Répondre à la discussion
Affichage des résultats 1 à 3 sur 3

Trojan.Sirefef.fy;HK;tout le reste de la famille :(



  1. #1
    neguon

    Trojan.Sirefef.fy;HK;tout le reste de la famille :(


    ------

    Bonjour,j'ai un problème avec mon ordinateur, l'antivirus : Bitdefender bloque un Trojan Sirefef.
    Je lance une analyse et il ne me trouve pas le trojan, et dans les jours qui suivent, il me bloque des .FY .HK etc .....

    Je ne sais pas quoi faire, j'ai regardé sur le net et j'ai télécharger combofix et analyser mon PC voici le rapport, si quelqu'un peut m'aider se serait super, merci d'avance.
    ( Au fait, je suis sur windows 7 familial )

    ComboFix 12-07-20.02 - Théodore 20/07/2012 17:59:06.1.4 - x64
    Microsoft Windows*7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.394 9.2301 [GMT 2:00]
    Lancé depuis: C:\Users\Théodore\Desktop\Comb oFix.exe
    AV: BitDefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
    FW: BitDefender Pare-feu *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
    SP: BitDefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    (((((((((((((((((((((((((((((( (((((( Autres suppressions )))))))))))))))))))))))))))))) ))))))))))))))))))


    C:\eSupport\eDriver\Software\A SUS\MultiFrame\XP32_Vista32_Vi sta64_Win7_32_Win7_64_1.0.0021 \Desktop_.ini
    C:\ProgramData\FullRemove.exe
    C:\ProgramData\nnzhrrfyfhkdlyk
    C:\Users\THODOR~1\AppData\Loca l\Temp\feb59f87-baa7-4a0a-902c-c33cfc0feb21\CliSecureRT.dll
    C:\Users\Théodore\AppData\Loca l\Temp\feb59f87-baa7-4a0a-902c-c33cfc0feb21\CliSecureRT.dll
    C:\Windows\Installer\{48e920f5-25f2-1bbe-3db4-8ed747a14b87}\@
    C:\Windows\Installer\{48e920f5-25f2-1bbe-3db4-8ed747a14b87}\L\00000004.@
    C:\Windows\Installer\{48e920f5-25f2-1bbe-3db4-8ed747a14b87}\L\1afb2d56
    C:\Windows\Installer\{48e920f5-25f2-1bbe-3db4-8ed747a14b87}\L\201d3dde
    C:\Windows\Installer\{48e920f5-25f2-1bbe-3db4-8ed747a14b87}\U\00000004.@
    C:\Windows\Installer\{48e920f5-25f2-1bbe-3db4-8ed747a14b87}\U\00000008.@
    C:\Windows\Installer\{48e920f5-25f2-1bbe-3db4-8ed747a14b87}\U\000000cb.$
    C:\Windows\Installer\{48e920f5-25f2-1bbe-3db4-8ed747a14b87}\U\80000000.@
    C:\Windows\Installer\{48e920f5-25f2-1bbe-3db4-8ed747a14b87}\U\80000032.@
    C:\Windows\Installer\{48e920f5-25f2-1bbe-3db4-8ed747a14b87}\U\80000064.@

    Une copie infectée de C:\Windows\system32\services.e xe a été trouvée et désinfectée
    Copie restaurée à partir de - C:\Windows\winsxs\amd64_micros oft-windows-s..s-servicecontroller_31bf3856ad36 4e35_6.1.7600.16385_none_2b54b 20ee6fa07b1\services.exe


    ((((((((((((((((((((((((((((( Fichiers créés du 2012-06-20 au 2012-07-20 )))))))))))))))))))))))))))))) ))))))


