PC infecté par ramnit
Caroline
-
2011N2 Messages postés 13379 Date d'inscription Statut Contributeur sécurité Dernière intervention -
2011N2 Messages postés 13379 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Bonjour,
Récemment mon pc qui tourne sous windows 7 a été infecté par un virus, mon antivirus avira a détecté qu'il s'agissait de ramnit. Je pense qu'il s'agit bien de lui car il était indiqué comme virus mais je ne suis pas certaine que ce soit ramnit Après avoir tenté de le supprimer en suivant les indications du site mais en vain, j'ai fait une analyse avec combofix et je vous demande votre aide pour résoudre mon problème. Voici le résultat de l'analyse:
ComboFix 11-09-10.02 - Caroline 10/09/2011 12:44:16.1.4 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.3885.2329 [GMT 2:00]
Lancé depuis: c:\users\Caroline\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Caroline\AppData\Local\btfckaer.log
c:\users\Caroline\AppData\Local\cqurihel.log
c:\users\Caroline\AppData\Local\fmvjtvnp.log
c:\users\Caroline\AppData\Local\msyplsfi.log
c:\users\Caroline\AppData\Local\olsmxrjo.log
c:\users\Caroline\AppData\Local\qvghgbii\ycxtqeov.exe
c:\users\Caroline\AppData\Local\saicabjm.log
c:\users\Caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ycxtqeov.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-08-10 au 2011-09-10 ))))))))))))))))))))))))))))))))))))
.
.
2011-09-10 10:51 . 2011-09-10 10:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-10 10:11 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1FAB6146-0DD5-4861-8D0C-80B930F91DEF}\mpengine.dll
2011-09-09 17:47 . 2011-09-09 17:47 -------- d-----w- c:\users\Caroline\DoctorWeb
2011-09-09 17:34 . 2011-09-09 17:34 -------- d-----w- C:\Kaspersky
2011-09-06 18:02 . 2011-09-06 18:02 -------- d---a-w- c:\windows\rundll16.exe
2011-09-06 18:02 . 2011-09-06 18:02 -------- d---a-w- c:\windows\logo1_.exe
2011-09-06 17:34 . 2011-09-06 17:34 -------- d---a-w- c:\windows\VDLL.DLL
2011-09-06 17:34 . 2011-09-06 17:34 -------- d---a-w- c:\windows\SysWow64\runouce.exe
2011-09-06 17:34 . 2011-09-06 17:34 -------- d---a-w- c:\windows\SysWow64\regsvr.exe
2011-09-06 17:34 . 2011-09-06 17:34 -------- d---a-w- c:\windows\RUNDL132.EXE
2011-09-06 17:34 . 2011-09-06 17:34 -------- d---a-w- c:\windows\logo_1.exe
2011-09-06 11:04 . 2011-09-06 11:04 632064 ----a-w- c:\windows\SysWow64\msvcr80.dll
2011-09-06 11:04 . 2011-09-06 11:04 554240 ----a-w- c:\windows\SysWow64\msvcp80.dll
2011-09-06 11:04 . 2011-03-24 13:36 431176 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2011-09-06 11:03 . 2011-09-06 11:03 -------- d-----w- c:\users\Caroline\AppData\Roaming\MicroWorld
2011-09-06 11:03 . 2011-09-09 17:27 -------- d-----w- C:\PUB
2011-09-06 11:02 . 2011-09-06 17:31 993800 ----a-w- c:\windows\system32\test2.exe
2011-09-06 11:02 . 2011-06-16 14:00 965128 ----a-w- c:\windows\system32\BACKUP.38364384.test2.exe
2011-09-05 21:07 . 2011-09-05 21:07 5254 ----a-w- c:\windows\winsbak.reg
2011-09-05 21:07 . 2011-09-05 21:07 156534 ----a-w- c:\windows\winsbak2.reg
2011-09-05 21:06 . 2011-09-05 21:06 -------- d-----w- c:\programdata\OEM Links
2011-09-05 21:06 . 2011-09-09 17:27 -------- d-----w- c:\programdata\MicroWorld
2011-09-05 21:02 . 2011-09-05 21:02 -------- d-----w- c:\program files (x86)\MSSQL.1
2011-09-05 21:01 . 2011-09-05 21:02 -------- d-----w- c:\program files\Microsoft SQL Server
2011-09-05 21:01 . 2011-09-05 21:04 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2011-09-05 20:57 . 2011-06-16 14:04 145928 ----a-w- c:\windows\killproc.exe
2011-09-05 20:45 . 2011-09-05 20:53 -------- d-----w- c:\users\Caroline\AppData\Roaming\Download Manager
2011-09-04 19:29 . 2011-09-04 19:29 -------- d-----w- c:\windows\fr
2011-09-04 19:28 . 2011-09-04 19:28 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-09-04 19:26 . 2011-05-13 13:37 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-09-04 19:25 . 2011-09-04 19:25 -------- d-----w- c:\windows\PCHEALTH
2011-09-04 19:25 . 2011-09-04 19:26 -------- d-----w- c:\program files\Windows Live
2011-09-04 19:24 . 2009-09-04 15:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2011-09-04 19:24 . 2009-09-04 15:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2011-09-04 19:24 . 2009-09-04 15:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2011-09-04 19:24 . 2009-09-04 15:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-09-04 19:21 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-09-04 19:21 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2011-09-04 19:21 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll
2011-09-04 19:21 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2011-09-04 19:16 . 2011-09-04 19:16 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2c4767991cc6b3737\MeshBetaRemover.exe
2011-09-04 19:14 . 2011-09-04 19:14 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e85056961cc6b3629\DSETUP.dll
2011-09-04 19:14 . 2011-09-04 19:14 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e85056961cc6b3629\DXSETUP.exe
2011-09-04 19:14 . 2011-09-04 19:14 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e85056961cc6b3629\dsetup32.dll
