A voir également:
- Aide Rapport Hijackthis
- Hijackthis windows 10 - Télécharger - Antivirus & Antimalwares
- Plan rapport de stage - Guide
- Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport existant ✓ - Forum Excel
- Problém affichage du tableau croisé dynamique - Forum Excel
- Rapport erreur windows - Guide
70 réponses
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.3.2 ¤¤¤¤¤¤¤¤¤¤
User : Romaric (Administrateurs)
Update on 15/01/2011 by g3n-h@ckm@n ::::: 10.20
Start at: 12:32:24 | 15/01/2011
Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 272,79 Go (235,12 Go free) [OS_Install] | NTFS
D:\ -> Disque fixe local | 181,87 Go (144,61 Go free) [Data] | NTFS
E:\ -> Disque CD-ROM
Q:\ -> Disque fixe local
Killed : PID 5840 'Firefox.exe'
Killed : PID 1344 'explorer.exe'
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Users\Romaric\AppData\Local\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\windows\silentOnce.tmp
¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤
127.0.0.1 localhost
# Copyright (c) 1993-1999 Microsoft Corp.
#
# Ceci est un exemple de fichier HOSTS utilisé par Microsoft TCP/IP
# pour Windows.
#
# Ce fichier contient les correspondances des adresses IP aux noms d'hôtes.
# Chaque entrée doit être sur une ligne propre. L'adresse IP doit être placée
# dans la première colonne, suivie par le nom d'hôte correspondant. L'adresse
# IP et le nom d'hôte doivent être séparés par au moins un espace.
#
# De plus, des commentaires (tels que celui-ci) peuvent être insérés sur des
# lignes propres ou après le nom d'ordinateur. Ils sont indiqué par le
# symbole '#'.
#
# Par exemple :
#
# 102.54.94.97 rhino.acme.com # serveur source
# 38.25.63.10 x.acme.com # hôte client x
127.0.0.1 localhost
¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoActiveDesktop
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoActiveDesktopChanges
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤
Ndisuio : Start = 3
EapHost : Start = 2
Wlansvc : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
¤¤¤¤¤¤¤¤¤¤ Winlogon
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 1 (0x1)
Shell = explorer.exe
Userinit = C:\windows\SysWow64\userinit.exe,
System =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
Prefetch cleaned
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
FEATURE_BROWSER_EMULATION | svchost :
====================================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600
device: opened successfully
user: error reading MBR
Disk trace:
error: Read Descripteur non valide
kernel: error reading MBR
End of Scan : 12:32:59
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
User : Romaric (Administrateurs)
Update on 15/01/2011 by g3n-h@ckm@n ::::: 10.20
Start at: 12:32:24 | 15/01/2011
Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 272,79 Go (235,12 Go free) [OS_Install] | NTFS
D:\ -> Disque fixe local | 181,87 Go (144,61 Go free) [Data] | NTFS
E:\ -> Disque CD-ROM
Q:\ -> Disque fixe local
Killed : PID 5840 'Firefox.exe'
Killed : PID 1344 'explorer.exe'
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Users\Romaric\AppData\Local\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\windows\silentOnce.tmp
¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤
127.0.0.1 localhost
# Copyright (c) 1993-1999 Microsoft Corp.
#
# Ceci est un exemple de fichier HOSTS utilisé par Microsoft TCP/IP
# pour Windows.
#
# Ce fichier contient les correspondances des adresses IP aux noms d'hôtes.
# Chaque entrée doit être sur une ligne propre. L'adresse IP doit être placée
# dans la première colonne, suivie par le nom d'hôte correspondant. L'adresse
# IP et le nom d'hôte doivent être séparés par au moins un espace.
#
# De plus, des commentaires (tels que celui-ci) peuvent être insérés sur des
# lignes propres ou après le nom d'ordinateur. Ils sont indiqué par le
# symbole '#'.
#
# Par exemple :
#
# 102.54.94.97 rhino.acme.com # serveur source
# 38.25.63.10 x.acme.com # hôte client x
127.0.0.1 localhost
¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoActiveDesktop
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoActiveDesktopChanges
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤
Ndisuio : Start = 3
EapHost : Start = 2
Wlansvc : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
¤¤¤¤¤¤¤¤¤¤ Winlogon
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 1 (0x1)
Shell = explorer.exe
Userinit = C:\windows\SysWow64\userinit.exe,
System =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
Prefetch cleaned
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
FEATURE_BROWSER_EMULATION | svchost :
====================================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600
device: opened successfully
user: error reading MBR
Disk trace:
error: Read Descripteur non valide
kernel: error reading MBR
End of Scan : 12:32:59
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Utilisateur anonyme
15 janv. 2011 à 13:02
15 janv. 2011 à 13:02
tu as des fichiers "tmp" dans le system32 qui ne contiennent rien....leur MD5 indique qu'ils sont vides...bizarre
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* * Colle directement le chemin des fichiers , un par un , dans l'espace "Parcourir" apres chaque analyse :
D:\Programmes\Firefox\xul.dll
c:\windows\sysnative\drivers\EUCR6SK.sys
c:\windows\system32\msi1920.scr
c:\windows\system32\sas.dll
c:\windows\system32\sho592.tmp
c:\windows\system32\sho683F.tmp
c:\windows\system32\shortcut_ex.dat
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* * Colle directement le chemin des fichiers , un par un , dans l'espace "Parcourir" apres chaque analyse :
D:\Programmes\Firefox\xul.dll
c:\windows\sysnative\drivers\EUCR6SK.sys
c:\windows\system32\msi1920.scr
c:\windows\system32\sas.dll
c:\windows\system32\sho592.tmp
c:\windows\system32\sho683F.tmp
c:\windows\system32\shortcut_ex.dat
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
Voila les résultats :
xul.dll : http://www.virustotal.com/file-scan/report.html?id=22e2cc68a6b45a10a61909c11c182d40f3bdeb09239cfbf754678beee2eb7a8e-1295093758
EUCR6SK.sys : http://www.virustotal.com/file-scan/report.html?id=061726766a8558f4b7d9e51d7b689b75359004667b64b96ff3d89f05a89d4660-1295093907
msi1920.scr : TAILLE TROP GRANDE
sas.dll :http://www.virustotal.com/file-scan/report.html?id=996b01e15f85e165899630721a141b178a9c372b6e878012180ec9e9d4e7bd06-1295094319
sho592.tmp : QUAND JE CLIC SUR SEND FILE, L'UPLOAD SE FERME ET RIEN NE SE PASSE.
sho683D.tmp : QUAND JE CLIC SUR SEND FILE, L'UPLOAD SE FERME ET RIEN NE SE PASSE.
shortcut_ex.dat : http://www.virustotal.com/file-scan/report.html?id=cd8cf58fe1a33b0da51356f821de995f8e7182f76ddfe193aa2791dc5005cd7e-1295094545
xul.dll : http://www.virustotal.com/file-scan/report.html?id=22e2cc68a6b45a10a61909c11c182d40f3bdeb09239cfbf754678beee2eb7a8e-1295093758
EUCR6SK.sys : http://www.virustotal.com/file-scan/report.html?id=061726766a8558f4b7d9e51d7b689b75359004667b64b96ff3d89f05a89d4660-1295093907
msi1920.scr : TAILLE TROP GRANDE
sas.dll :http://www.virustotal.com/file-scan/report.html?id=996b01e15f85e165899630721a141b178a9c372b6e878012180ec9e9d4e7bd06-1295094319
sho592.tmp : QUAND JE CLIC SUR SEND FILE, L'UPLOAD SE FERME ET RIEN NE SE PASSE.
sho683D.tmp : QUAND JE CLIC SUR SEND FILE, L'UPLOAD SE FERME ET RIEN NE SE PASSE.
shortcut_ex.dat : http://www.virustotal.com/file-scan/report.html?id=cd8cf58fe1a33b0da51356f821de995f8e7182f76ddfe193aa2791dc5005cd7e-1295094545
Il semblerait que les deux fichiers .tmp ne soient plus présent (j'ai été vérifié et je ne les trouve pas).
