Pc infecter ! besoin d'aide ! - Page 2

Résolu
Précédent
  • 1
  • 2
Réponse 21 / 37
mack.bolan Messages postés 1732 Statut Membre 256
 
la fenêtres d'erreur s'ouvre lors du points de restauration
0
Réponse 22 / 37
mack.bolan Messages postés 1732 Statut Membre 256
 
copier coller sur le bureau
0
Réponse 23 / 37
mack.bolan Messages postés 1732 Statut Membre 256
 
j'ai bien le bureau qui devient noir mais une fenetre de creation de point de restauration s'ouvre et apparaît la fenêtres d'erreur puis plus rien
0
Réponse 24 / 37
Utilisateur anonyme
 
à tous les coups c est avast qui nous bloque....

desinstalle Avast tu le remettras après la desinfection

surtout qu'on en est à la version 7 ^^
0
mack.bolan Messages postés 1732 Statut Membre 256
 
ok j'y vais
0
Utilisateur anonyme
 
utilise ca en mode sans echec :

https://www.avast.com/fr-fr/uninstall-utility
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 37
mack.bolan Messages postés 1732 Statut Membre 256
 
avast n'ai pas dans programme et fonctionalitè
comment le déinstaller?
0
mack.bolan Messages postés 1732 Statut Membre 256
 
j'ai trouver un utilitaire pour avast je relance prè scanne mais pareil
0
Réponse 26 / 37
Utilisateur anonyme
 

/!\ ATTENTION SUIVRE A LA LETTRE CES INDICATIONS/!\

__________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================

▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur

Telecharge ici : Combofix

Avant d'utiliser ComboFix :

Si tu utilises AVG, IL FAUT IMPERATIVEMENT LE DESINSTALLER avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système.
La simple désactivation du résident n'est pas suffisante.
Télécharge le désinstalleur d'AVG sur ce lien : https://www.avg.com/fr-fr/avg-remover
Choisis la version adéquate (32 ou 64 bits)/!\

Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :

▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau

▶ Lance le

Une fenêtre apparait : clique sur "Disable"

▶ Fais redémarrer l'ordinateur si l'outil te le demande

Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"

_________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur combofix renommé

¤¤¤¤¤¤¤¤¤¤ LAISSE-LE INSTALLER LA CONSOLE DE RECUPERATION S'IL TE LE DEMANDE ¤¤¤¤¤¤¤¤¤¤

▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!

▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

▶▶▶ Si, après le redémarrage de votre pc par combofix, vous avez des erreurs "Clé marquée pour suppression" ou des soucis de connexion internet, redémarrez à nouveau votre ordinateur

0
Réponse 27 / 37
mack.bolan Messages postés 1732 Statut Membre 256
 
ok c'est parti
0
Réponse 28 / 37
mack.bolan Messages postés 1732 Statut Membre 256
 
ComboFix 12-04-23.02 - cyril 23/04/2012 22:30:39.1.1 - x64 MINIMAL
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3839.3169 [GMT 2:00]
Lancé depuis: C:\Users\cyril\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

C:\install.exe
C:\Program Files (x86)\Common Files\emachines.ico
C:\Program Files (x86)\VooMuu
C:\Program Files (x86)\VooMuu\bin\1.0.36.0\copyright.txt
C:\Program Files (x86)\VooMuu\bin\1.0.36.0\VooMuuSAHook.dll
C:\ProgramData\VooMuuSA
C:\ProgramData\VooMuuSA\VooMuuSA.dat
C:\ProgramData\VooMuuSA\VooMuuSA_kyf.dat
C:\ProgramData\VooMuuSA\VooMuuSAau.dat
C:\Users\Tiphanie\AppData\Roaming\.#
C:\Users\Tiphanie\Desktop\Internet Explorer.lnk
C:\Windows\system32\drivers\etc\hosts.ics

((((((((((((((((((((((((((((( Fichiers créés du 2012-03-23 au 2012-04-23 ))))))))))))))))))))))))))))))))))))

