Quelques lenteurs...

Résolu/Fermé
haku78 Messages postés 79 Date d'inscription mercredi 6 août 2008 Statut Membre Dernière intervention 30 avril 2012 - 24 avril 2012 à 00:46
 Utilisateur anonyme - 1 mai 2012 à 13:26
Bonjour,
Je reviens après quelques années sans soucis, vers les experts de l'informatique car mon pc portable Asus commence à patiner à certains moments. Quand ça se produit windows n'arrive pas à lancer le gestionnaire de tâches. En mode sans échec tout se passe bien. J'ai un autre compte utilisateur (PRO) qui lui rame beaucoup.
Merci d'avance pour votre aide en cette heure tardive.
J'ai lancé Malaware, il est en cours.

Ma configuration :
Asus notebook
Intel core i5
2.67Ghz
windows 7 service pack1

voici le rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:36:34, on 24/04/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\JBMARTIN\Downloads\hijackthis_telechargement_01net.exe
C:\Users\JBMARTIN\AppData\Local\Temp\01net\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?cobrand=asus.msn.com&ocid=ASUDHP&pc=ASU2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?cobrand=asus.msn.com&ocid=ASUDHP&pc=ASU2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

66 réponses

Utilisateur anonyme
24 avril 2012 à 10:07
salut je vois que depuis hier soir personne t'a pris en charge lol ^^

il faudrait qu'on fasse un scan plus approfondi car de nos jours hijackthis ne dit plus rien.

===

telecharge et enregistre Pre_Scan sur ton bureau :

http://forums-fec.be/gen-hackman/Pre_Scan.exe
http://general-changelog-team.fr/fr/downloads/viewdownload/41-outils-de-gen-hackman/52-pre-scan

Avertissement :Il y aura une extinction du bureau pendant le scan --> pas de panique.

une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan_la_date_et_l'heure.txt" sur le bureau.

si l'outil est relancé plusieurs fois , il te proposera un menu et qu'aucune option n'est demandée, lance l'option "Kill"

si l'outil est bloqué par l'infection utilise cette version avec extension .pif :

http://forums-fec.be/gen-hackman/Pre_Scan.pif

ou cette version renommée winlogon.exe :

http://forums-fec.be/gen-hackman/winlogon.exe

si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"

Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler

Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra sur le bureau en fin de scan


NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)

Heberge le rapport sur http://pjjoint.malekal.com puis donne le lien obtenu en echange sur le forum où tu te fais aider
2
haku78 Messages postés 79 Date d'inscription mercredi 6 août 2008 Statut Membre Dernière intervention 30 avril 2012
24 avril 2012 à 09:44
Trois fois rien du côté de Malaware.

J'ai fait du tri dans mon démarrage.

La défragmentation Windows bloque à 38% dans l'analyse du disque. C'est quoi le meilleur autre que Windows?

merci d'avance.
0
haku78 Messages postés 79 Date d'inscription mercredi 6 août 2008 Statut Membre Dernière intervention 30 avril 2012
24 avril 2012 à 14:32
Merci de te préoccuper de moi. ( de nous en fait car mon pc je l'utilise en classe avec les élèves)

J'ai essayé les deux premiers scans mais ça bloque. C'est écrit Réparation du registre et plus rien.