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
15 janv. 2011 à 14:05
15 janv. 2011 à 14:05
/!\ ATTENTION SUIVRE A LA LETTRE CES INDICATIONS/!\
__________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================
▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur
Telecharge ici : Combofix
Avant d'utiliser ComboFix :
Si tu utilises AVG, IL FAUT IMPERATIVEMENT LE DESINSTALLER avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système.
La simple désactivation du résident n'est pas suffisante.
Télécharge le désinstalleur d'AVG sur ce lien : https://www.avg.com/fr-fr/avg-remover
Choisis la version adéquate (32 ou 64 bits)/!\
Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :
▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau
▶ Lance le
Une fenêtre apparait : clique sur "Disable"
▶ Fais redémarrer l'ordinateur si l'outil te le demande
Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"
_________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur combofix renommé
▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!
▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
Voila le rapport Combofix :
ComboFix 11-01-14.01 - Romaric 15/01/2011 14:12:15.1.4 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.4014.2644 [GMT 1:00]
Lancé depuis: c:\users\Romaric\Desktop\Romm.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-12-15 au 2011-01-15 ))))))))))))))))))))))))))))))))))))
.
2011-01-15 13:16 . 2011-01-15 13:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-15 10:35 . 2011-01-15 11:32 -------- d-----w- C:\Kill'em
2011-01-15 10:34 . 2011-01-15 11:33 -------- d-----w- c:\program files (x86)\List_Kill'em
2011-01-15 10:03 . 2011-01-15 10:03 -------- d-----w- c:\program files (x86)\SEAF
2011-01-14 20:32 . 2011-01-14 20:32 -------- d-----w- c:\windows\BDOSCAN8
2011-01-14 18:25 . 2011-01-14 18:26 -------- d-----w- c:\program files (x86)\Ad-Remover
2011-01-14 17:23 . 2010-11-16 11:01 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{187DFA62-C78B-45F8-A7EE-B8A9B5384C58}\mpengine.dll
2011-01-14 10:31 . 2011-01-14 10:31 0 ----a-w- c:\windows\SysWow64\sho96F4.tmp
2011-01-14 00:41 . 2011-01-14 00:41 0 ----a-w- c:\windows\SysWow64\shoEAE9.tmp
2011-01-13 17:16 . 2011-01-13 17:16 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2011-01-13 17:16 . 2011-01-13 17:16 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-01-13 17:16 . 2011-01-13 17:16 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2011-01-13 17:16 . 2011-01-13 17:16 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-01-13 17:16 . 2011-01-13 17:16 -------- d-----w- c:\program files (x86)\OpenAL
2011-01-13 00:18 . 2011-01-13 00:18 -------- d-----w- c:\program files (x86)\Microsoft XNA
2011-01-12 18:50 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 18:50 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 18:50 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 18:50 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 18:50 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 18:50 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-01-12 18:50 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 18:50 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 18:50 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 18:50 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-01-09 02:10 . 2011-01-09 02:10 0 ----a-w- c:\windows\SysWow64\shoBA9A.tmp
2011-01-08 01:02 . 2011-01-08 01:02 0 ----a-w- c:\windows\SysWow64\shoA50E.tmp
2011-01-07 20:55 . 2011-01-07 20:55 -------- d-----w- c:\programdata\2DBoy
2011-01-06 17:45 . 2011-01-06 17:45 -------- d-----w- c:\program files (x86)\Oberon Media
2011-01-06 15:55 . 2011-01-06 15:55 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-01-05 14:55 . 2011-01-05 14:55 0 ----a-w- c:\windows\SysWow64\shoC20A.tmp
2011-01-03 12:54 . 2011-01-09 14:02 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-01-03 12:54 . 2011-01-03 12:54 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-01-03 12:54 . 2011-01-03 12:54 2250024 ----a-w- c:\windows\SysWow64\pbsvc.exe
2011-01-02 19:38 . 2011-01-02 19:38 -------- d-----r- c:\program files (x86)\Skype
2011-01-02 19:38 . 2011-01-02 19:38 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-01-02 19:38 . 2011-01-02 19:38 -------- d-----w- c:\programdata\Skype
2011-01-02 10:32 . 2011-01-02 10:33 -------- d-----w- c:\programdata\Solidshield
2011-01-01 22:32 . 2011-01-01 22:32 0 ----a-w- c:\windows\SysWow64\sho683F.tmp
2011-01-01 20:55 . 2011-01-01 20:55 -------- d-----w- c:\programdata\Tages
2011-01-01 20:55 . 2011-01-01 20:55 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-01-01 20:55 . 2011-01-01 20:55 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-01-01 20:53 . 2008-10-15 05:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-01-01 20:53 . 2008-10-15 05:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2011-01-01 20:53 . 2008-10-15 05:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2011-01-01 20:53 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2011-01-01 20:53 . 2008-10-15 05:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-01-01 20:53 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2011-01-01 15:48 . 2011-01-13 17:06 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-01-01 00:47 . 2011-01-01 00:47 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2011-01-01 00:47 . 2011-01-01 00:47 -------- d-----w- c:\windows\SysWow64\AGEIA
2011-01-01 00:46 . 2011-01-01 00:46 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-01-01 00:44 . 2011-01-06 21:17 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2010-12-29 10:50 . 2010-12-29 10:50 0 ----a-w- c:\windows\SysWow64\shoB57B.tmp
2010-12-29 01:35 . 2010-12-29 01:35 0 ----a-w- c:\windows\SysWow64\sho592.tmp
2010-12-28 12:54 . 2010-12-28 12:54 -------- d-----w- c:\program files (x86)\ATI
2010-12-28 11:46 . 2009-03-16 13:18 235352 ----a-w- c:\windows\SysWow64\xactengine3_4.dll
2010-12-28 11:43 . 2010-12-28 11:45 -------- d--h--w- c:\windows\msdownld.tmp
2010-12-28 11:21 . 2010-12-28 11:21 -------- d-----w- c:\programdata\ma-config.com
2010-12-27 23:56 . 2010-12-27 23:56 -------- d-----w- c:\programdata\ATI
2010-12-27 23:56 . 2010-12-27 23:56 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-12-27 23:56 . 2010-12-27 23:56 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2010-12-27 23:56 . 2010-12-27 23:56 -------- d-----w- c:\program files (x86)\ATI Stream
2010-12-27 23:55 . 2010-12-27 23:55 -------- d-----w- C:\ATI
2010-12-27 23:52 . 2010-12-27 23:52 -------- d-----w- C:\AMD
2010-12-27 11:59 . 2010-12-27 11:59 -------- d-----w- c:\programdata\Malwarebytes
2010-12-27 11:59 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-27 11:59 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-27 00:19 . 2010-12-27 00:43 -------- d-----w- c:\programdata\VirtualizedApplications
2010-12-26 01:07 . 2010-12-26 01:07 0 ----a-w- c:\windows\SysWow64\shoD808.tmp
2010-12-26 01:06 . 2010-12-26 01:06 -------- d-----w- c:\windows\SysWow64\Wat
2010-12-26 01:06 . 2010-12-26 01:06 -------- d-----w- c:\windows\system32\Wat
2010-12-26 00:59 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2010-12-26 00:53 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-12-26 00:53 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2010-12-26 00:53 . 2010-04-07 07:37 861184 ----a-w- c:\windows\system32\oleaut32.dll
2010-12-26 00:53 . 2010-04-07 07:10 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2010-12-26 00:53 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-12-26 00:53 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2010-12-26 00:53 . 2009-09-26 06:20 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-12-26 00:52 . 2010-08-04 07:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
2010-12-26 00:52 . 2010-08-04 07:07 552960 ----a-w- c:\windows\system32\msdri.dll
2010-12-26 00:52 . 2010-08-04 06:18 641536 ----a-w- c:\windows\SysWow64\CPFilters.dll
2010-12-26 00:52 . 2010-07-13 05:37 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-12-26 00:52 . 2010-08-04 07:05 288256 ----a-w- c:\windows\system32\MSNP.ax
2010-12-26 00:52 . 2010-08-04 07:05 258560 ----a-w- c:\windows\system32\mpg2splt.ax
2010-12-26 00:52 . 2010-08-04 06:15 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
