Infection supprimée ?

Résolu
sorcierinfernal Messages postés 879 Statut Membre -  
 gen-hackman -
Bonjour,

Je me suis aperçu que mon pc ramait vraiment. J'étais tranquillement sur nygmatick.com (site sûr !), quand Microsoft Security Essentials m'alerte d'un virus (trojan). Bon, il me dit qu'il l'a nettoyé... Je vous en renseigne plus :

"
TrojanDownloader:Win32/VB.CE | Niveau d'alerte : Grave |Date : 14/02/2011 19:43 |Action effectuée : Mise en quarantaine
"



--
La prochaine fois, y aura pas de prochaine fois.

48 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Une alerte de sécurité signale une infection par Trojan sur une machine Windows 7 en dual-boot avec Ubuntu, soulignant la nécessité d’analyser et de nettoyer le système après une mise en quarantaine.
Plusieurs solutions ont été proposées, dont l’exécution d’outils de détection et de suppression, l’analyse des fichiers suspects avec Malwarebytes et l’utilisation de VirusTotal pour obtenir des liens d’analyse.
Des recommandations pratiques incluent la désactivation temporaire de composants risqués et l’utilisation d’outils comme List_Kill'em et OTL pour repérer des éléments cachés, puis la quarantine ou la suppression des fichiers détectés.
Par ailleurs, les rapports indiquent deux fichiers infectés et illustrent l'intérêt d'analyser les journaux d'exécution et les résultats des outils pour évaluer les interventions nécessaires.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. gen-hackman
     
    oui fais bien tout le menage surtout
    1
  2. gen-hackman
     
    salut

    Télécharge ici :OTL

    enregistre le sur ton Bureau.

    si tu as XP => double clique
    si tu as Vista ou windows 7 => clic droit "executer en tant que...."


    sur OTL.exe pour le lancer.

    ▶ Coche les 2 cases Lop et Purity

    ▶ Coche la case devant tous les utilisateurs

    ▶ règle age du fichier sur "60 jours"

    ▶ dans les 6 onglets de la moitié gauche , mets tout sur "tous"

    ne modifie pas ceci :

    "fichiers créés" et "fichiers Modifiés"


    ▶Clic sur Analyse.

    A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

    Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

    ▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)

    Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

    ▶ Clique sur Parcourir et cherche le fichier ci-dessus.

    ▶ Clique sur Ouvrir.

    ▶ Clique sur "Cliquez ici pour déposer le fichier".

    juste au niveau du bouton , en fin de chargement du fichier , Un lien de cette forme apparaitra :

    http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

    ▶ Copie ce lien dans ta réponse.

    ▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
    0
    1. sorcierinfernal Messages postés 879 Statut Membre 76
       
      Merci mais cette fois, ClearCloud m'interdit d'aller sur ce site... (habitué d'OTL mdrr)
      0
  3. gen-hackman
     
    clearcloud ? c'est quoi ?
    0
    1. sorcierinfernal Messages postés 879 Statut Membre 76
       
      C'est un dns qui vérifie les ip des sites : https://clearclouddns.com/ c'est un filtre, enfait. Je vais le désactiver le temps de faire sa ;)
      0
  4. sorcierinfernal Messages postés 879 Statut Membre 76
     
    C'est bon !

    -OTL.txt
    -Extras.txt

    J'en ai profité pour brancher mon DD externe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. sorcierinfernal Messages postés 879 Statut Membre 76
     
    Mince je viens de m'aperçevoir que l'age du fichier n'est pas bon ! Je recommence ?
    0
  7. gen-hackman
     

    /!\ ATTENTION SUIVRE A LA LETTRE CES INDICATIONS/!\

    __________________________________________________________
    >Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
    >>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
    =====================================================


    ▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur

    Telecharge ici : Combofix

    Avant d'utiliser ComboFix :

    Si tu utilises AVG, IL FAUT IMPERATIVEMENT LE DESINSTALLER avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système.
    La simple désactivation du résident n'est pas suffisante.
    Télécharge le désinstalleur d'AVG sur ce lien : https://www.avg.com/fr-fr/avg-remover
    Choisis la version adéquate (32 ou 64 bits)/!\

    Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :

    ▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau

    ▶ Lance le

    Une fenêtre apparait : clique sur "Disable"

    ▶ Fais redémarrer l'ordinateur si l'outil te le demande

    Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"

    _________________________________________________________
    >> referme les fenêtres de tous les programmes en cours.
    >> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
    >>la protection en temps réel de ton Antivirus et de tes Antispywares,
    >>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

    °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°


    si tu as XP => double clique
    si tu as Vista ou windows 7 => clic droit "executer en tant que...."


    sur combofix renommé

    ¤¤¤¤¤¤¤¤¤¤ LAISSE-LE INSTALLER LA CONSOLE DE RECUPERATION S'IL TE LE DEMANDE ¤¤¤¤¤¤¤¤¤¤

    ▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!

    ▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    ▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    0
  8. sorcierinfernal Messages postés 879 Statut Membre 76
     
    Et bien, je ne suis pas venu pour rien =p

    ComboFix 11-02-13.04 - gabriel 14/02/2011 21:00:38.1.1 - x86
    Lancé depuis: c:\users\gabriel\Desktop\Gabriel.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\programdata\Desktop
    c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
    c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
    c:\windows\system32\muzapp.exe
    c:\windows\system32\skinboxer43.dll
    c:\windows\system32\system32
    c:\windows\system32\system32\cis-2.4.dll
    c:\windows\system32\system32\issacapi_bs-2.3.dll
    c:\windows\system32\system32\issacapi_pe-2.3.dll
    c:\windows\system32\system32\issacapi_se-2.3.dll
    c:\windows\system32\system32\MACXMLProto.dll
    c:\windows\system32\system32\MaDRM.dll
    c:\windows\system32\system32\MaJGUILib.dll
    c:\windows\system32\system32\MaJUtilLib.dll
    c:\windows\system32\system32\MAMACExtract.dll
    c:\windows\system32\system32\MASetupCaller.dll
    c:\windows\system32\system32\MASetupCleaner.exe
    c:\windows\system32\system32\MaXMLProto.dll
    c:\windows\system32\system32\MetaStore2.dll
    c:\windows\system32\system32\Microsoft.Synchronization.dll
    c:\windows\system32\system32\MK_Lyric.dll
    c:\windows\system32\system32\MSCLib.dll
    c:\windows\system32\system32\MSFLib.dll
    c:\windows\system32\system32\MSLUR71.dll
    c:\windows\system32\system32\msvcp60.dll
    c:\windows\system32\system32\MTTELECHIP.dll
    c:\windows\system32\system32\MTXSYNCICON.dll
    c:\windows\system32\system32\muzaf1.dll
    c:\windows\system32\system32\muzapp.dll
    c:\windows\system32\system32\muzapp.exe
    c:\windows\system32\system32\muzdecode.ax
    c:\windows\system32\system32\muzeffect.ax
    c:\windows\system32\system32\muzmp4sp.ax
    c:\windows\system32\system32\muzmpgsp.ax
    c:\windows\system32\system32\muzoggsp.ax
    c:\windows\system32\system32\muzwmts.dll
    c:\windows\system32\system32\psapi.dll
    c:\windows\system32\system32\Synchronization2.dll

    ----- BITS: Il y a peut-être des sites infectés -----

    hxxp://apnmedia.ask.com
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2011-01-14 au 2011-02-14 ))))))))))))))))))))))))))))))))))))
    .

