Impossible de lancer spybot
Résolu/Fermé
STEPHANE1904
Messages postés
12
Date d'inscription
jeudi 1 novembre 2007
Statut
Membre
Dernière intervention
17 novembre 2010
-
16 nov. 2010 à 20:00
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 17 nov. 2010 à 20:38
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 17 nov. 2010 à 20:38
A voir également:
- Impossible de lancer spybot
- Telecharger spybot - Télécharger - Antivirus & Antimalwares
- Qu'est ce qui se lance au démarrage de l'ordinateur - Guide
- Lancer une application au démarrage windows 10 - Guide
- Voici une présentation avec des animations. quand on lance le diaporama, quels fruits descendent du haut de l’écran ? - Forum Powerpoint
- Lancer thunderbird au démarrage ✓ - Forum Thunderbird
7 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
16 nov. 2010 à 20:01
16 nov. 2010 à 20:01
slt
Télécharge OTL de OLDTimer ici :
http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/
et enregistre le sur ton Bureau.
Double clic sur OTL.exe pour le lancer.
Coche les 2 cases Lop et Purity
Coche la case devant "scan all users"
Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
Pour me le transmettre clique sur ce lien :
http://www.cijoint.fr/
Clique sur Parcourir et cherche le fichier ci-dessus.
Clique sur Ouvrir.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
Télécharge OTL de OLDTimer ici :
http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/
et enregistre le sur ton Bureau.
Double clic sur OTL.exe pour le lancer.
Coche les 2 cases Lop et Purity
Coche la case devant "scan all users"
Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
Pour me le transmettre clique sur ce lien :
http://www.cijoint.fr/
Clique sur Parcourir et cherche le fichier ci-dessus.
Clique sur Ouvrir.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
STEPHANE1904
Messages postés
12
Date d'inscription
jeudi 1 novembre 2007
Statut
Membre
Dernière intervention
17 novembre 2010
16 nov. 2010 à 20:36
16 nov. 2010 à 20:36
bonsoir merci de vous occuper de mon cas ci-joint le lien demandé http://www.cijoint.fr/cjlink.php?file=cj201011/cij7fVvYL8.txt
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
16 nov. 2010 à 23:09
16 nov. 2010 à 23:09
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
STEPHANE1904
Messages postés
12
Date d'inscription
jeudi 1 novembre 2007
Statut
Membre
Dernière intervention
17 novembre 2010
17 nov. 2010 à 01:01
17 nov. 2010 à 01:01
Rebonsoir
Ci dessous le rapport et encore merci de tonaide
ComboFix 10-11-16.02 - STEPHANE 17/11/2010 0:29.2.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.841 [GMT 1:00]
Lancé depuis: c:\users\STEPHANE\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
Une copie infectée de c:\windows\system32\drivers\iaStor.sys a été trouvée et désinfectée
Copie restaurée à partir de - Kitty had a snack :p
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-10-16 au 2010-11-16 ))))))))))))))))))))))))))))))))))))
.
2010-11-16 23:41 . 2010-11-16 23:44 -------- d-----w- c:\users\STEPHANE\AppData\Local\temp
2010-11-16 23:28 . 2010-11-16 23:28 -------- d-----w- c:\programdata\TOSHIBA Tempro
2010-11-16 18:36 . 2010-11-16 18:37 -------- d-----w- c:\program files\SSD
2010-11-16 17:57 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D39E15F-E00E-4775-BD47-DF75BC296823}\mpengine.dll
2010-11-15 17:43 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-15 17:43 . 2010-11-15 17:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-15 17:43 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-14 14:50 . 2010-11-14 14:50 -------- d-----w- c:\users\STEPHANE\AppData\Local\STARGAZE_IMAGE_CACHE
2010-11-14 14:50 . 2010-11-14 14:50 -------- d-----w- c:\programdata\Alawar Stargaze
2010-11-13 17:13 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-04 20:33 . 2010-11-15 20:01 -------- d-----w- c:\program files\Panda Security
2010-11-03 20:43 . 2010-11-15 19:59 -------- d-----w- c:\programdata\Lavasoft
2010-11-02 20:39 . 2010-11-02 21:36 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-10-27 17:26 . 2010-10-27 17:26 -------- d-----w- c:\programdata\Macrium
2010-10-27 17:24 . 2010-10-27 17:24 -------- d-----w- c:\program files\Macrium
2010-10-27 05:35 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 05:35 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 05:35 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-22 11:26 . 2010-11-15 19:59 -------- d-----w- c:\programdata\Iminent
2010-10-22 11:25 . 2010-08-16 14:06 24576 ----a-w- c:\program files\Mozilla Firefox\extensions\webbooster@iminent.com\components\Iminent.XPCOM.dll
2010-10-22 11:20 . 2010-10-22 11:20 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-10-22 05:47 . 2010-10-22 05:47 -------- d-----w- c:\program files\Apple Software Update
2010-10-20 21:13 . 2010-10-20 21:13 -------- d-----w- c:\users\STEPHANE\AppData\Roaming\HiYo
2010-10-20 21:13 . 2010-10-20 21:13 -------- d-----w- c:\programdata\HiYo
2010-10-20 21:13 . 2010-10-20 21:13 -------- d-----w- c:\program files\HiYo