Je teste winlogon là
0
Utilisateur anonyme
24 avril 2012 à 14:42
reessaie en mode sans echec sinon
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
haku78 Messages postés 79 Date d'inscription mercredi 6 août 2008 Statut Membre Dernière intervention 30 avril 2012
24 avril 2012 à 16:21
Alors en mode sans échec il s'est lancé mais je n'ai aucun rapport sur le bureau au redémarrage c'est normal?
0
haku78 Messages postés 79 Date d'inscription mercredi 6 août 2008 Statut Membre Dernière intervention 30 avril 2012
24 avril 2012 à 16:38
La session "perso" qui a les droits admin et sous laquelle j'ai lancé le scan a l'air de mieux se porter par contre la session "pro" qui rame excessivement le fait toujours... ça met que l'application Windows a cessé de fonctionner, que je peux l'arrêter ou attendre qu'elle réponde à nouveau....
0
Utilisateur anonyme
24 avril 2012 à 17:16
tu es bien allé dans ta session en mode sans echec ?
0
haku78 Messages postés 79 Date d'inscription mercredi 6 août 2008 Statut Membre Dernière intervention 30 avril 2012
24 avril 2012 à 17:39
oui et quand je lance le scan dans la section qui bug et bien il n'y a aucune réaction...
0
Utilisateur anonyme
24 avril 2012 à 17:42
et ben le rapport est sur le bureau de la session où tu l'as lancé
0
haku78 Messages postés 79 Date d'inscription mercredi 6 août 2008 Statut Membre Dernière intervention 30 avril 2012
24 avril 2012 à 18:16
Je suis un boulet mais y a rien sur mon bureau...
Je vais refaire le scan...
0
haku78 Messages postés 79 Date d'inscription mercredi 6 août 2008 Statut Membre Dernière intervention 30 avril 2012
24 avril 2012 à 18:57
J'ai refait le scan. Le PC redémarre en mode normal et me propose de relancer Pre_scan. Mais si je fais Kill et bien il bloque sur réparation registre...

Voilà où j'en suis.
0
Utilisateur anonyme
24 avril 2012 à 19:43
retourne dans la session ou tu l'as lancé en mode sans echec et recupère le rapport
0
haku78 Messages postés 79 Date d'inscription mercredi 6 août 2008 Statut Membre Dernière intervention 30 avril 2012
24 avril 2012 à 21:39
Je suis désolé g3n-h@ckm@n y a un truc que je dois louper.

1- je vais dans ma session perso en mode sans échec je lance le scan
2- à la fin du scan le pc redémarre en mode normal
3- je retourne sur ma session perso, pre_scan demande à se relancer, je lui accorde.
4- le menu de pre_scan s'ouvre et si je refais kill lancer le scan ça bug sur réparation registre car nous sommes revenu en mode normal.
5- et sur le bureau de cette session je n'ai aucun rapport qui est apparu.
0
Utilisateur anonyme
24 avril 2012 à 23:08

/!\ ATTENTION SUIVRE A LA LETTRE CES INDICATIONS/!\

__________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================


▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur

Telecharge ici : Combofix

Avant d'utiliser ComboFix :

Si tu utilises AVG, IL FAUT IMPERATIVEMENT LE DESINSTALLER avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système.
La simple désactivation du résident n'est pas suffisante.
Télécharge le désinstalleur d'AVG sur ce lien : https://www.avg.com/fr-fr/avg-remover
Choisis la version adéquate (32 ou 64 bits)/!\

Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :

▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau

▶ Lance le

Une fenêtre apparait : clique sur "Disable"

▶ Fais redémarrer l'ordinateur si l'outil te le demande

Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"

_________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°


si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."


sur combofix renommé

¤¤¤¤¤¤¤¤¤¤ LAISSE-LE INSTALLER LA CONSOLE DE RECUPERATION S'IL TE LE DEMANDE ¤¤¤¤¤¤¤¤¤¤

▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!

▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.


▶▶▶ Si, après le redémarrage de votre pc par combofix, vous avez des erreurs "Clé marquée pour suppression" ou des soucis de connexion internet, redémarrez à nouveau votre ordinateur



0
haku78 Messages postés 79 Date d'inscription mercredi 6 août 2008 Statut Membre Dernière intervention 30 avril 2012
24 avril 2012 à 23:39
"Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message. "

Quand j'ai lu ça je me suis dit que le rapport pre_scan pouvait y être et bingo!

https://pjjoint.malekal.com/files.php?id=20120424_g9v14q13k8x11

encore merci pour ton aide.