    2011-02-14 20:10 . 2011-02-14 20:10 -------- d-----w- c:\users\Sandra\AppData\Local\temp
    2011-02-14 19:52 . 2011-02-14 19:52 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{647D1CCF-B4AA-4183-AC87-670586BEDB73}\MpKsl30983519.sys
    2011-02-14 18:41 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{647D1CCF-B4AA-4183-AC87-670586BEDB73}\mpengine.dll
    2011-02-13 15:15 . 2011-02-13 15:15 134464 ----a-w- c:\windows\system32\LnkProtect.dll
    2011-02-10 12:17 . 2011-02-10 12:17 -------- d-----w- c:\users\gabriel\AppData\Local\#N
    2011-02-10 12:15 . 2011-02-10 12:16 -------- d-----w- c:\users\gabriel\AppData\Roaming\Doodle_Jump_PC
    2011-02-10 12:14 . 2011-02-10 12:14 -------- d-----w- c:\program files\Doodle Jump
    2011-02-10 12:12 . 2011-02-10 12:12 -------- d-----w- c:\program files\Microsoft XNA
    2011-02-10 10:10 . 2011-01-05 03:37 2329088 ----a-w- c:\windows\system32\win32k.sys
    2011-02-10 10:06 . 2010-12-18 05:29 541184 ----a-w- c:\windows\system32\kerberos.dll
    2011-02-10 09:56 . 2011-01-05 05:37 428032 ----a-w- c:\windows\system32\vbscript.dll
    2011-02-10 09:54 . 2010-12-18 05:29 860160 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
    2011-02-10 09:54 . 2010-12-18 05:33 673040 ----a-w- c:\program files\Internet Explorer\iexplore.exe
    2011-02-10 09:53 . 2010-12-18 05:29 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-10 09:53 . 2010-12-18 05:29 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
    2011-02-10 09:53 . 2010-12-18 04:20 386048 ----a-w- c:\windows\system32\html.iec
    2011-02-10 09:53 . 2010-12-18 03:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-02-10 09:51 . 2011-01-07 05:33 294400 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-10 09:51 . 2011-01-07 07:27 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-02-10 09:51 . 2010-10-27 04:40 1289536 ----a-w- c:\windows\system32\ntdll.dll
    2011-02-10 09:51 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-02-10 09:51 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-02-10 09:49 . 2010-12-21 05:38 204288 ----a-w- c:\windows\system32\upnp.dll
    2011-02-10 09:48 . 2010-12-21 05:36 1389568 ----a-w- c:\windows\system32\msxml6.dll
    2011-02-10 09:48 . 2010-12-21 05:38 981504 ----a-w- c:\windows\system32\wininet.dll
    2011-02-10 09:48 . 2010-12-21 05:36 1236992 ----a-w- c:\windows\system32\msxml3.dll
    2011-02-10 09:48 . 2010-12-21 05:38 350720 ----a-w- c:\windows\system32\winhttp.dll
    2011-02-10 09:48 . 2010-12-21 05:38 204800 ----a-w- c:\windows\system32\WebClnt.dll
    2011-02-10 09:48 . 2010-12-21 05:34 80384 ----a-w- c:\windows\system32\davclnt.dll
    2011-02-10 09:48 . 2010-12-21 05:38 51200 ----a-w- c:\windows\system32\wscapi.dll
    2011-02-10 09:48 . 2010-12-21 05:38 14336 ----a-w- c:\windows\system32\slwga.dll
    2011-02-10 09:48 . 2010-12-21 05:38 73728 ----a-w- c:\windows\system32\wscsvc.dll
    2011-02-10 09:48 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2011-02-08 19:30 . 2010-07-27 15:13 27136 ----a-w- c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
    2011-02-08 19:30 . 2010-03-24 15:57 713312 ----a-w- c:\windows\system32\ijjiSetup.exe
    2011-02-08 19:30 . 2010-03-24 15:56 62048 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
    2011-02-08 19:30 . 2011-02-09 15:37 -------- d-----w- c:\program files\REACTOR
    2011-02-07 18:26 . 2011-02-07 20:28 -------- d-----w- C:\UsbFix
    2011-02-06 20:38 . 2011-01-29 16:00 4659712 ----a-w- c:\windows\system32\Redemption.dll
    2011-02-06 20:31 . 2011-01-31 01:01 87340080 ----a-w- c:\users\gabriel\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
    2011-02-06 19:36 . 2011-02-06 19:47 53248 ----a-w- c:\windows\fados.exe
    2011-02-06 19:31 . 2011-02-06 19:31 -------- d-----w- c:\program files\Common Files\Atlence
    2011-02-03 17:49 . 2011-02-03 17:49 -------- d-----w- c:\users\gabriel\AppData\Roaming\Synaptics
    2011-02-02 19:19 . 2011-02-02 19:19 -------- d-----w- c:\programdata\Synaptics
    2011-02-02 19:04 . 2010-10-29 11:31 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
    2011-02-02 19:04 . 2009-08-07 07:49 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2011-02-02 19:04 . 2010-10-29 11:30 218408 ----a-w- c:\windows\system32\SynCtrl.dll
    2011-02-02 19:04 . 2010-10-29 11:30 173352 ----a-w- c:\windows\system32\SynCOM.dll
    2011-02-02 19:04 . 2010-10-29 11:31 165160 ----a-w- c:\windows\system32\SynTPAPI.dll
    2011-02-02 19:04 . 2010-10-29 11:32 1317552 ----a-w- c:\windows\system32\drivers\SynTP.sys
    2011-02-02 15:48 . 2011-02-06 19:51 -------- d-----w- c:\program files\Doblon
    2011-01-30 20:32 . 2011-01-31 19:00 -------- d-----w- c:\program files\Keyboard Logger
    2011-01-30 20:32 . 2011-01-30 20:32 -------- d-----w- c:\programdata\Keyboard Logger
    2011-01-30 20:24 . 2011-01-30 20:24 -------- d-----w- c:\users\gabriel\AppData\Roaming\Zabersoft
    2011-01-30 20:24 . 2011-01-30 20:24 -------- d-----w- c:\programdata\Zabersoft
    2011-01-30 20:24 . 2011-01-30 20:24 -------- d-----w- c:\program files\PimpFish
    2011-01-30 16:59 . 2011-01-30 17:09 -------- d-----w- C:\BuilderProjects
    2011-01-30 13:57 . 2011-01-30 13:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2011-01-30 13:57 . 2011-01-30 13:57 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
    2011-01-29 22:16 . 2011-01-29 22:16 30056 ----a-w- c:\windows\system32\MASetupCleaner.exe
    2011-01-29 10:22 . 2008-10-20 10:31 41216 ----a-w- c:\windows\system32\drivers\Capt905c.sys
    2011-01-29 10:22 . 2008-10-20 10:30 26496 ----a-w- c:\windows\system32\drivers\Camd905c.sys
    2011-01-29 10:22 . 2011-01-29 10:23 -------- d-----w- c:\program files\MyDSC2
    2011-01-26 13:48 . 2004-01-09 09:54 188416 ----a-w- c:\windows\system32\actsplash.ocx
    2011-01-26 13:48 . 2004-01-07 23:43 253952 ----a-w- c:\windows\system32\histogram.ocx
    2011-01-26 11:46 . 2010-11-30 09:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10DEDD39-BB68-4859-9D16-5F52E6029621}\gapaengine.dll
    2011-01-26 08:21 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
    2011-01-26 08:21 . 2011-01-26 08:22 -------- d-----w- c:\program files\Microsoft Security Client
    2011-01-26 08:20 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
    2011-01-23 20:02 . 2011-01-24 18:18 -------- d-----w- c:\program files\GtkRadiant 1.5.0
    2011-01-23 15:02 . 2011-02-06 16:17 -------- d-----w- c:\users\gabriel\AppData\Local\PBlackout
    2011-01-19 15:00 . 2011-02-02 16:09 -------- d-----w- c:\users\gabriel\AppData\Local\Paint.NET
    2011-01-19 14:21 . 2011-01-19 14:21 -------- d-----w- c:\program files\FileZilla FTP Client
    2011-01-17 20:14 . 2011-01-17 20:14 -------- d-----w- c:\program files\Notepad++
    2011-01-15 21:12 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-07 18:35 . 2011-02-07 18:35 8678 ----a-w- C:\UsbFix_Upload_Me_GABRIEL-TOSH.zip
    2011-01-13 11:13 . 2010-06-01 18:00 285480 ----a-w- c:\windows\system32\guard32.dll
    2011-01-13 11:13 . 2010-06-01 18:00 80064 ----a-w- c:\windows\system32\drivers\inspect.sys
    2011-01-13 11:13 . 2010-06-01 18:00 35768 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-01-13 11:13 . 2010-06-01 18:00 17256 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2011-01-13 11:13 . 2010-06-04 10:55 236600 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2011-01-13 09:41 . 2010-10-16 10:28 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2010-12-31 17:20 . 2009-07-14 02:05 152064 ----a-w- c:\windows\system32\msclmd.dll
    2010-12-23 15:43 . 2011-01-08 18:32 106208 ----a-w- c:\windows\system32\drivers\VCAM_WDM03.sys
    2010-12-23 15:43 . 2011-01-08 18:32 106208 ----a-w- c:\windows\system32\drivers\VCAM_WDM02.sys
    2010-12-23 15:42 . 2011-01-08 18:32 106208 ----a-w- c:\windows\system32\drivers\VCam_WDM01.sys
    2010-12-23 15:42 . 2011-01-08 18:32 106208 ----a-w- c:\windows\system32\drivers\VCam_WDM.sys
    2010-12-23 10:09 . 2009-09-04 08:36 53248 ----a-w- c:\windows\system32\CSVer.dll
    2010-12-20 17:09 . 2010-06-29 07:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 17:08 . 2010-06-29 07:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-20 11:03 . 2010-03-29 17:56 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-12-18 17:19 . 2010-03-31 07:18 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2010-12-18 17:19 . 2010-03-31 07:18 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-12-10 17:29 . 2010-12-10 17:29 64864 ----a-w- c:\windows\system32\sqlctr90.dll
    2010-12-10 17:29 . 2010-12-10 17:29 2248032 ----a-w- c:\windows\system32\sqlncli.dll
    2010-11-29 18:58 . 2010-11-29 18:58 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-28 12:44 . 2010-11-28 12:44 164352 ----a-w- c:\windows\system32\SpoonUninstall.exe
    2010-11-24 19:05 . 2010-11-24 19:05 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
    2010-11-24 19:04 . 2010-11-24 19:04 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
    2010-11-24 19:04 . 2010-11-24 19:04 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 90624]
    "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
    "ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2011-01-24 2200376]
    "bywifi"="c:\program files\Bywifi\bywifi.exe" [2010-10-24 2644992]
    "C:!Users!gabriel!AppData!Local!Google!Chrome!User Data_service_run"="c:\users\gabriel\AppData\Local\Google\Chrome\Application\chrome.exe" [2011-02-10 994872]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="realsched.exe -osboot" [X]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-21 2548552]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    "bywifi"="c:\program files\Bywifi\bywifi.exe" [2010-10-24 2644992]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsNetHood"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMBalloonTip"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /r \??\G:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk]
    backup=c:\windows\pss\Rainmeter.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scrybe.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
    backup=c:\windows\pss\Scrybe.lnk.CommonStartup
    backupExtension=.CommonStartup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:!Users!gabriel!AppData!Local!Google!Chrome!User Data_service_run]
    2011-02-10 03:14 994872 ----a-w- c:\users\gabriel\AppData\Local\Google\Chrome\Application\chrome.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX210 Series]
    2008-11-05 14:00 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFDE.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glary Memory Optimizer]
    2010-11-24 09:47 108344 ----a-w- c:\program files\Glary Utilities\memdefrag.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
    2010-03-30 09:16 1820040 ----a-w- d:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
    2010-12-20 17:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-09-22 23:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-12-18 17:19 274608 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Google Update"="c:\users\gabriel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    "Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "SmartFaceVWatcher"=%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot
    "00TCrdMain"=%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    R1 MpKsl8805db57;MpKsl8805db57;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3F57400-CC48-4968-9FC4-D428F20D5481}\MpKsl8805db57.sys [x]
    R1 MpKsld88f92b6;MpKsld88f92b6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BC1E1FC7-9966-4CDF-9A10-3D2F1243146C}\MpKsld88f92b6.sys [x]
    R1 MpKsle8162d77;MpKsle8162d77;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3F57400-CC48-4968-9FC4-D428F20D5481}\MpKsle8162d77.sys [x]
    R1 MpKslf2fef066;MpKslf2fef066;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E061F170-3A19-4D84-B5B5-50C8CDCA7727}\MpKslf2fef066.sys [x]
    R1 MpKslfb85e415;MpKslfb85e415;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3F57400-CC48-4968-9FC4-D428F20D5481}\MpKslfb85e415.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;h:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-09-30 1051968]
    R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
    R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
    R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
    R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-11-24 13224]
    R3 MailScan;MailScan; [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
    R3 NisSrv;Inspection réseau Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
    R3 PMUSB2G;PassMark® Software USB 2.0 Loopback plug;c:\windows\system32\Drivers\PMUSB.sys [2004-11-25 18944]
    R3 Pronaut_WBD;Pronaut WaveBridge Device (WDM);c:\windows\system32\drivers\pnwbd.sys [2006-03-05 13440]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 171520]
    R3 RtsUIR;Realtek IR Driver; [x]
    R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432]
    R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 14848]
    R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 123648]
    R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [2009-09-19 100224]
    R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2010-03-11 25088]
    R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 111960]
    R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-06 685424]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; [x]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-10-08 100560]
    R3 VBoxNetFlt;VBoxNetFlt Service; [x]
    R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-10-08 31888]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-28 1343400]
    R4 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 135664]
    R4 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2011-01-24 310640]
    R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-20 436792]
    R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 185712]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-01-13 236600]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-01-13 35768]
    S1 MpKsl30983519;MpKsl30983519;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{647D1CCF-B4AA-4183-AC87-670586BEDB73}\MpKsl30983519.sys [2011-02-14 28752]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AVWEBCAM;AV WebCam, WDM Video Capture;c:\windows\system32\DRIVERS\avwebcam.sys [2008-01-11 13696]
    S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712]
    S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
    S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-12-22 217088]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
    S2 MSSQL$RADIONOMY536765;SQL Server (RADIONOMY536765);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
    S2 ScrybeUpdater;Programme de mise à jour de Scrybe;c:\program files\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2010-08-03 1294848]
    S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
    S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 12920]
    S2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-12-22 36640]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
    S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [2010-09-22 15488]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-09-20 279656]
    S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 379904]
    S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-11-24 27632]
    S3 VCam_WDM;e2eSoft VCam;c:\windows\system32\DRIVERS\VCam_WDM.sys [2010-12-23 106208]
    S3 VCam_WDM01;e2eSoft VCam 01;c:\windows\system32\DRIVERS\VCam_WDM01.sys [2010-12-23 106208]
    S3 VCAM_WDM02;e2eSoft VCam 02;c:\windows\system32\DRIVERS\VCAM_WDM02.sys [2010-12-23 106208]
    S3 VCAM_WDM03;e2eSoft VCam 03;c:\windows\system32\DRIVERS\VCAM_WDM03.sys [2010-12-23 106208]