2010-10-20 20:17 . 2009-09-04 15:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-10-20 20:17 . 2009-09-04 15:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-10-20 20:17 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-10-20 20:17 . 2010-10-20 20:17 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\c26319811cb709307\MeshBetaRemover.exe
2010-10-20 20:16 . 2010-10-20 20:16 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\b7bf19c11cb709305\DSETUP.dll
2010-10-20 20:16 . 2010-10-20 20:16 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\b7bf19c11cb709305\DXSETUP.exe
2010-10-20 20:16 . 2010-10-20 20:16 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\b7bf19c11cb709305\dsetup32.dll
2010-10-20 20:16 . 2010-10-20 20:16 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\b5f815611cb709304\DSETUP.dll
2010-10-20 20:16 . 2010-10-20 20:16 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\b5f815611cb709304\DXSETUP.exe
2010-10-20 20:16 . 2010-10-20 20:16 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\b5f815611cb709304\dsetup32.dll
2010-10-20 19:13 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-20 17:14 . 2010-10-22 07:20 -------- d-----w- c:\users\STEPHANE\AppData\Local\Windows Live
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-15 19:27 . 2010-01-26 20:48 691 ----a-w- c:\users\STEPHANE\AppData\Roaming\GetValue.vbs
2010-11-15 19:27 . 2010-01-26 20:48 35 ----a-w- c:\users\STEPHANE\AppData\Roaming\SetValue.bat
2010-10-19 09:41 . 2009-10-02 16:08 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-13 13:49 . 2010-10-13 13:49 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-09-28 12:03 . 2010-09-28 12:03 12256 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2010-09-28 12:03 . 2010-09-28 12:03 15328 ----a-w- c:\windows\system32\drivers\pssnap.sys
2010-09-28 12:03 . 2010-09-28 12:03 44512 ----a-w- c:\windows\system32\drivers\psmounter.sys
2010-09-13 13:56 . 2010-10-14 05:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 06:09 . 2010-09-08 06:08 19657194 ----a-w- C:\vlc-1.1.4-win32.exe
2010-09-08 06:01 . 2010-10-14 05:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57 . 2010-10-14 05:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57 . 2010-10-14 05:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56 . 2010-10-14 05:56 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56 . 2010-10-14 05:56 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04 . 2010-10-14 05:56 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26 . 2010-10-14 05:56 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25 . 2010-10-14 05:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-07 15:12 . 2010-06-30 19:35 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-02-01 23:51 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-02-01 23:53 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-02-01 23:53 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-02-01 23:53 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-02-01 23:53 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2010-02-01 23:53 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-06 19:50 . 2010-09-06 19:50 4484 ----a-w- c:\windows\system32\drivers\cpuidlep.sys
2010-09-06 16:20 . 2010-10-14 05:56 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-14 05:56 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-14 05:56 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-14 05:56 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-14 05:56 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-31 15:46 . 2010-10-14 05:56 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46 . 2010-10-14 05:56 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44 . 2010-10-14 05:55 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27 . 2010-10-14 05:55 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37 . 2010-10-14 05:56 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33 . 2010-10-27 05:35 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 05:35 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-27 05:35 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 05:35 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-20 16:05 . 2010-10-14 05:55 867328 ----a-w- c:\windows\system32\wmpmde.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
2007-07-31 14:33 1391640 ----a-w- c:\program files\speed-bit\tbspee.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}"= "c:\program files\speed-bit\tbspee.dll" [2007-07-31 1391640]
[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= "c:\program files\speed-bit\tbspee.dll" [2007-07-31 1391640]
[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-11-14 10:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-11-14 10:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-03-08 160328]
"Google Update"="c:\users\STEPHANE\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-25 135664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Connexion SFR 9props.exe"="c:\program files\SFR\Kit\9props.exe" [2009-10-15 959808]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-09-01 98304]