    2012-07-20 16:17:40 . 2012-07-20 16:17:40 -------- d-----w- C:\Users\Default\AppData\Local \temp
    2012-07-20 14:59:55 . 2012-07-20 14:59:55 -------- d-----w- C:\Users\Théodore\AppData\Loca l\bdch
    2012-07-20 11:56:31 . 2012-07-20 11:56:34 -------- d-----w- C:\Program Files (x86)\kittyhawk
    2012-07-12 13:24:52 . 2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\system32\win32k.sys
    2012-07-10 14:45:37 . 2012-07-10 14:45:37 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-07-10 07:41:10 . 2012-05-04 11:00:43 366592 ----a-w- C:\Windows\system32\qdvd.dll
    2012-07-10 07:41:10 . 2012-05-04 09:59:54 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-07-10 07:29:57 . 2012-07-10 07:30:03 -------- d-----w- C:\Program Files\CCleaner
    2012-07-10 06:08:09 . 2012-07-10 06:08:09 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2012-06-26 09:13:23 . 2012-06-26 09:23:05 -------- d-----w- C:\Users\Théodore\AppData\Loca l\rencontreshard
    2012-06-25 14:04:24 . 2012-06-25 14:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
    2012-06-24 15:52:18 . 2012-06-24 15:52:18 -------- d-----w- C:\Windows\fr
    2012-06-24 15:50:43 . 2012-06-24 15:50:43 -------- d-----w- C:\Users\Théodore\AppData\Loca l\{4CFBB2F1-0066-454A-8976-F9DC6F4F80E7}
    2012-06-24 15:50:26 . 2012-06-24 15:50:26 -------- d-----w- C:\Windows\en
    2012-06-24 15:50:16 . 2012-06-24 15:50:16 -------- d-----w- C:\Windows\el
    2012-06-24 15:50:11 . 2012-06-24 15:50:11 -------- d-----w- C:\Windows\es
    2012-06-24 15:50:05 . 2012-06-24 15:50:05 -------- d-----w- C:\Windows\he
    2012-06-24 15:50:00 . 2012-06-24 15:50:01 -------- d-----w- C:\Windows\it
    2012-06-24 15:49:54 . 2012-06-24 15:49:54 -------- d-----w- C:\Windows\nl
    2012-06-24 15:49:41 . 2012-06-24 15:49:41 -------- d-----w- C:\Windows\de
    2012-06-24 15:44:28 . 2012-03-08 16:40:52 48488 ----a-w- C:\Windows\system32\drivers\fs sfltr.sys
    2012-06-24 15:44:04 . 2012-06-24 15:43:52 19736 ----a-w- C:\ProgramData\Microsoft\Ident ityCRL\production\ppcrlconfig6 00.dll
    2012-06-24 15:39:25 . 2012-06-24 15:39:25 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\887730e71cd521f01\ DSETUP.dll
    2012-06-24 15:39:25 . 2012-06-24 15:39:25 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\887730e71cd521f01\ DXSETUP.exe
    2012-06-24 15:39:25 . 2012-06-24 15:39:25 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\887730e71cd521f01\ dsetup32.dll
    2012-06-24 15:39:25 . 2012-06-24 15:39:25 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\88a9b3541cd521f02\ MeshBetaRemover.exe
    2012-06-24 15:37:40 . 2012-06-24 15:37:51 -------- d-----w- C:\Users\Théodore\AppData\Loca l\{7C25AD45-429E-477F-8F9D-3CD88FEF70EF}
    2012-06-24 11:31:52 . 2012-06-24 11:31:52 -------- d-----w- C:\Users\Théodore\AppData\Loca l\Macromedia
    2012-06-23 15:45:14 . 2012-06-23 15:58:56 -------- d-----w- C:\Users\Théodore\AppData\Loca l\messengerdusexe
    2012-06-21 06:17:04 . 2012-06-02 22:19:43 2428952 ----a-w- C:\Windows\system32\wuaueng.dl l
    2012-06-21 06:17:04 . 2012-06-02 22:19:42 57880 ----a-w- C:\Windows\system32\wuauclt.ex e
    2012-06-21 06:17:04 . 2012-06-02 22:19:42 44056 ----a-w- C:\Windows\system32\wups2.dll
    2012-06-21 06:17:04 . 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\system32\wucltux.dl l
    2012-06-21 06:16:45 . 2012-06-02 22:19:46 38424 ----a-w- C:\Windows\system32\wups.dll
    2012-06-21 06:16:45 . 2012-06-02 22:19:23 701976 ----a-w- C:\Windows\system32\wuapi.dll
    2012-06-21 06:16:45 . 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\system32\wudriver.d ll
    2012-06-21 06:16:20 . 2012-06-02 13:19:42 186752 ----a-w- C:\Windows\system32\wuwebv.dll
    2012-06-21 06:16:20 . 2012-06-02 13:15:12 36864 ----a-w- C:\Windows\system32\wuapp.exe
    .