    --- Autres Services/Pilotes en mémoire ---

    *NewlyCreated* - FSUSBEXDISK
    *NewlyCreated* - MPKSL30983519

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contenu du dossier 'Tâches planifiées'

    2011-02-14 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2010-11-21 09:47]

    2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 17:24]

    2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 17:24]

    2011-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3369345975-770697619-2869376061-1000Core.job
    - c:\users\gabriel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-31 17:35]

    2011-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3369345975-770697619-2869376061-1000UA.job
    - c:\users\gabriel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-31 17:35]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = local
    uInternet Settings,ProxyServer = localhost:8118
    IE: &Envoyer à OneNote - /105
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2D06158FAC79A790.dll/cmsidewiki.html
    IE: Rechercher avec &Google - c:\programdata\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
    IE: Traduire la page avec Google - c:\programdata\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm
    IE: Visualiser l'ancienne version sur &archives.org - c:\programdata\TuneUp Software\TuneUp Utilities\Web\tuarch.htm
    IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902} - c:\program files\Bywifi\bywifici.exe
    FF - ProfilePath - c:\users\gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\jhdhd9yz.default\
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
    FF - prefs.js: network.proxy.type - 2
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    FF - Ext: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - %profile%\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
    FF - Ext: IE View: {6e84150a-d526-41f1-a480-a67d3fed910d} - %profile%\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
    AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
    AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
    AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
    AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
    AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
    AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
    AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
    AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
    AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
    AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
    AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
    AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
    AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
    AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
    AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
    AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
    AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
    AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-3369345975-770697619-2869376061-1000\Software\SecuROM\License information*]
    "datasecu"=hex:e0,4d,00,11,ad,23,d7,c6,c7,d3,e1,b2,17,28,9c,0f,c9,bc,5f,c7,aa,
    f8,d4,11,3b,23,6f,d0,87,1f,7e,13,fc,56,7f,47,1b,41,5e,ee,46,8c,db,73,99,8b,\
    "rkeysecu"=hex:a8,3b,2d,c8,54,89,92,f1,13,dc,21,e3,9b,68,56,fd

    [HKEY_USERS\S-1-5-21-3369345975-770697619-2869376061-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "scansk"=hex(0):93,62,77,2f,0b,6f,d6,ac,83,15,77,37,52,d5,f9,99,57,a5,a4,96,7a,
    8a,51,05,a8,97,0b,79,04,53,5e,d8,28,f1,b5,96,6f,3e,2c,2d,00,00,00,00,00,00,\

    [HKEY_USERS\S-1-5-21-3369345975-770697619-2869376061-1000_Classes\CLSID\{db7bbf4c-27ee-4689-bd45-b6ee8bac47fd}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:0000016c
    "Therad"=dword:0000000c

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'lsass.exe'(668)
    c:\windows\system32\guard32.dll
    .
    Heure de fin: 2011-02-14 21:16:41
    ComboFix-quarantined-files.txt 2011-02-14 20:16

    Avant-CF: 65 233 690 624 octets libres
    Après-CF: 64 845 873 152 octets libres

    - - End Of File - - 5FC59CC40447494312AE1A4C20246394
    0
  9. sorcierinfernal Messages postés 879 Statut Membre 76
     