"Glary Memory Optimizer"="c:\program files\Glary Utilities\memdefrag.exe" [2008-10-29 89600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 577536]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 438272]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe" [2009-03-08 147456]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-11-14 49416]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-03-13 33048]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
"CardDetectorICON225"="c:\program files\CardDetector\ICON225\CardDetector.exe" [2007-11-13 278528]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]
"BEWINTERNET-FR-DMGP-V2SessionManager"="c:\program files\Orange\IEWInternet\SessionManager\SessionManager.exe" [2008-02-13 102400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Hiyo"="c:\program files\HiYo\bin\HiYo.exe" [2010-10-20 238960]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"IMBooster"="c:\program files\Iminent\IMBooster\imbooster.exe" [2010-08-16 1631736]
"Iminent.Notifier"="c:\program files\Iminent\SearchTheWeb\Iminent.Notifier.exe" [2010-07-09 536056]
c:\users\STEPHANE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PrintKey 2000 Fr.lnk - c:\program files\PrintKey 2000 Fr\Printkey 2000 Fr.exe [2001-6-25 869888]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Monitor.lnk - c:\program files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2009-2-1 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-11-14 10:07 96008 ----a-w- c:\windows\System32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hyperappel du Petit Larousse 2009.lnk]
backup=c:\windows\pss\Hyperappel du Petit Larousse 2009.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^STEPHANE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OUTLOOK - Raccourci.lnk]
backup=c:\windows\pss\OUTLOOK - Raccourci.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^STEPHANE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Vista Rainbar.exe - Raccourci.lnk]
backup=c:\windows\pss\Vista Rainbar.exe - Raccourci.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-04-13 00:29 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMBooster]
2010-08-16 14:07 1631736 ----a-w- c:\program files\Iminent\IMBooster\IMBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2008-07-09 21:05 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Neuf Media Center]
2008-10-10 18:24 726336 ----a-w- c:\program files\SFR\Media Center\MediaCenter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2007-02-19 14:00 571024 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPRO]
2010-08-27 11:14 1050072 ----a-w- c:\program files\Toshiba TEMPRO\TemproTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2924939454-3407247330-1690009250-1000]
"EnableNotificationsRef"=dword:00000001
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c99cfb15083feb;Google Update Service (gupdate1c99cfb15083feb);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 133104]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2010-08-27 124368]
R3 avshws;YouUp Simulated Hardware;c:\windows\system32\DRIVERS\youup.sys [2009-02-13 57344]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-10-13 23456]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-11-13 95744]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-11-13 51968]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-09-12 251248]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\AF8.tmp [x]
R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-02-26 639224]
S0 CplIR;Embedded IR Driver;c:\windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
S0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2007-03-10 210432]
S0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [2010-09-28 15328]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2008-09-12 233472]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-05-20 88176]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2010-09-28 220128]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2008-09-12 36512]
S3 NETw5v32;Pilote de carte de la série Intel(R) Wireless WiFi Link 5000 pour Windows Vista 32 bits ;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-05-31 6638080]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - FSUSBEXDISK
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contenu du dossier 'Tâches planifiées'
2010-10-28 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2009-10-01 18:28]
2010-11-16 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-11-26 16:58]
2010-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 18:57]
2010-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 18:57]
2010-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2924939454-3407247330-1690009250-1000Core.job
- c:\users\STEPHANE\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-08 07:10]
2010-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2924939454-3407247330-1690009250-1000UA.job
- c:\users\STEPHANE\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-08 07:10]
.
.
