Activer centre de sécurité window 7'infection
Résolu/Fermé
G17o7
Messages postés
28
Date d'inscription
lundi 20 septembre 2010
Statut
Membre
Dernière intervention
16 septembre 2014
-
Modifié par G17o7 le 20/12/2010 à 21:03
xXDrDeathXx Messages postés 1 Date d'inscription lundi 11 avril 2011 Statut Membre Dernière intervention 11 avril 2011 - 11 avril 2011 à 16:47
xXDrDeathXx Messages postés 1 Date d'inscription lundi 11 avril 2011 Statut Membre Dernière intervention 11 avril 2011 - 11 avril 2011 à 16:47
A voir également:
- Activer centre de sécurité window 7'infection
- Passer de windows 7 à windows 10 - Guide
- Comment activer windows 10 - Guide
- Clé windows 7 - Guide
- Centre de messagerie - Guide
- Activer le pavé tactile - Guide
39 réponses
G17o7
Messages postés
28
Date d'inscription
lundi 20 septembre 2010
Statut
Membre
Dernière intervention
16 septembre 2014
23 déc. 2010 à 19:08
23 déc. 2010 à 19:08
jai tout fait , sans redemmarer lordinateur sans sauvegarder le bloc-note , je fais quoi?
Utilisateur anonyme
23 déc. 2010 à 19:58
23 déc. 2010 à 19:58
bonsoir,
relance MBAM clique sur l'onglet rapport,
ouvre le dernier rapport en date, copiue et colle le contenu sur ton prochain message :-)
relance MBAM clique sur l'onglet rapport,
ouvre le dernier rapport en date, copiue et colle le contenu sur ton prochain message :-)
G17o7
Messages postés
28
Date d'inscription
lundi 20 septembre 2010
Statut
Membre
Dernière intervention
16 septembre 2014
23 déc. 2010 à 21:40
23 déc. 2010 à 21:40
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Version de la base de données: 5384
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
23/12/2010 17:51:38
mbam-log-2010-12-23 (17-51-38).txt
Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 206873
Temps écoulé: 1 heure(s), 21 minute(s), 1 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Z30KYPG3WS (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL\SearchAssistant (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\program files\chat-land\chat-land.exe (Trojan.Hijacker) -> Quarantined and deleted successfully.
c:\Users\sala diouf\PWMM\movie maker\WMM2EXT.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\Users\sala diouf\PWMM\movie maker\WMM2FILT.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\Windows\System32\C_20273U.dll (Trojan.Agent) -> Quarantined and deleted successfully.
www.malwarebytes.org
Version de la base de données: 5384
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
23/12/2010 17:51:38
mbam-log-2010-12-23 (17-51-38).txt
Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 206873
Temps écoulé: 1 heure(s), 21 minute(s), 1 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Z30KYPG3WS (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL\SearchAssistant (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\program files\chat-land\chat-land.exe (Trojan.Hijacker) -> Quarantined and deleted successfully.
c:\Users\sala diouf\PWMM\movie maker\WMM2EXT.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\Users\sala diouf\PWMM\movie maker\WMM2FILT.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\Windows\System32\C_20273U.dll (Trojan.Agent) -> Quarantined and deleted successfully.
Utilisateur anonyme
23 déc. 2010 à 21:51
23 déc. 2010 à 21:51
relance MBAM, vide sa quarantaine, refais une mise à jour et relance un autre scan complet,
s'il trouve des choses, mets tout en quarantaine ou supprime tout,
poste son rapport
s'il trouve des choses, mets tout en quarantaine ou supprime tout,
poste son rapport
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
G17o7
Messages postés
28
Date d'inscription
lundi 20 septembre 2010
Statut
Membre
Dernière intervention
16 septembre 2014
24 déc. 2010 à 13:18
24 déc. 2010 à 13:18
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Version de la base de données: 5385
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
23/12/2010 23:21:26
mbam-log-2010-12-23 (23-21-26).txt
Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 209250
Temps écoulé: 1 heure(s), 48 minute(s), 47 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
www.malwarebytes.org
Version de la base de données: 5385
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
23/12/2010 23:21:26
mbam-log-2010-12-23 (23-21-26).txt
Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 209250
Temps écoulé: 1 heure(s), 48 minute(s), 47 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Utilisateur anonyme
24 déc. 2010 à 13:26
24 déc. 2010 à 13:26
bonjour,
. télécharges Ccleaner à partir de cette adresse et enregistres le sur le bureau
https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/
.double-cliques sur le fichier pour lancer l'installation
/!\Utilisateur de Vista et windows 7 : Clique droit sur le logo de Ccleaner, « exécuter en tant qu'Administrateur »
.sur la fenêtre de l'installation langage bien choisir français et OK
.cliques sur suivant
.lis la licence et j'accepte
.cliques sur suivant
.la tu ne gardes de coché que mettre un raccourci sur le bureau et puis contrôler automatiquement les mises à jour de Ccleaner
.cliques sur installer
.cliques sur fermer
.double-cliques sur l'icône de Ccleaner pour l'ouvrir
.une fois ouvert tu cliques sur option et puis avancé
.tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 24 heures
.cliques sur nettoyeur
.cliques sur windows et dans la colonne avancé
.coches la première case vieilles données du perfetch que celle-la ce qui te donnes la case vielles données du perfetch et la case avancé qui c'est coché automatiquement mais que celle-la
.cliques sur analyse une fois l'analyse terminé
.cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vériffis en appuiant de nouveau sur analyse pour être sur qu'il n'y est plus rien
.cliques maintenant sur registre et puis sur rechercher les erreurs
.laisses tout cochées et cliques sur réparrer les erreurs sélectionnées
.il te demande de sauvegarder OUI
.tu lui donnes un nom pour pouvoir la retrouver et enregistre
.cliques sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK
.il supprime et fermer tu vérifies en relançant rechercher les erreurs
.tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch
.tu peux fermer Ccleaner
. télécharges Ccleaner à partir de cette adresse et enregistres le sur le bureau
https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/
.double-cliques sur le fichier pour lancer l'installation
/!\Utilisateur de Vista et windows 7 : Clique droit sur le logo de Ccleaner, « exécuter en tant qu'Administrateur »
.sur la fenêtre de l'installation langage bien choisir français et OK
.cliques sur suivant
.lis la licence et j'accepte
.cliques sur suivant
.la tu ne gardes de coché que mettre un raccourci sur le bureau et puis contrôler automatiquement les mises à jour de Ccleaner
.cliques sur installer
.cliques sur fermer
.double-cliques sur l'icône de Ccleaner pour l'ouvrir
.une fois ouvert tu cliques sur option et puis avancé
.tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 24 heures
.cliques sur nettoyeur
.cliques sur windows et dans la colonne avancé
.coches la première case vieilles données du perfetch que celle-la ce qui te donnes la case vielles données du perfetch et la case avancé qui c'est coché automatiquement mais que celle-la
.cliques sur analyse une fois l'analyse terminé
.cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vériffis en appuiant de nouveau sur analyse pour être sur qu'il n'y est plus rien
.cliques maintenant sur registre et puis sur rechercher les erreurs
.laisses tout cochées et cliques sur réparrer les erreurs sélectionnées
.il te demande de sauvegarder OUI
.tu lui donnes un nom pour pouvoir la retrouver et enregistre
.cliques sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK
.il supprime et fermer tu vérifies en relançant rechercher les erreurs
.tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch
.tu peux fermer Ccleaner
Utilisateur anonyme
24 déc. 2010 à 14:50
24 déc. 2010 à 14:50
il faut savoir qu'on n'arrive pas à réparer toutes les erreurs !!!