    ComboFix 11-02-13.04 - gabriel 14/02/2011 21:00:38.1.1 - x86
    Lancé depuis: c:\users\gabriel\Desktop\Gabriel.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\programdata\Desktop
    c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
    c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
    c:\windows\system32\muzapp.exe
    c:\windows\system32\skinboxer43.dll
    c:\windows\system32\system32
    c:\windows\system32\system32\cis-2.4.dll
    c:\windows\system32\system32\issacapi_bs-2.3.dll
    c:\windows\system32\system32\issacapi_pe-2.3.dll
    c:\windows\system32\system32\issacapi_se-2.3.dll
    c:\windows\system32\system32\MACXMLProto.dll
    c:\windows\system32\system32\MaDRM.dll
    c:\windows\system32\system32\MaJGUILib.dll
    c:\windows\system32\system32\MaJUtilLib.dll
    c:\windows\system32\system32\MAMACExtract.dll
    c:\windows\system32\system32\MASetupCaller.dll
    c:\windows\system32\system32\MASetupCleaner.exe
    c:\windows\system32\system32\MaXMLProto.dll
    c:\windows\system32\system32\MetaStore2.dll
    c:\windows\system32\system32\Microsoft.Synchronization.dll
    c:\windows\system32\system32\MK_Lyric.dll
    c:\windows\system32\system32\MSCLib.dll
    c:\windows\system32\system32\MSFLib.dll
    c:\windows\system32\system32\MSLUR71.dll
    c:\windows\system32\system32\msvcp60.dll
    c:\windows\system32\system32\MTTELECHIP.dll
    c:\windows\system32\system32\MTXSYNCICON.dll
    c:\windows\system32\system32\muzaf1.dll
    c:\windows\system32\system32\muzapp.dll
    c:\windows\system32\system32\muzapp.exe
    c:\windows\system32\system32\muzdecode.ax
    c:\windows\system32\system32\muzeffect.ax
    c:\windows\system32\system32\muzmp4sp.ax
    c:\windows\system32\system32\muzmpgsp.ax
    c:\windows\system32\system32\muzoggsp.ax
    c:\windows\system32\system32\muzwmts.dll
    c:\windows\system32\system32\psapi.dll
    c:\windows\system32\system32\Synchronization2.dll

    ----- BITS: Il y a peut-être des sites infectés -----

    hxxp://apnmedia.ask.com
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2011-01-14 au 2011-02-14 ))))))))))))))))))))))))))))))))))))
    .