j'attends ton analyse avant de me lancer dans combofix
0
Utilisateur anonyme
25 avril 2012 à 00:16
desinstalle java update 29

lance combofix
0
haku78 Messages postés 79 Date d'inscription mercredi 6 août 2008 Statut Membre Dernière intervention 30 avril 2012
25 avril 2012 à 00:54
ComboFix 12-04-24.02 - JBMARTIN 25/04/2012 0:32.1.4 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3949.2272 [GMT 2:00]
Lancé depuis: c:\users\JBMARTIN\Desktop\jb.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
c:\users\JBMARTIN\AppData\Roaming\Mozilla\Firefox\Profiles\gwqqpvfq.default\weave\toFetch
c:\users\JBMARTIN\AppData\Roaming\Mozilla\Firefox\Profiles\gwqqpvfq.default\weave\toFetch\clients.json
c:\users\JBMARTIN\AppData\Roaming\Mozilla\Firefox\Profiles\gwqqpvfq.default\weave\toFetch\tabs.json
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-03-24 au 2012-04-24 ))))))))))))))))))))))))))))))))))))
.
.
2012-04-24 20:23 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3666270-7C0A-4CCA-8DD1-4F38A9C9BBD5}\mpengine.dll
2012-04-24 11:24 . 2012-04-24 16:53 -------- d-----w- C:\Pre_Scan
2012-04-24 07:57 . 2012-04-24 07:57 -------- d-----w- c:\users\JBMARTIN\AppData\Roaming\Auslogics
2012-04-24 07:57 . 2012-04-24 07:57 -------- d-----w- c:\program files (x86)\Auslogics
2012-04-24 06:34 . 2012-04-24 06:34 -------- d-----w- c:\windows\fr
2012-04-24 06:32 . 2012-04-24 06:32 -------- d-----w- c:\windows\en
2012-04-24 06:32 . 2012-04-24 06:32 -------- d-----w- c:\windows\el
2012-04-24 06:31 . 2012-04-24 06:31 -------- d-----w- c:\windows\es
2012-04-24 06:31 . 2012-04-24 06:31 -------- d-----w- c:\windows\he
2012-04-24 06:31 . 2012-04-24 06:31 -------- d-----w- c:\windows\it
2012-04-24 06:31 . 2012-04-24 06:31 -------- d-----w- c:\windows\nl
2012-04-24 06:31 . 2012-04-24 06:31 -------- d-----w- c:\windows\de
2012-04-24 06:23 . 2012-03-08 16:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-04-24 06:22 . 2012-04-24 06:22 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-24 06:08 . 2012-04-24 06:08 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ab35fbc11cd21e001\DXSETUP.exe
2012-04-24 06:08 . 2012-04-24 06:08 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\abeae4561cd21e002\MeshBetaRemover.exe
2012-04-24 06:08 . 2012-04-24 06:08 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ab35fbc11cd21e001\dsetup32.dll
2012-04-24 06:08 . 2012-04-24 06:08 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ab35fbc11cd21e001\DSETUP.dll
2012-04-23 20:26 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-23 16:37 . 2012-04-24 11:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-23 16:37 . 2012-04-23 20:54 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-04-23 16:34 . 2012-04-23 16:34 -------- d-----w- c:\users\JBMARTIN\AppData\Roaming\Avira
2012-04-23 16:33 . 2012-04-23 23:15 -------- d-----w- c:\users\JBMARTIN\AppData\Roaming\GetRightToGo
2012-04-23 16:28 . 2012-04-23 16:28 -------- d-----w- c:\users\JBMARTIN\AppData\Roaming\Malwarebytes
2012-04-23 16:28 . 2012-04-23 20:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-23 16:28 . 2012-04-23 16:28 -------- d-----w- c:\programdata\Malwarebytes
2012-04-21 21:44 . 2012-04-23 23:21 -------- d-----w- c:\program files (x86)\Iminent
2012-04-14 08:47 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-14 08:47 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-14 07:49 . 2012-04-14 07:49 -------- d-----w- c:\windows\system32\SPReview
2012-04-14 07:47 . 2012-04-14 07:47 -------- d-----w- c:\windows\system32\EventProviders
2012-04-14 07:39 . 2012-04-14 07:39 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 06:06 . 2012-04-14 07:39 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-12 17:20 . 2012-02-28 06:49 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-04-12 17:20 . 2012-02-28 01:13 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-04-12 17:20 . 2012-02-28 06:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-12 17:20 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 17:20 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 17:20 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 17:19 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 17:19 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 17:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 17:19 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 17:19 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 17:19 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 17:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-05 15:43 . 2012-04-05 15:43 -------- d-----w- c:\users\JBMARTIN\AppData\Local\ASUS