2012-04-23 20:35:03 . 2012-04-23 20:35:03 -------- d-----w- C:\Users\Tiphanie\AppData\Local\temp
2012-04-22 19:17:18 . 2012-04-22 19:17:18 -------- d-----w- C:\Users\Tiphanie\AppData\Roaming\Malwarebytes
2012-04-22 17:38:59 . 2012-04-22 17:39:01 -------- d-----w- C:\Program Files\CCleaner
2012-04-22 17:19:44 . 2012-04-22 17:19:44 -------- dc----w- C:\ProgramData\{589802B2-1BF3-4609-9ADE-CF6E6608D06D}
2012-04-22 15:55:31 . 2012-04-22 15:55:31 -------- d-----w- C:\Users\cyril\AppData\Roaming\Malwarebytes
2012-04-22 15:55:20 . 2012-04-22 15:55:20 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-22 15:55:16 . 2011-08-31 15:00:50 25416 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-04-22 15:55:15 . 2012-04-22 15:55:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-19 10:13:18 . 2012-04-23 20:36:32 -------- d-----w- C:\Windows\system32\wbem\repository
2012-04-12 14:57:34 . 2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\system32\ntoskrnl.exe
2012-04-12 14:57:33 . 2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-12 14:57:32 . 2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-12 14:55:45 . 2012-03-01 06:46:16 23408 ----a-w- C:\Windows\system32\drivers\fs_rec.sys
2012-04-12 14:55:45 . 2012-03-01 06:33:50 81408 ----a-w- C:\Windows\system32\imagehlp.dll
2012-04-12 14:55:45 . 2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 14:55:44 . 2012-03-01 06:38:27 220672 ----a-w- C:\Windows\system32\wintrust.dll
2012-04-12 14:55:44 . 2012-03-01 06:28:47 5120 ----a-w- C:\Windows\system32\wmi.dll
2012-04-12 14:55:44 . 2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-12 14:55:44 . 2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-09 13:21:38 . 2012-04-09 13:21:38 -------- d-----w- C:\Users\cyril\AppData\Roaming\WebPlayerBdd
2012-04-09 13:21:06 . 2012-04-09 13:21:06 -------- d-----w- C:\Kreapixel
2012-04-09 13:19:10 . 2012-04-09 13:19:22 -------- d-----w- C:\Program Files (x86)\Searchgo
2012-04-09 09:04:39 . 2012-04-09 09:04:39 -------- d-----w- C:\ProgramData\boost_interprocess
2012-04-09 09:04:38 . 2012-04-09 09:04:45 -------- d-----w- C:\Program Files (x86)\Searchqu Toolbar
2012-04-04 14:34:26 . 2012-04-04 14:35:45 -------- d-----w- C:\Users\cyril\cle usb
.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

2012-03-14 03:27:40 . 2012-04-19 10:24:59 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{778A5EFC-58E4-42D9-ADBD-81AB96DC30C7}\mpengine.dll
2012-02-23 08:18:36 . 2010-12-30 19:20:42 279656 ----a-w- C:\Windows\system32\MpSigStub.exe
2012-02-17 06:38:26 . 2012-03-13 17:08:46 1031680 ----a-w- C:\Windows\system32\rdpcore.dll
2012-02-17 05:34:22 . 2012-03-13 17:08:46 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 . 2012-03-13 17:08:46 210944 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
2012-02-17 04:57:32 . 2012-03-13 17:08:45 23552 ----a-w- C:\Windows\system32\drivers\tdtcp.sys
2012-02-10 06:36:07 . 2012-03-14 07:54:29 1544192 ----a-w- C:\Windows\system32\DWrite.dll
2012-02-10 05:38:43 . 2012-03-14 07:54:28 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-07 09:02:40 . 2012-02-07 09:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34:34 . 2012-03-14 07:54:31 3145728 ----a-w- C:\Windows\system32\win32k.sys
2012-01-25 06:38:39 . 2012-03-13 17:08:48 77312 ----a-w- C:\Windows\system32\rdpwsx.dll
2012-01-25 06:38:38 . 2012-03-13 17:08:48 149504 ----a-w- C:\Windows\system32\rdpcorekmts.dll
2012-01-25 06:33:30 . 2012-03-13 17:08:48 9216 ----a-w- C:\Windows\system32\rdrmemptylst.exe

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{338c5d66-6b92-40a7-a216-9830d2e54103}"= "C:\Program Files (x86)\Searchgo\prxtbSear.dll" [2011-05-09 08:49:38 176936]