comment va le pc avant de inaliser la désinfection ?
comment va le pc avant de inaliser la désinfection ?
, sa lag plus , plus derreurs ... impeccable . Je crois que tout est fini vraiment je ne sais COMMENT VS REMERCIER pendant 2jours vous mavez suivi jusqu'a la fin , maintnant mon ordi va comme si il était , neuf meme le WINDOW DEFENDER st activé . Vraiment mille fois merci que Dieu vs béni xDDDDDDDDDD . Joyeu Noel
Utilisateur anonyme
24 déc. 2010 à 15:16
24 déc. 2010 à 15:16
on términe la désinfection :
* pour supprimer les outils de désinfection
:
Télecharge Delfix sur ton bureau :
http://sd-1.archive-host.com/membres/up/17959594961240255/DelFix.exe
*Clique sur le bouton « Suppression » et poste son rapport sur ton prochain message
**Pour le désinstaller, il suffit de le relancer et cliquer sur le bouton de désinstallation.
* Désactivation, puis Réactivation de la restauration système après désinfection :
Il est nécessaire de désactiver puis réactiver la restauration système pour la purger car les points de restauration peuvent être infectés :
Pour Windows 7 :
http://www.jenyburn.com/home/comment-desactiver-la-restauration-du-systeme-sous-windows-7
* fais une mise à jour de ton antivirus, lance un scan complet de ton pc, tiens moi au courant du résultat :-)
* pour supprimer les outils de désinfection
:
Télecharge Delfix sur ton bureau :
http://sd-1.archive-host.com/membres/up/17959594961240255/DelFix.exe
*Clique sur le bouton « Suppression » et poste son rapport sur ton prochain message
**Pour le désinstaller, il suffit de le relancer et cliquer sur le bouton de désinstallation.
* Désactivation, puis Réactivation de la restauration système après désinfection :
Il est nécessaire de désactiver puis réactiver la restauration système pour la purger car les points de restauration peuvent être infectés :
Pour Windows 7 :
http://www.jenyburn.com/home/comment-desactiver-la-restauration-du-systeme-sous-windows-7
* fais une mise à jour de ton antivirus, lance un scan complet de ton pc, tiens moi au courant du résultat :-)
########## DelFix - Nettoyeur d'outils de désinfection ##########
#
# DelFix v6.9 - Rapport créé le 24/12/2010 à 15:00
# Mis à jour le 19/12/10 à 16h40 par Xplode
# Système d'exploitation : Windows 7 Ultimate (32 bits) [version 6.1.7600]
# Nom d'utilisateur : sala diouf - SALADIOUF-PC (Administrateur)
# Exécuté depuis : C:\Users\sala diouf\Desktop\DelFix.exe
# Option [Suppression]
~~~~~~ Dossier(s) ~~~~~~
-> C:\Qoobox\BackEnv ... ACL modifié avec succès.
Supprimé : C:\Qoobox
Supprimé : C:\Program Files\Ad-Remover
Supprimé : C:\Program Files\ZHPDiag
Supprimé : C:\Program Files\SEAF
Supprimé : C:\ProgramData\open-config
~~~~~~ Fichier(s) ~~~~~~
Supprimé : C:\ComboFix.txt
Supprimé : C:\Windows\grep.exe
Supprimé : C:\Windows\PEV.exe
Supprimé : C:\Windows\NIRCMD.exe
Supprimé : C:\Windows\MBR.exe
Supprimé : C:\Windows\sed.exe
Supprimé : C:\Windows\SWREG.exe
Supprimé : C:\Windows\SWSC.exe
Supprimé : C:\Windows\SWXCACLS.exe
Supprimé : C:\Windows\zip.exe
~~~~~~ Registre ~~~~~~
Clé Supprimée : HKLM\Software\swearware
Clé Supprimée : HKLM\Software\Classes\.cfxxe
Clé Supprimée : HKLM\Software\Classes\cfxxefile
~~~~~~ Autre ~~~~~~
########## EOF - "C:\DelFixSuppr.txt" - [1299 octets] ##########
QUEL ANTIVIRUS ME PROPOSEZ VOUS ?
#
# DelFix v6.9 - Rapport créé le 24/12/2010 à 15:00
# Mis à jour le 19/12/10 à 16h40 par Xplode
# Système d'exploitation : Windows 7 Ultimate (32 bits) [version 6.1.7600]
# Nom d'utilisateur : sala diouf - SALADIOUF-PC (Administrateur)
# Exécuté depuis : C:\Users\sala diouf\Desktop\DelFix.exe
# Option [Suppression]
~~~~~~ Dossier(s) ~~~~~~
-> C:\Qoobox\BackEnv ... ACL modifié avec succès.
Supprimé : C:\Qoobox
Supprimé : C:\Program Files\Ad-Remover
Supprimé : C:\Program Files\ZHPDiag
Supprimé : C:\Program Files\SEAF
Supprimé : C:\ProgramData\open-config
~~~~~~ Fichier(s) ~~~~~~
Supprimé : C:\ComboFix.txt
Supprimé : C:\Windows\grep.exe
Supprimé : C:\Windows\PEV.exe
Supprimé : C:\Windows\NIRCMD.exe
Supprimé : C:\Windows\MBR.exe
Supprimé : C:\Windows\sed.exe
Supprimé : C:\Windows\SWREG.exe
Supprimé : C:\Windows\SWSC.exe
Supprimé : C:\Windows\SWXCACLS.exe
Supprimé : C:\Windows\zip.exe
~~~~~~ Registre ~~~~~~
Clé Supprimée : HKLM\Software\swearware
Clé Supprimée : HKLM\Software\Classes\.cfxxe
Clé Supprimée : HKLM\Software\Classes\cfxxefile
~~~~~~ Autre ~~~~~~
########## EOF - "C:\DelFixSuppr.txt" - [1299 octets] ##########
QUEL ANTIVIRUS ME PROPOSEZ VOUS ?