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-24 19:29 . 2012-01-13 09:52 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-04-14 08:03 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-04-14 08:03 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-04-14 07:39 . 2011-07-26 20:58 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-08 16:50 . 2012-03-08 16:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 16:37 . 2012-03-08 16:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-26 02:13 . 2012-02-26 02:13 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-26 02:13 . 2012-02-26 02:13 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-26 02:13 . 2012-02-26 02:13 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-26 02:13 . 2012-02-26 02:13 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-26 02:13 . 2012-02-26 02:13 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-26 02:13 . 2012-02-26 02:13 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-26 02:13 . 2012-02-26 02:13 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-26 02:13 . 2012-02-26 02:13 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-26 02:13 . 2012-02-26 02:13 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-26 02:13 . 2012-02-26 02:13 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-26 02:13 . 2012-02-26 02:13 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-26 02:13 . 2012-02-26 02:13 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-26 02:13 . 2012-02-26 02:13 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-26 02:13 . 2012-02-26 02:13 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-26 02:13 . 2012-02-26 02:13 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-26 02:13 . 2012-02-26 02:13 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-26 02:13 . 2012-02-26 02:13 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-26 02:13 . 2012-02-26 02:13 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-26 02:13 . 2012-02-26 02:13 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-26 02:13 . 2012-02-26 02:13 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-26 02:13 . 2012-02-26 02:13 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-26 02:13 . 2012-02-26 02:13 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-26 02:13 . 2012-02-26 02:13 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-26 02:13 . 2012-02-26 02:13 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-26 02:13 . 2012-02-26 02:13 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-26 02:13 . 2012-02-26 02:13 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-26 02:13 . 2012-02-26 02:13 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-26 02:13 . 2012-02-26 02:13 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-26 02:13 . 2012-02-26 02:13 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-26 02:13 . 2012-02-26 02:13 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-26 02:13 . 2012-02-26 02:13 448512 ----a-w- c:\windows\system32\html.iec
2012-02-26 02:13 . 2012-02-26 02:13 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-26 02:13 . 2012-02-26 02:13 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-26 02:13 . 2012-02-26 02:13 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-23 08:18 . 2011-07-17 09:59 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 21:03 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 21:03 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 21:03 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 21:03 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 21:06 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 21:06 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 21:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-12 98304]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 1597440]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-02-04 281768]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\PRO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\JBMARTIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-1-12 548528]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2011-6-9 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnablELUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 135664]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-07-26 136360]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
Contenu du dossier 'Tâches planifiées'
.
2012-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 07:39]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 15:50]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 15:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\SysWOW64\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
FF - ProfilePath - c:\users\JBMARTIN\AppData\Roaming\Mozilla\Firefox\Profiles\gwqqpvfq.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2012-04-25 00:50:33
ComboFix-quarantined-files.txt 2012-04-24 22:50
.
Avant-CF: 63 592 202 240 octets libres
Après-CF: 63 333 982 208 octets libres
.
- - End Of File - - FF54BFC10B4F7B3E343FB9E70E81CCB1
0
Utilisateur anonyme
25 avril 2012 à 01:34

