FORUM D’ENTRAIDE INFORMATIQUE (FEI)Site d’assistance et de sécurité informatique

[Laurinette]

Bonsoir,
Depuis hier mon ordinateur est infecté par différents programmes. nous avons désinstallé la plupart mais qone8 refuse de partir... Mon mari a passé la journée sur l'ordinateur (sic) mais rien à faire il réapparait toujours. Ce qui me tue c'est que nous avons investi dans Norton antivirus histoire de ne plus avoir aucun problème..
Quelqu'un peut m'aider?
Merci d'avance,
Laurinette Co

[g3n-h@ckm@n]

salut norton pas terrible

• Désactive ton antivirus sinon l'outil ne pourra pas travailler convenablement.
• Télécharge Shortcut_Module sur ton bureau.
  
  Note : Enregistrer votre travail avant de continuer !
• Lance Shortcut_Module,
• Clic sur Nettoyer
  
  
  
  Note : Patiente le temps du scan
• Laisse travailler l'outil même s'il te parait bloqué
• Si l'outil détecte un proxy que tu ne connais pas clic sur : "Supprimer le proxy"
• Héberge le rapport C:\Shortcut_Module_date_heure.txt sur http://upload.sosvirus.net/ puis donne le lien obtenu

[Laurinette]

Bonjour!

D'avance merci pour ton aide.

Désolée de n'être pas passée avant mais j'ai le problème suivant :
J'ai désactivé Norton et la protection Microsoft du PC (d'ailleurs ces deux là font peut-être double emploi non?) mais malheureusement impossible de lancer shortcut module. Ca me dit:
Line 10753 (File"C:\Users\Laurie\Desktop\Shortcut_Module.exe"):
Error: Unbalanced brackets in expression.

Comment puis-je faire s'il te plait?

Merci,

Laurinette

[g3n-h@ckm@n]

salut supprime-le puis retelecharge-le

[Laurinette]

Merci! Ca a fonctionné cette fois-ci!
Le rapport se trouve là: http://upload.sosvirus.net/www/?a=di=DAC6DPX4MX
J'ai été voir dans les programmes: plus de qone8. En revanche plusieurs programmes sont notés comme ayant été installés aujourd'hui, ceci incluant la suite Microsoft.
Que faut il faire maintenant?
Merci encore,
Laurinette

[g3n-h@ckm@n]

va falloir choisir :

Norton
Microsoft Security essentials
Trend Micro

.....

Désactive ton antivirus.

selectionne ce texte , puis CTRL + C

SaveeNewwaaAppz
BiitoSaver
bfoeeoipmijgfipmegcgikfjgfogmcnh
mbeljkckedegjhfcbghjammbdjbonjmb

relance shortcut_module puis clique sur le petit "S" en bas.
un fichier "module" va s'ouvrir avec les lignes copiées , si c'est le cas referme-le et relance un nettoyage il prendra ces parametres en compte sinon fais en sorte qu il n'y ait que ca dedans , puis ferme en acceptant la modification s'il y a lieu et relance le nettoyage

poste enfin le nouveau rapport

================

Désactive ton antivirus.

selectionne ce texte , puis CTRL + C

::C:\Users\Laurie\Desktop\BD\Bandes dessinées-Magazines\Jérémiah-30 albums+1HS\Jérémiah - T11 - Delta
::C:\Users\Laurie\Desktop\BD\Bandes dessinées-Magazines\Lucky Luke T1 à 74+9HS\Lucky Luke 28 - L'escorte
::C:\Users\Laurie\Desktop\BD\Bandes dessinées-Magazines\Tanguy et Laverdure-27 albums\19-La mystérieuse  Escadre Delta

relance shortcut_module puis clique sur le petit "" en bas.
un fichier "Restore" va s'ouvrir avec les lignes copiées , si c'est le cas referme-le et il prendra ces parametres en compte sinon fais en sorte qu il n'y ait que ca dedans , puis ferme en acceptant la modification s'il y a lieu

poste enfin le nouveau rapport

[Laurinette]

Bonjour,
J'ai enlevé Trend Micro et les deux autres sont désactivés.
Mon problème c'est que je ne vois ni le petit "S", ni le petit "" sur l'écran d'accueil de shortcut module. Il est en fait différent de celui que tu as posté: à la place de ceci j'ai une pub pour SOS virus.
J'ai même relancé l'application 2 fois au cas où.
Je dois être miro ou pas bien faire les choses mais là, j'avoue, je sèche....
Désolée et merci d'avance pour le coup de main.
Laurinette

[g3n-h@ckm@n]

hello à mon avis oui tu es miro :

http://cjoint.com/14jn/DFirS7KD5gy.htm

[Laurinette]

Ben le problème c'est que ce n'est pas ce qui s'affiche chez moi ;-) (donc ouf je ne suis pas miro) voici ce que je vois: http://upload.sosvirus.net/www/?a=di=VGgDGJFNtx

[g3n-h@ckm@n]

tu le telecharges bien de mon lien bleu ?

[Laurinette]

Oui.
Quand je clique sur le lien, j'arrive sur SOS virus. C'est de là que j'ai téléchargé le programme.

[g3n-h@ckm@n]

tu peux me faire une capture du clic droit sur le fichier => propriétés => details ?

[Laurinette]

re-bonjour,

Hum... effectivement pour une raison que j'ignore j'ai une version antédiluvienne du programme... mais pourtant je l'ai téléchargé le 7 juin au début de la désinfection... ???
Voici la capture d'écran: http://upload.sosvirus.net/www/?a=di=HxVL4dI2SJ

Donc, je suppose que maintenant je supprime cette version, re-télécharge le programme direct depuis ton lien et je devrais voir les "S" et autres "".

Franchement je ne comprend pas comment c'est arrivé...

Merci,

Laurinette

[g3n-h@ckm@n]

oui fais cela

[Laurinette]

Voici le 1er rapport: http://upload.sosvirus.net/www/?a=di=3MJHUAV0Wv
ça n'a pas été simple: Windows s'est arrêté à un moment et un truc nommé steams a tout bloqué pendant pas mal de temps.
Je reprends le tout pour la 2ème action!

[Laurinette]

voici le 2ème rapport: http://upload.sosvirus.net/www/?a=di=BCNspN28v9
et maintenant?
merci,
Laurinette

[g3n-h@ckm@n]

t'es-t-il possible de ne pas installer de programmes pendant la desinfection stp ?

[Laurinette]

Bonjour,
Heu... je n'ai rien installé du tout.

[g3n-h@ckm@n]

hello la restauration des trois dossiers n'a pas fonctionné ,tu vas devoir aller les chercher manuellement dans la quarantaine de Shortcut_module dans ton disque C:\

je vois toujours deux antivirus dans le rapport

AV : Norton Internet Security Disabled
AS : Microsoft Security Essentials Disabled
FW : Norton Internet Security Enabled

[Laurinette]

Arghhh!: je rentre du bureau...
j'ai mis Norton en total disable... enfin dans ce que j'arrive à faire.
pour les fichiers à récupérer manuellement (pour quoi faire?) je les trouve où?
voici ce que je vois : http://upload.sosvirus.net/www/?a=di=SAuxcFxqyX
merci d'avance (j'ai l'impression d'être un méga boulet.. pardon ;-( )

[g3n-h@ckm@n]

il faut desinstaller un des deux antivirus

pour les trois dossiers cités plus haut je les vois donc récupère-les

[Laurinette]

Bonjour,
désolée mais les grèves SNCF m'ont éloignée de mon ordinateur...
J'ai désinstallé Microsoft security essentials. Et fais un copier-coller des 3 dossiers.
Et maintenant?
Bonne journée,
laurinette

[g3n-h@ckm@n]

hello bien !