Utilisateur anonyme
24 déc. 2010 à 16:06
24 déc. 2010 à 16:06
ceci est juste pour supprimer les anciens points de restauartion système souceptible de contenir des infections ;-)
il y a juste une case à décocher, valider puis recocher :-)
http://www.jenyburn.com/home/comment-desactiver-la-restauration-du-systeme-sous-windows-7
il y a juste une case à décocher, valider puis recocher :-)
http://www.jenyburn.com/home/comment-desactiver-la-restauration-du-systeme-sous-windows-7
C'est bon cétait désactiver , je l'ai activer . Je lance le scan antivirrus et je vous tiens au courant
Utilisateur anonyme
25 déc. 2010 à 08:03
25 déc. 2010 à 08:03
bonjour et joyeux noël :-)
pour en finir, crée un nouveau point de restauration système, ça peut servire ;-)
sur ce, bon surf et passe de bonne fête ;-)
pour en finir, crée un nouveau point de restauration système, ça peut servire ;-)
sur ce, bon surf et passe de bonne fête ;-)
Merci Electricien69
J'ai attrapé un virus sur Seven très bêtement, en exécutant un keygen tout pourri.
J'avais mon service Centre de Sécurité qui s'arrêtait tout seul + d'autres problèmes. Ni Avast, ni Malware Bytes n'a pu rien y faire (rien de détecté).
COMBOFIX a résolu mon problème. Hyper facilement. Franchement je recommande Combofix a tt le monde.
J'ai attrapé un virus sur Seven très bêtement, en exécutant un keygen tout pourri.
J'avais mon service Centre de Sécurité qui s'arrêtait tout seul + d'autres problèmes. Ni Avast, ni Malware Bytes n'a pu rien y faire (rien de détecté).
COMBOFIX a résolu mon problème. Hyper facilement. Franchement je recommande Combofix a tt le monde.
je rappelle que bien avant comboxFIX j'ai utilisé Malwarebytes pour une desinsfection et il avait detecté quelques virus mais toujours est il que mon probleme de service centre de sécurité windows etait toujours present.et voici le rapport de comboxFIX :
ComboFix 11-02-23.02 - Administrateur 23/02/2011 19:48:50.1.2 - x86
Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1036.18.3033.2055 [GMT 1:00]
Lancé depuis: c:\users\Administrateur\Desktop\Bibitte.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\AutocompletePro
c:\program files\AutocompletePro\AutocompletePro.dll
c:\program files\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files\AutocompletePro\FireFoxExtension.exe
c:\program files\AutocompletePro\InstTracker.exe
c:\program files\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files\AutocompletePro\support@predictad.com\install.rdf
c:\program files\AutocompletePro\unins000.dat
c:\program files\AutocompletePro\unins000.exe
c:\users\Administrateur\AppData\Roaming\.#
c:\users\SANS_CODE\AppData\Roaming\.#
c:\windows\7Loader.TAG
c:\windows\system32\MailBee.dll
c:\windows\system32\scvideo.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-01-23 au 2011-02-23 ))))))))))))))))))))))))))))))))))))
.
2011-02-23 18:56 . 2011-02-23 18:58 -------- d-----w- c:\users\Administrateur\AppData\Local\temp
2011-02-23 18:56 . 2011-02-23 18:56 -------- d-----w- c:\users\SANS_CODE\AppData\Local\temp
2011-02-23 18:56 . 2011-02-23 18:56 -------- d-----w- c:\users\Invité\AppData\Local\temp
2011-02-23 18:56 . 2011-02-23 18:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-23 18:56 . 2011-02-23 18:56 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-02-23 02:39 . 2011-02-23 02:40 -------- d-----w- c:\program files\Street_Fighter_ZERO_3
2011-02-21 21:10 . 2011-02-22 19:52 -------- d-----w- c:\users\Administrateur\AppData\Local\Connectify
2011-02-21 21:10 . 2011-02-23 12:30 -------- d-----w- c:\program files\Connectify
2011-02-21 00:44 . 2011-02-21 19:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-02-21 00:44 . 2011-02-21 00:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-21 00:22 . 2011-02-23 14:24 -------- d-----w- c:\windows\system32\wbem\repository
2011-02-20 16:34 . 2011-01-13 08:42 99792 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-02-20 16:34 . 2011-01-13 08:41 357968 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-20 16:34 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-20 16:34 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-20 16:34 . 2011-01-13 08:41 189904 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-02-20 16:34 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-20 16:34 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-20 16:34 . 2011-01-13 08:37 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-20 16:34 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-20 16:34 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-20 16:34 . 2011-01-13 08:21 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2011-02-20 16:34 . 2011-02-20 16:34 -------- d-----w- c:\program files\Alwil Software
2011-02-20 14:49 . 2011-02-22 14:18 -------- d-----w- c:\program files\Microsoft Silverlight
2011-02-20 13:51 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-02-20 11:27 . 2011-02-20 11:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-02-20 11:07 . 2011-02-20 11:08 -------- d-----w- c:\program files\VirtualDJ
2011-02-20 07:57 . 2011-02-20 07:57 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Malwarebytes
2011-02-20 07:57 . 2011-02-20 07:57 -------- d-----w- c:\programdata\Malwarebytes
2011-02-20 00:58 . 2011-02-20 00:58 76288 --sha-r- c:\windows\system32\perfc019H.dll
2011-02-18 22:54 . 2011-02-18 22:54 -------- d-----w- c:\program files\Yuna Software
2011-02-18 22:00 . 2011-02-18 22:00 -------- d-----w- c:\users\Administrateur\AppData\Local\Xenocode
2011-02-18 10:26 . 2011-02-18 10:26 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Goto Software
2011-02-18 10:26 . 2011-02-18 10:26 -------- d-----w- c:\program files\Goto Software
2011-02-18 08:02 . 2011-02-18 09:19 -------- d-----w- c:\program files\Privoxy
2011-02-17 18:19 . 2011-02-17 18:23 -------- d-----w- c:\program files\RAR Password Cracker
2011-02-17 12:59 . 2011-02-17 12:59 -------- d-----w- c:\users\Administrateur\AppData\Local\Halvar Information
2011-02-17 12:57 . 2011-02-17 12:57 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-02-17 12:57 . 2011-02-17 12:57 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-02-17 12:57 . 2011-02-17 13:17 -------- d-----w- c:\program files\hMailServer