__________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
----------------------------------------------------------------------------


Toujours avec toutes les protections désactivées, fais ceci :

▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
KillAll::

ClearJavaCache::

File::
c:\windows\system32\acovcnt.exe

Folder::
c:\programdata\Spybot - Search & Destroy
c:\program files (x86)\Spybot - Search & Destroy
c:\program files (x86)\Iminent

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"=-

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]


------------------------------------------------------------------

▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes

▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix comme sur cette : illustration

▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt


0
haku78 Messages postés 79 Date d'inscription mercredi 6 août 2008 Statut Membre Dernière intervention 30 avril 2012
25 avril 2012 à 13:26
ComboFix 12-04-24.02 - JBMARTIN 25/04/2012 8:21.2.4 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3949.2458 [GMT 2:00]
Lancé depuis: c:\users\JBMARTIN\Desktop\jb.exe
Commutateurs utilisés :: c:\users\JBMARTIN\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\acovcnt.exe"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Iminent
c:\program files (x86)\Iminent\Iminent.InstallLog
c:\program files (x86)\Spybot - Search & Destroy
c:\program files (x86)\Spybot - Search & Destroy\advcheck.dll
c:\program files (x86)\Spybot - Search & Destroy\aports.dll
c:\program files (x86)\Spybot - Search & Destroy\blindman.exe
c:\program files (x86)\Spybot - Search & Destroy\Default configuration.ini
c:\program files (x86)\Spybot - Search & Destroy\DelZip179.dll
c:\program files (x86)\Spybot - Search & Destroy\Dummies\dummy.cd_clint.dll
c:\program files (x86)\Spybot - Search & Destroy\Dummies\dummy.dap.gif
c:\program files (x86)\Spybot - Search & Destroy\Dummies\dummy.data.xml
c:\program files (x86)\Spybot - Search & Destroy\Dummies\dummy.default.gif
c:\program files (x86)\Spybot - Search & Destroy\Dummies\dummy.related.htm
c:\program files (x86)\Spybot - Search & Destroy\Help\Brasil.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Cesky.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Deutsch.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\English.chm
c:\program files (x86)\Spybot - Search & Destroy\Help\English.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Espanol.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Francais.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Hellenic.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Italiano.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Japanese.license.ansi.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Japanese.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Korean.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Nederlands.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Polski.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Russkiy.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Slovensky.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Srpski.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Suomi.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Includes\Adware.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\AdwareC.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Browserpages.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\CLSIDs.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\Cookies.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Cookies.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\Dialer.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Dialer.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\DialerC.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Domains.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\HeavyDuty.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Hijackers.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\HijackersC.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\iPhone.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Keyloggers.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\KeyloggersC.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Logs.uts
c:\program files (x86)\Spybot - Search & Destroy\Includes\LSP.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\LSP.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\Malware.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\MalwareC.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\OperaPlugins.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\ProcWatch.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\PUPS.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\PUPSC.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\RegWatch.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\RegXLinks.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\Revision.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Revision.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\Searchpages.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\Security.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\SecurityC.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Services.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\Spybots.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\SpybotsC.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Spyware.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\SpywareC.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Startup.tnfo
c:\program files (x86)\Spybot - Search & Destroy\Includes\Targets.nfo
c:\program files (x86)\Spybot - Search & Destroy\Includes\Tracks.uti
c:\program files (x86)\Spybot - Search & Destroy\Includes\Trojans.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\TrojansC-02.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\TrojansC-03.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\TrojansC-04.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\TrojansC-05.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\TrojansC.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\TTLASSH.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\URL-Blacklist.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\X509White.sbs