[HKEY_CLASSES_ROOT\clsid\{338c5d66-6b92-40a7-a216-9830d2e54103}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{338c5d66-6b92-40a7-a216-9830d2e54103}]
2011-05-09 08:49:38 176936 ----a-w- C:\Program Files (x86)\Searchgo\prxtbSear.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{338c5d66-6b92-40a7-a216-9830d2e54103}"= "C:\Program Files (x86)\Searchgo\prxtbSear.dll" [2011-05-09 08:49:38 176936]

[HKEY_CLASSES_ROOT\clsid\{338c5d66-6b92-40a7-a216-9830d2e54103}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-08 11:58:27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2009-11-25 02:39:54 469536]
"EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 09:12:12 976320]
"SSDMonitor"="C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 07:46:02 104408]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 10:55:28 937920]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 12:06:06 254696]

C:\Users\Tiphanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Notification de cadeaux MSN.lnk - C:\Users\cyril\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2011-3-6 135680]
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

C:\Users\cyril\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Notification de cadeaux MSN.lnk - C:\Users\cyril\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2011-3-6 135680]
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Configuration Utility.lnk - C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe [2010-10-31 499712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 12:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576]
R2 gupdate;Service Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02 10:44:03 135664]
R3 gupdatem;Service Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02 10:44:03 135664]
R3 RTL8187B;Carte réseau USB 2.0 Realtek RTL8187B sans fil 802.11b/g 54 Mbits/s;C:\Windows\system32\DRIVERS\RTL8187B.sys [x]
R3 RTL8192su;TRENDnet 300Mbps Wireless N USB Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 16:07:14 759048]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 10:55:28 64952]
S2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 09:38:58 1150496]
S2 PCSUService;PC Speed Up Service;C:\Program Files (x86)\Accelerer PC\PCSUService.exe [2011-10-24 17:25:58 235232]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 07:46:02 583640]
S2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 02:47:12 240160]
S2 WlanWpsSvc;WlanWpsSvc;C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe [2008-06-26 18:09:36 167936]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - WS2IFSL

Contenu du dossier 'Tâches planifiées'

2012-04-23 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02 10:44:20 . 2010-11-02 10:44:03]

2012-04-23 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02 10:44:20 . 2010-11-02 10:44:03]

2012-04-23 C:\Windows\Tasks\RMSchedule.job
- C:\Program Files (x86)\Registry Mechanic\RegMech.exe [2010-12-26 20:43:23 . 2010-08-05 07:46:14]

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-17 12:47:38 9608224]
"OOTag"="C:\windows\oobeoffer\oobeoffer\ootag.exe" [2009-12-03 02:27:32 23072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll

------- Examen supplémentaire -------

uStart Page = hxxp://portail.free.fr/
uLocal Page = C:\Windows\system32\blank.htm
mStart Page = hxxp://www.google.fr
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-DLD.EXE - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-Adobe Shockwave Player - C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe
0
Réponse 29 / 37
Utilisateur anonyme
 
je peux l avoir entier ?
0
Réponse 30 / 37
mack.bolan Messages postés 1732 Statut Membre 256
 
--
ComboFix 12-04-23.02 - cyril 23/04/2012 22:30:39.1.1 - x64 MINIMAL
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3839.3169 [GMT 2:00]
Lancé depuis: C:\Users\cyril\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

C:\install.exe
C:\Program Files (x86)\Common Files\emachines.ico
C:\Program Files (x86)\VooMuu
C:\Program Files (x86)\VooMuu\bin\1.0.36.0\copyright.txt
C:\Program Files (x86)\VooMuu\bin\1.0.36.0\VooMuuSAHook.dll
C:\ProgramData\VooMuuSA
C:\ProgramData\VooMuuSA\VooMuuSA.dat
C:\ProgramData\VooMuuSA\VooMuuSA_kyf.dat
C:\ProgramData\VooMuuSA\VooMuuSAau.dat
C:\Users\Tiphanie\AppData\Roaming\.#
C:\Users\Tiphanie\Desktop\Internet Explorer.lnk
C:\Windows\system32\drivers\etc\hosts.ics

((((((((((((((((((((((((((((( Fichiers créés du 2012-03-23 au 2012-04-23 ))))))))))))))))))))))))))))))))))))