2011-02-15 22:21 . 2011-02-15 22:21 65536 ----a-r- c:\users\Administrateur\AppData\Roaming\Microsoft\Installer\{0A311C1B-7571-40CF-A560-8C6810FD991E}\NewShortcut1_87081C521AB9485382449D7B131ECAFC.exe
2011-02-15 22:21 . 2011-02-15 22:21 65536 ----a-r- c:\users\Administrateur\AppData\Roaming\Microsoft\Installer\{0A311C1B-7571-40CF-A560-8C6810FD991E}\NewShortcut2_87081C521AB9485382449D7B131ECAFC.exe
2011-02-15 22:21 . 2011-02-15 22:22 -------- d-----w- c:\program files\SendBlaster
2011-02-15 20:19 . 2011-02-15 20:19 -------- d-sh--w- c:\programdata\TSSI
2011-02-15 20:17 . 2006-08-14 08:38 647872 ----a-w- c:\windows\system32\mscomct2.ocx
2011-02-15 20:17 . 2000-12-05 23:00 209608 ----a-w- c:\windows\system32\TABCTL32.OCX
2011-02-15 20:17 . 1998-06-23 23:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-02-15 14:46 . 2011-02-15 14:46 -------- d-----w- c:\users\SANS_CODE\AppData\Roaming\Xilisoft Corporation
2011-02-15 04:36 . 2011-02-15 04:36 -------- d-----w- C:\kleaner.tmp
2011-02-15 02:56 . 2011-02-15 02:56 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Oxemis
2011-02-14 21:50 . 2011-02-14 21:50 -------- d-----w- C:\FkeySMTP
2011-02-14 18:05 . 2011-02-14 18:05 -------- d-----w- c:\users\Administrateur\AppData\Roaming\AtomPark
2011-02-14 15:04 . 2011-02-14 15:04 -------- d-----w- c:\program files\fec
2011-02-14 14:17 . 2011-02-14 14:17 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Maxprog
2011-02-13 18:13 . 2010-07-27 14:03 12867584 ----a-w- c:\windows\system32\shell32_backup_wti.dll
2011-02-13 18:13 . 2010-06-26 05:14 1495040 ----a-w- c:\windows\system32\ExplorerFrame_backup_wti.dll
2011-02-13 18:13 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer_backup_wti.exe
2011-02-13 18:13 . 2009-07-14 01:16 859648 ----a-w- c:\windows\system32\OobeFldr_backup_wti.dll
2011-02-13 18:13 . 2011-02-13 18:29 202144 ----a-w- c:\windows\UTP.exe
2011-02-13 16:13 . 2009-07-14 01:16 37376 ----a-w- c:\windows\system32\themeservice.dll.backup
2011-02-13 16:13 . 2009-07-14 01:16 2755072 ----a-w- c:\windows\system32\themeui.dll.backup
2011-02-13 16:13 . 2009-07-14 01:16 249856 ----a-w- c:\windows\system32\uxtheme.dll.backup
2011-02-13 14:58 . 1995-10-05 23:00 766912 ----a-w- c:\windows\system\IR41.DLL
2011-02-13 14:58 . 1995-03-26 23:00 151552 ----a-w- c:\windows\system\IR32.DLL
2011-02-13 14:58 . 1995-03-21 23:00 50096 ----a-w- c:\windows\system\IYVU9.DLL
2011-02-13 14:58 . 1994-09-01 23:00 65408 ----a-w- c:\windows\system\ICCVID.DRV
2011-02-13 14:58 . 1993-11-18 23:00 7168 ----a-w- c:\windows\system\DISPDIB.DLL
2011-02-13 14:58 . 1993-11-18 23:00 49616 ----a-w- c:\windows\system\MSACM.DLL
2011-02-13 14:58 . 1993-11-18 23:00 43520 ----a-w- c:\windows\system\MSVIDC.DRV
2011-02-13 14:58 . 1993-11-18 23:00 22816 ----a-w- c:\windows\system\MSACM.DRV
2011-02-13 14:58 . 1993-11-18 23:00 14208 ----a-w- c:\windows\system\CTL3D.DLL
2011-02-13 14:58 . 1993-11-18 23:00 12800 ----a-w- c:\windows\system\ACMCMPRS.DLL
2011-02-13 14:58 . 1993-11-18 23:00 11776 ----a-w- c:\windows\system\MSRLE.DRV
2011-02-13 08:53 . 2000-12-06 13:00 109248 ----a-w- c:\windows\system32\MSWINSCK.OCX
2011-02-13 08:53 . 2002-01-09 18:31 253952 ----a-w- c:\windows\system32\mlistx.ocx
2011-02-13 08:38 . 2011-02-14 14:21 -------- d-----w- c:\program files\eMail Verifier
2011-02-13 08:35 . 2011-02-13 08:35 -------- d-----w- c:\users\Administrateur\AppData\Roaming\G-Lock Software
2011-02-13 01:25 . 2011-02-14 14:56 -------- d-----w- c:\program files\Atomic Email Hunter
2011-02-12 20:57 . 2011-02-12 20:57 -------- d-----w- c:\programdata\EMA
2011-02-12 12:46 . 2011-02-12 12:46 -------- d-----w- c:\users\Administrateur\AppData\Local\Seven Zip
2011-02-12 05:49 . 2011-02-12 05:49 -------- d-----w- c:\program files\Western Digital Corporation
2011-02-12 04:13 . 2011-02-12 04:13 -------- d-----w- C:\DriveKey
2011-02-12 04:11 . 2011-02-12 04:11 -------- d-----w- c:\program files\Common Files\InstallShield
2011-02-12 01:58 . 2011-02-12 02:11 -------- d-----w- C:\Recovered Files
2011-02-11 22:16 . 2011-02-11 22:16 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Thunderbird
2011-02-11 22:16 . 2011-02-11 22:16 -------- d-----w- c:\users\Administrateur\AppData\Local\Thunderbird
2011-02-11 05:41 . 2011-02-15 07:17 -------- d-----w- c:\program files\QK SMTP Server 3
2011-02-11 04:39 . 2006-11-22 07:57 868352 ----a-w- c:\windows\system32\rmpHTML.ocx
2011-02-11 04:39 . 2000-12-06 13:01 415176 ----a-w- c:\windows\system32\comct332.ocx
2011-02-11 04:29 . 2011-02-11 04:39 -------- d-----w- c:\users\Administrateur\AppData\Roaming\SendBlaster2
2011-02-10 00:44 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-10 00:44 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-10 00:44 . 2010-10-27 04:40 1289536 ----a-w- c:\windows\system32\ntdll.dll
2011-02-10 00:39 . 2011-01-05 05:37 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-02-10 00:37 . 2010-12-18 05:29 541184 ----a-w- c:\windows\system32\kerberos.dll
2011-02-10 00:36 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C9C6EEF-C6C5-405F-B6E8-95C317DBF0FB}\mpengine.dll
2011-02-10 00:33 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-10 00:23 . 2011-02-10 00:23 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Nokia
2011-02-09 11:45 . 2011-02-09 11:45 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2011-02-03 12:35 . 2011-02-03 12:35 -------- d-----w- c:\users\SANS_CODE\AppData\Local\Diagnostics
2011-02-03 05:56 . 2011-02-03 05:56 -------- d-----w- c:\users\SANS_CODE\AppData\Local\GameHouse
2011-02-03 03:26 . 2011-02-03 03:26 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-02-03 02:31 . 2011-02-15 04:38 -------- d-----w- c:\programdata\Kaspersky Lab
2011-02-03 02:24 . 2011-02-23 04:00 -------- d-----w- c:\users\Administrateur\AppData\Local\Yahoo
2011-02-03 02:13 . 2011-02-23 03:59 -------- d-----w- c:\programdata\Yahoo! Companion
2011-02-03 02:13 . 2011-02-20 00:57 -------- d-----w- c:\programdata\ATTYToolbar
2011-02-03 02:13 . 2011-02-23 04:00 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Yahoo!