c:\program files (x86)\Spybot - Search & Destroy\Languages\Afrikaans.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Arabic.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Azeri.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Bahasa Indonesia.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Belarusskiy.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Bosanski.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Brasil.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Bulgarski.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Catalan.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Cesky.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Chinese (simplified).sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Chinese (traditional).sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Dansk.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Deutsch.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Eesti.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\English.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Espanol.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Esperanto.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Euskera.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Farsi.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Francais.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Furlan.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Galego.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Hebrew.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Hellenic.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Hindi.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Hrvatski.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Islenska.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Italiano.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Japanese.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Korean.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Latvian.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Letzebuergesch.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Lietuviu.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Magyar.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Makedonski.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Melayu.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Nederlands.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Norsk.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Polski.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Portugues.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Romaneste.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Russkiy.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Shqip.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Slovenscina.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Slovensky.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Srpski.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Suomi.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Svenska.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Thai.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Turkce.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Ukrainian.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Uzbek.sbl
c:\program files (x86)\Spybot - Search & Destroy\messages.zres
c:\program files (x86)\Spybot - Search & Destroy\OptOut.ini
c:\program files (x86)\Spybot - Search & Destroy\Plugins\Chai.dll
c:\program files (x86)\Spybot - Search & Destroy\Plugins\Fennel.dll
c:\program files (x86)\Spybot - Search & Destroy\Plugins\Mate.dll
c:\program files (x86)\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll
c:\program files (x86)\Spybot - Search & Destroy\QDTNDRIKZC.scr
c:\program files (x86)\Spybot - Search & Destroy\REVNOVFRDBA.scr
c:\program files (x86)\Spybot - Search & Destroy\SDFiles.exe
c:\program files (x86)\Spybot - Search & Destroy\SDHelper.dll
c:\program files (x86)\Spybot - Search & Destroy\SDMain.exe
c:\program files (x86)\Spybot - Search & Destroy\SDShred.exe
c:\program files (x86)\Spybot - Search & Destroy\SDUpdate.exe
c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\program files (x86)\Spybot - Search & Destroy\Skins\Colorblind.ini
c:\program files (x86)\Spybot - Search & Destroy\Skins\Italia.ini
c:\program files (x86)\Spybot - Search & Destroy\Skins\Italia.jpg
c:\program files (x86)\Spybot - Search & Destroy\Skins\Peace.ini
c:\program files (x86)\Spybot - Search & Destroy\Skins\Peace.jpg
c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe
c:\program files (x86)\Spybot - Search & Destroy\sqlite3.dll
c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe
c:\program files (x86)\Spybot - Search & Destroy\Tools.dll
c:\program files (x86)\Spybot - Search & Destroy\unins000.dat
c:\program files (x86)\Spybot - Search & Destroy\unins000.exe
c:\program files (x86)\Spybot - Search & Destroy\unins000.msg
c:\program files (x86)\Spybot - Search & Destroy\UninsSrv.dll
c:\program files (x86)\Spybot - Search & Destroy\Update.exe
c:\program files (x86)\Spybot - Search & Destroy\Updates\advcheck165.exe
c:\program files (x86)\Spybot - Search & Destroy\Updates\advcheck165.zip
c:\program files (x86)\Spybot - Search & Destroy\Updates\clsid.zip
c:\program files (x86)\Spybot - Search & Destroy\Updates\downloaded.ini
c:\program files (x86)\Spybot - Search & Destroy\Updates\online.ini
c:\program files (x86)\Spybot - Search & Destroy\Updates\online.ini.uiz
c:\program files (x86)\Spybot - Search & Destroy\Updates\teatimer166.exe
c:\program files (x86)\Spybot - Search & Destroy\Updates\teatimer166.zip
c:\program files (x86)\Spybot - Search & Destroy\WDPVEAP.scr
c:\program files (x86)\Spybot - Search & Destroy\WHNYLR.scr
c:\programdata\Spybot - Search & Destroy
c:\programdata\Spybot - Search & Destroy\Configuration.ini
c:\programdata\Spybot - Search & Destroy\Excludes\Bots.sbe
c:\programdata\Spybot - Search & Destroy\Excludes\Cookies.sbe
c:\programdata\Spybot - Search & Destroy\Excludes\FileExt.sbe
c:\programdata\Spybot - Search & Destroy\Excludes\Links.sbe
c:\programdata\Spybot - Search & Destroy\Excludes\Single.sbe
c:\programdata\Spybot - Search & Destroy\Excludes\SystemInternals.sbe