2011-09-04 19:14 . 2011-09-04 19:14 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e45e260b1cc6b3628\DSETUP.dll
2011-09-04 19:14 . 2011-09-04 19:14 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e45e260b1cc6b3628\DXSETUP.exe
2011-09-04 19:14 . 2011-09-04 19:14 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e45e260b1cc6b3628\dsetup32.dll
2011-09-04 19:09 . 2011-09-10 10:39 -------- d-----w- c:\users\Caroline\AppData\Local\Windows Live
2011-09-04 18:44 . 2011-09-04 18:44 -------- d-----w- c:\users\Caroline\AppData\Local\Windows Live Writer
2011-09-04 18:44 . 2011-09-04 18:44 -------- d-----w- c:\users\Caroline\AppData\Roaming\Windows Live Writer
2011-09-04 17:59 . 2011-09-04 17:59 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-01 19:07 . 2011-09-10 10:50 -------- d-----w- c:\users\Caroline\AppData\Local\qvghgbii
2011-08-26 06:47 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-26 06:47 . 2011-07-09 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-06 18:03 . 2011-09-06 18:02 2424367 ----a-w- c:\windows\REGBK00.ZIP
2011-09-04 19:25 . 2011-03-28 16:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-22 05:35 . 2011-08-11 09:07 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 04:56 . 2011-08-11 09:07 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:26 . 2011-08-11 09:08 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:26 . 2011-08-11 09:08 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:26 . 2011-08-11 09:08 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:26 . 2011-08-11 09:08 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 05:24 . 2011-08-11 09:08 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:21 . 2011-08-11 09:08 422400 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:17 . 2011-08-11 09:08 338432 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 05:04 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:36 . 2011-08-11 09:08 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:32 . 2011-08-11 09:08 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:31 . 2011-08-11 09:08 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:30 . 2011-08-11 09:08 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:30 . 2011-08-11 09:08 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:19 . 2011-08-11 09:08 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:26 . 2011-08-11 09:08 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-16 02:26 . 2011-08-11 09:08 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-16 02:21 . 2011-08-11 09:08 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 09:08 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 09:08 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:44 . 2011-08-11 09:09 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-23 05:29 . 2011-08-11 09:07 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-23 04:38 . 2011-08-11 09:07 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:38 . 2011-08-11 09:07 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-06-21 06:27 . 2011-08-11 09:08 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-21 06:20 . 2011-08-11 09:07 1197056 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 06:20 . 2011-08-11 09:07 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-21 05:36 . 2011-08-11 09:07 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-06-21 05:35 . 2011-08-11 09:07 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-06-21 05:05 . 2011-08-11 09:07 482816 ----a-w- c:\windows\system32\html.iec
2011-06-21 04:26 . 2011-08-11 09:07 386048 ----a-w- c:\windows\SysWow64\html.iec
2011-06-15 09:58 . 2011-08-11 09:09 212992 ----a-w- c:\windows\system32\odbctrac.dll
2011-06-15 09:58 . 2011-08-11 09:09 163840 ----a-w- c:\windows\system32\odbccp32.dll
2011-06-15 09:58 . 2011-08-11 09:09 106496 ----a-w- c:\windows\system32\odbccu32.dll
2011-06-15 09:58 . 2011-08-11 09:09 106496 ----a-w- c:\windows\system32\odbccr32.dll
2011-06-15 09:04 . 2011-08-11 09:09 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll
2011-06-15 09:04 . 2011-08-11 09:09 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll
2011-06-15 09:04 . 2011-08-11 09:09 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll
2011-06-15 09:04 . 2011-08-11 09:09 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll
2011-06-15 09:04 . 2011-08-11 09:09 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll
2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-01-13 7109248]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files (x86)\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2006-5-12 581693]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-3-24 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-3-24 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-24 135664]
R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-24 135664]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 eScan-Apache;eScan-Apache;c:\progra~2\COMMON~1\MICROW~1\Apache2\BIN\httpd.exe [2010-10-17 20549]
S2 MSSQL$ESCANSQLSERVER;SQL Server (ESCANSQLSERVER);c:\program files (x86)\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
.