• Télécharge MalwareBytes
• Procède à l'installation de celui çi Décocher "Activer l'essai gratuit de Malwarebytes Anti-Malware Premium"
• Clic sur Mettre à jour (à droite, au centre)
• Clic sur Examen (en haut)
• Sélectionne Examen "Menaces"
• Clic sur Examiner maintenant
  
  
• A la fin du scan clic sur Tout mettre en quarantaine !
• Clic sur Copier dans le Presse-papiers
• Un rapport va s'ouvrir. Copie/Colle son contenue dans ta prochaine réponse.

[Laurinette]

Le programme était en anglais et je n'ai pas eu de rapport qui s'est ouvert de lui même... mais j'ai fait export log et voici le rapport  
Malwarebytes Anti-Malware
http://www.malwarebytes.org

Scan Date: 15/06/2014
Scan Time: 23:04:03
Logfile: export.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.15.05
Rootkit Database: v2014.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Laurie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327202
Time Elapsed: 11 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.SharedBHO.A, HKU\S-1-5-21-2103874959-2764994616-3454284517-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}, Quarantined, [a21f275146358fa728ae5ee1c53d06fa],
PUP.Optional.SharedBHO.A, HKU\S-1-5-21-2103874959-2764994616-3454284517-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}, Quarantined, [a21f275146358fa728ae5ee1c53d06fa],
PUP.Optional.ScanTack.A, HKU\S-1-5-21-2103874959-2764994616-3454284517-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ScanTack, Quarantined, [0fb23f39d0ab11250c9abbfdae54c43c],

Registry Values: 2
PUP.Optional.SearchCertified.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURI, http://search.certified-toolbar.com?si= ... CA77DDq=%s, Quarantined, [4c75492f007b6dc929606f30f90931cf]
PUP.Optional.SearchCertified.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL, http://search.certified-toolbar.com?si= ... CA77DDq=%s, Quarantined, [f1d02850de9dac8a9eec326d9d657b85]

Registry Data: 10
PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.snapdo.com/?publisher=AirIn ... 09/02/2014, Good: (http://www.google.com), Bad: (http://feed.snapdo.com/?publisher=AirIn ... 09/02/2014),Replaced,[16ab6f0996e5af87bc32ea8321e32bd5]
PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-21-2103874959-2764994616-3454284517-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURI, http://search.certified-toolbar.com?si= ... CA77DDq=%s, Good: (http://www.google.com), Bad: (http://search.certified-toolbar.com?si= ... CA77DDq=%s),Replaced,[d7eaabcddba0171fd0c8f7811ce89070]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2103874959-2764994616-3454284517-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.snapdo.com/?publisher=AirIn ... 09/02/2014, Good: (http://www.google.com), Bad: (http://feed.snapdo.com/?publisher=AirIn ... 09/02/2014),Replaced,[50717305601b00360ae5125b19eb4bb5]
PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-21-2103874959-2764994616-3454284517-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL, http://search.certified-toolbar.com?si= ... CA77DDq=%s, Good: (http://www.google.com/), Bad: (http://search.certified-toolbar.com?si= ... CA77DDq=%s),Replaced,[8839b3c543381c1a5a3fcdab63a1f709]
PUP.Optional.Snapdo, HKU\S-1-5-21-2103874959-2764994616-3454284517-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://feed.snapdo.com/?publisher=AirIn ... 09/02/2014, Good: (http://www.google.com), Bad: (http://feed.snapdo.com/?publisher=AirIn ... 09/02/2014),Replaced,[7b461761ea91142279db3d3afe068080]
PUP.Optional.Snapdo, HKU\S-1-5-21-2103874959-2764994616-3454284517-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://feed.snapdo.com/?publisher=AirIn ... 09/02/2014, Good: (http://www.google.com), Bad: (http://feed.snapdo.com/?publisher=AirIn ... 09/02/2014),Replaced,[d0f10a6eee8dee48b1a43146ff05ad53]
PUP.Optional.Snapdo, HKU\S-1-5-21-2103874959-2764994616-3454284517-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://feed.snapdo.com/?publisher=AirIn ... 09/02/2014, Good: (http://www.google.com), Bad: (http://feed.snapdo.com/?publisher=AirIn ... 09/02/2014),Replaced,[a8195d1b3942082ee66ddd9ad331cf31]
PUP.Optional.Snapdo, HKU\S-1-5-21-2103874959-2764994616-3454284517-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://feed.snapdo.com/?publisher=AirIn ... 09/02/2014, Good: (http://www.google.com), Bad: (http://feed.snapdo.com/?publisher=AirIn ... 09/02/2014),Replaced,[11b0da9e4d2ee84e2234195e699ba25e]
PUP.Optional.Snapdo, HKU\S-1-5-21-2103874959-2764994616-3454284517-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://feed.snapdo.com/?publisher=AirIn ... 09/02/2014, Good: (http://www.google.com), Bad: (http://feed.snapdo.com/?publisher=AirIn ... 09/02/2014),Replaced,[ebd62d4bb8c384b24e09fe7970940ef2]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-2103874959-2764994616-3454284517-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.snapdo.com/?publisher=AirIn ... 09/02/2014, Good: (http://www.google.com), Bad: (http://feed.snapdo.com/?publisher=AirIn ... 09/02/2014),Replaced,[536ebfb97dfe74c227c8492425df06fa]

Folders: 2
Rogue.Multiple, C:\ProgramData\374311380, Quarantined, [3190f385047795a16523b7c2c63c15eb],
PUP.Optional.Lightning.A, C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml, Quarantined, [576a4d2bbac136006c7f3952649e3fc1],

Files: 3
PUP.Optional.NewTab.A, C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx, Quarantined, [be036414ccaf6ec82a27299553af14ec],
PUP.Optional.QuickStart.A, C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage, Quarantined, [0fb25c1c502be353468d37bfb44fab55],
Rogue.Multiple, C:\ProgramData\374311380\BITE5FE.tmp, Quarantined, [3190f385047795a16523b7c2c63c15eb],

Physical Sectors: 0
(No malicious items detected)


(end)

over to you (toujours en anglais dans le texte)

Laurinette

[g3n-h@ckm@n]

re

• Copie le script ci dessous :
  
  HKCU\Software
      HKLM\Software
      HKCU\Software\Microsoft\Command Processor /s
      HKLM\Software\Microsoft\Command Processor /s
      %Homedrive%\*
      %Homedrive%\*.
      %Userprofile%\*
      %Userprofile%\*.
      %Allusersprofile%\*
      %Allusersprofile%\*.
      %LocalAppData%\*
      %LocalAppData%\*.
      %Userprofile%\Local Settings\Application Data\*
      %Userprofile%\Local Settings\Application Data\*.
      %Userprofile%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\*
      %Userprofile%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\*.
      %programFiles%\*
      %programfiles%\Google\Desktop\*. /s
      %programFiles%\*.
      %Systemroot%\Installer\*.
      %Systemroot%\Temp\*.exe /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\system32\*.exe /lockedfiles
      %systemroot%\system32\*.in*
      %systemroot%\Tasks\*
      %systemroot%\Tasks\*.
      %systemroot%\system32\Tasks\*
      %systemroot%\system32\Tasks\*.
      %systemroot%\system32\drivers\*.sy* /lockedfiles
      %systemroot%\system32\config\*.exe /s
      %Systemroot%\ServiceProfiles\*.exe /s
      %systemroot%\system32\*.sys
      dir %Homedrive%\* /S /A:L /C
      msconfig
      activex
      /md5start
      explorer.exe
      winlogon.exe
      wininit.exe
      volsnap.sys
      atapi.sys
      ndis.sys
      cdrom.sys
      i8042prt.sys
      iastor.sys
      tdx.sys
      netbt.sys
      afd.sys
      /md5stop
      netsvcs
      safebootminimal
      safebootnetwork
      CREATERESTOREPOINT
• Télécharge OTL (by OldTimer) sur ton bureau.
• Lance OTL, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
• Coche/Sélectionne les cases comme l'image ci dessous
• Colle le Script copié plus haut dans la partie inférieure d'OTL "Personnalisation"
• Clique sur Analyse
  
  
• Une fois le scan terminé 1 ou 2 rapports vont s'ouvrir OTL.txt et Extras.txt.
• Héberge les rapports OTL.txt et Extras.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum
  
  Note : Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
  
  En cas de problème avec SOSUpload, utiliser Cjoint

[Laurinette]

Bonjour,

Enfin le week-end, j'arrive à trouver un peu de temps pour m'occuper de mon ordinateur... cette semaine encore la grève m'a tuer comme dirait l'autre. Désolée et ne pense pas que la désinfection ne m'intéresse pas... j'ai juste eu des horaires de malade cette semaine.  

rapport OTL : http://upload.sosvirus.net/www/?a=di=dCjDdxpmKv
rapport extra : http://upload.sosvirus.net/www/?a=di=DkoJ9isoGy

Merci de ton aide!