2011-02-03 02:10 . 2011-02-03 02:10 -------- d-----w- c:\program files\SBC Yahoo!
2011-02-02 18:47 . 2011-02-02 18:48 -------- d-----w- c:\program files\Microsoft Encarta
2011-02-02 08:46 . 2011-02-02 08:46 -------- d-----w- c:\users\SANS_CODE\AppData\Roaming\GRETECH
2011-01-31 10:09 . 2011-02-02 17:16 -------- d-----w- c:\users\SANS_CODE\AppData\Roaming\Skype
2011-01-31 00:06 . 2011-01-31 00:06 -------- d-----w- c:\users\Administrateur\.idlerc
2011-01-31 00:05 . 2011-01-31 00:05 98304 ----a-r- c:\users\Administrateur\AppData\Roaming\Microsoft\Installer\{D40AF016-506C-43FB-A738-BD54FA8C1E85}\python_icon.exe
2011-01-31 00:01 . 2011-01-31 00:05 -------- d-----w- c:\program files\python
2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-29 20:24 . 2011-01-31 18:02 -------- d-----w- c:\users\SANS_CODE\AppData\Roaming\uTorrent
2011-01-28 11:42 . 2011-01-28 11:42 -------- d-----w- c:\users\SANS_CODE\AppData\Local\Broadcom
2011-01-27 22:56 . 2011-01-27 22:56 -------- d--h--w- c:\windows\PIF
2011-01-27 22:46 . 2011-01-28 21:58 -------- d-----w- c:\program files\borland
2011-01-27 07:44 . 2011-01-27 07:44 -------- d-----w- c:\program files\Common Files\SWF Studio
2011-01-27 07:39 . 2011-01-27 07:39 -------- d-----w- c:\users\Administrateur\AppData\Roaming\WildTangent
2011-01-27 07:36 . 2011-01-27 07:37 -------- d-----w- c:\programdata\WildTangent
2011-01-27 07:35 . 2011-01-27 07:37 -------- d-----w- c:\program files\WildGames
2011-01-26 23:04 . 2011-01-26 23:04 -------- d-----w- c:\program files\ICQ6Toolbar
2011-01-26 23:04 . 2011-01-26 23:04 -------- d-----w- c:\programdata\ICQ
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-22 04:05 . 2010-12-29 21:54 2724120 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-02-22 03:47 . 2010-12-16 12:43 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-02-13 16:13 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
2011-02-13 16:13 . 2009-07-13 23:39 2755072 ----a-w- c:\windows\system32\themeui.dll
2011-02-13 16:13 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
2011-02-10 03:58 . 2011-01-01 06:58 2724120 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-02-10 03:55 . 2010-12-16 11:38 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-02-10 03:55 . 2010-12-29 21:52 639296 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-01-28 11:46 . 2010-12-16 11:38 639296 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-01-01 02:16 . 2011-01-01 02:16 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-12-28 20:51 . 2010-12-28 20:51 2724120 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-7\markup.dll
2010-12-20 10:07 . 2010-12-20 10:07 15256 ----a-w- c:\users\Invité\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
2010-12-20 10:07 . 2010-12-20 10:07 15256 ----a-w- c:\users\Invité\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
2010-11-28 15:00 . 2010-11-28 15:00 13824 ----a-w- c:\windows\system32\drivers\splitcam.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 11:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8fb4583-db9d-4c7b-85be-294c13a3e5c4}]
2011-01-11 08:52 3913000 ----a-w- c:\program files\MessengerPlusLive_TB\tbMes1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d8fb4583-db9d-4c7b-85be-294c13a3e5c4}"= "c:\program files\MessengerPlusLive_TB\tbMes1.dll" [2011-01-11 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{d8fb4583-db9d-4c7b-85be-294c13a3e5c4}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D8FB4583-DB9D-4C7B-85BE-294C13A3E5C4}"= "c:\program files\MessengerPlusLive_TB\tbMes1.dll" [2011-01-11 3913000]
[HKEY_CLASSES_ROOT\clsid\{d8fb4583-db9d-4c7b-85be-294c13a3e5c4}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-01-13 08:47 120712 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Connectify"="c:\program files\Connectify\Connectify.exe" [2010-09-28 1338944]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-07-14 570664]
"HostManager"="c:\program files\Common Files\AOL\1290030445\ee\AOLSoftware.exe" [2006-04-27 50760]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-07-31 4114336]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-06-25 5064520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Horloge Parlante ZMSoft"="d:\horloge\HParlante.exe" [2006-11-07 658944]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-02-22 26104104]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-7-1 795936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 11:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_2267911]
2008-05-28 10:34 351000 ----a-w- c:\program files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2009-12-01 19:11 6373376 ----a-w- c:\program files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 09:32 1479680 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2011-01-13 119200]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys [2007-01-04 69656]
R2 FlexService;Remote Connections Service;c:\program files\RapidBIT\cisvc.exe [x]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [2010-08-11 29248]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-17 1343400]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2011-01-13 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-01 436792]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 Connectify;Connectify;c:\program files\Connectify\Connectifyd.exe [2010-09-28 892992]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-05-11 20072]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-04-26 29472]
S3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [2010-08-11 29248]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys [2007-01-04 104344]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr
uInternet Settings,ProxyServer = 67.202.105.249:3128
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {662A6652-87C8-436D-9C38-78499A190461} = 213.136.96.2 213.136.96.37
FF - ProfilePath - c:\users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\9206fuda.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ci
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: MySpace Toolbar for Windows: myspacefftb@myspace.com - c:\program files\MySpace\Toolbar\1.0.72.0
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-adiras - c:\windows\adiras.exe
AddRemove-AutocompletePro3_is1 - c:\program files\AutocompletePro\unins000.exe
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f8,e7,6a,72,52,c1,7d,42,a2,9d,db,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f8,e7,6a,72,52,c1,7d,42,a2,9d,db,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f8,e7,6a,72,52,c1,7d,42,a2,9d,db,\
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ThunderbirdEML"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\photoviewer.dll"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hol\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.hol"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ibc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.ibc"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ics\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.ics"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\UserChoice]
@Denied: (2) (Administrator)
"Progid"="UltraISO"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Jpeg"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\GOM.exe"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.msg"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Png"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WinRAR"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iMesh.file"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.vcf"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcs\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.vcs"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2011-02-23 20:00:10
ComboFix-quarantined-files.txt 2011-02-23 19:00
Avant-CF: 55 467 532 288 octets libres
Après-CF: 55 622 828 032 octets libres
- - End Of File - - 593930F6CB4499FB7451E281556B591A
ComboFix 11-02-23.02 - Administrateur 23/02/2011 19:48:50.1.2 - x86
Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1036.18.3033.2055 [GMT 1:00]
Lancé depuis: c:\users\Administrateur\Desktop\Bibitte.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\AutocompletePro
c:\program files\AutocompletePro\AutocompletePro.dll
c:\program files\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files\AutocompletePro\FireFoxExtension.exe
c:\program files\AutocompletePro\InstTracker.exe
c:\program files\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files\AutocompletePro\support@predictad.com\install.rdf
c:\program files\AutocompletePro\unins000.dat
c:\program files\AutocompletePro\unins000.exe
c:\users\Administrateur\AppData\Roaming\.#
c:\users\SANS_CODE\AppData\Roaming\.#
c:\windows\7Loader.TAG
c:\windows\system32\MailBee.dll
c:\windows\system32\scvideo.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-01-23 au 2011-02-23 ))))))))))))))))))))))))))))))))))))
.