.
Contenu du dossier 'Tâches planifiées'
.
2011-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-24 00:10]
.
2011-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-24 00:10]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-12-24 1736704]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://asus.msn.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Envoyer à &Bluetooth - c:\program files (x86)\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 172.17.2.1
TCP: Interfaces\{009B3363-39C4-482C-AAD7-4E6426074697}: DhcpNameServer = 172.17.2.1
TCP: Interfaces\{009B3363-39C4-482C-AAD7-4E6426074697}\16E64756E656: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{009B3363-39C4-482C-AAD7-4E6426074697}\4656661657C647: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{009B3363-39C4-482C-AAD7-4E6426074697}\E4545564F554640334: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\svi9zhnq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405725&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405725&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-YcxTqeov - c:\users\Caroline\AppData\Local\qvghgbii\ycxtqeov.exe
Toolbar-Locked - (no file)
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2011-09-10 12:54:54
ComboFix-quarantined-files.txt 2011-09-10 10:54
.
Avant-CF: 51 072 897 024 octets libres
Après-CF: 51 567 534 080 octets libres
.
- - End Of File - - EA23F1C4D76990809C6E113DDBB36A10
Récemment mon pc qui tourne sous windows 7 a été infecté par un virus, mon antivirus avira a détecté qu'il s'agissait de ramnit. Je pense qu'il s'agit bien de lui car il était indiqué comme virus mais je ne suis pas certaine que ce soit ramnit Après avoir tenté de le supprimer en suivant les indications du site mais en vain, j'ai fait une analyse avec combofix et je vous demande votre aide pour résoudre mon problème. Voici le résultat de l'analyse:
ComboFix 11-09-10.02 - Caroline 10/09/2011 12:44:16.1.4 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.3885.2329 [GMT 2:00]
Lancé depuis: c:\users\Caroline\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Caroline\AppData\Local\btfckaer.log
c:\users\Caroline\AppData\Local\cqurihel.log
c:\users\Caroline\AppData\Local\fmvjtvnp.log
c:\users\Caroline\AppData\Local\msyplsfi.log
c:\users\Caroline\AppData\Local\olsmxrjo.log
c:\users\Caroline\AppData\Local\qvghgbii\ycxtqeov.exe
c:\users\Caroline\AppData\Local\saicabjm.log
c:\users\Caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ycxtqeov.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-08-10 au 2011-09-10 ))))))))))))))))))))))))))))))))))))
.
.