[g3n-h@ckm@n]

Fais analyser le(s) fichier(s) suivants sur Virustotal :

http://www.virustotal.com/index.html

clique sur "Parcourir" et trouve puis selectionne ce(s) fichier(s) :

C:\monitor.exe

* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.

[Laurinette]

Voilà : https://www.virustotal.com/fr/file/4724 ... 403349365/

[g3n-h@ckm@n]

• Télécharge UsbFix (de El Desaparecido) sur ton Bureau !
• Branche toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc...) sans les ouvrir.
• Fais clic droit dessus, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
• Choisis l'option Nettoyage
  
  
• Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse

[Laurinette]

et voilà:

############################## | UsbFix V 7.171 | [Nettoyage]

Utilisateur: Laurie (Administrateur) # ORANIA
Mis à jour le 09/06/2014 par El Desaparecido - SosVirus
Lancé à 18:47:27 | 21/06/2014

Site Web : http://www.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.usbfix.net/contact/

PC: Dell Inc. (09J60M )
CPU: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
RAM - [Total : 3895 Mo| Free : 1702 Mo]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.17126

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: Norton Internet Security [(!) Disabled | (!) Outdated]
AS: Norton Internet Security [(!) Disabled | (!) Outdated]
AS: Windows Defender [Enabled | Updated]
FW: Norton Internet Security [Enabled]
FW: Windows FireWall [(!) Disabled]

C:\ (%SystemDrive%) - Disque fixe # 465 Go (164 Go libre(s) - 35%) [OS] # NTFS
D:\ - CD-ROM
E:\ - Disque fixe # 932 Go (533 Go libre(s) - 57%) [INTENSO] # NTFS
F:\ - CD-ROM
G:\ - Disque fixe # 932 Go (682 Go libre(s) - 73%) [Billy] # NTFS

################## | Processus Stoppés |

C:\Windows\System32\spoolsv.exe (ID: 1272|ParentID: 560)
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ID: 1500|ParentID: 560|Système)
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ID: 1524|ParentID: 560|Système)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1544|ParentID: 560|Système)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 1564|ParentID: 560|Système)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 1588|ParentID: 560|Système)
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (ID: 1620|ParentID: 560|Système)
C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe (ID: 1692|ParentID: 560|Système)
C:\Program Files (x86)\DELL\Dell Datasafe Online\NOBuAgent.exe (ID: 1836|ParentID: 560|Système)
C:\monitor.exe (ID: 1960|ParentID: 1904|Système)
C:\Windows\System32\taskhost.exe (ID: 1904|ParentID: 560|Laurie)
C:\Windows\System32\taskeng.exe (ID: 2124|ParentID: 336|Laurie)
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (ID: 2272|ParentID: 2124|Laurie)
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (ID: 2280|ParentID: 2124|Laurie)
C:\Windows\explorer.exe (ID: 2320|ParentID: 2304|Laurie)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 2624|ParentID: 2320|Laurie)
C:\Windows\System32\igfxtray.exe (ID: 2636|ParentID: 2320|Laurie)
C:\Windows\System32\hkcmd.exe (ID: 2648|ParentID: 2320|Laurie)
C:\Windows\System32\igfxpers.exe (ID: 2684|ParentID: 2320|Laurie)
C:\Program Files (x86)\Skype\Phone\Skype.exe (ID: 2744|ParentID: 2320|Laurie)
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (ID: 2764|ParentID: 2320|Laurie)
C:\Users\Laurie\AppData\Roaming\Dropbox\bin\Dropbox.exe (ID: 2776|ParentID: 2320|Laurie)
C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe (ID: 2844|ParentID: 2752|Laurie)
C:\Program Files (x86)\Multimedia Card Reader(6366)\ShwiconXP6366.exe (ID: 2860|ParentID: 2752|Laurie)
C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe (ID: 2884|ParentID: 2844|Laurie)
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (ID: 2916|ParentID: 2752|Laurie)
C:\Program Files (x86)\DELL\DELLOSD\DELLOSD.exe (ID: 2956|ParentID: 2884|Laurie)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (ID: 2996|ParentID: 2752|Laurie)
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe (ID: 2304|ParentID: 2752|Laurie)
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ID: 2076|ParentID: 2752|Laurie)
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (ID: 2968|ParentID: 2752|Laurie)
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ID: 1100|ParentID: 2076|Laurie)
C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID: 2248|ParentID: 2752|Laurie)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 3812|ParentID: 560|Système)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (ID: 3900|ParentID: 3812|Système)
C:\Windows\System32\SearchIndexer.exe (ID: 3424|ParentID: 560|Système)
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (ID: 2992|ParentID: 760|Laurie)
C:\Program Files\iPod\bin\iPodService.exe (ID: 4020|ParentID: 560|Système)
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (ID: 4028|ParentID: 2992|Laurie)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 4036|ParentID: 560|SERVICE RÉSEAU)
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe (ID: 3216|ParentID: 3212|Système)
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe (ID: 5300|ParentID: 3212|Système)
C:\Windows\System32\taskeng.exe (ID: 3704|ParentID: 336|Système)
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ID: 5164|ParentID: 560|SERVICE RÉSEAU)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 15844|ParentID: 2320|Laurie)
C:\Program Files (x86)\Internet Explorer\iexplore.exe (ID: 11612|ParentID: 15844|Laurie)
C:\Users\Laurie\Desktop\OTL.exe (ID: 14180|ParentID: 2320|Laurie)
C:\Program Files (x86)\Internet Explorer\iexplore.exe (ID: 2464|ParentID: 15844|Laurie)
C:\Windows\System32\MsSpellCheckingFacility.exe (ID: 6464|ParentID: 760|Laurie)
C:\Windows\splwow64.exe (ID: 13220|ParentID: 4832|Laurie)
C:\Program Files (x86)\Internet Explorer\iexplore.exe (ID: 12740|ParentID: 15844|Laurie)
C:\Windows\System32\SearchProtocolHost.exe (ID: 16484|ParentID: 3424|Système)
C:\Windows\System32\SearchFilterHost.exe (ID: 16516|ParentID: 3424|Système)

################## | Autorun |


################## | Recherche générique |

Supprimé! G:\._autorun.inf

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKU\S-1-5-21-2103874959-2764994616-3454284517-1000\Software\.\.\.\.\Mountpoints2\{64fba732-902c-11e1-90d0-00217061ba1a}

################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
F3 - HKCU\..\Winlogon : [Shell] explorer.exe
04 - HKCU\..\Run : [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKCU\..\Run : [CCleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
04 - HKCU\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKLM\..\Run : [DELLOSD] C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe
04 - HKLM\..\Run : [ShwiconXP6366] c:\Program Files (x86)\Multimedia Card Reader(6366)\ShwiconXP6366.exe
04 - HKLM\..\Run : [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
04 - HKLM\..\Run : [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
04 - HKLM\..\Run : [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
04 - HKLM\..\Run : [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
04 - HKLM\..\Run : [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
04 - HKLM\..\Run : [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
04 - HKLM\..\Run : [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - [x64] HKLM\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
04 - [x64] HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - [x64] HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - [x64] HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-2103874959-2764994616-3454284517-1000\..\Run : [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKU\S-1-5-21-2103874959-2764994616-3454284517-1000\..\Run : [CCleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
04 - HKU\S-1-5-21-2103874959-2764994616-3454284517-1000\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