c:\programdata\Spybot - Search & Destroy\Excludes\UpdateDL.sbe
c:\programdata\Spybot - Search & Destroy\Excludes\WaitFor.sbe
c:\programdata\Spybot - Search & Destroy\Immunization.ini
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar1.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar10.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar11.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar12.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar13.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar14.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar15.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar16.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar17.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar18.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar19.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar20.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar21.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar22.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar23.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar24.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar25.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar26.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar27.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar3.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar4.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar5.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar6.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar7.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar8.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar9.zip
c:\windows\system32\acovcnt.exe
.
Une copie infectée de c:\windows\SysWow64\userinit.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\ERDNT\cache86\userinit.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-03-25 au 2012-04-25 ))))))))))))))))))))))))))))))))))))
.
.
2012-04-25 11:08 . 2012-04-25 11:08 -------- d-----w- c:\users\PRO\AppData\Local\temp
2012-04-25 11:08 . 2012-04-25 11:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-24 22:38 . 2012-04-24 22:38 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3666270-7C0A-4CCA-8DD1-4F38A9C9BBD5}\offreg.dll
2012-04-24 20:23 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3666270-7C0A-4CCA-8DD1-4F38A9C9BBD5}\mpengine.dll
2012-04-24 11:24 . 2012-04-24 16:53 -------- d-----w- C:\Pre_Scan
2012-04-24 07:57 . 2012-04-24 07:57 -------- d-----w- c:\users\JBMARTIN\AppData\Roaming\Auslogics
2012-04-24 07:57 . 2012-04-24 07:57 -------- d-----w- c:\program files (x86)\Auslogics
2012-04-24 06:34 . 2012-04-24 06:34 -------- d-----w- c:\windows\fr
2012-04-24 06:32 . 2012-04-24 06:32 -------- d-----w- c:\windows\en
2012-04-24 06:32 . 2012-04-24 06:32 -------- d-----w- c:\windows\el
2012-04-24 06:31 . 2012-04-24 06:31 -------- d-----w- c:\windows\es
2012-04-24 06:31 . 2012-04-24 06:31 -------- d-----w- c:\windows\he
2012-04-24 06:31 . 2012-04-24 06:31 -------- d-----w- c:\windows\it
2012-04-24 06:31 . 2012-04-24 06:31 -------- d-----w- c:\windows\nl
2012-04-24 06:31 . 2012-04-24 06:31 -------- d-----w- c:\windows\de
2012-04-24 06:23 . 2012-03-08 16:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-04-24 06:22 . 2012-04-24 06:22 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-24 06:08 . 2012-04-24 06:08 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ab35fbc11cd21e001\DXSETUP.exe
2012-04-24 06:08 . 2012-04-24 06:08 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\abeae4561cd21e002\MeshBetaRemover.exe
2012-04-24 06:08 . 2012-04-24 06:08 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ab35fbc11cd21e001\dsetup32.dll
2012-04-24 06:08 . 2012-04-24 06:08 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ab35fbc11cd21e001\DSETUP.dll
2012-04-23 20:26 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-23 16:34 . 2012-04-23 16:34 -------- d-----w- c:\users\JBMARTIN\AppData\Roaming\Avira
2012-04-23 16:33 . 2012-04-23 23:15 -------- d-----w- c:\users\JBMARTIN\AppData\Roaming\GetRightToGo
2012-04-23 16:28 . 2012-04-23 16:28 -------- d-----w- c:\users\JBMARTIN\AppData\Roaming\Malwarebytes
2012-04-23 16:28 . 2012-04-23 20:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-23 16:28 . 2012-04-23 16:28 -------- d-----w- c:\programdata\Malwarebytes
2012-04-14 08:47 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-14 08:47 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-14 07:49 . 2012-04-14 07:49 -------- d-----w- c:\windows\system32\SPReview
2012-04-14 07:47 . 2012-04-14 07:47 -------- d-----w- c:\windows\system32\EventProviders
2012-04-14 07:39 . 2012-04-14 07:39 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 06:06 . 2012-04-14 07:39 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-12 17:20 . 2012-02-28 06:49 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-04-12 17:20 . 2012-02-28 01:13 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-04-12 17:20 . 2012-02-28 06:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-12 17:20 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 17:20 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 17:20 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 17:19 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 17:19 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 17:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 17:19 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 17:19 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 17:19 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 17:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-05 15:43 . 2012-04-05 15:43 -------- d-----w- c:\users\JBMARTIN\AppData\Local\ASUS
