c:\program files\FBFlicker\ExtensionUpdaterService.exe [x] S2 IB Updater;IB Updater;c:\program files\IB Updater\ExtensionUpdaterService.exe [x] S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x] S2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files\Yontoo\Y2Desktop.Updater.exe [x] S3 SiSGbeLH;Pilote SiS191/SiS190 Ethernet Device NDIS 6.0;c:\windows\system32\DRIVERS\SiSGB6.sys [x] . . --- Autres Services/Pilotes en mémoire --- . *Deregistered* - avgntflt . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contenu du dossier 'Tâches planifiées' . 2013-02-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-20 17:05] . 2013-02-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1733660138-2963404441-2591627050-1000Core.job - c:\users\frederique\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-31 20:41] . 2013-02-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1733660138-2963404441-2591627050-1000UA.job - c:\users\frederique\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-31 20:41] . 2013-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-27 15:44] . 2013-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-27 15:44] . 2013-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1733660138-2963404441-2591627050-1000Core.job - c:\users\frederique\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-25 13:04] . 2013-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1733660138-2963404441-2591627050-1000UA.job - c:\users\frederique\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-25 13:04] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.delta-search.com/?affID=119292&babsrc=HP_ss&mntrId=4cdac6c10000000000000022437a8967 uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{1C017A04-3674-47D1-BA1C-6A8CC8AB8234}: DhcpNameServer = 192.168.42.129 DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab FF - ProfilePath - c:\users\frederique\AppData\Roaming\Mozilla\Firefox\Profiles\p7sgp91v.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3176921&SearchSource=3&q={searchTerms}&CUI=UN38190842601832921 FF - prefs.js: browser.startup.homepage - hxxps://www.google.fr/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3176921&SearchSource=2&CUI=UN38190842601832921&UM=UM_ID&q= FF - ExtSQL: 2012-12-26 20:35; [email protected]; c:\users\frederique\AppData\Roaming\Mozilla\Firefox\Profiles\p7sgp91v.default\extensions\[email protected] FF - ExtSQL: 2013-02-02 23:43; {88ac3cb6-596b-4217-964c-b6757ef9602d}; c:\users\frederique\AppData\Roaming\Mozilla\Firefox\Profiles\p7sgp91v.default\extensions\{88ac3cb6-596b-4217-964c-b6757ef9602d} FF - ExtSQL: 2013-02-24 19:30; [email protected]; c:\users\frederique\AppData\Roaming\Mozilla\Firefox\Profiles\p7sgp91v.default\extensions\[email protected] FF - ExtSQL: !HIDDEN! 2011-07-16 15:10; [email protected]; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - ExtSQL: !HIDDEN! 2011-07-16 15:18; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=4cdac6c10000000000000022437a8967&q= FF - user.js: extensions.BabylonToolbar.id - 4cdac6c10000000000000022437a8967 FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB} FF - user.js: extensions.BabylonToolbar.instlDay - 15680 FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.4.9 FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.4.9 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.4.917:18 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - base FF - user.js: extensions.BabylonToolbar.instlRef - sst FF - user.js: extensions.BabylonToolbar.dfltLng - en FF - user.js: extensions.BabylonToolbar_i.excTlbr - false FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.admin - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108904&tt=051212_crm_4912_3 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar.autoRvrt - false FF - user.js: extensions.BabylonToolbar.rvrt - false FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyWoPQyYu&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - 4cdac6c10000000000000022437a8967 FF - user.js: extensions.incredibar_i.instlDay - 15680 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1421:57 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6OyWoPQyYu FF - user.js: extensions.incredibar_i.upn2n - 92262576620409662 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10658 FF - user.js: extensions.incredibar_i.ppd - FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_status - inactive|||8641361734208935 FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_inactive_by_user - true|||8641361734208935 FF - user.js: extentions.y2layers.installId - b2157f63-ced8-48a4-9e41-106a786ed100 FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers FF - user.js: extensions.autoDisableScopes - 14 . - - - - ORPHELINS SUPPRIMES - - - - . URLSearchHooks-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file) URLSearchHooks-{8e5025c2-8ea3-430d-80b8-a14151068a6d} - (no file) BHO-{F0626A63-410B-45E2-99A1-3F2475B2D695} - c:\program files\SGPSA\BHO.dll Toolbar-Locked - (no file) WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file) WebBrowser-{8E5025C2-8EA3-430D-80B8-A14151068A6D} - (no file) HKCU-Run-Wahoo - c:\users\frederique\AppData\Local\WahOO\Wahoo.exe HKCU-Run-cacaoweb - c:\users\frederique\AppData\Roaming\cacaoweb\cacaoweb.exe HKCU-Run-uTorrent - c:\users\frederique\Pictures\Documents\Desktop\uTorrent.exe HKLM-Run-FBSSA - c:\program files\SGPSA\ie3sh.exe HKLM-Run-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\.Default\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**Üm`}] "LP_LastUpdateTime"="0" "LP_LastCheckTime"=dword:4f3e1d4d . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'Explorer.exe'(5848) c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll c:\users\frederique\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\servicing\TrustedInstaller.exe c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe c:\program files\ATK Hotkey\ASLDRSrv.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\ASUS\NB Probe\SPM\spmgr.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\taskhost.exe c:\program files\ASUS\SmartLogon\sensorsrv.exe c:\windows\system32\conhost.exe c:\program files\ASUS\Splendid\ACMON.exe c:\program files\ASUS\ASUS CopyProtect\aspg.exe c:\program files\ATK Hotkey\Hcontrol.exe c:\program files\ATK Hotkey\MsgTranAgt.exe c:\program files\P4G\BatteryLife.exe c:\windows\System32\ACEngSvr.exe c:\program files\ATK Hotkey\ATKOSD.exe c:\program files\ATK Hotkey\KBFiltr.exe c:\program files\ATK Hotkey\WDC.exe c:\windows\RtHDVCpl.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\DllHost.exe . ************************************************************************** . Heure de fin: 2013-02-25 14:55:37 - La machine a redémarré ComboFix-quarantined-files.txt 2013-02-25 13:55 . Avant-CF: 44 938 096 640 octets libres Après-CF: 44 385 288 192 octets libres . - - End Of File - - 9BA2A9EF058F8273FEC689257F2A6302