################## | C:\ %SystemDrive% - Disque Fixe (NTFS) |

[15/02/2014 - 18:56:04 | N | 46 Ko] - C:\Shortcut_Module_15_02_2014_17_56_04.txt
[18/02/2014 - 23:08:21 | N | 1 Ko] - C:\DelFix.txt
[13/03/2014 - 04:22:09 | N | 0 Ko] - C:\log.txt
[07/06/2014 - 18:15:17 | N | 110 Ko] - C:\Shortcut_Module_07_06_2014_18_15_17.txt
[08/06/2014 - 12:24:46 | N | 10 Ko] - C:\Shortcut_Module_08_06_2014_12_24_46.txt
[08/06/2014 - 14:51:00 | N | 7 Ko] - C:\Shortcut_Module_08_06_2014_14_51_00.txt
[09/06/2014 - 15:51:32 | N | 58 Ko] - C:\Shortcut_Module_09_06_2014_15_51_32.txt
[09/06/2014 - 16:04:25 | N | 18 Ko] - C:\Shortcut_Module_09_06_2014_16_04_25.txt
[15/06/2014 - 23:18:03 | N | 9 Ko] - C:\export.txt
[16/06/2014 - 21:53:35 | ASH | 2991144 Ko] - C:\hiberfil.sys
[16/06/2014 - 21:53:39 | ASH | 3988192 Ko] - C:\pagefile.sys
[08/02/2014 - 08:44:35 | N | 1 Ko] - C:\Sonic-the-Hedgehog-3-(U)-[!].srm
[16/06/2011 - 19:24:12 | N | 4 Ko] - C:\dell.sdr
[07/06/2014 - 18:20:56 | N | 0 Ko] - C:\tmuninst.ini
[11/03/2013 - 21:19:10 | N | 392 Ko | SHA1: 457B1CD985ED07BAFFD8C66FF40E9C1B6DA93753] - C:\wget.exe
[03/02/2014 - 04:00:18 | N | 33 Ko | SHA1: C5E60CCD154DB4E5978E33285DB016171C80ED79] - C:\monitorsvc.exe
[03/02/2014 - 04:00:36 | N | 476 Ko | SHA1: F3680A1984E2C066FF5F7E317702068F5BE1615C] - C:\monitor.exe
[31/03/2013 - 21:00:51 | SHD] - C:\$Recycle.Bin
[14/07/2009 - 05:20:08 | D] - C:\PerfLogs
[14/07/2009 - 07:08:56 | SHD] - C:\Documents and Settings
[16/06/2011 - 10:26:59 | D] - C:\Intel
[16/06/2011 - 17:53:52 | D] - C:\Apps
[16/06/2011 - 19:13:14 | D] - C:\Drivers
[10/04/2012 - 19:05:08 | RHD] - C:\MSOCache
[10/04/2012 - 19:11:40 | D] - C:\dell
[26/09/2012 - 11:31:05 | D] - C:\SIERRA
[28/10/2012 - 16:52:05 | D] - C:\coktel
[11/11/2012 - 15:20:38 | D] - C:\BigFishGamesCache
[11/01/2014 - 15:49:21 | D] - C:\Users
[12/01/2014 - 12:11:10 | D] - C:\Support
[15/02/2014 - 01:44:01 | D] - C:\AdwCleaner
[04/06/2014 - 17:59:17 | D] - C:\NPE
[07/06/2014 - 18:14:51 | D] - C:\Temp
[10/06/2014 - 20:26:52 | D] - C:\Shortcut_Module
[15/06/2014 - 15:47:09 | D] - C:\Program Files
[15/06/2014 - 23:16:48 | HD] - C:\ProgramData
[16/06/2014 - 22:11:49 | D] - C:\Windows
[18/06/2014 - 19:28:01 | D] - C:\Program Files (x86)
[21/06/2014 - 12:18:15 | SHD] - C:\System Volume Information
[21/06/2014 - 18:45:45 | D] - C:\UsbFix

################## | E:\ - Disque Fixe (NTFS) |

[08/04/2014 - 15:00:46 | N | 2150592 Ko] - E:\Le Hobbit-La désolation de Smaug-2013.mkv
[10/04/2014 - 02:14:10 | N | 824059 Ko] - E:\Clochette et la Fée pirate-2014.mkv
[12/04/2014 - 10:37:48 | N | 896236 Ko] - E:\Le cinquième pouvoir-2013.mkv
[12/04/2014 - 14:03:51 | N | 967477 Ko] - E:\Hunger games-L'embrasement-2013-.mkv
[15/04/2014 - 08:52:10 | N | 709458 Ko] - E:\La reine des neiges-2013.mkv
[10/11/2013 - 20:36:10 | N | 4 Ko] - E:\media_db.csp
[17/11/2013 - 09:21:37 | SHD] - E:\$RECYCLE.BIN
[21/12/2013 - 09:07:25 | N | 0 Ko] - E:\db.assoc
[22/12/2013 - 20:03:52 | D] - E:\Films (13.12.13)
[17/12/2013 - 23:34:05 | D] - E:\Films
[25/05/2014 - 10:17:22 | SHD] - E:\System Volume Information