    2011-02-14 20:10 . 2011-02-14 20:10 -------- d-----w- c:\users\Sandra\AppData\Local\temp
    2011-02-14 19:52 . 2011-02-14 19:52 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{647D1CCF-B4AA-4183-AC87-670586BEDB73}\MpKsl30983519.sys
    2011-02-14 18:41 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{647D1CCF-B4AA-4183-AC87-670586BEDB73}\mpengine.dll
    2011-02-13 15:15 . 2011-02-13 15:15 134464 ----a-w- c:\windows\system32\LnkProtect.dll
    2011-02-10 12:17 . 2011-02-10 12:17 -------- d-----w- c:\users\gabriel\AppData\Local\#N
    2011-02-10 12:15 . 2011-02-10 12:16 -------- d-----w- c:\users\gabriel\AppData\Roaming\Doodle_Jump_PC
    2011-02-10 12:14 . 2011-02-10 12:14 -------- d-----w- c:\program files\Doodle Jump
    2011-02-10 12:12 . 2011-02-10 12:12 -------- d-----w- c:\program files\Microsoft XNA
    2011-02-10 10:10 . 2011-01-05 03:37 2329088 ----a-w- c:\windows\system32\win32k.sys
    2011-02-10 10:06 . 2010-12-18 05:29 541184 ----a-w- c:\windows\system32\kerberos.dll
    2011-02-10 09:56 . 2011-01-05 05:37 428032 ----a-w- c:\windows\system32\vbscript.dll
    2011-02-10 09:54 . 2010-12-18 05:29 860160 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
    2011-02-10 09:54 . 2010-12-18 05:33 673040 ----a-w- c:\program files\Internet Explorer\iexplore.exe
    2011-02-10 09:53 . 2010-12-18 05:29 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-10 09:53 . 2010-12-18 05:29 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
    2011-02-10 09:53 . 2010-12-18 04:20 386048 ----a-w- c:\windows\system32\html.iec
    2011-02-10 09:53 . 2010-12-18 03:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-02-10 09:51 . 2011-01-07 05:33 294400 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-10 09:51 . 2011-01-07 07:27 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-02-10 09:51 . 2010-10-27 04:40 1289536 ----a-w- c:\windows\system32\ntdll.dll
    2011-02-10 09:51 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-02-10 09:51 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-02-10 09:49 . 2010-12-21 05:38 204288 ----a-w- c:\windows\system32\upnp.dll
    2011-02-10 09:48 . 2010-12-21 05:36 1389568 ----a-w- c:\windows\system32\msxml6.dll
    2011-02-10 09:48 . 2010-12-21 05:38 981504 ----a-w- c:\windows\system32\wininet.dll
    2011-02-10 09:48 . 2010-12-21 05:36 1236992 ----a-w- c:\windows\system32\msxml3.dll
    2011-02-10 09:48 . 2010-12-21 05:38 350720 ----a-w- c:\windows\system32\winhttp.dll
    2011-02-10 09:48 . 2010-12-21 05:38 204800 ----a-w- c:\windows\system32\WebClnt.dll
    2011-02-10 09:48 . 2010-12-21 05:34 80384 ----a-w- c:\windows\system32\davclnt.dll
    2011-02-10 09:48 . 2010-12-21 05:38 51200 ----a-w- c:\windows\system32\wscapi.dll
    2011-02-10 09:48 . 2010-12-21 05:38 14336 ----a-w- c:\windows\system32\slwga.dll
    2011-02-10 09:48 . 2010-12-21 05:38 73728 ----a-w- c:\windows\system32\wscsvc.dll
    2011-02-10 09:48 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2011-02-08 19:30 . 2010-07-27 15:13 27136 ----a-w- c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
    2011-02-08 19:30 . 2010-03-24 15:57 713312 ----a-w- c:\windows\system32\ijjiSetup.exe
    2011-02-08 19:30 . 2010-03-24 15:56 62048 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
    2011-02-08 19:30 . 2011-02-09 15:37 -------- d-----w- c:\program files\REACTOR
    2011-02-07 18:26 . 2011-02-07 20:28 -------- d-----w- C:\UsbFix
    2011-02-06 20:38 . 2011-01-29 16:00 4659712 ----a-w- c:\windows\system32\Redemption.dll
    2011-02-06 20:31 . 2011-01-31 01:01 87340080 ----a-w- c:\users\gabriel\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
    2011-02-06 19:36 . 2011-02-06 19:47 53248 ----a-w- c:\windows\fados.exe
    2011-02-06 19:31 . 2011-02-06 19:31 -------- d-----w- c:\program files\Common Files\Atlence
    2011-02-03 17:49 . 2011-02-03 17:49 -------- d-----w- c:\users\gabriel\AppData\Roaming\Synaptics
    2011-02-02 19:19 . 2011-02-02 19:19 -------- d-----w- c:\programdata\Synaptics
    2011-02-02 19:04 . 2010-10-29 11:31 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
    2011-02-02 19:04 . 2009-08-07 07:49 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2011-02-02 19:04 . 2010-10-29 11:30 218408 ----a-w- c:\windows\system32\SynCtrl.dll
    2011-02-02 19:04 . 2010-10-29 11:30 173352 ----a-w- c:\windows\system32\SynCOM.dll
    2011-02-02 19:04 . 2010-10-29 11:31 165160 ----a-w- c:\windows\system32\SynTPAPI.dll
    2011-02-02 19:04 . 2010-10-29 11:32 1317552 ----a-w- c:\windows\system32\drivers\SynTP.sys
    2011-02-02 15:48 . 2011-02-06 19:51 -------- d-----w- c:\program files\Doblon
    2011-01-30 20:32 . 2011-01-31 19:00 -------- d-----w- c:\program files\Keyboard Logger
    2011-01-30 20:32 . 2011-01-30 20:32 -------- d-----w- c:\programdata\Keyboard Logger
    2011-01-30 20:24 . 2011-01-30 20:24 -------- d-----w- c:\users\gabriel\AppData\Roaming\Zabersoft
    2011-01-30 20:24 . 2011-01-30 20:24 -------- d-----w- c:\programdata\Zabersoft
    2011-01-30 20:24 . 2011-01-30 20:24 -------- d-----w- c:\program files\PimpFish
    2011-01-30 16:59 . 2011-01-30 17:09 -------- d-----w- C:\BuilderProjects
    2011-01-30 13:57 . 2011-01-30 13:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2011-01-30 13:57 . 2011-01-30 13:57 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
    2011-01-29 22:16 . 2011-01-29 22:16 30056 ----a-w- c:\windows\system32\MASetupCleaner.exe
    2011-01-29 10:22 . 2008-10-20 10:31 41216 ----a-w- c:\windows\system32\drivers\Capt905c.sys
    2011-01-29 10:22 . 2008-10-20 10:30 26496 ----a-w- c:\windows\system32\drivers\Camd905c.sys
    2011-01-29 10:22 . 2011-01-29 10:23 -------- d-----w- c:\program files\MyDSC2
    2011-01-26 13:48 . 2004-01-09 09:54 188416 ----a-w- c:\windows\system32\actsplash.ocx
    2011-01-26 13:48 . 2004-01-07 23:43 253952 ----a-w- c:\windows\system32\histogram.ocx
    2011-01-26 11:46 . 2010-11-30 09:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10DEDD39-BB68-4859-9D16-5F52E6029621}\gapaengine.dll
    2011-01-26 08:21 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
    2011-01-26 08:21 . 2011-01-26 08:22 -------- d-----w- c:\program files\Microsoft Security Client
    2011-01-26 08:20 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
    2011-01-23 20:02 . 2011-01-24 18:18 -------- d-----w- c:\program files\GtkRadiant 1.5.0
    2011-01-23 15:02 . 2011-02-06 16:17 -------- d-----w- c:\users\gabriel\AppData\Local\PBlackout
    2011-01-19 15:00 . 2011-02-02 16:09 -------- d-----w- c:\users\gabriel\AppData\Local\Paint.NET
    2011-01-19 14:21 . 2011-01-19 14:21 -------- d-----w- c:\program files\FileZilla FTP Client
    2011-01-17 20:14 . 2011-01-17 20:14 -------- d-----w- c:\program files\Notepad++
    2011-01-15 21:12 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-07 18:35 . 2011-02-07 18:35 8678 ----a-w- C:\UsbFix_Upload_Me_GABRIEL-TOSH.zip
    2011-01-13 11:13 . 2010-06-01 18:00 285480 ----a-w- c:\windows\system32\guard32.dll
    2011-01-13 11:13 . 2010-06-01 18:00 80064 ----a-w- c:\windows\system32\drivers\inspect.sys
    2011-01-13 11:13 . 2010-06-01 18:00 35768 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-01-13 11:13 . 2010-06-01 18:00 17256 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2011-01-13 11:13 . 2010-06-04 10:55 236600 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2011-01-13 09:41 . 2010-10-16 10:28 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2010-12-31 17:20 . 2009-07-14 02:05 152064 ----a-w- c:\windows\system32\msclmd.dll
    2010-12-23 15:43 . 2011-01-08 18:32 106208 ----a-w- c:\windows\system32\drivers\VCAM_WDM03.sys
    2010-12-23 15:43 . 2011-01-08 18:32 106208 ----a-w- c:\windows\system32\drivers\VCAM_WDM02.sys
    2010-12-23 15:42 . 2011-01-08 18:32 106208 ----a-w- c:\windows\system32\drivers\VCam_WDM01.sys
    2010-12-23 15:42 . 2011-01-08 18:32 106208 ----a-w- c:\windows\system32\drivers\VCam_WDM.sys
    2010-12-23 10:09 . 2009-09-04 08:36 53248 ----a-w- c:\windows\system32\CSVer.dll
    2010-12-20 17:09 . 2010-06-29 07:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 17:08 . 2010-06-29 07:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-20 11:03 . 2010-03-29 17:56 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-12-18 17:19 . 2010-03-31 07:18 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2010-12-18 17:19 . 2010-03-31 07:18 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-12-10 17:29 . 2010-12-10 17:29 64864 ----a-w- c:\windows\system32\sqlctr90.dll
    2010-12-10 17:29 . 2010-12-10 17:29 2248032 ----a-w- c:\windows\system32\sqlncli.dll
    2010-11-29 18:58 . 2010-11-29 18:58 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-28 12:44 . 2010-11-28 12:44 164352 ----a-w- c:\windows\system32\SpoonUninstall.exe
    2010-11-24 19:05 . 2010-11-24 19:05 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
    2010-11-24 19:04 . 2010-11-24 19:04 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
    2010-11-24 19:04 . 2010-11-24 19:04 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 90624]
    "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
    "ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2011-01-24 2200376]
    "bywifi"="c:\program files\Bywifi\bywifi.exe" [2010-10-24 2644992]
    "C:!Users!gabriel!AppData!Local!Google!Chrome!User Data_service_run"="c:\users\gabriel\AppData\Local\Google\Chrome\Application\chrome.exe" [2011-02-10 994872]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="realsched.exe -osboot" [X]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-21 2548552]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    "bywifi"="c:\program files\Bywifi\bywifi.exe" [2010-10-24 2644992]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsNetHood"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMBalloonTip"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /r \??\G:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk]
    backup=c:\windows\pss\Rainmeter.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scrybe.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
    backup=c:\windows\pss\Scrybe.lnk.CommonStartup
    backupExtension=.CommonStartup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:!Users!gabriel!AppData!Local!Google!Chrome!User Data_service_run]
    2011-02-10 03:14 994872 ----a-w- c:\users\gabriel\AppData\Local\Google\Chrome\Application\chrome.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX210 Series]
    2008-11-05 14:00 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFDE.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glary Memory Optimizer]
    2010-11-24 09:47 108344 ----a-w- c:\program files\Glary Utilities\memdefrag.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
    2010-03-30 09:16 1820040 ----a-w- d:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
    2010-12-20 17:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-09-22 23:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-12-18 17:19 274608 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Google Update"="c:\users\gabriel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    "Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "SmartFaceVWatcher"=%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot
    "00TCrdMain"=%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    R1 MpKsl8805db57;MpKsl8805db57;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3F57400-CC48-4968-9FC4-D428F20D5481}\MpKsl8805db57.sys [x]
    R1 MpKsld88f92b6;MpKsld88f92b6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BC1E1FC7-9966-4CDF-9A10-3D2F1243146C}\MpKsld88f92b6.sys [x]
    R1 MpKsle8162d77;MpKsle8162d77;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3F57400-CC48-4968-9FC4-D428F20D5481}\MpKsle8162d77.sys [x]
    R1 MpKslf2fef066;MpKslf2fef066;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E061F170-3A19-4D84-B5B5-50C8CDCA7727}\MpKslf2fef066.sys [x]
    R1 MpKslfb85e415;MpKslfb85e415;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3F57400-CC48-4968-9FC4-D428F20D5481}\MpKslfb85e415.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;h:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-09-30 1051968]
    R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
    R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
    R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
    R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-11-24 13224]
    R3 MailScan;MailScan; [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
    R3 NisSrv;Inspection réseau Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
    R3 PMUSB2G;PassMark® Software USB 2.0 Loopback plug;c:\windows\system32\Drivers\PMUSB.sys [2004-11-25 18944]
    R3 Pronaut_WBD;Pronaut WaveBridge Device (WDM);c:\windows\system32\drivers\pnwbd.sys [2006-03-05 13440]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 171520]
    R3 RtsUIR;Realtek IR Driver; [x]
    R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432]
    R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 14848]
    R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 123648]
    R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [2009-09-19 100224]
    R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2010-03-11 25088]
    R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 111960]
    R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-06 685424]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; [x]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-10-08 100560]
    R3 VBoxNetFlt;VBoxNetFlt Service; [x]
    R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-10-08 31888]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-28 1343400]
    R4 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 135664]
    R4 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2011-01-24 310640]
    R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-20 436792]
    R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 185712]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-01-13 236600]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-01-13 35768]
    S1 MpKsl30983519;MpKsl30983519;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{647D1CCF-B4AA-4183-AC87-670586BEDB73}\MpKsl30983519.sys [2011-02-14 28752]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AVWEBCAM;AV WebCam, WDM Video Capture;c:\windows\system32\DRIVERS\avwebcam.sys [2008-01-11 13696]
    S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712]
    S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
    S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-12-22 217088]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
    S2 MSSQL$RADIONOMY536765;SQL Server (RADIONOMY536765);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
    S2 ScrybeUpdater;Programme de mise à jour de Scrybe;c:\program files\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2010-08-03 1294848]
    S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
    S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 12920]
    S2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-12-22 36640]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
    S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [2010-09-22 15488]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-09-20 279656]
    S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 379904]
    S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-11-24 27632]
    S3 VCam_WDM;e2eSoft VCam;c:\windows\system32\DRIVERS\VCam_WDM.sys [2010-12-23 106208]
    S3 VCam_WDM01;e2eSoft VCam 01;c:\windows\system32\DRIVERS\VCam_WDM01.sys [2010-12-23 106208]
    S3 VCAM_WDM02;e2eSoft VCam 02;c:\windows\system32\DRIVERS\VCAM_WDM02.sys [2010-12-23 106208]
    S3 VCAM_WDM03;e2eSoft VCam 03;c:\windows\system32\DRIVERS\VCAM_WDM03.sys [2010-12-23 106208]

    --- Autres Services/Pilotes en mémoire ---

    *NewlyCreated* - FSUSBEXDISK
    *NewlyCreated* - MPKSL30983519

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contenu du dossier 'Tâches planifiées'

    2011-02-14 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2010-11-21 09:47]

    2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 17:24]

    2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 17:24]

    2011-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3369345975-770697619-2869376061-1000Core.job
    - c:\users\gabriel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-31 17:35]