    (((((((((((((((((((((((((((((( (((( Compte-rendu de Find3M )))))))))))))))))))))))))))))) ))))))))))))))))))

    2012-07-16 12:31:19 . 2012-04-02 06:25:56 426184 ----a-w- C:\Windows\SysWow64\FlashPlaye rApp.exe
    2012-07-16 12:31:19 . 2011-09-14 16:13:27 70344 ----a-w- C:\Windows\SysWow64\FlashPlaye rCPLApp.cpl
    2012-07-12 13:22:33 . 2011-08-31 01:51:53 59701280 ----a-w- C:\Windows\system32\MRT.exe
    2012-07-08 06:55:59 . 2012-03-12 06:26:08 45056 ----a-w- C:\Windows\system32\acovcnt.ex e
    2012-05-15 04:01:31 . 2012-06-14 16:16:38 1188864 ----a-w- C:\Windows\system32\wininet.dl l
    2012-05-15 03:59:18 . 2012-06-14 16:16:37 64512 ----a-w- C:\Windows\system32\jsproxy.dl l
    2012-05-15 03:03:54 . 2012-06-14 16:16:38 981504 ----a-w- C:\Windows\SysWow64\wininet.dl l
    2012-05-04 11:06:22 . 2012-06-14 16:15:52 5559664 ----a-w- C:\Windows\system32\ntoskrnl.e xe
    2012-05-04 10:03:53 . 2012-06-14 16:15:50 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.e xe
    2012-05-04 10:03:50 . 2012-06-14 16:15:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.e xe
    2012-05-01 05:40:20 . 2012-06-14 16:15:53 209920 ----a-w- C:\Windows\system32\profsvc.dl l
    2012-04-28 03:55:21 . 2012-06-14 16:15:44 210944 ----a-w- C:\Windows\system32\drivers\rd pwd.sys
    2012-04-26 05:41:56 . 2012-06-14 16:16:01 77312 ----a-w- C:\Windows\system32\rdpwsx.dll
    2012-04-26 05:41:55 . 2012-06-14 16:16:01 149504 ----a-w- C:\Windows\system32\rdpcorekmt s.dll
    2012-04-26 05:34:27 . 2012-06-14 16:16:01 9216 ----a-w- C:\Windows\system32\rdrmemptyl st.exe
    2012-04-24 05:37:37 . 2012-06-14 16:15:35 184320 ----a-w- C:\Windows\system32\cryptsvc.d ll
    2012-04-24 05:37:37 . 2012-06-14 16:15:35 140288 ----a-w- C:\Windows\system32\cryptnet.d ll
    2012-04-24 05:37:36 . 2012-06-14 16:15:37 1462272 ----a-w- C:\Windows\system32\crypt32.dl l
    2012-04-24 04:36:42 . 2012-06-14 16:15:35 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.d ll
    2012-04-24 04:36:42 . 2012-06-14 16:15:35 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dl l
    2012-04-24 04:36:42 . 2012-06-14 16:15:35 103936 ----a-w- C:\Windows\SysWow64\cryptnet.d ll
    2010-07-08 07:37:14 . 2010-07-08 07:37:14 101544 ----a-w- C:\Program Files\Common Files\LinkInstaller.exe

    -----

  2. #2
    neguon

    Re : Trojan.Sirefef.fy;HK;tout le reste de la famille :(

    (((((((((((((((((((((((((((((( ((( Points de chargement Reg )))))))))))))))))))))))))))))) ))))))))))))))))))


    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\wo w6432node\microsoft\windows\cu rrentversion\explorer\shellico noverlayidentifiers\ADSMOverla yIcon1]
    @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
    [HKEY_CLASSES_ROOT\CLSID\{A8D44 8F4-0431-45AC-9F5E-E1B434AB2249}]
    2007-06-02 00:08:18 143360 ------w- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIcon ShlExt1.dll

    [HKEY_CURRENT_USER\SOFTWARE\Mic rosoft\Windows\CurrentVersion\ Run]
    "KiesPDLR"="C:\Program Files (x86)\Samsung\Kies\External\Fi rmwareUpdate\KiesPDLR.exe" [2012-01-04 06:07:40 21392]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-20 13:25:17 1475584]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wo w6432Node\Microsoft\Windows\Cu rrentVersion\Run]
    "UpdateLBPShortCut"="C:\Progra m Files (x86)\CyberLink\LabelPrint\MUI Transfer\MUIStartMenu.exe" [2009-05-20 06:16:16 222504]
    "UpdateP2GoShortCut"="C:\Progr am Files (x86)\CyberLink\Power2Go\MUITr ansfer\MUIStartMenu.exe" [2009-05-20 06:16:16 222504]
    "Nuance PDF Reader-reminder"="C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 19:02:06 328992]
    "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-12 04:12:50 98304]
    "ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 21:41:46 170624]
    "HControlUser"="C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 17:29:42 105016]
    "Wireless Console 3"="C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 20:36:26 1597440]
    "SunJavaUpdateSched"="C:\Progr am Files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 12:06:06 254696]