################## | G:\ - Disque Fixe (NTFS) |

[25/01/2010 - 14:46:22 | N | 18 Ko] - G:\RubanDocsessai.zip
[07/11/2007 - 08:00:40 | N | 10 Ko] - G:\eula.1033.txt
[07/11/2007 - 08:00:40 | N | 17 Ko] - G:\eula.1031.txt
[07/11/2007 - 08:00:40 | N | 17 Ko] - G:\eula.1028.txt
[07/11/2007 - 08:00:40 | N | 17 Ko] - G:\eula.1036.txt
[07/11/2007 - 08:00:40 | N | 17 Ko] - G:\eula.3082.txt
[07/11/2007 - 08:00:40 | N | 17 Ko] - G:\eula.2052.txt
[07/11/2007 - 08:00:40 | N | 0 Ko] - G:\eula.1041.txt
[07/11/2007 - 08:00:40 | N | 17 Ko] - G:\eula.1042.txt
[07/11/2007 - 08:00:40 | N | 17 Ko] - G:\eula.1040.txt
[25/01/2010 - 15:45:33 | N | 60 Ko] - G:\Bernhard_Modern_BT.ttf
[07/11/2007 - 08:12:28 | N | 228 Ko] - G:\VC_RED.MSI
[26/10/2011 - 08:26:08 | N | 0 Ko] - G:\Raccourci vers NESTOR (D).lnk
[07/11/2007 - 08:00:40 | N | 1 Ko] - G:\install.ini
[07/11/2007 - 08:00:40 | N | 1 Ko] - G:\globdata.ini
[06/07/2011 - 20:46:00 | N | 0 Ko] - G:\LaCie.ini
[06/07/2011 - 20:46:58 | N | 0 Ko] - G:\autorun.inf
[06/07/2011 - 20:46:58 | N | 25 Ko] - G:\.VolumeIcon.ico
[06/07/2011 - 20:46:58 | N | 28 Ko] - G:\.VolumeIcon.icns
[07/11/2007 - 08:03:18 | N | 550 Ko | SHA1: FB517ABB38E9CCC67DE411D4F18A9446C11C0923] - G:\install.exe
[07/11/2007 - 08:03:18 | N | 95 Ko | SHA1: 0616CDE3285284430679368575A5A4ED3672722D] - G:\install.res.1036.dll
[07/11/2007 - 08:03:18 | N | 93 Ko | SHA1: 3B01AA2CE407D89AE218A4CD81D21E3F25077B5B] - G:\install.res.1040.dll
[07/11/2007 - 08:03:18 | N | 94 Ko | SHA1: 9C57F09A4613B8F44C730511D3CCA9121780B630] - G:\install.res.3082.dll
[07/11/2007 - 08:03:18 | N | 78 Ko | SHA1: E263B6FB41E2984CDF8D23A25EF1C536F32C4EC3] - G:\install.res.1042.dll
[07/11/2007 - 08:03:18 | N | 74 Ko | SHA1: 24A1F8FF465746148BB82364713FB75297BC9656] - G:\install.res.2052.dll
[07/11/2007 - 08:03:18 | N | 75 Ko | SHA1: 549AB876AC211651E77A458FC72859B6B1C304CB] - G:\install.res.1028.dll
[07/11/2007 - 08:03:18 | N | 94 Ko | SHA1: 9723B8595A326B38ECB31F64B3A67C1ED339BB60] - G:\install.res.1031.dll
[07/11/2007 - 08:03:18 | N | 89 Ko | SHA1: 9EC25485A7FF52D1211A28CCA095950901669B34] - G:\install.res.1033.dll
[07/11/2007 - 08:03:18 | N | 80 Ko | SHA1: CC9D7D205F965659429B95DD2F317D9D4DE8820B] - G:\install.res.1041.dll
[07/11/2007 - 08:09:22 | N | 1409 Ko] - G:\VC_RED.cab
[07/11/2007 - 08:00:40 | N | 6 Ko] - G:\vcredist.bmp
[11/11/2012 - 18:27:29 | SHD] - G:\$RECYCLE.BIN
[28/08/2011 - 15:24:35 | N | 717072 Ko] - G:\Cars2.2.avi
[29/10/2012 - 14:16:51 | D] - G:\photos sony-11.12
[06/07/2011 - 20:46:00 | D] - G:\Bin
[08/09/2011 - 18:22:08 | SHD] - G:\RECYCLER
[21/03/2012 - 10:30:32 | D] - G:\Back up ordi 2 Le BON
[21/03/2012 - 13:48:52 | D] - G:\Documents Homologation
[20/04/2012 - 20:24:21 | D] - G:\STBV Mix
[30/04/2012 - 22:26:21 | D] - G:\0a1625221ddbc3cdc997ba
[08/07/2012 - 21:59:41 | D] - G:\Firefox
[01/10/2012 - 22:36:12 | D] - G:\d3a3c7989d42a49169102313
[11/11/2012 - 18:09:04 | D] - G:\Sonneries-Mp3
[11/11/2012 - 19:27:31 | D] - G:\OPphotos Iphone
[07/12/2012 - 11:17:34 | D] - G:\Photos-1212
[05/03/2013 - 04:01:09 | D] - G:\15a396df532c259b751d40eb50cf
[30/04/2013 - 11:25:25 | D] - G:\Récupération Bureau et images 10 04 2012
[07/06/2014 - 18:18:50 | SHD] - G:\System Volume Information

################## | Vaccin |

E:\Autorun.inf - Vaccin créé par UsbFix (El Desaparecido)
G:\Autorun.inf - Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.sosvirus.net/ | http://www.usbfix.net/ |

[g3n-h@ckm@n]

bon !

supprime ca :

G:\Firefox

===============================

• Seuls ces liens sont officiels ne pas télécharger l'outil sur d'autres liens !
  
  Note : Pendant le scan le bureau peut disparaître à plusieurs reprises
• Désactive toutes tes protections si possible, antivirus, sandbox, pare-feux ... ( Aide )
• Télécharge Pre_Scan sur ton bureau !
• Si le lien n'est pas fonctionnel :
• #ICI (renommé winlogon)

[*]Si l'outil est bloqué par l'infection essaye avec d'autres extensions :

[*]#SCR
[*]#PIF
[*]#COM

[*]Si des Proxy sont détectés et que tu n'en as pas installé :

[*]Clique sur Supprimer le Proxy

[*]A la fin du scan, rends toi à la racine de ton disque dur ( C:\ )
[*]Héberge le rapport Pre_Scan¤¤¤¤¤¤¤¤¤.txt sur http://cjoint.com puis donne le lien

[Laurinette]

J'ai essayé chacune des extensions... et aucune ne va au bout. A chaque fois je me retrouve avec un écran d'erreur au bout d'une petite dizaine de minutes. Navrée.
Je fais quoi?

[g3n-h@ckm@n]

je peux avoir des précisions sur l'écran d'erreur ?

[Laurinette]

il va falloir que je re-télécharge tout. Je te fais ça dans la soirée.

[Laurinette]

alors, tous me disent: line 14297 (desktop + nom du programme) error: variable used without being declared.
Je ne peux pas faire d'imprime écran car à chaque fois je dois redémarrer l'ordinateur.

[g3n-h@ckm@n]

ok essaie avec Combofix

http://www.sosvirus.net/viewtopic.php?f=281t=755

[Laurinette]

Voici le rapport
de ce que je peux voir (sur les premières lignes) Norton est tjs actif... mais je l'ai pourtant désactivé autant que possible...