2012-04-23 20:35:03 . 2012-04-23 20:35:03 -------- d-----w- C:\Users\Tiphanie\AppData\Local\temp
2012-04-22 19:17:18 . 2012-04-22 19:17:18 -------- d-----w- C:\Users\Tiphanie\AppData\Roaming\Malwarebytes
2012-04-22 17:38:59 . 2012-04-22 17:39:01 -------- d-----w- C:\Program Files\CCleaner
2012-04-22 17:19:44 . 2012-04-22 17:19:44 -------- dc----w- C:\ProgramData\{589802B2-1BF3-4609-9ADE-CF6E6608D06D}
2012-04-22 15:55:31 . 2012-04-22 15:55:31 -------- d-----w- C:\Users\cyril\AppData\Roaming\Malwarebytes
2012-04-22 15:55:20 . 2012-04-22 15:55:20 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-22 15:55:16 . 2011-08-31 15:00:50 25416 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-04-22 15:55:15 . 2012-04-22 15:55:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-19 10:13:18 . 2012-04-23 20:36:32 -------- d-----w- C:\Windows\system32\wbem\repository
2012-04-12 14:57:34 . 2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\system32\ntoskrnl.exe
2012-04-12 14:57:33 . 2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-12 14:57:32 . 2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-12 14:55:45 . 2012-03-01 06:46:16 23408 ----a-w- C:\Windows\system32\drivers\fs_rec.sys
2012-04-12 14:55:45 . 2012-03-01 06:33:50 81408 ----a-w- C:\Windows\system32\imagehlp.dll
2012-04-12 14:55:45 . 2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 14:55:44 . 2012-03-01 06:38:27 220672 ----a-w- C:\Windows\system32\wintrust.dll
2012-04-12 14:55:44 . 2012-03-01 06:28:47 5120 ----a-w- C:\Windows\system32\wmi.dll
2012-04-12 14:55:44 . 2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-12 14:55:44 . 2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-09 13:21:38 . 2012-04-09 13:21:38 -------- d-----w- C:\Users\cyril\AppData\Roaming\WebPlayerBdd
2012-04-09 13:21:06 . 2012-04-09 13:21:06 -------- d-----w- C:\Kreapixel
2012-04-09 13:19:10 . 2012-04-09 13:19:22 -------- d-----w- C:\Program Files (x86)\Searchgo
2012-04-09 09:04:39 . 2012-04-09 09:04:39 -------- d-----w- C:\ProgramData\boost_interprocess
2012-04-09 09:04:38 . 2012-04-09 09:04:45 -------- d-----w- C:\Program Files (x86)\Searchqu Toolbar
2012-04-04 14:34:26 . 2012-04-04 14:35:45 -------- d-----w- C:\Users\cyril\cle usb
.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

2012-03-14 03:27:40 . 2012-04-19 10:24:59 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{778A5EFC-58E4-42D9-ADBD-81AB96DC30C7}\mpengine.dll
2012-02-23 08:18:36 . 2010-12-30 19:20:42 279656 ----a-w- C:\Windows\system32\MpSigStub.exe
2012-02-17 06:38:26 . 2012-03-13 17:08:46 1031680 ----a-w- C:\Windows\system32\rdpcore.dll
2012-02-17 05:34:22 . 2012-03-13 17:08:46 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 . 2012-03-13 17:08:46 210944 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
2012-02-17 04:57:32 . 2012-03-13 17:08:45 23552 ----a-w- C:\Windows\system32\drivers\tdtcp.sys
2012-02-10 06:36:07 . 2012-03-14 07:54:29 1544192 ----a-w- C:\Windows\system32\DWrite.dll
2012-02-10 05:38:43 . 2012-03-14 07:54:28 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-07 09:02:40 . 2012-02-07 09:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34:34 . 2012-03-14 07:54:31 3145728 ----a-w- C:\Windows\system32\win32k.sys
2012-01-25 06:38:39 . 2012-03-13 17:08:48 77312 ----a-w- C:\Windows\system32\rdpwsx.dll
2012-01-25 06:38:38 . 2012-03-13 17:08:48 149504 ----a-w- C:\Windows\system32\rdpcorekmts.dll
2012-01-25 06:33:30 . 2012-03-13 17:08:48 9216 ----a-w- C:\Windows\system32\rdrmemptylst.exe

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{338c5d66-6b92-40a7-a216-9830d2e54103}"= "C:\Program Files (x86)\Searchgo\prxtbSear.dll" [2011-05-09 08:49:38 176936]