2010-12-26 00:52 . 2010-08-04 06:15 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2010-12-26 00:36 . 2010-12-26 00:36 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2010-12-25 10:17 . 2010-10-19 09:41 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-12-25 01:15 . 2011-01-15 12:23 -------- d-----w- c:\programdata\Kaspersky Lab
2010-12-25 01:15 . 2010-12-25 01:15 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2010-12-25 01:14 . 2010-12-25 01:14 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-12-24 23:47 . 2010-12-24 23:47 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2010-12-24 23:46 . 2010-12-24 23:46 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2010-12-24 23:46 . 2006-11-29 12:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-12-24 23:46 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2010-12-24 23:45 . 2010-12-24 23:45 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2010-12-24 23:45 . 2010-12-24 23:45 -------- d-----w- c:\program files (x86)\Microsoft
2010-12-24 23:45 . 2010-12-24 23:45 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2010-12-24 23:44 . 2010-12-24 23:47 -------- d-----w- c:\program files (x86)\Windows Live
2010-12-24 23:44 . 2010-12-24 23:44 -------- d-----w- c:\windows\PCHEALTH
2010-12-24 23:43 . 2010-12-24 23:43 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2010-12-24 23:40 . 2011-01-15 13:09 -------- d-----w- c:\users\Romaric
2010-12-24 23:38 . 2010-12-24 23:38 -------- d-----w- C:\Recovery
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-07 11:17 . 2010-12-07 11:17 51200 ----a-w- c:\windows\SysWow64\OpenCL.dll
2010-12-07 11:15 . 2010-12-07 11:15 52736 ----a-w- c:\windows\system32\OpenCL.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="d:\programmes\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"MGSysCtrl"="c:\program files (x86)\System Control Manager\MGSysCtrl.exe" [2010-03-19 2408448]
"msi LED Manager"="c:\program files (x86)\msi\msi LED Manager\SLM.exe" [2010-06-22 2793984]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-12-25 352976]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\System32\Drivers\btmcom.sys [2010-04-09 52736]
R3 BTMHID;BTMHID;c:\windows\system32\DRIVERS\btmhid.sys [2010-03-23 34048]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [2010-04-15 3231104]
R3 driverhardwarev2x64;driverhardwarev2x64;d:\programmes\Maconfig\Drivers\driverhardwarev2x64.sys [2010-08-30 15872]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2010-08-09 88912]
R3 MGHwCtrl;MGHwCtrl;c:\program files\msi\msi Software Install\MGHwCtrl.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-26 1255736]
R4 maconfservice;Ma-Config Service;d:\programmes\Maconfig\x64\maconfservice.exe [2010-12-20 326144]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 27736]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-22 203264]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2010-04-22 677128]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-06-22 7195648]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-06-22 265728]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-06-15 116240]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-04-15 4170504]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-04-15 1096456]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-09-08 1028096]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-18 7680512]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 721768]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 269672]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-17 11438696]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-08-17 2120808]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-04-22 19645704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 360448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\system32\blank.htm
FF - ProfilePath - c:\users\Romaric\AppData\Roaming\Mozilla\Firefox\Profiles\g4l37hk2.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\programmes\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Anti-bannière: KavAntiBanner@Kaspersky.ru - d:\programmes\Firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Ext: Analyse des liens (URL Advisor): linkfilter@kaspersky.ru - d:\programmes\Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - d:\programmes\Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2011-01-15 14:18:01
ComboFix-quarantined-files.txt 2011-01-15 13:18
Avant-CF: 252 073 213 952 octets libres
Après-CF: 254 114 562 048 octets libres
- - End Of File - - D0053B660121870AF9A6AD78B6F084D3
ComboFix 11-01-14.01 - Romaric 15/01/2011 14:12:15.1.4 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.4014.2644 [GMT 1:00]
Lancé depuis: c:\users\Romaric\Desktop\Romm.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-12-15 au 2011-01-15 ))))))))))))))))))))))))))))))))))))
.
2011-01-15 13:16 . 2011-01-15 13:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-15 10:35 . 2011-01-15 11:32 -------- d-----w- C:\Kill'em
2011-01-15 10:34 . 2011-01-15 11:33 -------- d-----w- c:\program files (x86)\List_Kill'em
2011-01-15 10:03 . 2011-01-15 10:03 -------- d-----w- c:\program files (x86)\SEAF
2011-01-14 20:32 . 2011-01-14 20:32 -------- d-----w- c:\windows\BDOSCAN8
2011-01-14 18:25 . 2011-01-14 18:26 -------- d-----w- c:\program files (x86)\Ad-Remover
2011-01-14 17:23 . 2010-11-16 11:01 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{187DFA62-C78B-45F8-A7EE-B8A9B5384C58}\mpengine.dll
2011-01-14 10:31 . 2011-01-14 10:31 0 ----a-w- c:\windows\SysWow64\sho96F4.tmp
2011-01-14 00:41 . 2011-01-14 00:41 0 ----a-w- c:\windows\SysWow64\shoEAE9.tmp
2011-01-13 17:16 . 2011-01-13 17:16 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2011-01-13 17:16 . 2011-01-13 17:16 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-01-13 17:16 . 2011-01-13 17:16 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2011-01-13 17:16 . 2011-01-13 17:16 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-01-13 17:16 . 2011-01-13 17:16 -------- d-----w- c:\program files (x86)\OpenAL
2011-01-13 00:18 . 2011-01-13 00:18 -------- d-----w- c:\program files (x86)\Microsoft XNA
2011-01-12 18:50 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 18:50 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 18:50 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 18:50 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 18:50 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 18:50 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-01-12 18:50 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 18:50 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 18:50 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 18:50 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-01-09 02:10 . 2011-01-09 02:10 0 ----a-w- c:\windows\SysWow64\shoBA9A.tmp
2011-01-08 01:02 . 2011-01-08 01:02 0 ----a-w- c:\windows\SysWow64\shoA50E.tmp
2011-01-07 20:55 . 2011-01-07 20:55 -------- d-----w- c:\programdata\2DBoy
2011-01-06 17:45 . 2011-01-06 17:45 -------- d-----w- c:\program files (x86)\Oberon Media
2011-01-06 15:55 . 2011-01-06 15:55 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-01-05 14:55 . 2011-01-05 14:55 0 ----a-w- c:\windows\SysWow64\shoC20A.tmp
2011-01-03 12:54 . 2011-01-09 14:02 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-01-03 12:54 . 2011-01-03 12:54 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-01-03 12:54 . 2011-01-03 12:54 2250024 ----a-w- c:\windows\SysWow64\pbsvc.exe
2011-01-02 19:38 . 2011-01-02 19:38 -------- d-----r- c:\program files (x86)\Skype
2011-01-02 19:38 . 2011-01-02 19:38 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-01-02 19:38 . 2011-01-02 19:38 -------- d-----w- c:\programdata\Skype
2011-01-02 10:32 . 2011-01-02 10:33 -------- d-----w- c:\programdata\Solidshield
2011-01-01 22:32 . 2011-01-01 22:32 0 ----a-w- c:\windows\SysWow64\sho683F.tmp
2011-01-01 20:55 . 2011-01-01 20:55 -------- d-----w- c:\programdata\Tages
2011-01-01 20:55 . 2011-01-01 20:55 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-01-01 20:55 . 2011-01-01 20:55 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-01-01 20:53 . 2008-10-15 05:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-01-01 20:53 . 2008-10-15 05:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2011-01-01 20:53 . 2008-10-15 05:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2011-01-01 20:53 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2011-01-01 20:53 . 2008-10-15 05:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-01-01 20:53 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2011-01-01 15:48 . 2011-01-13 17:06 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-01-01 00:47 . 2011-01-01 00:47 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2011-01-01 00:47 . 2011-01-01 00:47 -------- d-----w- c:\windows\SysWow64\AGEIA