2011-09-10 10:51 . 2011-09-10 10:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-10 10:11 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1FAB6146-0DD5-4861-8D0C-80B930F91DEF}\mpengine.dll
2011-09-09 17:47 . 2011-09-09 17:47 -------- d-----w- c:\users\Caroline\DoctorWeb
2011-09-09 17:34 . 2011-09-09 17:34 -------- d-----w- C:\Kaspersky
2011-09-06 18:02 . 2011-09-06 18:02 -------- d---a-w- c:\windows\rundll16.exe
2011-09-06 18:02 . 2011-09-06 18:02 -------- d---a-w- c:\windows\logo1_.exe
2011-09-06 17:34 . 2011-09-06 17:34 -------- d---a-w- c:\windows\VDLL.DLL
2011-09-06 17:34 . 2011-09-06 17:34 -------- d---a-w- c:\windows\SysWow64\runouce.exe
2011-09-06 17:34 . 2011-09-06 17:34 -------- d---a-w- c:\windows\SysWow64\regsvr.exe
2011-09-06 17:34 . 2011-09-06 17:34 -------- d---a-w- c:\windows\RUNDL132.EXE
2011-09-06 17:34 . 2011-09-06 17:34 -------- d---a-w- c:\windows\logo_1.exe
2011-09-06 11:04 . 2011-09-06 11:04 632064 ----a-w- c:\windows\SysWow64\msvcr80.dll
2011-09-06 11:04 . 2011-09-06 11:04 554240 ----a-w- c:\windows\SysWow64\msvcp80.dll
2011-09-06 11:04 . 2011-03-24 13:36 431176 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2011-09-06 11:03 . 2011-09-06 11:03 -------- d-----w- c:\users\Caroline\AppData\Roaming\MicroWorld
2011-09-06 11:03 . 2011-09-09 17:27 -------- d-----w- C:\PUB
2011-09-06 11:02 . 2011-09-06 17:31 993800 ----a-w- c:\windows\system32\test2.exe
2011-09-06 11:02 . 2011-06-16 14:00 965128 ----a-w- c:\windows\system32\BACKUP.38364384.test2.exe
2011-09-05 21:07 . 2011-09-05 21:07 5254 ----a-w- c:\windows\winsbak.reg
2011-09-05 21:07 . 2011-09-05 21:07 156534 ----a-w- c:\windows\winsbak2.reg
2011-09-05 21:06 . 2011-09-05 21:06 -------- d-----w- c:\programdata\OEM Links
2011-09-05 21:06 . 2011-09-09 17:27 -------- d-----w- c:\programdata\MicroWorld
2011-09-05 21:02 . 2011-09-05 21:02 -------- d-----w- c:\program files (x86)\MSSQL.1
2011-09-05 21:01 . 2011-09-05 21:02 -------- d-----w- c:\program files\Microsoft SQL Server
2011-09-05 21:01 . 2011-09-05 21:04 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2011-09-05 20:57 . 2011-06-16 14:04 145928 ----a-w- c:\windows\killproc.exe
2011-09-05 20:45 . 2011-09-05 20:53 -------- d-----w- c:\users\Caroline\AppData\Roaming\Download Manager
2011-09-04 19:29 . 2011-09-04 19:29 -------- d-----w- c:\windows\fr
2011-09-04 19:28 . 2011-09-04 19:28 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-09-04 19:26 . 2011-05-13 13:37 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-09-04 19:25 . 2011-09-04 19:25 -------- d-----w- c:\windows\PCHEALTH
2011-09-04 19:25 . 2011-09-04 19:26 -------- d-----w- c:\program files\Windows Live
2011-09-04 19:24 . 2009-09-04 15:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2011-09-04 19:24 . 2009-09-04 15:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2011-09-04 19:24 . 2009-09-04 15:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2011-09-04 19:24 . 2009-09-04 15:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-09-04 19:21 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-09-04 19:21 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2011-09-04 19:21 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll
2011-09-04 19:21 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2011-09-04 19:16 . 2011-09-04 19:16 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2c4767991cc6b3737\MeshBetaRemover.exe
2011-09-04 19:14 . 2011-09-04 19:14 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e85056961cc6b3629\DSETUP.dll
2011-09-04 19:14 . 2011-09-04 19:14 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e85056961cc6b3629\DXSETUP.exe
2011-09-04 19:14 . 2011-09-04 19:14 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e85056961cc6b3629\dsetup32.dll
2011-09-04 19:14 . 2011-09-04 19:14 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e45e260b1cc6b3628\DSETUP.dll
2011-09-04 19:14 . 2011-09-04 19:14 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e45e260b1cc6b3628\DXSETUP.exe
2011-09-04 19:14 . 2011-09-04 19:14 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e45e260b1cc6b3628\dsetup32.dll
2011-09-04 19:09 . 2011-09-10 10:39 -------- d-----w- c:\users\Caroline\AppData\Local\Windows Live
2011-09-04 18:44 . 2011-09-04 18:44 -------- d-----w- c:\users\Caroline\AppData\Local\Windows Live Writer
2011-09-04 18:44 . 2011-09-04 18:44 -------- d-----w- c:\users\Caroline\AppData\Roaming\Windows Live Writer
2011-09-04 17:59 . 2011-09-04 17:59 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-01 19:07 . 2011-09-10 10:50 -------- d-----w- c:\users\Caroline\AppData\Local\qvghgbii
2011-08-26 06:47 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-26 06:47 . 2011-07-09 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-06 18:03 . 2011-09-06 18:02 2424367 ----a-w- c:\windows\REGBK00.ZIP