    C:\ProgramData\Microsoft\Windo ws\Start Menu\Programs\Startup\
    AsusVibeLauncher.lnk - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLa uncher.exe [2011-1-12 549040]
    SRS Premium Sound.lnk - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C 7B668029A47458B27645FE6E4A715. exe [2011-3-28 156952]

    [HKEY_LOCAL_MACHINE\software\mi crosoft\windows\currentversion \policies\system]
    "ConsentPromptBehaviorAdmi n"= 5 (0x5)
    "ConsentPromptBehaviorUser "= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\wo w6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\curr entcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    R2 clr_optimization_v4.0.30319_64 ;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Micr osoft.NET\Framework64\v4.0.303 19\mscorsvw.exe [2010-03-18 12:27:14 138576]
    R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpda te.exe [2011-01-12 15:50:05 135664]
    R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.ex e [2012-02-29 06:50:48 158856]
    R3 AdobeFlashPlayerUpdateSvc;Adob e Flash Player Update Service;C:\Windows\SysWOW64\Ma cromed\Flash\FlashPlayerUpdate Service.exe [2012-07-16 12:31:20 250056]
    R3 dgderdrv;dgderdrv;C:\Windows\s ystem32\drivers\dgderdrv.sys [2010-07-30 05:51:52 20552]
    R3 gupdatem;Service Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpda te.exe [2011-01-12 15:50:05 135664]
    R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 20:35:31 113120]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRI VERS\SiSG664.sys [2009-06-10 20:35:57 56832]
    R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\system32\DRIV ERS\ss_bbus.sys [2010-04-27 02:25:16 127488]
    R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\system32\D RIVERS\ss_bmdfl.sys [2010-04-27 02:25:16 18944]
    R3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\system32\DRIV ERS\ss_bmdm.sys [2010-04-27 02:25:16 161280]
    R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;C:\Windows\system32\DRI VERS\ss_bserd.sys [2010-04-27 02:25:16 128000]
    R3 TFsExDisk;TFsExDisk;C:\Windows \System32\Drivers\TFsExDisk.sy s [2010-06-24 13:00:14 16392]
    R3 TsUsbFlt;TsUsbFlt;C:\Windows\s ystem32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392]
    R3 TurboBoost;TurboBoost;C:\Progr am Files\Intel\TurboBoost\TurboBo ost.exe [2009-08-06 21:17:46 118672]
    R3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system 32\Wat\WatAdminSvc.exe [2011-07-28 04:59:22 1255736]
    R4 avc3;avc3;C:\Windows\system32\ DRIVERS\avc3.sys [2010-06-28 09:55:38 692816]
    R4 avckf;avckf;C:\Windows\system3 2\DRIVERS\avckf.sys [2010-06-28 09:55:44 1040976]
    R4 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2011-09-18 21:40:41 467248]
    R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 02:10:10 57184]
    S1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-08-20 12:42:08 88144]
    S1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-08-20 15:42:04 99408]
    S1 Bdvedisk;Bdvedisk;C:\Windows\s ystem32\DRIVERS\bdvedisk.sys [2010-01-19 16:32:40 103944]
    S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRI VERS\vwififlt.sys [2009-07-14 00:07:22 59904]
    S2 AFBAgent;AFBAgent;C:\Windows\s ystem32\FBAgent.exe [2010-11-30 20:19:52 379520]
    S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\at iesrxx.exe [2010-08-11 13:44:46 203264]
    S2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 00:36:14 15416]
    S2 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\dri vers\npf.sys [2010-06-25 17:07:26 35344]
    S2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\Team Viewer_Service.exe [2012-03-19 11:38:46 2666880]
    S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRI VERS\TurboB.sys [2009-08-06 21:17:34 13784]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 02:34:22 2314240]
    S2 Updatesrv;BitDefender Desktop Update Service;C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe [2011-09-18 21:39:53 53224]
    S3 amdkmdag;amdkmdag;C:\Windows\s ystem32\DRIVERS\atikmdag.sys [2010-08-11 14:15:50 7765504]
    S3 amdkmdap;amdkmdap;C:\Windows\s ystem32\DRIVERS\atikmpag.sys [2010-08-11 13:11:08 279040]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\dr ivers\AtihdW76.sys [2010-07-15 00:47:42 116240]
    S3 BDFM;BDFM;C:\Windows\system32\ DRIVERS\bdfm.sys [2010-05-13 13:52:08 162896]
    S3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRI VERS\ETD.sys [2010-04-13 10:15:04 135560]
    S3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\ DRIVERS\HECIx64.sys [2009-09-17 19:54:54 56344]
    S3 Impcd;Impcd;C:\Windows\system3 2\DRIVERS\Impcd.sys [2010-02-26 08:32:12 158976]
    S3 JMCR;JMCR;C:\Windows\system32\ DRIVERS\jmcr.sys [2009-08-18 08:23:32 143472]
    S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\system32\DRIV ERS\JME.sys [2010-02-25 03:26:58 115312]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DR IVERS\vwifimp.sys [2009-07-14 00:07:28 17920]