    2011-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3369345975-770697619-2869376061-1000UA.job
    - c:\users\gabriel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-31 17:35]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = local
    uInternet Settings,ProxyServer = localhost:8118
    IE: &Envoyer à OneNote - /105
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2D06158FAC79A790.dll/cmsidewiki.html
    IE: Rechercher avec &Google - c:\programdata\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
    IE: Traduire la page avec Google - c:\programdata\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm
    IE: Visualiser l'ancienne version sur &archives.org - c:\programdata\TuneUp Software\TuneUp Utilities\Web\tuarch.htm
    IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902} - c:\program files\Bywifi\bywifici.exe
    FF - ProfilePath - c:\users\gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\jhdhd9yz.default\
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
    FF - prefs.js: network.proxy.type - 2
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    FF - Ext: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - %profile%\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
    FF - Ext: IE View: {6e84150a-d526-41f1-a480-a67d3fed910d} - %profile%\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
    AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
    AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
    AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
    AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
    AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
    AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
    AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
    AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
    AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
    AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
    AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
    AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
    AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
    AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
    AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
    AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
    AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
    AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-3369345975-770697619-2869376061-1000\Software\SecuROM\License information*]
    "datasecu"=hex:e0,4d,00,11,ad,23,d7,c6,c7,d3,e1,b2,17,28,9c,0f,c9,bc,5f,c7,aa,
    f8,d4,11,3b,23,6f,d0,87,1f,7e,13,fc,56,7f,47,1b,41,5e,ee,46,8c,db,73,99,8b,\
    "rkeysecu"=hex:a8,3b,2d,c8,54,89,92,f1,13,dc,21,e3,9b,68,56,fd

    [HKEY_USERS\S-1-5-21-3369345975-770697619-2869376061-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "scansk"=hex(0):93,62,77,2f,0b,6f,d6,ac,83,15,77,37,52,d5,f9,99,57,a5,a4,96,7a,
    8a,51,05,a8,97,0b,79,04,53,5e,d8,28,f1,b5,96,6f,3e,2c,2d,00,00,00,00,00,00,\

    [HKEY_USERS\S-1-5-21-3369345975-770697619-2869376061-1000_Classes\CLSID\{db7bbf4c-27ee-4689-bd45-b6ee8bac47fd}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:0000016c
    "Therad"=dword:0000000c

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'lsass.exe'(668)
    c:\windows\system32\guard32.dll
    .
    Heure de fin: 2011-02-14 21:16:41
    ComboFix-quarantined-files.txt 2011-02-14 20:16

    Avant-CF: 65 233 690 624 octets libres
    Après-CF: 64 845 873 152 octets libres

    - - End Of File - - 5FC59CC40447494312AE1A4C20246394
    0
  10. sorcierinfernal Messages postés 879 Statut Membre 76
     
    Apparemment, je ne suis pas venu pour rien ;) a demain alors
    0
  11. gen-hackman
     
    oui ce fichier va sauter :

    C:\Windows\Fados.exe ainsi que d'autres :)
    0
  12. sorcierinfernal Messages postés 879 Statut Membre 76
     
    Bon, me revoilà !! Ensuite ?
    0
    1. sorcierinfernal Messages postés 879 Statut Membre 76
       
      Up ;(
      0
  13. gen-hackman
     
    hello


    __________________________________________________
    =>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
    =>il est fort déconseillé de le transposer sur un autre ordinateur !<=
    ----------------------------------------------------------------------------


    Toujours avec toutes les protections désactivées, fais ceci :

    ▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
    ▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

    ----------------------------------------------------------
    KillAll::

    Domains::

    File::
    c:\windows\fados.exe

    DDS::
    uInternet Settings,ProxyOverride = local
    uInternet Settings,ProxyServer = localhost:8118

    Firefox::
    FF - Ext: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - %profile%\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86} => NCH Toolbar

    RegLock::
    [HKEY_USERS\S-1-5-21-3369345975-770697619-2869376061-1000\Software\SecuROM\License information*]
    [HKEY_USERS\S-1-5-21-3369345975-770697619-2869376061-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    [HKEY_USERS\S-1-5-21-3369345975-770697619-2869376061-1000_Classes\CLSID\{db7bbf4c-27ee-4689-bd45-b6ee8bac47fd}]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

    MBR::

    ------------------------------------------------------------------

    ▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
    ▶ Quitte le Bloc Notes

    ▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix

    ▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
    ▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    ▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt

    0
  14. sorcierinfernal Messages postés 879 Statut Membre 76
     
    Re

    Bon, cela va faire 20 minutes que ComboFix reste sur la préparation du contre-rendu. Il a voulu que je fasse une mise à jour. J'ai accepté. Il a aussi redémarré mon pc
    0
  15. sorcierinfernal Messages postés 879 Statut Membre 76
     
    ComboFix 11-02-15.01 - gabriel 15/02/2011 19:55:49.2.1 - x86
    Lancé depuis: c:\users\gabriel\Desktop\Gabriel.exe
    Commutateurs utilisés :: c:\users\gabriel\Desktop\CFScript.txt

    FILE ::
    "c:\windows\fados.exe"
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\fados.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2011-01-15 au 2011-02-15 ))))))))))))))))))))))))))))))))))))
    .