2011-09-04 19:25 . 2011-03-28 16:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-22 05:35 . 2011-08-11 09:07 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 04:56 . 2011-08-11 09:07 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:26 . 2011-08-11 09:08 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:26 . 2011-08-11 09:08 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:26 . 2011-08-11 09:08 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:26 . 2011-08-11 09:08 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 05:24 . 2011-08-11 09:08 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:21 . 2011-08-11 09:08 422400 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:17 . 2011-08-11 09:08 338432 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 05:04 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:36 . 2011-08-11 09:08 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:32 . 2011-08-11 09:08 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:31 . 2011-08-11 09:08 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:30 . 2011-08-11 09:08 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:30 . 2011-08-11 09:08 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:19 . 2011-08-11 09:08 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:26 . 2011-08-11 09:08 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-16 02:26 . 2011-08-11 09:08 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-16 02:21 . 2011-08-11 09:08 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 09:08 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 09:08 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 09:08 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:44 . 2011-08-11 09:09 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-23 05:29 . 2011-08-11 09:07 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-23 04:38 . 2011-08-11 09:07 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:38 . 2011-08-11 09:07 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-06-21 06:27 . 2011-08-11 09:08 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-21 06:20 . 2011-08-11 09:07 1197056 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 06:20 . 2011-08-11 09:07 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-21 05:36 . 2011-08-11 09:07 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-06-21 05:35 . 2011-08-11 09:07 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-06-21 05:05 . 2011-08-11 09:07 482816 ----a-w- c:\windows\system32\html.iec
2011-06-21 04:26 . 2011-08-11 09:07 386048 ----a-w- c:\windows\SysWow64\html.iec
2011-06-15 09:58 . 2011-08-11 09:09 212992 ----a-w- c:\windows\system32\odbctrac.dll
2011-06-15 09:58 . 2011-08-11 09:09 163840 ----a-w- c:\windows\system32\odbccp32.dll
2011-06-15 09:58 . 2011-08-11 09:09 106496 ----a-w- c:\windows\system32\odbccu32.dll
2011-06-15 09:58 . 2011-08-11 09:09 106496 ----a-w- c:\windows\system32\odbccr32.dll
2011-06-15 09:04 . 2011-08-11 09:09 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll
2011-06-15 09:04 . 2011-08-11 09:09 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll
2011-06-15 09:04 . 2011-08-11 09:09 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll
2011-06-15 09:04 . 2011-08-11 09:09 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll
2011-06-15 09:04 . 2011-08-11 09:09 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll
2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-01-13 7109248]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files (x86)\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2006-5-12 581693]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-3-24 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-3-24 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-24 135664]
R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-24 135664]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 eScan-Apache;eScan-Apache;c:\progra~2\COMMON~1\MICROW~1\Apache2\BIN\httpd.exe [2010-10-17 20549]
S2 MSSQL$ESCANSQLSERVER;SQL Server (ESCANSQLSERVER);c:\program files (x86)\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
.
.
Contenu du dossier 'Tâches planifiées'
.
2011-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-24 00:10]
.
2011-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-24 00:10]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-12-24 1736704]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://asus.msn.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Envoyer à &Bluetooth - c:\program files (x86)\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 172.17.2.1
TCP: Interfaces\{009B3363-39C4-482C-AAD7-4E6426074697}: DhcpNameServer = 172.17.2.1
TCP: Interfaces\{009B3363-39C4-482C-AAD7-4E6426074697}\16E64756E656: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{009B3363-39C4-482C-AAD7-4E6426074697}\4656661657C647: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{009B3363-39C4-482C-AAD7-4E6426074697}\E4545564F554640334: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\svi9zhnq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405725&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405725&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-YcxTqeov - c:\users\Caroline\AppData\Local\qvghgbii\ycxtqeov.exe
Toolbar-Locked - (no file)
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2011-09-10 12:54:54
ComboFix-quarantined-files.txt 2011-09-10 10:54
.
Avant-CF: 51 072 897 024 octets libres
Après-CF: 51 567 534 080 octets libres
.
- - End Of File - - EA23F1C4D76990809C6E113DDBB36A10
A voir également:
- PC infecté par ramnit
- Reinitialiser pc - Guide
- Pc lent - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Double ecran pc - Guide
- Forcer demarrage pc - Guide
1 réponse
Salut,
Bienvenue sur Comment Ça Marche. On va essayer de résoudre ton problème ensemble. Voici quelques régles ==>
-Ici, les helpers sont volontaires, et nous avons également une vie de famille, du travail, comme tout le monde. En conséquences, sois patient en attendant tes réponses de la part du helper.