2011-01-01 00:46 . 2011-01-01 00:46 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-01-01 00:44 . 2011-01-06 21:17 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2010-12-29 10:50 . 2010-12-29 10:50 0 ----a-w- c:\windows\SysWow64\shoB57B.tmp
2010-12-29 01:35 . 2010-12-29 01:35 0 ----a-w- c:\windows\SysWow64\sho592.tmp
2010-12-28 12:54 . 2010-12-28 12:54 -------- d-----w- c:\program files (x86)\ATI
2010-12-28 11:46 . 2009-03-16 13:18 235352 ----a-w- c:\windows\SysWow64\xactengine3_4.dll
2010-12-28 11:43 . 2010-12-28 11:45 -------- d--h--w- c:\windows\msdownld.tmp
2010-12-28 11:21 . 2010-12-28 11:21 -------- d-----w- c:\programdata\ma-config.com
2010-12-27 23:56 . 2010-12-27 23:56 -------- d-----w- c:\programdata\ATI
2010-12-27 23:56 . 2010-12-27 23:56 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-12-27 23:56 . 2010-12-27 23:56 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2010-12-27 23:56 . 2010-12-27 23:56 -------- d-----w- c:\program files (x86)\ATI Stream
2010-12-27 23:55 . 2010-12-27 23:55 -------- d-----w- C:\ATI
2010-12-27 23:52 . 2010-12-27 23:52 -------- d-----w- C:\AMD
2010-12-27 11:59 . 2010-12-27 11:59 -------- d-----w- c:\programdata\Malwarebytes
2010-12-27 11:59 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-27 11:59 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-27 00:19 . 2010-12-27 00:43 -------- d-----w- c:\programdata\VirtualizedApplications
2010-12-26 01:07 . 2010-12-26 01:07 0 ----a-w- c:\windows\SysWow64\shoD808.tmp
2010-12-26 01:06 . 2010-12-26 01:06 -------- d-----w- c:\windows\SysWow64\Wat
2010-12-26 01:06 . 2010-12-26 01:06 -------- d-----w- c:\windows\system32\Wat
2010-12-26 00:59 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2010-12-26 00:53 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-12-26 00:53 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2010-12-26 00:53 . 2010-04-07 07:37 861184 ----a-w- c:\windows\system32\oleaut32.dll
2010-12-26 00:53 . 2010-04-07 07:10 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2010-12-26 00:53 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-12-26 00:53 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2010-12-26 00:53 . 2009-09-26 06:20 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-12-26 00:52 . 2010-08-04 07:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
2010-12-26 00:52 . 2010-08-04 07:07 552960 ----a-w- c:\windows\system32\msdri.dll
2010-12-26 00:52 . 2010-08-04 06:18 641536 ----a-w- c:\windows\SysWow64\CPFilters.dll
2010-12-26 00:52 . 2010-07-13 05:37 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-12-26 00:52 . 2010-08-04 07:05 288256 ----a-w- c:\windows\system32\MSNP.ax
2010-12-26 00:52 . 2010-08-04 07:05 258560 ----a-w- c:\windows\system32\mpg2splt.ax
2010-12-26 00:52 . 2010-08-04 06:15 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
2010-12-26 00:52 . 2010-08-04 06:15 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2010-12-26 00:36 . 2010-12-26 00:36 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2010-12-25 10:17 . 2010-10-19 09:41 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-12-25 01:15 . 2011-01-15 12:23 -------- d-----w- c:\programdata\Kaspersky Lab
2010-12-25 01:15 . 2010-12-25 01:15 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2010-12-25 01:14 . 2010-12-25 01:14 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-12-24 23:47 . 2010-12-24 23:47 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2010-12-24 23:46 . 2010-12-24 23:46 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2010-12-24 23:46 . 2006-11-29 12:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-12-24 23:46 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2010-12-24 23:45 . 2010-12-24 23:45 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2010-12-24 23:45 . 2010-12-24 23:45 -------- d-----w- c:\program files (x86)\Microsoft
2010-12-24 23:45 . 2010-12-24 23:45 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2010-12-24 23:44 . 2010-12-24 23:47 -------- d-----w- c:\program files (x86)\Windows Live
2010-12-24 23:44 . 2010-12-24 23:44 -------- d-----w- c:\windows\PCHEALTH
2010-12-24 23:43 . 2010-12-24 23:43 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2010-12-24 23:40 . 2011-01-15 13:09 -------- d-----w- c:\users\Romaric
2010-12-24 23:38 . 2010-12-24 23:38 -------- d-----w- C:\Recovery
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-07 11:17 . 2010-12-07 11:17 51200 ----a-w- c:\windows\SysWow64\OpenCL.dll
2010-12-07 11:15 . 2010-12-07 11:15 52736 ----a-w- c:\windows\system32\OpenCL.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="d:\programmes\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"MGSysCtrl"="c:\program files (x86)\System Control Manager\MGSysCtrl.exe" [2010-03-19 2408448]
"msi LED Manager"="c:\program files (x86)\msi\msi LED Manager\SLM.exe" [2010-06-22 2793984]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-12-25 352976]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\System32\Drivers\btmcom.sys [2010-04-09 52736]
R3 BTMHID;BTMHID;c:\windows\system32\DRIVERS\btmhid.sys [2010-03-23 34048]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [2010-04-15 3231104]
R3 driverhardwarev2x64;driverhardwarev2x64;d:\programmes\Maconfig\Drivers\driverhardwarev2x64.sys [2010-08-30 15872]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2010-08-09 88912]
R3 MGHwCtrl;MGHwCtrl;c:\program files\msi\msi Software Install\MGHwCtrl.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-26 1255736]
R4 maconfservice;Ma-Config Service;d:\programmes\Maconfig\x64\maconfservice.exe [2010-12-20 326144]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 27736]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-22 203264]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2010-04-22 677128]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-06-22 7195648]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-06-22 265728]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-06-15 116240]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-04-15 4170504]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-04-15 1096456]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-09-08 1028096]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-18 7680512]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 721768]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 269672]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-17 11438696]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-08-17 2120808]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-04-22 19645704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 360448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\system32\blank.htm
FF - ProfilePath - c:\users\Romaric\AppData\Roaming\Mozilla\Firefox\Profiles\g4l37hk2.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\programmes\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Anti-bannière: KavAntiBanner@Kaspersky.ru - d:\programmes\Firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Ext: Analyse des liens (URL Advisor): linkfilter@kaspersky.ru - d:\programmes\Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - d:\programmes\Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2011-01-15 14:18:01
ComboFix-quarantined-files.txt 2011-01-15 13:18
Avant-CF: 252 073 213 952 octets libres
Après-CF: 254 114 562 048 octets libres
- - End Of File - - D0053B660121870AF9A6AD78B6F084D3
Utilisateur anonyme
15 janv. 2011 à 14:29
15 janv. 2011 à 14:29
__________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
----------------------------------------------------------------------------
Toujours avec toutes les protections désactivées, fais ceci :
▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :
----------------------------------------------------------
KillAll::
File::
c:\windows\SysWow64\Sho*.tmp
------------------------------------------------------------------
▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes
▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix
▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt
Voila le rapport, par contre je ne peut plus lancer Firefox, erreur au lancement (clé de registre supprimée).