[HKEY_CLASSES_ROOT\clsid\{338c5d66-6b92-40a7-a216-9830d2e54103}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{338c5d66-6b92-40a7-a216-9830d2e54103}]
2011-05-09 08:49:38 176936 ----a-w- C:\Program Files (x86)\Searchgo\prxtbSear.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{338c5d66-6b92-40a7-a216-9830d2e54103}"= "C:\Program Files (x86)\Searchgo\prxtbSear.dll" [2011-05-09 08:49:38 176936]

[HKEY_CLASSES_ROOT\clsid\{338c5d66-6b92-40a7-a216-9830d2e54103}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-08 11:58:27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2009-11-25 02:39:54 469536]
"EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 09:12:12 976320]
"SSDMonitor"="C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 07:46:02 104408]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 10:55:28 937920]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 12:06:06 254696]

C:\Users\Tiphanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Notification de cadeaux MSN.lnk - C:\Users\cyril\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2011-3-6 135680]
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

C:\Users\cyril\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Notification de cadeaux MSN.lnk - C:\Users\cyril\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2011-3-6 135680]
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Configuration Utility.lnk - C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe [2010-10-31 499712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 12:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576]
R2 gupdate;Service Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02 10:44:03 135664]
R3 gupdatem;Service Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02 10:44:03 135664]
R3 RTL8187B;Carte réseau USB 2.0 Realtek RTL8187B sans fil 802.11b/g 54 Mbits/s;C:\Windows\system32\DRIVERS\RTL8187B.sys [x]
R3 RTL8192su;TRENDnet 300Mbps Wireless N USB Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 16:07:14 759048]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 10:55:28 64952]
S2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 09:38:58 1150496]
S2 PCSUService;PC Speed Up Service;C:\Program Files (x86)\Accelerer PC\PCSUService.exe [2011-10-24 17:25:58 235232]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 07:46:02 583640]
S2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 02:47:12 240160]
S2 WlanWpsSvc;WlanWpsSvc;C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe [2008-06-26 18:09:36 167936]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - WS2IFSL

Contenu du dossier 'Tâches planifiées'

2012-04-23 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02 10:44:20 . 2010-11-02 10:44:03]

2012-04-23 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02 10:44:20 . 2010-11-02 10:44:03]

2012-04-23 C:\Windows\Tasks\RMSchedule.job
- C:\Program Files (x86)\Registry Mechanic\RegMech.exe [2010-12-26 20:43:23 . 2010-08-05 07:46:14]

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-17 12:47:38 9608224]
"OOTag"="C:\windows\oobeoffer\oobeoffer\ootag.exe" [2009-12-03 02:27:32 23072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll

------- Examen supplémentaire -------

uStart Page = hxxp://portail.free.fr/
uLocal Page = C:\Windows\system32\blank.htm
mStart Page = hxxp://www.google.fr
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-DLD.EXE - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-Adobe Shockwave Player - C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-2206202759-2939906336-3311746702-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

merci de mettre le sujet en résolu si c'est le cas par la suite ! :)
0
Réponse 31 / 37
mack.bolan Messages postés 1732 Statut Membre 256
 
ca marche !!!!!!!!!!!!!!
ha ben merci ! maintenant faut encore nettoyer ou juste supprimer les programme comme pre scan et combo
0
Réponse 32 / 37
Utilisateur anonyme
 
GRRRR !!! héberge le rapport.........
0
Réponse 33 / 37
mack.bolan Messages postés 1732 Statut Membre 256
 
lequel ?
0
Réponse 34 / 37
Utilisateur anonyme
 
ben le rapport de combofix
0
Réponse 35 / 37
mack.bolan Messages postés 1732 Statut Membre 256
 
--
ComboFix 12-04-23.02 - cyril 23/04/2012 22:30:39.1.1 - x64 MINIMAL
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3839.3169 [GMT 2:00]
Lancé depuis: C:\Users\cyril\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