ComboFix 14-06-24.01 - Laurie 24/06/2014 5:20.1.2 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3895.1901 [GMT 2:00]
Lancé depuis: c:\users\Laurie\Desktop\240614.exe
AV: Norton Internet Security *Disabled/Outdated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Disabled/Outdated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6426\AddOnDownloaded\073fb38f-0e69-479d-bca1-4f81ec9dcbf6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\0bb0beb6-da93-477d-980d-15bb6e2df09c.dll
c:\programdata\PCDr\6426\AddOnDownloaded\0d06f79c-d0e6-4610-9a2b-d8f1a48f4252.dll
c:\programdata\PCDr\6426\AddOnDownloaded\0d461521-7dbf-4cec-a29e-936c88cdf8c9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\100c3865-0c76-461b-b2fd-042d6d5fa7f6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll
c:\programdata\PCDr\6426\AddOnDownloaded\1b0b3c38-2b97-4f8d-954b-06296209b73d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\1e0aaf9a-9947-4a7b-b1ae-8a89919438ed.dll
c:\programdata\PCDr\6426\AddOnDownloaded\263d6ac9-4f87-466c-947c-bd9af71d7035.dll
c:\programdata\PCDr\6426\AddOnDownloaded\2a6b5d0b-a2fc-4bdd-b3fe-6bbefb85b7e4.dll
c:\programdata\PCDr\6426\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\3410f47b-5e8c-47c6-bf2c-234af4121d4c.dll
c:\programdata\PCDr\6426\AddOnDownloaded\378deb7f-049e-4a5e-83b2-5381dcd9e928.dll
c:\programdata\PCDr\6426\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll
c:\programdata\PCDr\6426\AddOnDownloaded\3a79f062-8f3e-464f-9815-2c45840494ee.dll
c:\programdata\PCDr\6426\AddOnDownloaded\3b1c7acd-5e3e-4459-ab98-5109117e2341.dll
c:\programdata\PCDr\6426\AddOnDownloaded\434373b7-17f4-4a5e-9e8f-2c1bb65cd9e5.dll
c:\programdata\PCDr\6426\AddOnDownloaded\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll
c:\programdata\PCDr\6426\AddOnDownloaded\4804ced5-915b-48a3-a465-b8a5e02714bf.dll
c:\programdata\PCDr\6426\AddOnDownloaded\4818e109-9489-4cd8-9044-44defd8ec187.dll
c:\programdata\PCDr\6426\AddOnDownloaded\50441041-9037-4c34-842c-4a8523e700da.dll
c:\programdata\PCDr\6426\AddOnDownloaded\51fdf16e-ecb9-4fa4-8469-76fc9a22293b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\57d7325c-8462-4866-a9ca-3f9228775fed.dll
c:\programdata\PCDr\6426\AddOnDownloaded\59be3af2-87f2-4d3a-b380-7509f3d47c40.dll
c:\programdata\PCDr\6426\AddOnDownloaded\62d1f0b0-bc9a-4f6c-bad7-93b19a91276a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\64882123-3c6f-4e15-8579-c6d1ba56c9de.dll
c:\programdata\PCDr\6426\AddOnDownloaded\67c3d4fe-b638-467a-9fe2-c5813ade3330.dll
c:\programdata\PCDr\6426\AddOnDownloaded\6820b110-e483-4f1e-9b48-438f7916f078.dll
c:\programdata\PCDr\6426\AddOnDownloaded\6b5978fa-48d7-4309-a523-7e157768c0d8.dll
c:\programdata\PCDr\6426\AddOnDownloaded\6f4fb483-ce30-493a-8cb4-3e530ab1be5b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\739db3eb-d3cd-4c86-a6ea-01a49984fa3b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\7bd83798-7a02-4f50-83a2-b91cabcbd1f9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\7bd91bf5-79bd-4c68-b85b-3c132cdb258a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\7dbfef1a-6148-4748-a1b3-71627763a45a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\813755dc-2229-47a2-b85b-19d0aaa641c9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\872965c7-08b7-47fc-a74c-ff167590b71a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\8745715d-dc8a-4b32-b6a6-89cd3d0cc3c5.dll
c:\programdata\PCDr\6426\AddOnDownloaded\8d357f17-07ad-4392-ba06-fb67564c98cd.dll
c:\programdata\PCDr\6426\AddOnDownloaded\934f6059-2d35-4bd9-a130-a17cb5563507.dll
c:\programdata\PCDr\6426\AddOnDownloaded\9c07cc30-4011-4e36-a63d-e59077a22429.dll
c:\programdata\PCDr\6426\AddOnDownloaded\a61f44a8-21a3-4c4a-a04b-993dfb73bf96.dll
c:\programdata\PCDr\6426\AddOnDownloaded\a9de0c84-9a7c-4638-9653-13aa8cf56e80.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ad817bdc-639c-43e8-b06b-897bcb5b8f23.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ae67b364-b69e-471e-b177-2459120b84d4.dll
c:\programdata\PCDr\6426\AddOnDownloaded\aeffdb78-a789-4b6a-b2c2-f85f9b4863e6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\b2152f30-7380-4987-8fcf-e4c06952615d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\b4cc2a4a-87f5-49cd-935c-18f1a80e65b7.dll
c:\programdata\PCDr\6426\AddOnDownloaded\b9ce760f-6209-48f2-a4a3-695324591c45.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ba005e12-3139-4327-9f7a-9f2ea6a6c841.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bc1b45ef-7c18-4b8a-95cd-f77c43d4f7df.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bc6fc708-5b6b-4a72-b336-09b3089baa7a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bea3f575-677a-4c92-89ca-7be8480c11a9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bf647bd7-dfb5-4746-a6b4-b7c2fdbbf3b1.dll
c:\programdata\PCDr\6426\AddOnDownloaded\c4211805-b43b-471d-81af-4e0589f8607b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\c6bf01ba-05a7-4930-b8dd-7c5fd03e97ac.dll
c:\programdata\PCDr\6426\AddOnDownloaded\cdda52ec-6ccd-425a-8c72-b7bbdc8b3acd.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d114d5a6-2ec4-4056-a365-d6281d97c6b6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d34c0cf7-889f-43dd-9283-b2b6f442aae3.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d460bca3-24f0-49a7-beed-a064fad82750.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ddb9fe5d-525c-4d5d-ac37-0bd10f2864f8.dll
c:\programdata\PCDr\6426\AddOnDownloaded\dfc97e68-74cd-4807-807f-ac146d81ec5d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e0db530c-27fc-4e55-af38-073796a09e9d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e45cd45a-4d7c-4802-881f-74582b847e5c.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e5847967-7dc8-4833-8ca6-09af078c1bcb.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e5a71f43-c979-4b3d-a544-9ed1dc6dc4c8.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e9bb45d9-5a2b-47e8-9c48-168276d422cc.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ef78c3e8-1d94-4219-8070-7617e119bba4.dll
c:\programdata\PCDr\6426\AddOnDownloaded\f04a4d58-1eb6-4e35-b4b4-db6bab11e49b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\f06c5597-1a85-4d1f-ac16-a6fdd2a6bedc.dll
c:\programdata\PCDr\6426\AddOnDownloaded\f12de547-df4d-4236-9129-baac054f90ab.dll
c:\programdata\PCDr\6426\AddOnDownloaded\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll
c:\users\Laurie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcbanth.dll
G:\install.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2014-05-24 au 2014-06-24 ))))))))))))))))))))))))))))))))))))
.
.
2014-06-22 20:50 . 2014-06-22 20:50 -------- d-----w- c:\users\Laurie\AppData\Local\Adobe
2014-06-21 17:19 . 2014-06-22 17:52 -------- d-----w- C:\Pre_Scan
2014-06-21 16:45 . 2014-06-21 16:55 -------- d-----w- C:\UsbFix
2014-06-20 09:04 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40EA90F0-E2A6-4375-A658-04664795A9F7}\mpengine.dll
2014-06-15 20:58 . 2014-06-15 21:01 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-15 20:57 . 2014-06-15 20:59 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-06-15 20:57 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-15 20:57 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-15 20:57 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-11 04:41 . 2014-06-08 09:13 506368 ----a-w- c:\windows\system32\aepdu.dll
2014-06-11 04:41 . 2014-06-08 09:08 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-06-09 10:56 . 2014-06-09 10:56 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-06-07 16:17 . 2014-06-07 16:17 6103040 ----a-w- c:\program files (x86)\GUT7C3C.tmp
2014-06-07 16:17 . 2014-06-07 16:17 -------- d-----w- c:\program files (x86)\GUM7C3B.tmp
2014-06-04 16:20 . 2014-06-24 03:30 -------- d-----w- c:\users\Laurie\AppData\Local\Temp
2014-06-04 15:55 . 2014-06-04 15:59 -------- d-----w- C:\NPE
2014-06-04 15:52 . 2014-06-04 16:23 -------- d-----w- c:\users\Laurie\AppData\Local\NPE
2014-06-04 13:32 . 2014-06-07 15:38 -------- d-----w- c:\program files (x86)\Software
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-22 19:31 . 2012-04-14 21:44 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-22 19:31 . 2012-04-14 21:44 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-12 01:03 . 2012-04-20 22:08 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-04-15 00:34 . 2014-04-15 00:34 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-04-14 18:13 . 2014-04-26 21:24 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-12 02:22 . 2014-05-14 05:21 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:22 . 2014-05-14 05:21 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:19 . 2014-05-14 05:21 136192 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-14 05:21 29184 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-14 05:21 28160 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-14 05:21 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-14 05:21 31232 ----a-w- c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-14 05:21 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-14 05:21 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-03-31 07:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
"CCleaner"="c:\program files\CCleaner\CCleaner64.exe" [2014-01-21 6087448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21445248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DELLOSD"="c:\program files (x86)\DELL\DELLOSD\FastUserSwitching.exe" [2010-12-06 49152]
"ShwiconXP6366"="c:\program files (x86)\Multimedia Card Reader(6366)\ShwiconXP6366.exe" [2009-07-18 237568]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-19 487562]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-09-03 40312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-17 976832]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
c:\users\Laurie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Laurie\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-18 1080096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R1 MpKslf722b387;MpKslf722b387;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E299F23D-92CE-4E94-A623-DF42D587664B}\MpKslf722b387.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E299F23D-92CE-4E94-A623-DF42D587664B}\MpKslf722b387.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ProtectMonitor;Protect Monitor;c:\monitorsvc.exe;c:\monitorsvc.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys;c:\windows\SYSNATIVE\DRIVERS\facap.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1503000.00C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1503000.00C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140606.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\ccSetx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140608.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140608.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1503000.00C\SYMNETS.SYS [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 Dell WMI Service;Dell WMI Service;c:\program files (x86)\DELL\DELLOSD\DellOSDService.exe;c:\program files (x86)\DELL\DELLOSD\DellOSDService.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contenu du dossier 'Tâches planifiées'
.
2014-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 19:31]
.
2014-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-10 17:19]
.
2014-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-10 17:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-11 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-11 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-11 417304]
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Bar = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/
mCustomizeSearch = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-fsm - (no file)
Wow6432Node-HKLM-Run-FAStartup - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-ADIBOUd'CHOU V.1.00 on C - c:\coktel\adiboudchou\Uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12;c:\program files (x86)\Norton Internet Security\Engine64\21.3.0.12"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\monitor.exe
c:\program files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
c:\users\Laurie\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
.
**************************************************************************
.
Heure de fin: 2014-06-24 05:37:09 - La machine a redémarré
ComboFix-quarantined-files.txt 2014-06-24 03:37
.
Avant-CF: 176 010 002 432 octets libres
Après-CF: 175 542 407 168 octets libres
.
- - End Of File - - 94A0F36EC87FCA59964794982945ADFD