ComboFix 11-01-14.01 - Romaric 15/01/2011 14:34:30.2.4 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.4014.2576 [GMT 1:00]
Lancé depuis: c:\users\Romaric\Desktop\Romm.exe
Commutateurs utilisés :: c:\users\Romaric\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-12-15 au 2011-01-15 ))))))))))))))))))))))))))))))))))))
.
2011-01-15 10:35 . 2011-01-15 11:32 -------- d-----w- C:\Kill'em
2011-01-15 10:34 . 2011-01-15 11:33 -------- d-----w- c:\program files (x86)\List_Kill'em
2011-01-15 10:03 . 2011-01-15 10:03 -------- d-----w- c:\program files (x86)\SEAF
2011-01-14 20:32 . 2011-01-14 20:32 -------- d-----w- c:\windows\BDOSCAN8
2011-01-14 18:25 . 2011-01-14 18:26 -------- d-----w- c:\program files (x86)\Ad-Remover
2011-01-14 17:23 . 2010-11-16 11:01 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{187DFA62-C78B-45F8-A7EE-B8A9B5384C58}\mpengine.dll
2011-01-14 10:31 . 2011-01-14 10:31 0 ----a-w- c:\windows\SysWow64\sho96F4.tmp
2011-01-14 00:41 . 2011-01-14 00:41 0 ----a-w- c:\windows\SysWow64\shoEAE9.tmp
2011-01-13 17:16 . 2011-01-13 17:16 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2011-01-13 17:16 . 2011-01-13 17:16 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-01-13 17:16 . 2011-01-13 17:16 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2011-01-13 17:16 . 2011-01-13 17:16 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-01-13 17:16 . 2011-01-13 17:16 -------- d-----w- c:\program files (x86)\OpenAL
2011-01-13 00:18 . 2011-01-13 00:18 -------- d-----w- c:\program files (x86)\Microsoft XNA
2011-01-12 18:50 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 18:50 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 18:50 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 18:50 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 18:50 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 18:50 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-01-12 18:50 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 18:50 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 18:50 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 18:50 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-01-09 02:10 . 2011-01-09 02:10 0 ----a-w- c:\windows\SysWow64\shoBA9A.tmp
2011-01-08 01:02 . 2011-01-08 01:02 0 ----a-w- c:\windows\SysWow64\shoA50E.tmp
2011-01-07 20:55 . 2011-01-07 20:55 -------- d-----w- c:\programdata\2DBoy
2011-01-06 17:45 . 2011-01-06 17:45 -------- d-----w- c:\program files (x86)\Oberon Media
2011-01-06 15:55 . 2011-01-06 15:55 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-01-05 14:55 . 2011-01-05 14:55 0 ----a-w- c:\windows\SysWow64\shoC20A.tmp
2011-01-03 12:54 . 2011-01-09 14:02 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-01-03 12:54 . 2011-01-03 12:54 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-01-03 12:54 . 2011-01-03 12:54 2250024 ----a-w- c:\windows\SysWow64\pbsvc.exe
2011-01-02 19:38 . 2011-01-02 19:38 -------- d-----r- c:\program files (x86)\Skype
2011-01-02 19:38 . 2011-01-02 19:38 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-01-02 19:38 . 2011-01-02 19:38 -------- d-----w- c:\programdata\Skype
2011-01-02 10:32 . 2011-01-02 10:33 -------- d-----w- c:\programdata\Solidshield
2011-01-01 22:32 . 2011-01-01 22:32 0 ----a-w- c:\windows\SysWow64\sho683F.tmp
2011-01-01 20:55 . 2011-01-01 20:55 -------- d-----w- c:\programdata\Tages
2011-01-01 20:55 . 2011-01-01 20:55 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-01-01 20:55 . 2011-01-01 20:55 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-01-01 20:53 . 2008-10-15 05:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-01-01 20:53 . 2008-10-15 05:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2011-01-01 20:53 . 2008-10-15 05:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2011-01-01 20:53 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2011-01-01 20:53 . 2008-10-15 05:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-01-01 20:53 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2011-01-01 15:48 . 2011-01-13 17:06 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-01-01 00:47 . 2011-01-01 00:47 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2011-01-01 00:47 . 2011-01-01 00:47 -------- d-----w- c:\windows\SysWow64\AGEIA
2011-01-01 00:46 . 2011-01-01 00:46 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-01-01 00:44 . 2011-01-06 21:17 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2010-12-29 10:50 . 2010-12-29 10:50 0 ----a-w- c:\windows\SysWow64\shoB57B.tmp
2010-12-29 01:35 . 2010-12-29 01:35 0 ----a-w- c:\windows\SysWow64\sho592.tmp
2010-12-28 12:54 . 2010-12-28 12:54 -------- d-----w- c:\program files (x86)\ATI
2010-12-28 11:46 . 2009-03-16 13:18 235352 ----a-w- c:\windows\SysWow64\xactengine3_4.dll
2010-12-28 11:43 . 2010-12-28 11:45 -------- d--h--w- c:\windows\msdownld.tmp
2010-12-28 11:21 . 2010-12-28 11:21 -------- d-----w- c:\programdata\ma-config.com
2010-12-27 23:56 . 2010-12-27 23:56 -------- d-----w- c:\programdata\ATI
2010-12-27 23:56 . 2010-12-27 23:56 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-12-27 23:56 . 2010-12-27 23:56 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2010-12-27 23:56 . 2010-12-27 23:56 -------- d-----w- c:\program files (x86)\ATI Stream
2010-12-27 23:55 . 2010-12-27 23:55 -------- d-----w- C:\ATI
2010-12-27 23:52 . 2010-12-27 23:52 -------- d-----w- C:\AMD
2010-12-27 11:59 . 2010-12-27 11:59 -------- d-----w- c:\programdata\Malwarebytes
2010-12-27 11:59 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-27 11:59 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-27 00:19 . 2010-12-27 00:43 -------- d-----w- c:\programdata\VirtualizedApplications
2010-12-26 01:07 . 2010-12-26 01:07 0 ----a-w- c:\windows\SysWow64\shoD808.tmp
2010-12-26 01:06 . 2010-12-26 01:06 -------- d-----w- c:\windows\SysWow64\Wat
2010-12-26 01:06 . 2010-12-26 01:06 -------- d-----w- c:\windows\system32\Wat
2010-12-26 00:59 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2010-12-26 00:53 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-12-26 00:53 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2010-12-26 00:53 . 2010-04-07 07:37 861184 ----a-w- c:\windows\system32\oleaut32.dll
2010-12-26 00:53 . 2010-04-07 07:10 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2010-12-26 00:53 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-12-26 00:53 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2010-12-26 00:53 . 2009-09-26 06:20 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-12-26 00:52 . 2010-08-04 07:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
2010-12-26 00:52 . 2010-08-04 07:07 552960 ----a-w- c:\windows\system32\msdri.dll
2010-12-26 00:52 . 2010-08-04 06:18 641536 ----a-w- c:\windows\SysWow64\CPFilters.dll