------- Examen supplémentaire -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Barre RoboForm - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Enregistrer le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Personnaliser le menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Remplir le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
FF - ProfilePath - c:\users\STEPHANE\AppData\Roaming\Mozilla\Firefox\Profiles\8g6doruo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - IMBooster4web-en Customized Web Search
FF - prefs.js: browser.startup.homepage - chrome://fastdial/content/fastdial.html
FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\webbooster@iminent.com\components\Iminent.XPCOM.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - component: c:\users\STEPHANE\AppData\Roaming\Mozilla\Firefox\Profiles\8g6doruo.default\extensions\{5f67de8f-699c-425b-9fde-e07a37d6b691}\components\FFExternalAlert.dll
FF - component: c:\users\STEPHANE\AppData\Roaming\Mozilla\Firefox\Profiles\8g6doruo.default\extensions\{5f67de8f-699c-425b-9fde-e07a37d6b691}\components\RadioWMPCore.dll
FF - component: c:\users\STEPHANE\AppData\Roaming\Mozilla\Firefox\Profiles\8g6doruo.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\components\Engine.dll
FF - component: c:\users\STEPHANE\AppData\Roaming\Mozilla\Firefox\Profiles\8g6doruo.default\extensions\engine@conduit.com\components\FFExternalAlert.dll
FF - component: c:\users\STEPHANE\AppData\Roaming\Mozilla\Firefox\Profiles\8g6doruo.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\STEPHANE\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\all-iminent.js - pref("iminent.appInstanceUid", "5037fdc6-b7d1-4d33-a448-bbe4c50a0854");
c:\program files\Mozilla Firefox\defaults\pref\all-iminent.js - pref("iminent.currentLcid", "1036");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- Associations de fichier -------
.
.txt=UltraEdit.txt
.
- - - - ORPHELINS SUPPRIMES - - - -
URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
URLSearchHooks-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
HKCU-RunOnce-.IMinentUpdate - c:\users\STEPHANE\AppData\Local\Temp\NotifierSetup.exe
**************************************************************************
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés:
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\AF8.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\S-1-5-21-2924939454-3407247330-1690009250-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5E0901A7-7527-81FD-186B-2F490EACB0D8}*]
@Allowed: (Read) (RestrictedCode)
"abcipnhjeiiknoflndimaagecpfmbhogaj"=hex:61,61,00,00
"bbcipnhjeiiknoflndlmlofljicknakopacp"=hex:61,61,00,00
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000003d
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(1552)
c:\program files\Iminent\IMBooster\Iminent.WinCore.dll
c:\program files\RocketDock\RocketDock.dll
c:\program files\Unlocker\UnlockerHook.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infql2.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Protector Suite QL\upeksvr.exe
c:\windows\system32\conime.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\rundll32.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\RtHDVCpl.exe
c:\program files\SFR\Logiciel de Synchronisation SFR\Logiciel de Synchronisation SFRTray.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Brother\Brmfcmon\BrMfimon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Heure de fin: 2010-11-17 00:54:30 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-11-16 23:54
Avant-CF: 53 448 773 632 octets libres
Après-CF: 53 108 957 184 octets libres
- - End Of File - - 8D758794D2E3051EC6719B14A0D434BD
Ci dessous le rapport et encore merci de tonaide
ComboFix 10-11-16.02 - STEPHANE 17/11/2010 0:29.2.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.841 [GMT 1:00]
Lancé depuis: c:\users\STEPHANE\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
Une copie infectée de c:\windows\system32\drivers\iaStor.sys a été trouvée et désinfectée
Copie restaurée à partir de - Kitty had a snack :p
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-10-16 au 2010-11-16 ))))))))))))))))))))))))))))))))))))
.
2010-11-16 23:41 . 2010-11-16 23:44 -------- d-----w- c:\users\STEPHANE\AppData\Local\temp
2010-11-16 23:28 . 2010-11-16 23:28 -------- d-----w- c:\programdata\TOSHIBA Tempro
2010-11-16 18:36 . 2010-11-16 18:37 -------- d-----w- c:\program files\SSD
2010-11-16 17:57 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D39E15F-E00E-4775-BD47-DF75BC296823}\mpengine.dll
2010-11-15 17:43 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-15 17:43 . 2010-11-15 17:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-15 17:43 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-14 14:50 . 2010-11-14 14:50 -------- d-----w- c:\users\STEPHANE\AppData\Local\STARGAZE_IMAGE_CACHE
2010-11-14 14:50 . 2010-11-14 14:50 -------- d-----w- c:\programdata\Alawar Stargaze
2010-11-13 17:13 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-04 20:33 . 2010-11-15 20:01 -------- d-----w- c:\program files\Panda Security
2010-11-03 20:43 . 2010-11-15 19:59 -------- d-----w- c:\programdata\Lavasoft
2010-11-02 20:39 . 2010-11-02 21:36 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-10-27 17:26 . 2010-10-27 17:26 -------- d-----w- c:\programdata\Macrium
2010-10-27 17:24 . 2010-10-27 17:24 -------- d-----w- c:\program files\Macrium