[g3n-h@ckm@n]

__________________________________________________
=/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ =il est fort déconseillé de le transposer sur un autre ordinateur !----------------------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

Ouvre le bloc-notes (Menu démarrer -- programmes -- accessoires -- bloc-notes)
Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
KillAll::

File::
c:\program files (x86)\GUT7C3C.tmp

Folder::
c:\program files (x86)\GUM7C3B.tmp

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"iTunesHelper"=-

Driver::
ProtectMonitor

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe,-101"    
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]    
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]    
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]    
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]    
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]    
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]


------------------------------------------------------------------

Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript
Quitte le Bloc Notes

Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix

Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici = C:\ComboFix.txt

[Laurinette]

Me revoilà... désolée... Je rentre juste de mission.
Voici le rapport:
ComboFix 14-06-30.01 - Laurie 01/07/2014 20:24:56.2.2 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3895.1744 [GMT 2:00]
Lancé depuis: c:\users\Laurie\Desktop\240614.exe
Commutateurs utilisés :: c:\users\Laurie\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Outdated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Disabled/Outdated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
FILE ::
"c:\program files (x86)\GUT7C3C.tmp"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\GUM7C3B.tmp
c:\program files (x86)\GUM7C3B.tmp\GoogleCrashHandler.exe
c:\program files (x86)\GUM7C3B.tmp\GoogleCrashHandler64.exe
c:\program files (x86)\GUM7C3B.tmp\GoogleUpdate.exe
c:\program files (x86)\GUM7C3B.tmp\GoogleUpdateBroker.exe
c:\program files (x86)\GUM7C3B.tmp\GoogleUpdateComRegisterShell64.exe
c:\program files (x86)\GUM7C3B.tmp\GoogleUpdateHelper.msi
c:\program files (x86)\GUM7C3B.tmp\GoogleUpdateOnDemand.exe
c:\program files (x86)\GUM7C3B.tmp\GoogleUpdateSetup.exe
c:\program files (x86)\GUM7C3B.tmp\goopdate.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_am.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_ar.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_bg.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_bn.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_ca.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_cs.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_da.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_de.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_el.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_en-GB.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_en.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_es-419.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_es.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_et.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_fa.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_fi.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_fil.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_fr.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_gu.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_hi.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_hr.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_hu.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_id.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_is.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_it.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_iw.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_ja.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_kn.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_ko.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_lt.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_lv.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_ml.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_mr.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_ms.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_nl.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_no.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_pl.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_pt-BR.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_pt-PT.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_ro.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_ru.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_sk.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_sl.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_sr.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_sv.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_sw.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_ta.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_te.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_th.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_tr.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_uk.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_ur.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_vi.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_zh-CN.dll
c:\program files (x86)\GUM7C3B.tmp\goopdateres_zh-TW.dll
c:\program files (x86)\GUM7C3B.tmp\npGoogleUpdate3.dll
c:\program files (x86)\GUM7C3B.tmp\psmachine.dll
c:\program files (x86)\GUM7C3B.tmp\psmachine_64.dll
c:\program files (x86)\GUM7C3B.tmp\psuser.dll
c:\program files (x86)\GUM7C3B.tmp\psuser_64.dll
c:\programdata\PCDr\6426\AddOnDownloaded\073fb38f-0e69-479d-bca1-4f81ec9dcbf6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\0bb0beb6-da93-477d-980d-15bb6e2df09c.dll
c:\programdata\PCDr\6426\AddOnDownloaded\0d06f79c-d0e6-4610-9a2b-d8f1a48f4252.dll
c:\programdata\PCDr\6426\AddOnDownloaded\0d461521-7dbf-4cec-a29e-936c88cdf8c9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\100c3865-0c76-461b-b2fd-042d6d5fa7f6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll
c:\programdata\PCDr\6426\AddOnDownloaded\1b0b3c38-2b97-4f8d-954b-06296209b73d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\1e0aaf9a-9947-4a7b-b1ae-8a89919438ed.dll
c:\programdata\PCDr\6426\AddOnDownloaded\263d6ac9-4f87-466c-947c-bd9af71d7035.dll
c:\programdata\PCDr\6426\AddOnDownloaded\2a6b5d0b-a2fc-4bdd-b3fe-6bbefb85b7e4.dll
c:\programdata\PCDr\6426\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\3410f47b-5e8c-47c6-bf2c-234af4121d4c.dll
c:\programdata\PCDr\6426\AddOnDownloaded\378deb7f-049e-4a5e-83b2-5381dcd9e928.dll
c:\programdata\PCDr\6426\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll
c:\programdata\PCDr\6426\AddOnDownloaded\3a79f062-8f3e-464f-9815-2c45840494ee.dll
c:\programdata\PCDr\6426\AddOnDownloaded\3b1c7acd-5e3e-4459-ab98-5109117e2341.dll
c:\programdata\PCDr\6426\AddOnDownloaded\434373b7-17f4-4a5e-9e8f-2c1bb65cd9e5.dll
c:\programdata\PCDr\6426\AddOnDownloaded\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll
c:\programdata\PCDr\6426\AddOnDownloaded\4804ced5-915b-48a3-a465-b8a5e02714bf.dll
c:\programdata\PCDr\6426\AddOnDownloaded\4818e109-9489-4cd8-9044-44defd8ec187.dll
c:\programdata\PCDr\6426\AddOnDownloaded\50441041-9037-4c34-842c-4a8523e700da.dll
c:\programdata\PCDr\6426\AddOnDownloaded\51fdf16e-ecb9-4fa4-8469-76fc9a22293b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\57d7325c-8462-4866-a9ca-3f9228775fed.dll
c:\programdata\PCDr\6426\AddOnDownloaded\59be3af2-87f2-4d3a-b380-7509f3d47c40.dll
c:\programdata\PCDr\6426\AddOnDownloaded\62d1f0b0-bc9a-4f6c-bad7-93b19a91276a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\64882123-3c6f-4e15-8579-c6d1ba56c9de.dll
c:\programdata\PCDr\6426\AddOnDownloaded\67c3d4fe-b638-467a-9fe2-c5813ade3330.dll
c:\programdata\PCDr\6426\AddOnDownloaded\6820b110-e483-4f1e-9b48-438f7916f078.dll
c:\programdata\PCDr\6426\AddOnDownloaded\6b5978fa-48d7-4309-a523-7e157768c0d8.dll
c:\programdata\PCDr\6426\AddOnDownloaded\6f4fb483-ce30-493a-8cb4-3e530ab1be5b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\739db3eb-d3cd-4c86-a6ea-01a49984fa3b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\7bd83798-7a02-4f50-83a2-b91cabcbd1f9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\7bd91bf5-79bd-4c68-b85b-3c132cdb258a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\7dbfef1a-6148-4748-a1b3-71627763a45a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\813755dc-2229-47a2-b85b-19d0aaa641c9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\872965c7-08b7-47fc-a74c-ff167590b71a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\8745715d-dc8a-4b32-b6a6-89cd3d0cc3c5.dll
c:\programdata\PCDr\6426\AddOnDownloaded\8d357f17-07ad-4392-ba06-fb67564c98cd.dll
c:\programdata\PCDr\6426\AddOnDownloaded\934f6059-2d35-4bd9-a130-a17cb5563507.dll
c:\programdata\PCDr\6426\AddOnDownloaded\9c07cc30-4011-4e36-a63d-e59077a22429.dll