2010-12-26 00:52 . 2010-07-13 05:37 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-12-26 00:52 . 2010-08-04 07:05 288256 ----a-w- c:\windows\system32\MSNP.ax
2010-12-26 00:52 . 2010-08-04 07:05 258560 ----a-w- c:\windows\system32\mpg2splt.ax
2010-12-26 00:52 . 2010-08-04 06:15 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
2010-12-26 00:52 . 2010-08-04 06:15 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2010-12-26 00:36 . 2010-12-26 00:36 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2010-12-25 10:17 . 2010-10-19 09:41 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-12-25 01:15 . 2011-01-15 13:39 -------- d-----w- c:\programdata\Kaspersky Lab
2010-12-25 01:15 . 2010-12-25 01:15 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2010-12-25 01:14 . 2010-12-25 01:14 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-12-24 23:47 . 2010-12-24 23:47 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2010-12-24 23:46 . 2010-12-24 23:46 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2010-12-24 23:46 . 2006-11-29 12:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-12-24 23:46 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2010-12-24 23:45 . 2010-12-24 23:45 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2010-12-24 23:45 . 2010-12-24 23:45 -------- d-----w- c:\program files (x86)\Microsoft
2010-12-24 23:45 . 2010-12-24 23:45 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2010-12-24 23:44 . 2010-12-24 23:47 -------- d-----w- c:\program files (x86)\Windows Live
2010-12-24 23:44 . 2010-12-24 23:44 -------- d-----w- c:\windows\PCHEALTH
2010-12-24 23:43 . 2010-12-24 23:43 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2010-12-24 23:40 . 2011-01-15 13:09 -------- d-----w- c:\users\Romaric
2010-12-24 23:38 . 2010-12-24 23:38 -------- d-----w- C:\Recovery
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-07 11:17 . 2010-12-07 11:17 51200 ----a-w- c:\windows\SysWow64\OpenCL.dll
2010-12-07 11:15 . 2010-12-07 11:15 52736 ----a-w- c:\windows\system32\OpenCL.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-01-15_13.16.19 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-01-15 11:59 . 2011-01-15 11:59 13342 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-01-15 13:38 . 2011-01-15 13:38 13342 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2011-01-15 12:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-01-15 13:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-01-15 13:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-01-15 12:00 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-01-15 12:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-01-15 13:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-15 13:39 . 2011-01-15 13:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-01-15 12:00 . 2011-01-15 12:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-01-15 11:59 234392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-01-15 13:38 234392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-12-25 00:06 . 2011-01-15 13:38 1003164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4154214304-3852848040-318596902-1000-8192.dat
- 2010-12-25 00:06 . 2011-01-15 11:59 1003164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4154214304-3852848040-318596902-1000-8192.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="d:\programmes\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"MGSysCtrl"="c:\program files (x86)\System Control Manager\MGSysCtrl.exe" [2010-03-19 2408448]
"msi LED Manager"="c:\program files (x86)\msi\msi LED Manager\SLM.exe" [2010-06-22 2793984]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-12-25 352976]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\System32\Drivers\btmcom.sys [2010-04-09 52736]
R3 BTMHID;BTMHID;c:\windows\system32\DRIVERS\btmhid.sys [2010-03-23 34048]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [2010-04-15 3231104]
R3 driverhardwarev2x64;driverhardwarev2x64;d:\programmes\Maconfig\Drivers\driverhardwarev2x64.sys [2010-08-30 15872]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2010-08-09 88912]
R3 MGHwCtrl;MGHwCtrl;c:\program files\msi\msi Software Install\MGHwCtrl.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-26 1255736]
R4 maconfservice;Ma-Config Service;d:\programmes\Maconfig\x64\maconfservice.exe [2010-12-20 326144]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 27736]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-22 203264]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2010-04-22 677128]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-06-22 7195648]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-06-22 265728]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-06-15 116240]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-04-15 4170504]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-04-15 1096456]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-09-08 1028096]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-18 7680512]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 721768]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 269672]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-17 11438696]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-08-17 2120808]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-04-22 19645704]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 360448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_Dlls"=0x1
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\system32\blank.htm
IE: Ajouter à l'Anti-bannière - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
FF - ProfilePath - c:\users\Romaric\AppData\Roaming\Mozilla\Firefox\Profiles\g4l37hk2.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\programmes\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Anti-bannière: KavAntiBanner@Kaspersky.ru - d:\programmes\Firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Ext: Analyse des liens (URL Advisor): linkfilter@kaspersky.ru - d:\programmes\Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - d:\programmes\Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-Locked - (no file)
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Motorola\Bluetooth\btplayerctrl.exe
.
**************************************************************************
.
Heure de fin: 2011-01-15 14:43:06 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-01-15 13:43
ComboFix2.txt 2011-01-15 13:18
Avant-CF: 254 164 361 216 octets libres
Après-CF: 254 069 633 024 octets libres
- - End Of File - - 1F9396448C68E3AC6843FC06D59FBFE2
ComboFix 11-01-14.01 - Romaric 15/01/2011 14:34:30.2.4 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.4014.2576 [GMT 1:00]
Lancé depuis: c:\users\Romaric\Desktop\Romm.exe
Commutateurs utilisés :: c:\users\Romaric\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-12-15 au 2011-01-15 ))))))))))))))))))))))))))))))))))))
.