2011-02-23 18:56 . 2011-02-23 18:58 -------- d-----w- c:\users\Administrateur\AppData\Local\temp
2011-02-23 18:56 . 2011-02-23 18:56 -------- d-----w- c:\users\SANS_CODE\AppData\Local\temp
2011-02-23 18:56 . 2011-02-23 18:56 -------- d-----w- c:\users\Invité\AppData\Local\temp
2011-02-23 18:56 . 2011-02-23 18:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-23 18:56 . 2011-02-23 18:56 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-02-23 02:39 . 2011-02-23 02:40 -------- d-----w- c:\program files\Street_Fighter_ZERO_3
2011-02-21 21:10 . 2011-02-22 19:52 -------- d-----w- c:\users\Administrateur\AppData\Local\Connectify
2011-02-21 21:10 . 2011-02-23 12:30 -------- d-----w- c:\program files\Connectify
2011-02-21 00:44 . 2011-02-21 19:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-02-21 00:44 . 2011-02-21 00:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-21 00:22 . 2011-02-23 14:24 -------- d-----w- c:\windows\system32\wbem\repository
2011-02-20 16:34 . 2011-01-13 08:42 99792 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-02-20 16:34 . 2011-01-13 08:41 357968 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-20 16:34 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-20 16:34 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-20 16:34 . 2011-01-13 08:41 189904 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-02-20 16:34 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-20 16:34 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-20 16:34 . 2011-01-13 08:37 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-20 16:34 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-20 16:34 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-20 16:34 . 2011-01-13 08:21 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2011-02-20 16:34 . 2011-02-20 16:34 -------- d-----w- c:\program files\Alwil Software
2011-02-20 14:49 . 2011-02-22 14:18 -------- d-----w- c:\program files\Microsoft Silverlight
2011-02-20 13:51 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-02-20 11:27 . 2011-02-20 11:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-02-20 11:07 . 2011-02-20 11:08 -------- d-----w- c:\program files\VirtualDJ
2011-02-20 07:57 . 2011-02-20 07:57 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Malwarebytes
2011-02-20 07:57 . 2011-02-20 07:57 -------- d-----w- c:\programdata\Malwarebytes
2011-02-20 00:58 . 2011-02-20 00:58 76288 --sha-r- c:\windows\system32\perfc019H.dll
2011-02-18 22:54 . 2011-02-18 22:54 -------- d-----w- c:\program files\Yuna Software
2011-02-18 22:00 . 2011-02-18 22:00 -------- d-----w- c:\users\Administrateur\AppData\Local\Xenocode
2011-02-18 10:26 . 2011-02-18 10:26 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Goto Software
2011-02-18 10:26 . 2011-02-18 10:26 -------- d-----w- c:\program files\Goto Software
2011-02-18 08:02 . 2011-02-18 09:19 -------- d-----w- c:\program files\Privoxy
2011-02-17 18:19 . 2011-02-17 18:23 -------- d-----w- c:\program files\RAR Password Cracker
2011-02-17 12:59 . 2011-02-17 12:59 -------- d-----w- c:\users\Administrateur\AppData\Local\Halvar Information
2011-02-17 12:57 . 2011-02-17 12:57 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-02-17 12:57 . 2011-02-17 12:57 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-02-17 12:57 . 2011-02-17 13:17 -------- d-----w- c:\program files\hMailServer
2011-02-15 22:21 . 2011-02-15 22:21 65536 ----a-r- c:\users\Administrateur\AppData\Roaming\Microsoft\Installer\{0A311C1B-7571-40CF-A560-8C6810FD991E}\NewShortcut1_87081C521AB9485382449D7B131ECAFC.exe
2011-02-15 22:21 . 2011-02-15 22:21 65536 ----a-r- c:\users\Administrateur\AppData\Roaming\Microsoft\Installer\{0A311C1B-7571-40CF-A560-8C6810FD991E}\NewShortcut2_87081C521AB9485382449D7B131ECAFC.exe
2011-02-15 22:21 . 2011-02-15 22:22 -------- d-----w- c:\program files\SendBlaster
2011-02-15 20:19 . 2011-02-15 20:19 -------- d-sh--w- c:\programdata\TSSI
2011-02-15 20:17 . 2006-08-14 08:38 647872 ----a-w- c:\windows\system32\mscomct2.ocx
2011-02-15 20:17 . 2000-12-05 23:00 209608 ----a-w- c:\windows\system32\TABCTL32.OCX
2011-02-15 20:17 . 1998-06-23 23:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-02-15 14:46 . 2011-02-15 14:46 -------- d-----w- c:\users\SANS_CODE\AppData\Roaming\Xilisoft Corporation
2011-02-15 04:36 . 2011-02-15 04:36 -------- d-----w- C:\kleaner.tmp
2011-02-15 02:56 . 2011-02-15 02:56 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Oxemis
2011-02-14 21:50 . 2011-02-14 21:50 -------- d-----w- C:\FkeySMTP
2011-02-14 18:05 . 2011-02-14 18:05 -------- d-----w- c:\users\Administrateur\AppData\Roaming\AtomPark
2011-02-14 15:04 . 2011-02-14 15:04 -------- d-----w- c:\program files\fec