2010-10-27 05:35 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 05:35 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 05:35 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-22 11:26 . 2010-11-15 19:59 -------- d-----w- c:\programdata\Iminent
2010-10-22 11:25 . 2010-08-16 14:06 24576 ----a-w- c:\program files\Mozilla Firefox\extensions\webbooster@iminent.com\components\Iminent.XPCOM.dll
2010-10-22 11:20 . 2010-10-22 11:20 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-10-22 05:47 . 2010-10-22 05:47 -------- d-----w- c:\program files\Apple Software Update
2010-10-20 21:13 . 2010-10-20 21:13 -------- d-----w- c:\users\STEPHANE\AppData\Roaming\HiYo
2010-10-20 21:13 . 2010-10-20 21:13 -------- d-----w- c:\programdata\HiYo
2010-10-20 21:13 . 2010-10-20 21:13 -------- d-----w- c:\program files\HiYo
2010-10-20 20:17 . 2009-09-04 15:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-10-20 20:17 . 2009-09-04 15:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-10-20 20:17 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-10-20 20:17 . 2010-10-20 20:17 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\c26319811cb709307\MeshBetaRemover.exe
2010-10-20 20:16 . 2010-10-20 20:16 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\b7bf19c11cb709305\DSETUP.dll
2010-10-20 20:16 . 2010-10-20 20:16 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\b7bf19c11cb709305\DXSETUP.exe
2010-10-20 20:16 . 2010-10-20 20:16 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\b7bf19c11cb709305\dsetup32.dll
2010-10-20 20:16 . 2010-10-20 20:16 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\b5f815611cb709304\DSETUP.dll
2010-10-20 20:16 . 2010-10-20 20:16 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\b5f815611cb709304\DXSETUP.exe
2010-10-20 20:16 . 2010-10-20 20:16 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\b5f815611cb709304\dsetup32.dll
2010-10-20 19:13 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-20 17:14 . 2010-10-22 07:20 -------- d-----w- c:\users\STEPHANE\AppData\Local\Windows Live
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-15 19:27 . 2010-01-26 20:48 691 ----a-w- c:\users\STEPHANE\AppData\Roaming\GetValue.vbs
2010-11-15 19:27 . 2010-01-26 20:48 35 ----a-w- c:\users\STEPHANE\AppData\Roaming\SetValue.bat
2010-10-19 09:41 . 2009-10-02 16:08 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-13 13:49 . 2010-10-13 13:49 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-09-28 12:03 . 2010-09-28 12:03 12256 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2010-09-28 12:03 . 2010-09-28 12:03 15328 ----a-w- c:\windows\system32\drivers\pssnap.sys
2010-09-28 12:03 . 2010-09-28 12:03 44512 ----a-w- c:\windows\system32\drivers\psmounter.sys
2010-09-13 13:56 . 2010-10-14 05:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 06:09 . 2010-09-08 06:08 19657194 ----a-w- C:\vlc-1.1.4-win32.exe
2010-09-08 06:01 . 2010-10-14 05:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57 . 2010-10-14 05:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57 . 2010-10-14 05:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56 . 2010-10-14 05:56 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56 . 2010-10-14 05:56 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04 . 2010-10-14 05:56 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26 . 2010-10-14 05:56 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25 . 2010-10-14 05:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-07 15:12 . 2010-06-30 19:35 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-02-01 23:51 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-02-01 23:53 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-02-01 23:53 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-02-01 23:53 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-02-01 23:53 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2010-02-01 23:53 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-06 19:50 . 2010-09-06 19:50 4484 ----a-w- c:\windows\system32\drivers\cpuidlep.sys
2010-09-06 16:20 . 2010-10-14 05:56 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-14 05:56 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-14 05:56 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-14 05:56 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-14 05:56 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-31 15:46 . 2010-10-14 05:56 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46 . 2010-10-14 05:56 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44 . 2010-10-14 05:55 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27 . 2010-10-14 05:55 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37 . 2010-10-14 05:56 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33 . 2010-10-27 05:35 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 05:35 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-27 05:35 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 05:35 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-20 16:05 . 2010-10-14 05:55 867328 ----a-w- c:\windows\system32\wmpmde.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
2007-07-31 14:33 1391640 ----a-w- c:\program files\speed-bit\tbspee.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}"= "c:\program files\speed-bit\tbspee.dll" [2007-07-31 1391640]
[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= "c:\program files\speed-bit\tbspee.dll" [2007-07-31 1391640]