    Contenu du dossier 'Tâches planifiées'

    2012-07-20 C:\Windows\Tasks\Adobe Flash Player Updater.job
    - C:\Windows\SysWOW64\Macromed\F lash\FlashPlayerUpdateService. exe [2012-04-02 06:25:56 . 2012-07-16 12:31:20]

    2012-07-20 C:\Windows\Tasks\GoogleUpdateT askMachineCore.job
    - C:\Program Files (x86)\Google\Update\GoogleUpda te.exe [2011-01-12 15:50:06 . 2011-01-12 15:50:05]

    2012-07-20 C:\Windows\Tasks\GoogleUpdateT askMachineUA.job
    - C:\Program Files (x86)\Google\Update\GoogleUpda te.exe [2011-01-12 15:50:06 . 2011-01-12 15:50:05]


    --------- X64 Entries -----------


    [HKEY_LOCAL_MACHINE\software\mi crosoft\windows\currentversion \explorer\shelliconoverlayiden tifiers\ADSMOverlayIcon1]
    @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
    [HKEY_CLASSES_ROOT\CLSID\{A8D44 8F4-0431-45AC-9F5E-E1B434AB2249}]
    2007-06-01 23:52:58 159744 ------w- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIcon ShlExt1_64.dll

    [HKEY_LOCAL_MACHINE\software\mi crosoft\windows\currentversion \explorer\shelliconoverlayiden tifiers\AsusWSShellExt_B]
    @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
    [HKEY_CLASSES_ROOT\CLSID\{6D413 3E5-0742-4ADC-8A8C-9303440F7190}]
    2009-11-26 05:49:40 70656 ------w- C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShell Ext64.dll

    [HKEY_LOCAL_MACHINE\software\mi crosoft\windows\currentversion \explorer\shelliconoverlayiden tifiers\AsusWSShellExt_O]
    @="{64174815-8D98-4CE6-8646-4C039977D808}"
    [HKEY_CLASSES_ROOT\CLSID\{64174 815-8D98-4CE6-8646-4C039977D808}]
    2009-11-26 05:49:40 70656 ------w- C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShell Ext64.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mi crosoft\Windows\CurrentVersion \Run]
    "ASUS WebStorage"="C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSServi ce.exe" [2010-03-16 01:48:34 1754448]
    "SmartAudio"="C:\Program Files\CONEXANT\SAII\SAIICpl.ex e" [2010-12-14 05:07:22 316032]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mi crosoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0

    ------- Examen supplémentaire -------

    uLocal Page = C:\Windows\system32\blank.htm
    uStart Page = about:blank
    mStart Page = about:blank
    mLocal Page = C:\Windows\SysWOW64\blank.htm
    IE: E&xporter vers Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\ EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - C:\Users\Théodore\AppData\Roam ing\Mozilla\Firefox\Profiles\1 uk9vlgr.default\

    - - - - ORPHELINS SUPPRIMES - - - -

    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    HKLM-Run-ETDWare - C:\Program Files (x86)\Elantech\ETDCtrl.exe