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 08:03 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-04-14 08:03 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-04-14 07:39 . 2011-07-26 20:58 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-08 16:50 . 2012-03-08 16:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 16:37 . 2012-03-08 16:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-26 02:13 . 2012-02-26 02:13 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-26 02:13 . 2012-02-26 02:13 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-26 02:13 . 2012-02-26 02:13 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-26 02:13 . 2012-02-26 02:13 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-26 02:13 . 2012-02-26 02:13 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-26 02:13 . 2012-02-26 02:13 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-26 02:13 . 2012-02-26 02:13 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-26 02:13 . 2012-02-26 02:13 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-26 02:13 . 2012-02-26 02:13 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-26 02:13 . 2012-02-26 02:13 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-26 02:13 . 2012-02-26 02:13 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-26 02:13 . 2012-02-26 02:13 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-26 02:13 . 2012-02-26 02:13 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-26 02:13 . 2012-02-26 02:13 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-26 02:13 . 2012-02-26 02:13 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-26 02:13 . 2012-02-26 02:13 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-26 02:13 . 2012-02-26 02:13 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-26 02:13 . 2012-02-26 02:13 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-26 02:13 . 2012-02-26 02:13 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-26 02:13 . 2012-02-26 02:13 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-26 02:13 . 2012-02-26 02:13 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-26 02:13 . 2012-02-26 02:13 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-26 02:13 . 2012-02-26 02:13 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-26 02:13 . 2012-02-26 02:13 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-26 02:13 . 2012-02-26 02:13 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-26 02:13 . 2012-02-26 02:13 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-26 02:13 . 2012-02-26 02:13 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-26 02:13 . 2012-02-26 02:13 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-26 02:13 . 2012-02-26 02:13 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-26 02:13 . 2012-02-26 02:13 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-26 02:13 . 2012-02-26 02:13 448512 ----a-w- c:\windows\system32\html.iec
2012-02-26 02:13 . 2012-02-26 02:13 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-26 02:13 . 2012-02-26 02:13 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-26 02:13 . 2012-02-26 02:13 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-23 08:18 . 2011-07-17 09:59 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 21:03 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 21:03 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 21:03 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 21:03 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 21:06 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 21:06 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 21:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-24_22.41.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-04-25 06:12 35220 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-07-15 15:58 . 2012-04-24 20:19 7944 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2795626641-3094803326-748952498-1001_UserData.bin
+ 2011-07-15 15:58 . 2012-04-25 06:12 7944 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2795626641-3094803326-748952498-1001_UserData.bin
- 2012-04-24 20:17 . 2012-04-24 20:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-25 11:09 . 2012-04-25 11:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-24 20:17 . 2012-04-24 20:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-25 11:09 . 2012-04-25 11:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-15 18:25 . 2012-04-25 06:50 258536 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-04-25 11:08 . 2012-04-25 11:08 151992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-04-24 11:15 284664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-25 11:08 284664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-25 11:08 . 2012-04-25 11:08 285432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2795626641-3094803326-748952498-1001-12288.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-12 98304]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 1597440]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-02-04 281768]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\PRO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\JBMARTIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-1-12 548528]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2011-6-9 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnablELUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 135664]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-07-26 136360]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
Contenu du dossier 'Tâches planifiées'
.
2012-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 07:39]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 15:50]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 15:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\SysWOW64\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
FF - ProfilePath - c:\users\JBMARTIN\AppData\Roaming\Mozilla\Firefox\Profiles\gwqqpvfq.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - c:\program files (x86)\Spybot - Search & Destroy\unins000.exe
.
.
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
.
**************************************************************************
.
Heure de fin: 2012-04-25 13:15:03 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-04-25 11:15
ComboFix2.txt 2012-04-24 22:50
.
Avant-CF: 63 329 705 984 octets libres
Après-CF: 63 262 212 096 octets libres
.
- - End Of File - - 6E4585322DAD41B3C14FD9E966BF1AF9
0
haku78 Messages postés 79 Date d'inscription mercredi 6 août 2008 Statut Membre Dernière intervention 30 avril 2012
25 avril 2012 à 14:58
Aucune amélioration du côté de ma session "pro"...
Dois je lancer combofix à partir de celle-ci en mode sans échec?
0