[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-11-14 10:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-11-14 10:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-03-08 160328]
"Google Update"="c:\users\STEPHANE\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-25 135664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Connexion SFR 9props.exe"="c:\program files\SFR\Kit\9props.exe" [2009-10-15 959808]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-09-01 98304]
"Glary Memory Optimizer"="c:\program files\Glary Utilities\memdefrag.exe" [2008-10-29 89600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 577536]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 438272]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe" [2009-03-08 147456]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-11-14 49416]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-03-13 33048]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
"CardDetectorICON225"="c:\program files\CardDetector\ICON225\CardDetector.exe" [2007-11-13 278528]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]
"BEWINTERNET-FR-DMGP-V2SessionManager"="c:\program files\Orange\IEWInternet\SessionManager\SessionManager.exe" [2008-02-13 102400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Hiyo"="c:\program files\HiYo\bin\HiYo.exe" [2010-10-20 238960]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"IMBooster"="c:\program files\Iminent\IMBooster\imbooster.exe" [2010-08-16 1631736]
"Iminent.Notifier"="c:\program files\Iminent\SearchTheWeb\Iminent.Notifier.exe" [2010-07-09 536056]
c:\users\STEPHANE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PrintKey 2000 Fr.lnk - c:\program files\PrintKey 2000 Fr\Printkey 2000 Fr.exe [2001-6-25 869888]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Monitor.lnk - c:\program files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2009-2-1 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-11-14 10:07 96008 ----a-w- c:\windows\System32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hyperappel du Petit Larousse 2009.lnk]
backup=c:\windows\pss\Hyperappel du Petit Larousse 2009.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^STEPHANE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OUTLOOK - Raccourci.lnk]
backup=c:\windows\pss\OUTLOOK - Raccourci.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^STEPHANE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Vista Rainbar.exe - Raccourci.lnk]
backup=c:\windows\pss\Vista Rainbar.exe - Raccourci.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-04-13 00:29 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMBooster]
2010-08-16 14:07 1631736 ----a-w- c:\program files\Iminent\IMBooster\IMBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2008-07-09 21:05 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Neuf Media Center]
2008-10-10 18:24 726336 ----a-w- c:\program files\SFR\Media Center\MediaCenter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2007-02-19 14:00 571024 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPRO]
2010-08-27 11:14 1050072 ----a-w- c:\program files\Toshiba TEMPRO\TemproTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2924939454-3407247330-1690009250-1000]
"EnableNotificationsRef"=dword:00000001
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c99cfb15083feb;Google Update Service (gupdate1c99cfb15083feb);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 133104]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2010-08-27 124368]
R3 avshws;YouUp Simulated Hardware;c:\windows\system32\DRIVERS\youup.sys [2009-02-13 57344]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-10-13 23456]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-11-13 95744]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-11-13 51968]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-09-12 251248]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\AF8.tmp [x]
R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-02-26 639224]
S0 CplIR;Embedded IR Driver;c:\windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
S0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2007-03-10 210432]
S0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [2010-09-28 15328]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2008-09-12 233472]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-05-20 88176]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2010-09-28 220128]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2008-09-12 36512]
S3 NETw5v32;Pilote de carte de la série Intel(R) Wireless WiFi Link 5000 pour Windows Vista 32 bits ;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-05-31 6638080]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - FSUSBEXDISK
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contenu du dossier 'Tâches planifiées'
2010-10-28 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2009-10-01 18:28]
2010-11-16 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-11-26 16:58]
2010-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 18:57]
2010-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 18:57]
2010-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2924939454-3407247330-1690009250-1000Core.job
- c:\users\STEPHANE\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-08 07:10]
2010-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2924939454-3407247330-1690009250-1000UA.job
- c:\users\STEPHANE\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-08 07:10]
.
.