C:\install.exe
C:\Program Files (x86)\Common Files\emachines.ico
C:\Program Files (x86)\VooMuu
C:\Program Files (x86)\VooMuu\bin\1.0.36.0\copyright.txt
C:\Program Files (x86)\VooMuu\bin\1.0.36.0\VooMuuSAHook.dll
C:\ProgramData\VooMuuSA
C:\ProgramData\VooMuuSA\VooMuuSA.dat
C:\ProgramData\VooMuuSA\VooMuuSA_kyf.dat
C:\ProgramData\VooMuuSA\VooMuuSAau.dat
C:\Users\Tiphanie\AppData\Roaming\.#
C:\Users\Tiphanie\Desktop\Internet Explorer.lnk
C:\Windows\system32\drivers\etc\hosts.ics

((((((((((((((((((((((((((((( Fichiers créés du 2012-03-23 au 2012-04-23 ))))))))))))))))))))))))))))))))))))

2012-04-23 20:35:03 . 2012-04-23 20:35:03 -------- d-----w- C:\Users\Tiphanie\AppData\Local\temp
2012-04-22 19:17:18 . 2012-04-22 19:17:18 -------- d-----w- C:\Users\Tiphanie\AppData\Roaming\Malwarebytes
2012-04-22 17:38:59 . 2012-04-22 17:39:01 -------- d-----w- C:\Program Files\CCleaner
2012-04-22 17:19:44 . 2012-04-22 17:19:44 -------- dc----w- C:\ProgramData\{589802B2-1BF3-4609-9ADE-CF6E6608D06D}
2012-04-22 15:55:31 . 2012-04-22 15:55:31 -------- d-----w- C:\Users\cyril\AppData\Roaming\Malwarebytes
2012-04-22 15:55:20 . 2012-04-22 15:55:20 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-22 15:55:16 . 2011-08-31 15:00:50 25416 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-04-22 15:55:15 . 2012-04-22 15:55:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-19 10:13:18 . 2012-04-23 20:36:32 -------- d-----w- C:\Windows\system32\wbem\repository
2012-04-12 14:57:34 . 2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\system32\ntoskrnl.exe
2012-04-12 14:57:33 . 2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-12 14:57:32 . 2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-12 14:55:45 . 2012-03-01 06:46:16 23408 ----a-w- C:\Windows\system32\drivers\fs_rec.sys
2012-04-12 14:55:45 . 2012-03-01 06:33:50 81408 ----a-w- C:\Windows\system32\imagehlp.dll
2012-04-12 14:55:45 . 2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 14:55:44 . 2012-03-01 06:38:27 220672 ----a-w- C:\Windows\system32\wintrust.dll
2012-04-12 14:55:44 . 2012-03-01 06:28:47 5120 ----a-w- C:\Windows\system32\wmi.dll
2012-04-12 14:55:44 . 2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-12 14:55:44 . 2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-09 13:21:38 . 2012-04-09 13:21:38 -------- d-----w- C:\Users\cyril\AppData\Roaming\WebPlayerBdd
2012-04-09 13:21:06 . 2012-04-09 13:21:06 -------- d-----w- C:\Kreapixel
2012-04-09 13:19:10 . 2012-04-09 13:19:22 -------- d-----w- C:\Program Files (x86)\Searchgo
2012-04-09 09:04:39 . 2012-04-09 09:04:39 -------- d-----w- C:\ProgramData\boost_interprocess
2012-04-09 09:04:38 . 2012-04-09 09:04:45 -------- d-----w- C:\Program Files (x86)\Searchqu Toolbar
2012-04-04 14:34:26 . 2012-04-04 14:35:45 -------- d-----w- C:\Users\cyril\cle usb
.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

2012-03-14 03:27:40 . 2012-04-19 10:24:59 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{778A5EFC-58E4-42D9-ADBD-81AB96DC30C7}\mpengine.dll
2012-02-23 08:18:36 . 2010-12-30 19:20:42 279656 ----a-w- C:\Windows\system32\MpSigStub.exe
2012-02-17 06:38:26 . 2012-03-13 17:08:46 1031680 ----a-w- C:\Windows\system32\rdpcore.dll
2012-02-17 05:34:22 . 2012-03-13 17:08:46 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 . 2012-03-13 17:08:46 210944 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
2012-02-17 04:57:32 . 2012-03-13 17:08:45 23552 ----a-w- C:\Windows\system32\drivers\tdtcp.sys
2012-02-10 06:36:07 . 2012-03-14 07:54:29 1544192 ----a-w- C:\Windows\system32\DWrite.dll
2012-02-10 05:38:43 . 2012-03-14 07:54:28 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-07 09:02:40 . 2012-02-07 09:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34:34 . 2012-03-14 07:54:31 3145728 ----a-w- C:\Windows\system32\win32k.sys
2012-01-25 06:38:39 . 2012-03-13 17:08:48 77312 ----a-w- C:\Windows\system32\rdpwsx.dll
2012-01-25 06:38:38 . 2012-03-13 17:08:48 149504 ----a-w- C:\Windows\system32\rdpcorekmts.dll
2012-01-25 06:33:30 . 2012-03-13 17:08:48 9216 ----a-w- C:\Windows\system32\rdrmemptylst.exe