2011-02-14 14:17 . 2011-02-14 14:17 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Maxprog
2011-02-13 18:13 . 2010-07-27 14:03 12867584 ----a-w- c:\windows\system32\shell32_backup_wti.dll
2011-02-13 18:13 . 2010-06-26 05:14 1495040 ----a-w- c:\windows\system32\ExplorerFrame_backup_wti.dll
2011-02-13 18:13 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer_backup_wti.exe
2011-02-13 18:13 . 2009-07-14 01:16 859648 ----a-w- c:\windows\system32\OobeFldr_backup_wti.dll
2011-02-13 18:13 . 2011-02-13 18:29 202144 ----a-w- c:\windows\UTP.exe
2011-02-13 16:13 . 2009-07-14 01:16 37376 ----a-w- c:\windows\system32\themeservice.dll.backup
2011-02-13 16:13 . 2009-07-14 01:16 2755072 ----a-w- c:\windows\system32\themeui.dll.backup
2011-02-13 16:13 . 2009-07-14 01:16 249856 ----a-w- c:\windows\system32\uxtheme.dll.backup
2011-02-13 14:58 . 1995-10-05 23:00 766912 ----a-w- c:\windows\system\IR41.DLL
2011-02-13 14:58 . 1995-03-26 23:00 151552 ----a-w- c:\windows\system\IR32.DLL
2011-02-13 14:58 . 1995-03-21 23:00 50096 ----a-w- c:\windows\system\IYVU9.DLL
2011-02-13 14:58 . 1994-09-01 23:00 65408 ----a-w- c:\windows\system\ICCVID.DRV
2011-02-13 14:58 . 1993-11-18 23:00 7168 ----a-w- c:\windows\system\DISPDIB.DLL
2011-02-13 14:58 . 1993-11-18 23:00 49616 ----a-w- c:\windows\system\MSACM.DLL
2011-02-13 14:58 . 1993-11-18 23:00 43520 ----a-w- c:\windows\system\MSVIDC.DRV
2011-02-13 14:58 . 1993-11-18 23:00 22816 ----a-w- c:\windows\system\MSACM.DRV
2011-02-13 14:58 . 1993-11-18 23:00 14208 ----a-w- c:\windows\system\CTL3D.DLL
2011-02-13 14:58 . 1993-11-18 23:00 12800 ----a-w- c:\windows\system\ACMCMPRS.DLL
2011-02-13 14:58 . 1993-11-18 23:00 11776 ----a-w- c:\windows\system\MSRLE.DRV
2011-02-13 08:53 . 2000-12-06 13:00 109248 ----a-w- c:\windows\system32\MSWINSCK.OCX
2011-02-13 08:53 . 2002-01-09 18:31 253952 ----a-w- c:\windows\system32\mlistx.ocx
2011-02-13 08:38 . 2011-02-14 14:21 -------- d-----w- c:\program files\eMail Verifier
2011-02-13 08:35 . 2011-02-13 08:35 -------- d-----w- c:\users\Administrateur\AppData\Roaming\G-Lock Software
2011-02-13 01:25 . 2011-02-14 14:56 -------- d-----w- c:\program files\Atomic Email Hunter
2011-02-12 20:57 . 2011-02-12 20:57 -------- d-----w- c:\programdata\EMA
2011-02-12 12:46 . 2011-02-12 12:46 -------- d-----w- c:\users\Administrateur\AppData\Local\Seven Zip
2011-02-12 05:49 . 2011-02-12 05:49 -------- d-----w- c:\program files\Western Digital Corporation
2011-02-12 04:13 . 2011-02-12 04:13 -------- d-----w- C:\DriveKey
2011-02-12 04:11 . 2011-02-12 04:11 -------- d-----w- c:\program files\Common Files\InstallShield
2011-02-12 01:58 . 2011-02-12 02:11 -------- d-----w- C:\Recovered Files
2011-02-11 22:16 . 2011-02-11 22:16 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Thunderbird
2011-02-11 22:16 . 2011-02-11 22:16 -------- d-----w- c:\users\Administrateur\AppData\Local\Thunderbird
2011-02-11 05:41 . 2011-02-15 07:17 -------- d-----w- c:\program files\QK SMTP Server 3
2011-02-11 04:39 . 2006-11-22 07:57 868352 ----a-w- c:\windows\system32\rmpHTML.ocx
2011-02-11 04:39 . 2000-12-06 13:01 415176 ----a-w- c:\windows\system32\comct332.ocx
2011-02-11 04:29 . 2011-02-11 04:39 -------- d-----w- c:\users\Administrateur\AppData\Roaming\SendBlaster2
2011-02-10 00:44 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-10 00:44 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-10 00:44 . 2010-10-27 04:40 1289536 ----a-w- c:\windows\system32\ntdll.dll
2011-02-10 00:39 . 2011-01-05 05:37 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-02-10 00:37 . 2010-12-18 05:29 541184 ----a-w- c:\windows\system32\kerberos.dll
2011-02-10 00:36 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C9C6EEF-C6C5-405F-B6E8-95C317DBF0FB}\mpengine.dll
2011-02-10 00:33 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-10 00:23 . 2011-02-10 00:23 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Nokia
2011-02-09 11:45 . 2011-02-09 11:45 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2011-02-03 12:35 . 2011-02-03 12:35 -------- d-----w- c:\users\SANS_CODE\AppData\Local\Diagnostics
2011-02-03 05:56 . 2011-02-03 05:56 -------- d-----w- c:\users\SANS_CODE\AppData\Local\GameHouse
2011-02-03 03:26 . 2011-02-03 03:26 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-02-03 02:31 . 2011-02-15 04:38 -------- d-----w- c:\programdata\Kaspersky Lab
2011-02-03 02:24 . 2011-02-23 04:00 -------- d-----w- c:\users\Administrateur\AppData\Local\Yahoo
2011-02-03 02:13 . 2011-02-23 03:59 -------- d-----w- c:\programdata\Yahoo! Companion
2011-02-03 02:13 . 2011-02-20 00:57 -------- d-----w- c:\programdata\ATTYToolbar
2011-02-03 02:13 . 2011-02-23 04:00 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Yahoo!
2011-02-03 02:10 . 2011-02-03 02:10 -------- d-----w- c:\program files\SBC Yahoo!