------- Examen supplémentaire -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Barre RoboForm - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Enregistrer le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Personnaliser le menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Remplir le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
FF - ProfilePath - c:\users\STEPHANE\AppData\Roaming\Mozilla\Firefox\Profiles\8g6doruo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - IMBooster4web-en Customized Web Search
FF - prefs.js: browser.startup.homepage - chrome://fastdial/content/fastdial.html
FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\webbooster@iminent.com\components\Iminent.XPCOM.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - component: c:\users\STEPHANE\AppData\Roaming\Mozilla\Firefox\Profiles\8g6doruo.default\extensions\{5f67de8f-699c-425b-9fde-e07a37d6b691}\components\FFExternalAlert.dll
FF - component: c:\users\STEPHANE\AppData\Roaming\Mozilla\Firefox\Profiles\8g6doruo.default\extensions\{5f67de8f-699c-425b-9fde-e07a37d6b691}\components\RadioWMPCore.dll
FF - component: c:\users\STEPHANE\AppData\Roaming\Mozilla\Firefox\Profiles\8g6doruo.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\components\Engine.dll
FF - component: c:\users\STEPHANE\AppData\Roaming\Mozilla\Firefox\Profiles\8g6doruo.default\extensions\engine@conduit.com\components\FFExternalAlert.dll
FF - component: c:\users\STEPHANE\AppData\Roaming\Mozilla\Firefox\Profiles\8g6doruo.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\STEPHANE\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\all-iminent.js - pref("iminent.appInstanceUid", "5037fdc6-b7d1-4d33-a448-bbe4c50a0854");
c:\program files\Mozilla Firefox\defaults\pref\all-iminent.js - pref("iminent.currentLcid", "1036");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- Associations de fichier -------
.
.txt=UltraEdit.txt
.
- - - - ORPHELINS SUPPRIMES - - - -
URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
URLSearchHooks-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
HKCU-RunOnce-.IMinentUpdate - c:\users\STEPHANE\AppData\Local\Temp\NotifierSetup.exe
**************************************************************************
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés:
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\AF8.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\S-1-5-21-2924939454-3407247330-1690009250-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5E0901A7-7527-81FD-186B-2F490EACB0D8}*]
@Allowed: (Read) (RestrictedCode)
"abcipnhjeiiknoflndimaagecpfmbhogaj"=hex:61,61,00,00
"bbcipnhjeiiknoflndlmlofljicknakopacp"=hex:61,61,00,00
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000003d
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(1552)
c:\program files\Iminent\IMBooster\Iminent.WinCore.dll
c:\program files\RocketDock\RocketDock.dll
c:\program files\Unlocker\UnlockerHook.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infql2.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Protector Suite QL\upeksvr.exe
c:\windows\system32\conime.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\rundll32.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\RtHDVCpl.exe
c:\program files\SFR\Logiciel de Synchronisation SFR\Logiciel de Synchronisation SFRTray.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Brother\Brmfcmon\BrMfimon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Heure de fin: 2010-11-17 00:54:30 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-11-16 23:54
Avant-CF: 53 448 773 632 octets libres
Après-CF: 53 108 957 184 octets libres
- - End Of File - - 8D758794D2E3051EC6719B14A0D434BD
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
17 nov. 2010 à 11:43
17 nov. 2010 à 11:43
mets à jour malwarebyte et colle un rapport avec
spybot remarche?
a plus
spybot remarche?
a plus
STEPHANE1904
Messages postés
12
Date d'inscription
jeudi 1 novembre 2007
Statut
Membre
Dernière intervention
17 novembre 2010
17 nov. 2010 à 19:59
17 nov. 2010 à 19:59
Bonjour
Pour spybot c'est ok je pense que le probléme est résolu j'ai vu passé un rookit hier soir combofix a été obligé de redémarrer une fois avant de chercher il m'a indiqué NT3 quelque chose comme cela ..
Cela te parle (je me permets de te tutoyer)
ci joint le rapport
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 5121
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975
17/11/2010 19:48:00
mbam-log-2010-11-17 (19-48-00).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 164203
Temps écoulé: 13 minute(s), 7 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Pour spybot c'est ok je pense que le probléme est résolu j'ai vu passé un rookit hier soir combofix a été obligé de redémarrer une fois avant de chercher il m'a indiqué NT3 quelque chose comme cela ..
Cela te parle (je me permets de te tutoyer)
ci joint le rapport
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 5121
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975
17/11/2010 19:48:00
mbam-log-2010-11-17 (19-48-00).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 164203
Temps écoulé: 13 minute(s), 7 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
17 nov. 2010 à 20:38
17 nov. 2010 à 20:38
ok
colle un rapport d'une analyse en ligne avec un des 4 premiers antivirus proposés ici: antivirus en ligne
et dis nous quels sont tes problèmes actuels
a plus
colle un rapport d'une analyse en ligne avec un des 4 premiers antivirus proposés ici: antivirus en ligne
et dis nous quels sont tes problèmes actuels
a plus