c:\programdata\PCDr\6426\AddOnDownloaded\a61f44a8-21a3-4c4a-a04b-993dfb73bf96.dll
c:\programdata\PCDr\6426\AddOnDownloaded\a9de0c84-9a7c-4638-9653-13aa8cf56e80.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ad817bdc-639c-43e8-b06b-897bcb5b8f23.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ae67b364-b69e-471e-b177-2459120b84d4.dll
c:\programdata\PCDr\6426\AddOnDownloaded\aeffdb78-a789-4b6a-b2c2-f85f9b4863e6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\b2152f30-7380-4987-8fcf-e4c06952615d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\b4cc2a4a-87f5-49cd-935c-18f1a80e65b7.dll
c:\programdata\PCDr\6426\AddOnDownloaded\b9ce760f-6209-48f2-a4a3-695324591c45.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ba005e12-3139-4327-9f7a-9f2ea6a6c841.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bc1b45ef-7c18-4b8a-95cd-f77c43d4f7df.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bc6fc708-5b6b-4a72-b336-09b3089baa7a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bea3f575-677a-4c92-89ca-7be8480c11a9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bf647bd7-dfb5-4746-a6b4-b7c2fdbbf3b1.dll
c:\programdata\PCDr\6426\AddOnDownloaded\c4211805-b43b-471d-81af-4e0589f8607b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\c6bf01ba-05a7-4930-b8dd-7c5fd03e97ac.dll
c:\programdata\PCDr\6426\AddOnDownloaded\cdda52ec-6ccd-425a-8c72-b7bbdc8b3acd.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d114d5a6-2ec4-4056-a365-d6281d97c6b6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d34c0cf7-889f-43dd-9283-b2b6f442aae3.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d460bca3-24f0-49a7-beed-a064fad82750.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ddb9fe5d-525c-4d5d-ac37-0bd10f2864f8.dll
c:\programdata\PCDr\6426\AddOnDownloaded\dfc97e68-74cd-4807-807f-ac146d81ec5d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e0db530c-27fc-4e55-af38-073796a09e9d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e45cd45a-4d7c-4802-881f-74582b847e5c.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e5847967-7dc8-4833-8ca6-09af078c1bcb.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e5a71f43-c979-4b3d-a544-9ed1dc6dc4c8.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e9bb45d9-5a2b-47e8-9c48-168276d422cc.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ef78c3e8-1d94-4219-8070-7617e119bba4.dll
c:\programdata\PCDr\6426\AddOnDownloaded\f04a4d58-1eb6-4e35-b4b4-db6bab11e49b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\f06c5597-1a85-4d1f-ac16-a6fdd2a6bedc.dll
c:\programdata\PCDr\6426\AddOnDownloaded\f12de547-df4d-4236-9129-baac054f90ab.dll
c:\programdata\PCDr\6426\AddOnDownloaded\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll
c:\users\Laurie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwsxepy.dll
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ProtectMonitor
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2014-06-01 au 2014-07-01 ))))))))))))))))))))))))))))))))))))
.
.
2014-07-01 18:33 . 2014-07-01 18:33 -------- d-----w- c:\users\Live\AppData\Local\temp
2014-07-01 18:33 . 2014-07-01 18:33 -------- d-----w- c:\users\Invité\AppData\Local\temp
2014-07-01 18:33 . 2014-07-01 18:33 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp
2014-07-01 18:33 . 2014-07-01 18:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-01 18:33 . 2014-07-01 18:33 -------- d-----w- c:\users\Administrateur\AppData\Local\temp
2014-06-27 14:05 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{76180CF2-546F-4944-897E-AC1476480927}\mpengine.dll
2014-06-22 20:50 . 2014-06-22 20:50 -------- d-----w- c:\users\Laurie\AppData\Local\Adobe
2014-06-21 17:19 . 2014-06-22 17:52 -------- d-----w- C:\Pre_Scan
2014-06-21 16:45 . 2014-06-21 16:55 -------- d-----w- C:\UsbFix
2014-06-15 20:58 . 2014-06-15 21:01 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-15 20:57 . 2014-06-15 20:59 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-06-15 20:57 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-15 20:57 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-15 20:57 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-11 04:41 . 2014-06-08 09:13 506368 ----a-w- c:\windows\system32\aepdu.dll
2014-06-11 04:41 . 2014-06-08 09:08 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-06-09 10:56 . 2014-06-09 10:56 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-06-07 16:17 . 2014-06-07 16:17 6103040 ----a-w- c:\program files (x86)\GUT7C3C.tmp
2014-06-04 16:20 . 2014-07-01 18:52 -------- d-----w- c:\users\Laurie\AppData\Local\Temp
2014-06-04 15:55 . 2014-06-04 15:59 -------- d-----w- C:\NPE
2014-06-04 15:52 . 2014-06-04 16:23 -------- d-----w- c:\users\Laurie\AppData\Local\NPE
2014-06-04 13:32 . 2014-06-07 15:38 -------- d-----w- c:\program files (x86)\Software
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-22 19:31 . 2012-04-14 21:44 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-22 19:31 . 2012-04-14 21:44 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-12 01:03 . 2012-04-20 22:08 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-04-15 00:34 . 2014-04-15 00:34 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-04-14 18:13 . 2014-04-26 21:24 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-12 02:22 . 2014-05-14 05:21 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:22 . 2014-05-14 05:21 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:19 . 2014-05-14 05:21 136192 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-14 05:21 29184 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-14 05:21 28160 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-14 05:21 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-14 05:21 31232 ----a-w- c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-14 05:21 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-14 05:21 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
"CCleaner"="c:\program files\CCleaner\CCleaner64.exe" [2014-01-21 6087448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21445248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DELLOSD"="c:\program files (x86)\DELL\DELLOSD\FastUserSwitching.exe" [2010-12-06 49152]
"ShwiconXP6366"="c:\program files (x86)\Multimedia Card Reader(6366)\ShwiconXP6366.exe" [2009-07-18 237568]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-19 487562]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-17 976832]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Laurie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Laurie\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-18 1080096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R1 MpKslf722b387;MpKslf722b387;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E299F23D-92CE-4E94-A623-DF42D587664B}\MpKslf722b387.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E299F23D-92CE-4E94-A623-DF42D587664B}\MpKslf722b387.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys;c:\windows\SYSNATIVE\DRIVERS\facap.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1503000.00C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1503000.00C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140606.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\ccSetx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140608.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140608.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1503000.00C\SYMNETS.SYS [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 Dell WMI Service;Dell WMI Service;c:\program files (x86)\DELL\DELLOSD\DellOSDService.exe;c:\program files (x86)\DELL\DELLOSD\DellOSDService.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contenu du dossier 'Tâches planifiées'
.
2014-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 19:31]
.
2014-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-10 17:19]
.
2014-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-10 17:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-11 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-11 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-11 417304]
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Bar = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/
mCustomizeSearch = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
AddRemove-ADIBOUd'CHOU V.1.00 on C - c:\coktel\adiboudchou\Uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12;c:\program files (x86)\Norton Internet Security\Engine64\21.3.0.12"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
c:\users\Laurie\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files (x86)\DELL\DELLOSD\DELLOSD.exe
.
**************************************************************************
.
Heure de fin: 2014-07-01 20:57:24 - La machine a redémarré
ComboFix-quarantined-files.txt 2014-07-01 18:57
ComboFix2.txt 2014-06-24 03:37
.
Avant-CF: 178 419 732 480 octets libres
Après-CF: 177 893 339 136 octets libres
.
- - End Of File - - 06B9ECB01B1ECC8B1BF7C3C7F443DB29

[Laurinette]

Ya t-il quelque chose que je doive faire ensuite?
merci!