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{338c5d66-6b92-40a7-a216-9830d2e54103}"= "C:\Program Files (x86)\Searchgo\prxtbSear.dll" [2011-05-09 08:49:38 176936]

[HKEY_CLASSES_ROOT\clsid\{338c5d66-6b92-40a7-a216-9830d2e54103}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{338c5d66-6b92-40a7-a216-9830d2e54103}]
2011-05-09 08:49:38 176936 ----a-w- C:\Program Files (x86)\Searchgo\prxtbSear.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{338c5d66-6b92-40a7-a216-9830d2e54103}"= "C:\Program Files (x86)\Searchgo\prxtbSear.dll" [2011-05-09 08:49:38 176936]

[HKEY_CLASSES_ROOT\clsid\{338c5d66-6b92-40a7-a216-9830d2e54103}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-08 11:58:27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2009-11-25 02:39:54 469536]
"EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 09:12:12 976320]
"SSDMonitor"="C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 07:46:02 104408]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 10:55:28 937920]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 12:06:06 254696]

C:\Users\Tiphanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Notification de cadeaux MSN.lnk - C:\Users\cyril\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2011-3-6 135680]
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

C:\Users\cyril\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Notification de cadeaux MSN.lnk - C:\Users\cyril\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2011-3-6 135680]
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Configuration Utility.lnk - C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe [2010-10-31 499712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 12:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576]
R2 gupdate;Service Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02 10:44:03 135664]
R3 gupdatem;Service Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02 10:44:03 135664]
R3 RTL8187B;Carte réseau USB 2.0 Realtek RTL8187B sans fil 802.11b/g 54 Mbits/s;C:\Windows\system32\DRIVERS\RTL8187B.sys [x]
R3 RTL8192su;TRENDnet 300Mbps Wireless N USB Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 16:07:14 759048]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 10:55:28 64952]
S2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 09:38:58 1150496]
S2 PCSUService;PC Speed Up Service;C:\Program Files (x86)\Accelerer PC\PCSUService.exe [2011-10-24 17:25:58 235232]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 07:46:02 583640]
S2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 02:47:12 240160]
S2 WlanWpsSvc;WlanWpsSvc;C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe [2008-06-26 18:09:36 167936]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - WS2IFSL

Contenu du dossier 'Tâches planifiées'

2012-04-23 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02 10:44:20 . 2010-11-02 10:44:03]

2012-04-23 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-02 10:44:20 . 2010-11-02 10:44:03]

2012-04-23 C:\Windows\Tasks\RMSchedule.job
- C:\Program Files (x86)\Registry Mechanic\RegMech.exe [2010-12-26 20:43:23 . 2010-08-05 07:46:14]

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-17 12:47:38 9608224]
"OOTag"="C:\windows\oobeoffer\oobeoffer\ootag.exe" [2009-12-03 02:27:32 23072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll

------- Examen supplémentaire -------

uStart Page = hxxp://portail.free.fr/
uLocal Page = C:\Windows\system32\blank.htm
mStart Page = hxxp://www.google.fr
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-DLD.EXE - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-Adobe Shockwave Player - C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-2206202759-2939906336-3311746702-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

merci de mettre le sujet en résolu si c'est le cas par la suite ! :)
0
mack.bolan Messages postés 1732 Statut Membre 256
 
c'est le dernier
0
Réponse 36 / 37
Utilisateur anonyme
 
fais le menage

https://gen-hackman.kanak.fr/

====

bye
0
Réponse 37 / 37
mack.bolan Messages postés 1732 Statut Membre 256
 
ok je nettoie
MERCI SUPER BEAUCOUP !
je mettrais le poste en resolu des que
merci!
0
Précédent
  • 1
  • 2