2011-02-02 18:47 . 2011-02-02 18:48 -------- d-----w- c:\program files\Microsoft Encarta
2011-02-02 08:46 . 2011-02-02 08:46 -------- d-----w- c:\users\SANS_CODE\AppData\Roaming\GRETECH
2011-01-31 10:09 . 2011-02-02 17:16 -------- d-----w- c:\users\SANS_CODE\AppData\Roaming\Skype
2011-01-31 00:06 . 2011-01-31 00:06 -------- d-----w- c:\users\Administrateur\.idlerc
2011-01-31 00:05 . 2011-01-31 00:05 98304 ----a-r- c:\users\Administrateur\AppData\Roaming\Microsoft\Installer\{D40AF016-506C-43FB-A738-BD54FA8C1E85}\python_icon.exe
2011-01-31 00:01 . 2011-01-31 00:05 -------- d-----w- c:\program files\python
2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-29 20:24 . 2011-01-31 18:02 -------- d-----w- c:\users\SANS_CODE\AppData\Roaming\uTorrent
2011-01-28 11:42 . 2011-01-28 11:42 -------- d-----w- c:\users\SANS_CODE\AppData\Local\Broadcom
2011-01-27 22:56 . 2011-01-27 22:56 -------- d--h--w- c:\windows\PIF
2011-01-27 22:46 . 2011-01-28 21:58 -------- d-----w- c:\program files\borland
2011-01-27 07:44 . 2011-01-27 07:44 -------- d-----w- c:\program files\Common Files\SWF Studio
2011-01-27 07:39 . 2011-01-27 07:39 -------- d-----w- c:\users\Administrateur\AppData\Roaming\WildTangent
2011-01-27 07:36 . 2011-01-27 07:37 -------- d-----w- c:\programdata\WildTangent
2011-01-27 07:35 . 2011-01-27 07:37 -------- d-----w- c:\program files\WildGames
2011-01-26 23:04 . 2011-01-26 23:04 -------- d-----w- c:\program files\ICQ6Toolbar
2011-01-26 23:04 . 2011-01-26 23:04 -------- d-----w- c:\programdata\ICQ
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-22 04:05 . 2010-12-29 21:54 2724120 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-02-22 03:47 . 2010-12-16 12:43 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-02-13 16:13 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
2011-02-13 16:13 . 2009-07-13 23:39 2755072 ----a-w- c:\windows\system32\themeui.dll
2011-02-13 16:13 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
2011-02-10 03:58 . 2011-01-01 06:58 2724120 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-02-10 03:55 . 2010-12-16 11:38 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-02-10 03:55 . 2010-12-29 21:52 639296 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-01-28 11:46 . 2010-12-16 11:38 639296 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-01-01 02:16 . 2011-01-01 02:16 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-12-28 20:51 . 2010-12-28 20:51 2724120 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-7\markup.dll
2010-12-20 10:07 . 2010-12-20 10:07 15256 ----a-w- c:\users\Invité\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
2010-12-20 10:07 . 2010-12-20 10:07 15256 ----a-w- c:\users\Invité\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
2010-11-28 15:00 . 2010-11-28 15:00 13824 ----a-w- c:\windows\system32\drivers\splitcam.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 11:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8fb4583-db9d-4c7b-85be-294c13a3e5c4}]
2011-01-11 08:52 3913000 ----a-w- c:\program files\MessengerPlusLive_TB\tbMes1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d8fb4583-db9d-4c7b-85be-294c13a3e5c4}"= "c:\program files\MessengerPlusLive_TB\tbMes1.dll" [2011-01-11 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{d8fb4583-db9d-4c7b-85be-294c13a3e5c4}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D8FB4583-DB9D-4C7B-85BE-294C13A3E5C4}"= "c:\program files\MessengerPlusLive_TB\tbMes1.dll" [2011-01-11 3913000]
[HKEY_CLASSES_ROOT\clsid\{d8fb4583-db9d-4c7b-85be-294c13a3e5c4}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-01-13 08:47 120712 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Connectify"="c:\program files\Connectify\Connectify.exe" [2010-09-28 1338944]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-07-14 570664]
"HostManager"="c:\program files\Common Files\AOL\1290030445\ee\AOLSoftware.exe" [2006-04-27 50760]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-07-31 4114336]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-06-25 5064520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Horloge Parlante ZMSoft"="d:\horloge\HParlante.exe" [2006-11-07 658944]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-02-22 26104104]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-7-1 795936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 11:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_2267911]
2008-05-28 10:34 351000 ----a-w- c:\program files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2009-12-01 19:11 6373376 ----a-w- c:\program files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 09:32 1479680 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2011-01-13 119200]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys [2007-01-04 69656]
R2 FlexService;Remote Connections Service;c:\program files\RapidBIT\cisvc.exe [x]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [2010-08-11 29248]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-17 1343400]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2011-01-13 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-01 436792]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 Connectify;Connectify;c:\program files\Connectify\Connectifyd.exe [2010-09-28 892992]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-05-11 20072]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-04-26 29472]
S3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [2010-08-11 29248]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys [2007-01-04 104344]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr
uInternet Settings,ProxyServer = 67.202.105.249:3128
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {662A6652-87C8-436D-9C38-78499A190461} = 213.136.96.2 213.136.96.37
FF - ProfilePath - c:\users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\9206fuda.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ci
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: MySpace Toolbar for Windows: myspacefftb@myspace.com - c:\program files\MySpace\Toolbar\1.0.72.0
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-adiras - c:\windows\adiras.exe
AddRemove-AutocompletePro3_is1 - c:\program files\AutocompletePro\unins000.exe
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f8,e7,6a,72,52,c1,7d,42,a2,9d,db,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f8,e7,6a,72,52,c1,7d,42,a2,9d,db,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f8,e7,6a,72,52,c1,7d,42,a2,9d,db,\
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ThunderbirdEML"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\photoviewer.dll"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hol\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.hol"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ibc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.ibc"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ics\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.ics"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\UserChoice]
@Denied: (2) (Administrator)
"Progid"="UltraISO"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Jpeg"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\GOM.exe"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.msg"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Png"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WinRAR"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iMesh.file"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.vcf"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcs\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.vcs"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
[HKEY_USERS\S-1-5-21-4003769440-2502484855-1624974767-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2011-02-23 20:00:10
ComboFix-quarantined-files.txt 2011-02-23 19:00
Avant-CF: 55 467 532 288 octets libres
Après-CF: 55 622 828 032 octets libres
- - End Of File - - 593930F6CB4499FB7451E281556B591A
xXDrDeathXx
Messages postés
1
Date d'inscription
lundi 11 avril 2011
Statut
Membre
Dernière intervention
11 avril 2011
11 avril 2011 à 16:47
11 avril 2011 à 16:47
Bonjour, j'ai exactement le même problème, est-ce la même démarche que celle mentionnée dans les "posts" précédents? Merci