    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{A483C 63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@C:\\Window s\\SysWOW64\\Macromed\\Flash\\ FlashUtil32_11_3_300_265_Activ eX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{A483C 63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{A483C 63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="C:\\Windows\\SysWOW64\\Macr omed\\Flash\\FlashUtil32_11_3_ 300_265_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{A483C 63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{D27CD B6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{D27CD B6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="C:\\Windows\\SysWOW64\\Macr omed\\Flash\\Flash32_11_3_300_ 265.ocx"
    "ThreadingModel"="Apartmen t"

    [HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{D27CD B6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{D27CD B6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFla sh.11"

    [HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{D27CD B6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="C:\\Windows\\SysWOW64\\Macr omed\\Flash\\Flash32_11_3_300_ 265.ocx, 1"

    [HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{D27CD B6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{D27CD B6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{D27CD B6E-AE6D-11cf-96B8-444553540000}\VersionIndepende ntProgID]
    @="ShockwaveFlash.ShockwaveFla sh"

    [HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{D27CD B70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{D27CD B70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="C:\\Windows\\SysWOW64\\Macr omed\\Flash\\Flash32_11_3_300_ 265.ocx"
    "ThreadingModel"="Apartmen t"

    [HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{D27CD B70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1 "

    [HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{D27CD B70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="C:\\Windows\\SysWOW64\\Macr omed\\Flash\\Flash32_11_3_300_ 265.ocx, 1"

    [HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{D27CD B70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{D27CD B70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\CLSID\{D27CD B70-AE6D-11cf-96B8-444553540000}\VersionIndepende ntProgID]
    @="FlashFactory.FlashFactory "

    [HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\Interface\{E 3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\Interface\{E 3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Cl asses\Wow6432Node\Interface\{E 3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\system\Cont rolSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSett ings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\Cont rolSet001\Control\Class\{4D36E 96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSett ings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\Cont rolSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)

  3. #3
    kalimusic

    Re : Trojan.Sirefef.fy;HK;tout le reste de la famille :(

    Bonjour et bienvenue sur Futura Sciences


    ComboFix est un outil très puissant à ne pas utiliser sans connaissance (même si dans ton cas, il était approprié à l'infection).
    As tu toujours des alertes de BitDefender ?

    Peux tu faire ce diagnostic :

    Télécharge OTL (de OldTimer) sur ton Bureau.

    Ferme toutes tes applications en cours
    • Lance OTL.exe, l'interface principale s'ouvre.
    • Dans la section Rapport en haut à droite de la fenêtre, coche Rapport minimal
    • Coche la case Tous les utilisateurs
    • Laisse tous les autres paramètres par défaut
    • Dans la partie "Personnalisation", copie/colle la liste en citation :
    msconfig
    /md5start
    explorer.exe
    winlogon.exe
    userinit.exe
    svchost.exe
    services.exe
    wshelper.dll
    /md5stop
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %ALLUSERSPROFILE%\Application Data\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    CREATERESTOREPOINT
    • Clique sur le bouton Analyse rapide, patiente pendant le balayage du système.
    • 2 rapports vont s'ouvrir au format bloc-note :
    • OTL.txt (qui sera affiché) ainsi que Extras.txt (réduit dans la barre des tâches)
    • Poste ces 2 rapports en PJ

    Aide : Tutorial OTL (par Malekal)

    A +
    «La raison et la logique ne peuvent rien contre l'entêtement et la sottise.»

Discussions similaires

  1. Infection par ATRAPS.Gen, Sirefef.AG.35 et Small.FI
    Par Daerigaaz dans le forum Sécurité et malwares : désinfectez votre machine
    Réponses: 11
    Dernier message: 08/07/2012, 13h43
  2. (Avira 2012) Sirefef.BV.2 et Crypt.XPACK.Gen
    Par Yoghourt dans le forum Sécurité et malwares : désinfectez votre machine
    Réponses: 28
    Dernier message: 20/02/2012, 22h48
  3. [Evolution] Super famille/Famille/Sous famille
    Par Sozory dans le forum Biologie
    Réponses: 4
    Dernier message: 21/03/2011, 14h38
  4. mon ail reste tout petit ...
    Par kinou72 dans le forum Jardinage
    Réponses: 15
    Dernier message: 09/10/2010, 06h34
  5. Dinosaures : tout, tout, tout, vous saurez tout sur les raptors !
    Par RSSBot dans le forum Commentez les actus, dossiers et définitions
    Réponses: 0
    Dernier message: 08/03/2005, 12h51
Découvrez nos comparatifs produits sur l'informatique et les technologies.