2011-01-15 10:35 . 2011-01-15 11:32 -------- d-----w- C:\Kill'em
2011-01-15 10:34 . 2011-01-15 11:33 -------- d-----w- c:\program files (x86)\List_Kill'em
2011-01-15 10:03 . 2011-01-15 10:03 -------- d-----w- c:\program files (x86)\SEAF
2011-01-14 20:32 . 2011-01-14 20:32 -------- d-----w- c:\windows\BDOSCAN8
2011-01-14 18:25 . 2011-01-14 18:26 -------- d-----w- c:\program files (x86)\Ad-Remover
2011-01-14 17:23 . 2010-11-16 11:01 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{187DFA62-C78B-45F8-A7EE-B8A9B5384C58}\mpengine.dll
2011-01-14 10:31 . 2011-01-14 10:31 0 ----a-w- c:\windows\SysWow64\sho96F4.tmp
2011-01-14 00:41 . 2011-01-14 00:41 0 ----a-w- c:\windows\SysWow64\shoEAE9.tmp
2011-01-13 17:16 . 2011-01-13 17:16 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2011-01-13 17:16 . 2011-01-13 17:16 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-01-13 17:16 . 2011-01-13 17:16 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2011-01-13 17:16 . 2011-01-13 17:16 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-01-13 17:16 . 2011-01-13 17:16 -------- d-----w- c:\program files (x86)\OpenAL
2011-01-13 00:18 . 2011-01-13 00:18 -------- d-----w- c:\program files (x86)\Microsoft XNA
2011-01-12 18:50 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 18:50 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 18:50 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 18:50 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 18:50 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 18:50 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-01-12 18:50 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 18:50 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 18:50 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 18:50 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-01-09 02:10 . 2011-01-09 02:10 0 ----a-w- c:\windows\SysWow64\shoBA9A.tmp
2011-01-08 01:02 . 2011-01-08 01:02 0 ----a-w- c:\windows\SysWow64\shoA50E.tmp
2011-01-07 20:55 . 2011-01-07 20:55 -------- d-----w- c:\programdata\2DBoy
2011-01-06 17:45 . 2011-01-06 17:45 -------- d-----w- c:\program files (x86)\Oberon Media
2011-01-06 15:55 . 2011-01-06 15:55 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-01-05 14:55 . 2011-01-05 14:55 0 ----a-w- c:\windows\SysWow64\shoC20A.tmp
2011-01-03 12:54 . 2011-01-09 14:02 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-01-03 12:54 . 2011-01-03 12:54 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-01-03 12:54 . 2011-01-03 12:54 2250024 ----a-w- c:\windows\SysWow64\pbsvc.exe
2011-01-02 19:38 . 2011-01-02 19:38 -------- d-----r- c:\program files (x86)\Skype
2011-01-02 19:38 . 2011-01-02 19:38 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-01-02 19:38 . 2011-01-02 19:38 -------- d-----w- c:\programdata\Skype
2011-01-02 10:32 . 2011-01-02 10:33 -------- d-----w- c:\programdata\Solidshield
2011-01-01 22:32 . 2011-01-01 22:32 0 ----a-w- c:\windows\SysWow64\sho683F.tmp
2011-01-01 20:55 . 2011-01-01 20:55 -------- d-----w- c:\programdata\Tages
2011-01-01 20:55 . 2011-01-01 20:55 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-01-01 20:55 . 2011-01-01 20:55 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-01-01 20:53 . 2008-10-15 05:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-01-01 20:53 . 2008-10-15 05:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2011-01-01 20:53 . 2008-10-15 05:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2011-01-01 20:53 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2011-01-01 20:53 . 2008-10-15 05:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-01-01 20:53 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2011-01-01 15:48 . 2011-01-13 17:06 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-01-01 00:47 . 2011-01-01 00:47 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2011-01-01 00:47 . 2011-01-01 00:47 -------- d-----w- c:\windows\SysWow64\AGEIA
2011-01-01 00:46 . 2011-01-01 00:46 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-01-01 00:44 . 2011-01-06 21:17 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2010-12-29 10:50 . 2010-12-29 10:50 0 ----a-w- c:\windows\SysWow64\shoB57B.tmp
2010-12-29 01:35 . 2010-12-29 01:35 0 ----a-w- c:\windows\SysWow64\sho592.tmp
2010-12-28 12:54 . 2010-12-28 12:54 -------- d-----w- c:\program files (x86)\ATI
2010-12-28 11:46 . 2009-03-16 13:18 235352 ----a-w- c:\windows\SysWow64\xactengine3_4.dll
2010-12-28 11:43 . 2010-12-28 11:45 -------- d--h--w- c:\windows\msdownld.tmp
2010-12-28 11:21 . 2010-12-28 11:21 -------- d-----w- c:\programdata\ma-config.com
2010-12-27 23:56 . 2010-12-27 23:56 -------- d-----w- c:\programdata\ATI
2010-12-27 23:56 . 2010-12-27 23:56 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-12-27 23:56 . 2010-12-27 23:56 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2010-12-27 23:56 . 2010-12-27 23:56 -------- d-----w- c:\program files (x86)\ATI Stream
2010-12-27 23:55 . 2010-12-27 23:55 -------- d-----w- C:\ATI
2010-12-27 23:52 . 2010-12-27 23:52 -------- d-----w- C:\AMD
2010-12-27 11:59 . 2010-12-27 11:59 -------- d-----w- c:\programdata\Malwarebytes
2010-12-27 11:59 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-27 11:59 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-27 00:19 . 2010-12-27 00:43 -------- d-----w- c:\programdata\VirtualizedApplications
2010-12-26 01:07 . 2010-12-26 01:07 0 ----a-w- c:\windows\SysWow64\shoD808.tmp
2010-12-26 01:06 . 2010-12-26 01:06 -------- d-----w- c:\windows\SysWow64\Wat
2010-12-26 01:06 . 2010-12-26 01:06 -------- d-----w- c:\windows\system32\Wat
2010-12-26 00:59 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2010-12-26 00:53 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-12-26 00:53 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2010-12-26 00:53 . 2010-04-07 07:37 861184 ----a-w- c:\windows\system32\oleaut32.dll
2010-12-26 00:53 . 2010-04-07 07:10 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2010-12-26 00:53 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-12-26 00:53 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2010-12-26 00:53 . 2009-09-26 06:20 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-12-26 00:52 . 2010-08-04 07:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
2010-12-26 00:52 . 2010-08-04 07:07 552960 ----a-w- c:\windows\system32\msdri.dll
2010-12-26 00:52 . 2010-08-04 06:18 641536 ----a-w- c:\windows\SysWow64\CPFilters.dll
2010-12-26 00:52 . 2010-07-13 05:37 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-12-26 00:52 . 2010-08-04 07:05 288256 ----a-w- c:\windows\system32\MSNP.ax
2010-12-26 00:52 . 2010-08-04 07:05 258560 ----a-w- c:\windows\system32\mpg2splt.ax
2010-12-26 00:52 . 2010-08-04 06:15 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
2010-12-26 00:52 . 2010-08-04 06:15 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2010-12-26 00:36 . 2010-12-26 00:36 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2010-12-25 10:17 . 2010-10-19 09:41 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-12-25 01:15 . 2011-01-15 13:39 -------- d-----w- c:\programdata\Kaspersky Lab
2010-12-25 01:15 . 2010-12-25 01:15 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2010-12-25 01:14 . 2010-12-25 01:14 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-12-24 23:47 . 2010-12-24 23:47 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2010-12-24 23:46 . 2010-12-24 23:46 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2010-12-24 23:46 . 2006-11-29 12:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-12-24 23:46 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2010-12-24 23:45 . 2010-12-24 23:45 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2010-12-24 23:45 . 2010-12-24 23:45 -------- d-----w- c:\program files (x86)\Microsoft
2010-12-24 23:45 . 2010-12-24 23:45 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2010-12-24 23:44 . 2010-12-24 23:47 -------- d-----w- c:\program files (x86)\Windows Live
2010-12-24 23:44 . 2010-12-24 23:44 -------- d-----w- c:\windows\PCHEALTH
2010-12-24 23:43 . 2010-12-24 23:43 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2010-12-24 23:40 . 2011-01-15 13:09 -------- d-----w- c:\users\Romaric
2010-12-24 23:38 . 2010-12-24 23:38 -------- d-----w- C:\Recovery
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-07 11:17 . 2010-12-07 11:17 51200 ----a-w- c:\windows\SysWow64\OpenCL.dll
2010-12-07 11:15 . 2010-12-07 11:15 52736 ----a-w- c:\windows\system32\OpenCL.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-01-15_13.16.19 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-01-15 11:59 . 2011-01-15 11:59 13342 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-01-15 13:38 . 2011-01-15 13:38 13342 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2011-01-15 12:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-01-15 13:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-01-15 13:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-01-15 12:00 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-01-15 12:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-01-15 13:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-15 13:39 . 2011-01-15 13:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-01-15 12:00 . 2011-01-15 12:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-01-15 11:59 234392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-01-15 13:38 234392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-12-25 00:06 . 2011-01-15 13:38 1003164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4154214304-3852848040-318596902-1000-8192.dat
- 2010-12-25 00:06 . 2011-01-15 11:59 1003164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4154214304-3852848040-318596902-1000-8192.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="d:\programmes\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"MGSysCtrl"="c:\program files (x86)\System Control Manager\MGSysCtrl.exe" [2010-03-19 2408448]
"msi LED Manager"="c:\program files (x86)\msi\msi LED Manager\SLM.exe" [2010-06-22 2793984]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-12-25 352976]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\System32\Drivers\btmcom.sys [2010-04-09 52736]
R3 BTMHID;BTMHID;c:\windows\system32\DRIVERS\btmhid.sys [2010-03-23 34048]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [2010-04-15 3231104]
R3 driverhardwarev2x64;driverhardwarev2x64;d:\programmes\Maconfig\Drivers\driverhardwarev2x64.sys [2010-08-30 15872]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2010-08-09 88912]
R3 MGHwCtrl;MGHwCtrl;c:\program files\msi\msi Software Install\MGHwCtrl.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-26 1255736]
R4 maconfservice;Ma-Config Service;d:\programmes\Maconfig\x64\maconfservice.exe [2010-12-20 326144]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 27736]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-22 203264]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2010-04-22 677128]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-06-22 7195648]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-06-22 265728]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-06-15 116240]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-04-15 4170504]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-04-15 1096456]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-09-08 1028096]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-18 7680512]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 721768]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 269672]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-17 11438696]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-08-17 2120808]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-04-22 19645704]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 360448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_Dlls"=0x1
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\system32\blank.htm
IE: Ajouter à l'Anti-bannière - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
FF - ProfilePath - c:\users\Romaric\AppData\Roaming\Mozilla\Firefox\Profiles\g4l37hk2.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\programmes\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Anti-bannière: KavAntiBanner@Kaspersky.ru - d:\programmes\Firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Ext: Analyse des liens (URL Advisor): linkfilter@kaspersky.ru - d:\programmes\Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - d:\programmes\Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-Locked - (no file)
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Motorola\Bluetooth\btplayerctrl.exe
.