    2011-02-15 19:11 . 2011-02-15 19:11 -------- d-----w- c:\users\Sandra\AppData\Local\temp
    2011-02-15 19:11 . 2011-02-15 19:11 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-02-15 18:46 . 2011-02-15 18:53 -------- d-----w- C:\Gabriel13940G
    2011-02-15 17:56 . 2011-02-15 17:56 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5BAF7791-EBBB-48C6-94C9-9ED7EDC63677}\MpKsl08af7f2a.sys
    2011-02-14 20:17 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5BAF7791-EBBB-48C6-94C9-9ED7EDC63677}\mpengine.dll
    2011-02-13 15:15 . 2011-02-13 15:15 134464 ----a-w- c:\windows\system32\LnkProtect.dll
    2011-02-10 12:17 . 2011-02-10 12:17 -------- d-----w- c:\users\gabriel\AppData\Local\#N
    2011-02-10 12:15 . 2011-02-10 12:16 -------- d-----w- c:\users\gabriel\AppData\Roaming\Doodle_Jump_PC
    2011-02-10 12:14 . 2011-02-10 12:14 -------- d-----w- c:\program files\Doodle Jump
    2011-02-10 12:12 . 2011-02-10 12:12 -------- d-----w- c:\program files\Microsoft XNA
    2011-02-10 10:10 . 2011-01-05 03:37 2329088 ----a-w- c:\windows\system32\win32k.sys
    2011-02-10 10:06 . 2010-12-18 05:29 541184 ----a-w- c:\windows\system32\kerberos.dll
    2011-02-10 09:56 . 2011-01-05 05:37 428032 ----a-w- c:\windows\system32\vbscript.dll
    2011-02-10 09:54 . 2010-12-18 05:29 860160 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
    2011-02-10 09:54 . 2010-12-18 05:33 673040 ----a-w- c:\program files\Internet Explorer\iexplore.exe
    2011-02-10 09:53 . 2010-12-18 05:29 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-10 09:53 . 2010-12-18 05:29 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
    2011-02-10 09:53 . 2010-12-18 04:20 386048 ----a-w- c:\windows\system32\html.iec
    2011-02-10 09:53 . 2010-12-18 03:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-02-10 09:51 . 2011-01-07 05:33 294400 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-10 09:51 . 2011-01-07 07:27 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-02-10 09:51 . 2010-10-27 04:40 1289536 ----a-w- c:\windows\system32\ntdll.dll
    2011-02-10 09:51 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-02-10 09:51 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-02-10 09:49 . 2010-12-21 05:38 204288 ----a-w- c:\windows\system32\upnp.dll
    2011-02-10 09:48 . 2010-12-21 05:36 1389568 ----a-w- c:\windows\system32\msxml6.dll
    2011-02-10 09:48 . 2010-12-21 05:38 981504 ----a-w- c:\windows\system32\wininet.dll
    2011-02-10 09:48 . 2010-12-21 05:36 1236992 ----a-w- c:\windows\system32\msxml3.dll
    2011-02-10 09:48 . 2010-12-21 05:38 350720 ----a-w- c:\windows\system32\winhttp.dll
    2011-02-10 09:48 . 2010-12-21 05:38 204800 ----a-w- c:\windows\system32\WebClnt.dll
    2011-02-10 09:48 . 2010-12-21 05:34 80384 ----a-w- c:\windows\system32\davclnt.dll
    2011-02-10 09:48 . 2010-12-21 05:38 51200 ----a-w- c:\windows\system32\wscapi.dll
    2011-02-10 09:48 . 2010-12-21 05:38 14336 ----a-w- c:\windows\system32\slwga.dll
    2011-02-10 09:48 . 2010-12-21 05:38 73728 ----a-w- c:\windows\system32\wscsvc.dll
    2011-02-10 09:48 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2011-02-08 19:30 . 2010-07-27 15:13 27136 ----a-w- c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
    2011-02-08 19:30 . 2010-03-24 15:57 713312 ----a-w- c:\windows\system32\ijjiSetup.exe
    2011-02-08 19:30 . 2010-03-24 15:56 62048 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
    2011-02-08 19:30 . 2011-02-09 15:37 -------- d-----w- c:\program files\REACTOR
    2011-02-07 18:26 . 2011-02-07 20:28 -------- d-----w- C:\UsbFix
    2011-02-06 20:38 . 2011-01-29 16:00 4659712 ----a-w- c:\windows\system32\Redemption.dll
    2011-02-06 20:31 . 2011-01-31 01:01 87340080 ----a-w- c:\users\gabriel\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
    2011-02-06 19:31 . 2011-02-06 19:31 -------- d-----w- c:\program files\Common Files\Atlence
    2011-02-03 17:49 . 2011-02-03 17:49 -------- d-----w- c:\users\gabriel\AppData\Roaming\Synaptics
    2011-02-02 19:19 . 2011-02-02 19:19 -------- d-----w- c:\programdata\Synaptics
    2011-02-02 19:04 . 2010-10-29 11:31 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
    2011-02-02 19:04 . 2009-08-07 07:49 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2011-02-02 19:04 . 2010-10-29 11:30 218408 ----a-w- c:\windows\system32\SynCtrl.dll
    2011-02-02 19:04 . 2010-10-29 11:30 173352 ----a-w- c:\windows\system32\SynCOM.dll
    2011-02-02 19:04 . 2010-10-29 11:31 165160 ----a-w- c:\windows\system32\SynTPAPI.dll
    2011-02-02 19:04 . 2010-10-29 11:32 1317552 ----a-w- c:\windows\system32\drivers\SynTP.sys
    2011-02-02 15:48 . 2011-02-06 19:51 -------- d-----w- c:\program files\Doblon
    2011-01-30 20:32 . 2011-01-31 19:00 -------- d-----w- c:\program files\Keyboard Logger
    2011-01-30 20:32 . 2011-01-30 20:32 -------- d-----w- c:\programdata\Keyboard Logger
    2011-01-30 20:24 . 2011-01-30 20:24 -------- d-----w- c:\users\gabriel\AppData\Roaming\Zabersoft
    2011-01-30 20:24 . 2011-01-30 20:24 -------- d-----w- c:\programdata\Zabersoft
    2011-01-30 20:24 . 2011-01-30 20:24 -------- d-----w- c:\program files\PimpFish
    2011-01-30 16:59 . 2011-01-30 17:09 -------- d-----w- C:\BuilderProjects
    2011-01-30 13:57 . 2011-01-30 13:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2011-01-30 13:57 . 2011-01-30 13:57 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
    2011-01-29 22:16 . 2011-01-29 22:16 30056 ----a-w- c:\windows\system32\MASetupCleaner.exe
    2011-01-29 10:22 . 2008-10-20 10:31 41216 ----a-w- c:\windows\system32\drivers\Capt905c.sys
    2011-01-29 10:22 . 2008-10-20 10:30 26496 ----a-w- c:\windows\system32\drivers\Camd905c.sys
    2011-01-29 10:22 . 2011-01-29 10:23 -------- d-----w- c:\program files\MyDSC2
    2011-01-26 13:48 . 2004-01-09 09:54 188416 ----a-w- c:\windows\system32\actsplash.ocx
    2011-01-26 13:48 . 2004-01-07 23:43 253952 ----a-w- c:\windows\system32\histogram.ocx
    2011-01-26 11:46 . 2010-11-30 09:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10DEDD39-BB68-4859-9D16-5F52E6029621}\gapaengine.dll
    2011-01-26 08:21 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
    2011-01-26 08:21 . 2011-01-26 08:22 -------- d-----w- c:\program files\Microsoft Security Client
    2011-01-26 08:20 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
    2011-01-23 20:02 . 2011-01-24 18:18 -------- d-----w- c:\program files\GtkRadiant 1.5.0
    2011-01-23 15:02 . 2011-02-06 16:17 -------- d-----w- c:\users\gabriel\AppData\Local\PBlackout
    2011-01-19 15:00 . 2011-02-02 16:09 -------- d-----w- c:\users\gabriel\AppData\Local\Paint.NET
    2011-01-19 14:21 . 2011-01-19 14:21 -------- d-----w- c:\program files\FileZilla FTP Client
    2011-01-17 20:14 . 2011-01-17 20:14 -------- d-----w- c:\program files\Notepad++

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-07 18:35 . 2011-02-07 18:35 8678 ----a-w- C:\UsbFix_Upload_Me_GABRIEL-TOSH.zip
    2011-01-13 11:13 . 2010-06-01 18:00 285480 ----a-w- c:\windows\system32\guard32.dll
    2011-01-13 11:13 . 2010-06-01 18:00 80064 ----a-w- c:\windows\system32\drivers\inspect.sys
    2011-01-13 11:13 . 2010-06-01 18:00 35768 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-01-13 11:13 . 2010-06-01 18:00 17256 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2011-01-13 11:13 . 2010-06-04 10:55 236600 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2011-01-13 09:41 . 2010-10-16 10:28 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2010-12-31 17:20 . 2009-07-14 02:05 152064 ----a-w- c:\windows\system32\msclmd.dll
    2010-12-23 15:43 . 2011-01-08 18:32 106208 ----a-w- c:\windows\system32\drivers\VCAM_WDM03.sys
    2010-12-23 15:43 . 2011-01-08 18:32 106208 ----a-w- c:\windows\system32\drivers\VCAM_WDM02.sys
    2010-12-23 15:42 . 2011-01-08 18:32 106208 ----a-w- c:\windows\system32\drivers\VCam_WDM01.sys
    2010-12-23 15:42 . 2011-01-08 18:32 106208 ----a-w- c:\windows\system32\drivers\VCam_WDM.sys
    2010-12-23 10:09 . 2009-09-04 08:36 53248 ----a-w- c:\windows\system32\CSVer.dll
    2010-12-20 17:09 . 2010-06-29 07:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 17:08 . 2010-06-29 07:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-20 11:03 . 2010-03-29 17:56 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-12-18 17:19 . 2010-03-31 07:18 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2010-12-18 17:19 . 2010-03-31 07:18 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-12-10 17:29 . 2010-12-10 17:29 64864 ----a-w- c:\windows\system32\sqlctr90.dll
    2010-12-10 17:29 . 2010-12-10 17:29 2248032 ----a-w- c:\windows\system32\sqlncli.dll
    2010-11-29 18:58 . 2010-11-29 18:58 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-28 12:44 . 2010-11-28 12:44 164352 ----a-w- c:\windows\system32\SpoonUninstall.exe
    2010-11-24 19:05 . 2010-11-24 19:05 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
    2010-11-24 19:04 . 2010-11-24 19:04 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
    2010-11-24 19:04 . 2010-11-24 19:04 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 90624]
    "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
    "ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2011-01-24 2200376]
    "bywifi"="c:\program files\Bywifi\bywifi.exe" [2010-10-24 2644992]
    "C:!Users!gabriel!AppData!Local!Google!Chrome!User Data_service_run"="c:\users\gabriel\AppData\Local\Google\Chrome\Application\chrome.exe" [2011-02-10 994872]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="realsched.exe -osboot" [X]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-21 2548552]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    "bywifi"="c:\program files\Bywifi\bywifi.exe" [2010-10-24 2644992]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsNetHood"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMBalloonTip"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /r \??\G:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk]
    backup=c:\windows\pss\Rainmeter.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scrybe.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
    backup=c:\windows\pss\Scrybe.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:!Users!gabriel!AppData!Local!Google!Chrome!User Data_service_run]
    2011-02-10 03:14 994872 ----a-w- c:\users\gabriel\AppData\Local\Google\Chrome\Application\chrome.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX210 Series]
    2008-11-05 14:00 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFDE.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glary Memory Optimizer]
    2010-11-24 09:47 108344 ----a-w- c:\program files\Glary Utilities\memdefrag.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
    2010-03-30 09:16 1820040 ----a-w- d:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
    2010-12-20 17:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-09-22 23:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-12-18 17:19 274608 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Google Update"="c:\users\gabriel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    "Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "SmartFaceVWatcher"=%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot
    "00TCrdMain"=%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    R1 MpKsl8805db57;MpKsl8805db57;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3F57400-CC48-4968-9FC4-D428F20D5481}\MpKsl8805db57.sys [x]
    R1 MpKsld88f92b6;MpKsld88f92b6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BC1E1FC7-9966-4CDF-9A10-3D2F1243146C}\MpKsld88f92b6.sys [x]
    R1 MpKsle8162d77;MpKsle8162d77;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3F57400-CC48-4968-9FC4-D428F20D5481}\MpKsle8162d77.sys [x]
    R1 MpKslf2fef066;MpKslf2fef066;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E061F170-3A19-4D84-B5B5-50C8CDCA7727}\MpKslf2fef066.sys [x]
    R1 MpKslfb85e415;MpKslfb85e415;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3F57400-CC48-4968-9FC4-D428F20D5481}\MpKslfb85e415.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;h:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-09-30 1051968]
    R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
    R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
    R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
    R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-11-24 13224]
    R3 MailScan;MailScan; [x]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
    R3 NisSrv;Inspection réseau Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
    R3 PMUSB2G;PassMark® Software USB 2.0 Loopback plug;c:\windows\system32\Drivers\PMUSB.sys [2004-11-25 18944]
    R3 Pronaut_WBD;Pronaut WaveBridge Device (WDM);c:\windows\system32\drivers\pnwbd.sys [2006-03-05 13440]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 171520]
    R3 RtsUIR;Realtek IR Driver; [x]
    R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432]
    R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 14848]
    R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 123648]
    R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [2009-09-19 100224]
    R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2010-03-11 25088]
    R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 111960]
    R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-06 685424]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; [x]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-10-08 100560]
    R3 VBoxNetFlt;VBoxNetFlt Service; [x]
    R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-10-08 31888]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-28 1343400]
    R4 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 135664]
    R4 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2011-01-24 310640]
    R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-20 436792]
    R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 185712]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-01-13 236600]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-01-13 35768]
    S1 MpKsl08af7f2a;MpKsl08af7f2a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5BAF7791-EBBB-48C6-94C9-9ED7EDC63677}\MpKsl08af7f2a.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AVWEBCAM;AV WebCam, WDM Video Capture;c:\windows\system32\DRIVERS\avwebcam.sys [2008-01-11 13696]
    S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712]
    S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
    S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-12-22 217088]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
    S2 MSSQL$RADIONOMY536765;SQL Server (RADIONOMY536765);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
    S2 ScrybeUpdater;Programme de mise à jour de Scrybe;c:\program files\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2010-08-03 1294848]
    S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
    S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 12920]
    S2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-12-22 36640]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
    S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [2010-09-22 15488]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-09-20 279656]
    S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 379904]
    S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-11-24 27632]
    S3 VCam_WDM;e2eSoft VCam;c:\windows\system32\DRIVERS\VCam_WDM.sys [2010-12-23 106208]
    S3 VCam_WDM01;e2eSoft VCam 01;c:\windows\system32\DRIVERS\VCam_WDM01.sys [2010-12-23 106208]
    S3 VCAM_WDM02;e2eSoft VCam 02;c:\windows\system32\DRIVERS\VCAM_WDM02.sys [2010-12-23 106208]
    S3 VCAM_WDM03;e2eSoft VCam 03;c:\windows\system32\DRIVERS\VCAM_WDM03.sys [2010-12-23 106208]