-Suis la procédure jusqu'au bout, sinon ça ne servira à rien.
-Ne panique pas, n'hésite pas à poser des questions si tu as des doutes, car c'est beaucoup mieux que de planter ton PC si tu ne sais pas quoi faire.
-Avant d'effectuer des manipulations, lis la procédure jusqu'au bout, afin de ne pas faire d'erreur.
-Lors de la désinfection, désactive ton antivirus, afin que la désinfection puisse s'effectuer normalement.
-Si tu es sous Vista/7, éxécute un programme toujours en faisant un clic droit puis ==> Éxécuter en tant qu'administrateur
-Si tu crack (Emule, BiTorrent, etc...) arrête tout de suite, c'est une source d'infection, et la désinfection sera donc inutile.
-N'ouvre pas d'autres sujets pour le même problème (que ce soit sur ce forum ou sur un autre).
Si tu es prêt, c'est partit ==>
Qui t'as dit d'utiliser Combofix ?
On va faire un diagnostic de ton PC pour plus de renseignements ==>
=> Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
ou :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html
ou :
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
=> Laisse toi guider lors de l'installation, coche "Ajouter une icône sur le bureau" et décoche la case "Exécuter ZHPDiag".
/!\Utilisateur de Vista et Seven/!\ : Clic droit sur le logo de ZHPdiag (parchemin) puis « Exécuter en tant qu'Administrateur »
=> Clique sur l'icône, en haut à gauche, représentant une loupe : « Lancer le diagnostic ».
=> Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette.
=> Héberge le rapport ZHPDiag.txt sur un des sites ci-dessous, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :
https://www.cjoint.com/
ou
http://www.cijoint.fr/
ou :
http://ww38.toofiles.com/fr/documents-upload.html
ou :
http://pjjoint.malekal.com/
ou :
https://www.casimages.com/
Si tu as besoin d'aide, ou quelque chose n'est pas clair, n'hésite pas à poser la question.
Merci,
Gabriel.
Bienvenue sur Comment Ça Marche. On va essayer de résoudre ton problème ensemble. Voici quelques régles ==>
-Ici, les helpers sont volontaires, et nous avons également une vie de famille, du travail, comme tout le monde. En conséquences, sois patient en attendant tes réponses de la part du helper.
-Suis la procédure jusqu'au bout, sinon ça ne servira à rien.
-Ne panique pas, n'hésite pas à poser des questions si tu as des doutes, car c'est beaucoup mieux que de planter ton PC si tu ne sais pas quoi faire.
-Avant d'effectuer des manipulations, lis la procédure jusqu'au bout, afin de ne pas faire d'erreur.
-Lors de la désinfection, désactive ton antivirus, afin que la désinfection puisse s'effectuer normalement.
-Si tu es sous Vista/7, éxécute un programme toujours en faisant un clic droit puis ==> Éxécuter en tant qu'administrateur
-Si tu crack (Emule, BiTorrent, etc...) arrête tout de suite, c'est une source d'infection, et la désinfection sera donc inutile.
-N'ouvre pas d'autres sujets pour le même problème (que ce soit sur ce forum ou sur un autre).
Si tu es prêt, c'est partit ==>
Qui t'as dit d'utiliser Combofix ?
On va faire un diagnostic de ton PC pour plus de renseignements ==>
=> Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
ou :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html
ou :
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
=> Laisse toi guider lors de l'installation, coche "Ajouter une icône sur le bureau" et décoche la case "Exécuter ZHPDiag".
/!\Utilisateur de Vista et Seven/!\ : Clic droit sur le logo de ZHPdiag (parchemin) puis « Exécuter en tant qu'Administrateur »
=> Clique sur l'icône, en haut à gauche, représentant une loupe : « Lancer le diagnostic ».
=> Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette.
=> Héberge le rapport ZHPDiag.txt sur un des sites ci-dessous, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :
https://www.cjoint.com/
ou
http://www.cijoint.fr/
ou :
http://ww38.toofiles.com/fr/documents-upload.html
ou :
http://pjjoint.malekal.com/
ou :
https://www.casimages.com/
Si tu as besoin d'aide, ou quelque chose n'est pas clair, n'hésite pas à poser la question.
Merci,
Gabriel.