**************************************************************************
.
Heure de fin: 2011-01-15 14:43:06 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-01-15 13:43
ComboFix2.txt 2011-01-15 13:18
Avant-CF: 254 164 361 216 octets libres
Après-CF: 254 069 633 024 octets libres
- - End Of File - - 1F9396448C68E3AC6843FC06D59FBFE2
En fait je peux le lancer à partir des programmes, c'est à partir du racourci que ca ne marche plus :s.
Ah, AUCUN racourci de ma rocket dock ne fonctionne, même si j'en crée des nouveaux, est-ce normal ?
"tentative d'opétation non autorisée sur une clé de Registre marquée pour supression"
Heu, j'ai remarqué plein de soucis, les boutons "eco", "turbo" ne marchent plus, j'ai des erreurs mémoire en modifiant la luminosité, etc ... :s
EDIT : Après un redémarrage, TOUT est redevenu normal, j'attends donc la suite de tes indications.
"tentative d'opétation non autorisée sur une clé de Registre marquée pour supression"
Heu, j'ai remarqué plein de soucis, les boutons "eco", "turbo" ne marchent plus, j'ai des erreurs mémoire en modifiant la luminosité, etc ... :s
EDIT : Après un redémarrage, TOUT est redevenu normal, j'attends donc la suite de tes indications.
Utilisateur anonyme
15 janv. 2011 à 15:06
15 janv. 2011 à 15:06
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous "Personnalisation" :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:Files
c:\windows\Sysnative\*.tmp
c:\windows\System32\*.tmp
c:\windows\SysWow64\*.tmp
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur "Correction" pour lancer la suppression.
▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous "Personnalisation" :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:Files
c:\windows\Sysnative\*.tmp
c:\windows\System32\*.tmp
c:\windows\SysWow64\*.tmp
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur "Correction" pour lancer la suppression.
▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.
Voila le rapport :
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== FILES ==========
File\Folder c:\windows\Sysnative\*.tmp not found.
c:\windows\System32\sho592.tmp moved successfully.
c:\windows\System32\sho683F.tmp moved successfully.
c:\windows\System32\sho96F4.tmp moved successfully.
c:\windows\System32\shoA50E.tmp moved successfully.
c:\windows\System32\shoB57B.tmp moved successfully.
c:\windows\System32\shoBA9A.tmp moved successfully.
c:\windows\System32\shoC20A.tmp moved successfully.
c:\windows\System32\shoD808.tmp moved successfully.
c:\windows\System32\shoEAE9.tmp moved successfully.
File\Folder c:\windows\SysWow64\*.tmp not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Romaric
->Temp folder emptied: 813 bytes
->Temporary Internet Files folder emptied: 24661824 bytes
->FireFox cache emptied: 70710179 bytes
->Flash cache emptied: 13249 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 144689 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50674 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 91.00 mb
OTL by OldTimer - Version 3.2.20.2 log created on 01152011_150844
Files\Folders moved on Reboot...
C:\Users\Romaric\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\windows\temp\kls85FD.tmp not found!
Registry entries deleted on Reboot...
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== FILES ==========
File\Folder c:\windows\Sysnative\*.tmp not found.
c:\windows\System32\sho592.tmp moved successfully.
c:\windows\System32\sho683F.tmp moved successfully.
c:\windows\System32\sho96F4.tmp moved successfully.
c:\windows\System32\shoA50E.tmp moved successfully.
c:\windows\System32\shoB57B.tmp moved successfully.
c:\windows\System32\shoBA9A.tmp moved successfully.
c:\windows\System32\shoC20A.tmp moved successfully.
c:\windows\System32\shoD808.tmp moved successfully.
c:\windows\System32\shoEAE9.tmp moved successfully.
File\Folder c:\windows\SysWow64\*.tmp not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Romaric
->Temp folder emptied: 813 bytes
->Temporary Internet Files folder emptied: 24661824 bytes
->FireFox cache emptied: 70710179 bytes
->Flash cache emptied: 13249 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 144689 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50674 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 91.00 mb
OTL by OldTimer - Version 3.2.20.2 log created on 01152011_150844
Files\Folders moved on Reboot...
C:\Users\Romaric\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\windows\temp\kls85FD.tmp not found!
Registry entries deleted on Reboot...
koolooa
Messages postés
47
Date d'inscription
mercredi 17 décembre 2008
Statut
Membre
Dernière intervention
18 janvier 2011
15 janv. 2011 à 15:22
15 janv. 2011 à 15:22
Voila le rapport :
OTL : http://www.cijoint.fr/cjlink.php?file=cj201101/cij6CHX7fk.txt
Extras : http://www.cijoint.fr/cjlink.php?file=cj201101/cijnLeuwlM.txt
OTL : http://www.cijoint.fr/cjlink.php?file=cj201101/cij6CHX7fk.txt
Extras : http://www.cijoint.fr/cjlink.php?file=cj201101/cijnLeuwlM.txt
koolooa
Messages postés
47
Date d'inscription
mercredi 17 décembre 2008
Statut
Membre
Dernière intervention
18 janvier 2011
15 janv. 2011 à 15:41
15 janv. 2011 à 15:41
Oui c'est l'éditeur de world of goo, dont la démo est installée.
Utilisateur anonyme
15 janv. 2011 à 15:44
15 janv. 2011 à 15:44
que contient ceci :?
C:\Users\Romaric\AppData\Roaming\Roaming
C:\Users\Romaric\AppData\Roaming\Roaming
koolooa
Messages postés
47
Date d'inscription
mercredi 17 décembre 2008
Statut
Membre
Dernière intervention
18 janvier 2011
15 janv. 2011 à 15:47
15 janv. 2011 à 15:47
Il contient des dossiers Ubisoft, Anno1404 qui lui même contient un fichier de config Anno1404.
koolooa
Messages postés
47
Date d'inscription
mercredi 17 décembre 2008
Statut
Membre
Dernière intervention
18 janvier 2011
15 janv. 2011 à 15:49
15 janv. 2011 à 15:49
Oui oui, c'est bien cela.