    --- Autres Services/Pilotes en mémoire ---

    *NewlyCreated* - FSUSBEXDISK

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contenu du dossier 'Tâches planifiées'

    2011-02-15 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2010-11-21 09:47]

    2011-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 17:24]

    2011-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 17:24]

    2011-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3369345975-770697619-2869376061-1000Core.job
    - c:\users\gabriel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-31 17:35]

    2011-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3369345975-770697619-2869376061-1000UA.job
    - c:\users\gabriel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-31 17:35]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = local
    IE: &Envoyer à OneNote - /105
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2D06158FAC79A790.dll/cmsidewiki.html
    IE: Rechercher avec &Google - c:\programdata\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
    IE: Traduire la page avec Google - c:\programdata\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm
    IE: Visualiser l'ancienne version sur &archives.org - c:\programdata\TuneUp Software\TuneUp Utilities\Web\tuarch.htm
    IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902} - c:\program files\Bywifi\bywifici.exe
    FF - ProfilePath - c:\users\gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\jhdhd9yz.default\
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
    FF - prefs.js: network.proxy.type - 2
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    FF - Ext: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - %profile%\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
    FF - Ext: IE View: {6e84150a-d526-41f1-a480-a67d3fed910d} - %profile%\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
    # Mozilla User Preferences
    /* Do not edit this file.
    *
    * If you make changes to this file while the application is running,
    * the changes will be overwritten when the application exits.
    *
    * To make a manual change to preferences, you can visit the URL about:config
    * For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
    */
    FF - user.js: network.proxy.type - 2
    FF - user.js: network.proxy.autoconfig_url - hxxp://localhost:9000/proxy.pac
    .
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-3369345975-770697619-2869376061-1000\Software\SecuROM\License information*]
    "datasecu"=hex:e0,4d,00,11,ad,23,d7,c6,c7,d3,e1,b2,17,28,9c,0f,c9,bc,5f,c7,aa,
    f8,d4,11,3b,23,6f,d0,87,1f,7e,13,fc,56,7f,47,1b,41,5e,ee,46,8c,db,73,99,8b,\
    "rkeysecu"=hex:a8,3b,2d,c8,54,89,92,f1,13,dc,21,e3,9b,68,56,fd
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'lsass.exe'(628)
    c:\windows\system32\guard32.dll

    - - - - - - - > 'Explorer.exe'(2320)
    c:\windows\system32\guard32.dll
    c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll
    c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\windows\system32\TODDSrv.exe
    c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\DllHost.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\taskhost.exe
    c:\program files\SpywareGuard\sgmain.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\DllHost.exe
    c:\program files\Windows Live\Contacts\wlcomm.exe
    .
    **************************************************************************
    .
    Heure de fin: 2011-02-15 20:47:30 - La machine a redémarré
    ComboFix-quarantined-files.txt 2011-02-15 19:47
    ComboFix2.txt 2011-02-14 20:16

    Avant-CF: 64 877 703 168 octets libres
    Après-CF: 65 066 004 480 octets libres

    - - End Of File - - D665E5DE8BAB0B05BEE2FF867724A134
    0
    1. sorcierinfernal Messages postés 879 Statut Membre 76
       
      Ouf ! enfin

      Mais, bizzare, je n'avais pas vu ce fados.exe dans C:\\
      0
    2. sorcierinfernal Messages postés 879 Statut Membre 76
       
      Bon à demain ;) Je vous laisse étudier ça :p
      0
  16. sorcierinfernal Messages postés 879 Statut Membre 76
     
    Re,

    Oui, je connais ce jeu. C'est un pote qui me l'a filé par e-mail.

    Un virus :s ?
    La prochaine fois, y aura pas de prochaine fois.
    0
  17. gen-hackman
     
    DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!! (car l'outil est detecté a tort comme infection contenant un module qui sert à arrêter des processus , et un autre servant à prendre des droits dans le registre pour effectuer des suppressions)

    ▶ Télécharge ici :List_Kill'em

    et enregistre le sur ton bureau

    si tu as XP => double clique
    si tu as Vista ou windows 7 => clic droit "executer en tant que...."


    sur le raccourci sur ton bureau pour lancer l'installation

    Laisse coché :

    ♦ Executer List_Kill'em

    une fois terminée , clic sur "terminer"

    choisis l'option Search

    ▶ laisse travailler l'outil

    à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.

    Attention : il se peut que l'outil bloque anormalement longtemps arrivé à 95% à l'affichage "2nd Check", relance-le avec le raccourci sur le bureau sans l'arreter , puis clique sur le tout petit "X" en bas de la fenetre d'accueil du programme, ca le debloquera pour finir son scan

    ▶ Poste les rapports qui apparaitront sur ton bureau

    ▶▶▶ NE LES POSTE PAS SUR LE FORUM

    Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

    ▶ Clique sur Parcourir et selectionne , un par un , les fichiers concernés apparus sur ton bureau

    ▶ Clique sur Ouvrir.

    ▶ Clique sur "Cliquez ici pour déposer le fichier".

    Un lien de cette forme :

    http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt

    est ajouté dans la page.

    ▶ Copie ce lien dans ta réponse.

    ▶ Fais de même avec more.txt qui se trouve sur ton bureau
    0
  18. sorcierinfernal Messages postés 879 Statut Membre 76
     
    Hello !

    Rapport 1
    et ça pour more.txt
    0
  19. gen-hackman
     
    tu as bien desactivé toutes tes protections avant le scan ?
    pare-feu windows compris ?
    0
    1. sorcierinfernal Messages postés 879 Statut Membre 76
       
      Ah mince j'ai oublié :s Je recommence !
      0
  20. sorcierinfernal Messages postés 879 Statut Membre 76
     
    Bonjour !

    Je reviens sans rapport car mon système à planté. J'ai eu un blue screen avec écrit un truc du genre : "Windows à crashé : Vérifiez si il reste assez d'espace sur le disque-sur, etc.... Vidange de la mémoire physique" il a planté quand 'était écrit : MBR a été correctement enregistré (écran blanc du logiciel) bon j'ai bien évidemment un rapport de windows...

    Ce que j'ai trouvé "drole" c'est que mon pc à démarré au quart de tour
    0
  • 1
  • 2
  • 3