Quelques lenteurs...
Résolu/Fermé
haku78
Messages postés
79
Date d'inscription
mercredi 6 août 2008
Statut
Membre
Dernière intervention
30 avril 2012
-
24 avril 2012 à 00:46
Utilisateur anonyme - 1 mai 2012 à 13:26
Utilisateur anonyme - 1 mai 2012 à 13:26
66 réponses
Utilisateur anonyme
24 avril 2012 à 10:07
24 avril 2012 à 10:07
salut je vois que depuis hier soir personne t'a pris en charge lol ^^
il faudrait qu'on fasse un scan plus approfondi car de nos jours hijackthis ne dit plus rien.
===
telecharge et enregistre Pre_Scan sur ton bureau :
http://forums-fec.be/gen-hackman/Pre_Scan.exe
http://general-changelog-team.fr/fr/downloads/viewdownload/41-outils-de-gen-hackman/52-pre-scan
Avertissement :Il y aura une extinction du bureau pendant le scan --> pas de panique.
une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan_la_date_et_l'heure.txt" sur le bureau.
si l'outil est relancé plusieurs fois , il te proposera un menu et qu'aucune option n'est demandée, lance l'option "Kill"
si l'outil est bloqué par l'infection utilise cette version avec extension .pif :
http://forums-fec.be/gen-hackman/Pre_Scan.pif
ou cette version renommée winlogon.exe :
http://forums-fec.be/gen-hackman/winlogon.exe
si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"
Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler
Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra sur le bureau en fin de scan
NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)
Heberge le rapport sur http://pjjoint.malekal.com puis donne le lien obtenu en echange sur le forum où tu te fais aider
il faudrait qu'on fasse un scan plus approfondi car de nos jours hijackthis ne dit plus rien.
===
telecharge et enregistre Pre_Scan sur ton bureau :
http://forums-fec.be/gen-hackman/Pre_Scan.exe
http://general-changelog-team.fr/fr/downloads/viewdownload/41-outils-de-gen-hackman/52-pre-scan
Avertissement :Il y aura une extinction du bureau pendant le scan --> pas de panique.
une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan_la_date_et_l'heure.txt" sur le bureau.
si l'outil est relancé plusieurs fois , il te proposera un menu et qu'aucune option n'est demandée, lance l'option "Kill"
si l'outil est bloqué par l'infection utilise cette version avec extension .pif :
http://forums-fec.be/gen-hackman/Pre_Scan.pif
ou cette version renommée winlogon.exe :
http://forums-fec.be/gen-hackman/winlogon.exe
si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"
Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler
Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra sur le bureau en fin de scan
NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)
Heberge le rapport sur http://pjjoint.malekal.com puis donne le lien obtenu en echange sur le forum où tu te fais aider
haku78
Messages postés
79
Date d'inscription
mercredi 6 août 2008
Statut
Membre
Dernière intervention
30 avril 2012
24 avril 2012 à 09:44
24 avril 2012 à 09:44
Trois fois rien du côté de Malaware.
J'ai fait du tri dans mon démarrage.
La défragmentation Windows bloque à 38% dans l'analyse du disque. C'est quoi le meilleur autre que Windows?
merci d'avance.
J'ai fait du tri dans mon démarrage.
La défragmentation Windows bloque à 38% dans l'analyse du disque. C'est quoi le meilleur autre que Windows?
merci d'avance.
haku78
Messages postés
79
Date d'inscription
mercredi 6 août 2008
Statut
Membre
Dernière intervention
30 avril 2012
24 avril 2012 à 14:32
24 avril 2012 à 14:32
Merci de te préoccuper de moi. ( de nous en fait car mon pc je l'utilise en classe avec les élèves)
J'ai essayé les deux premiers scans mais ça bloque. C'est écrit Réparation du registre et plus rien.
Je teste winlogon là
J'ai essayé les deux premiers scans mais ça bloque. C'est écrit Réparation du registre et plus rien.
Je teste winlogon là
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
haku78
Messages postés
79
Date d'inscription
mercredi 6 août 2008
Statut
Membre
Dernière intervention
30 avril 2012
24 avril 2012 à 16:21
24 avril 2012 à 16:21
Alors en mode sans échec il s'est lancé mais je n'ai aucun rapport sur le bureau au redémarrage c'est normal?
haku78
Messages postés
79
Date d'inscription
mercredi 6 août 2008
Statut
Membre
Dernière intervention
30 avril 2012
24 avril 2012 à 16:38
24 avril 2012 à 16:38
La session "perso" qui a les droits admin et sous laquelle j'ai lancé le scan a l'air de mieux se porter par contre la session "pro" qui rame excessivement le fait toujours... ça met que l'application Windows a cessé de fonctionner, que je peux l'arrêter ou attendre qu'elle réponde à nouveau....
haku78
Messages postés
79
Date d'inscription
mercredi 6 août 2008
Statut
Membre
Dernière intervention
30 avril 2012
24 avril 2012 à 17:39
24 avril 2012 à 17:39
oui et quand je lance le scan dans la section qui bug et bien il n'y a aucune réaction...
Utilisateur anonyme
24 avril 2012 à 17:42
24 avril 2012 à 17:42
et ben le rapport est sur le bureau de la session où tu l'as lancé
haku78
Messages postés
79
Date d'inscription
mercredi 6 août 2008
Statut
Membre
Dernière intervention
30 avril 2012
24 avril 2012 à 18:16
24 avril 2012 à 18:16
Je suis un boulet mais y a rien sur mon bureau...
Je vais refaire le scan...
Je vais refaire le scan...
haku78
Messages postés
79
Date d'inscription
mercredi 6 août 2008
Statut
Membre
Dernière intervention
30 avril 2012
24 avril 2012 à 18:57
24 avril 2012 à 18:57
J'ai refait le scan. Le PC redémarre en mode normal et me propose de relancer Pre_scan. Mais si je fais Kill et bien il bloque sur réparation registre...
Voilà où j'en suis.
Voilà où j'en suis.
Utilisateur anonyme
24 avril 2012 à 19:43
24 avril 2012 à 19:43
retourne dans la session ou tu l'as lancé en mode sans echec et recupère le rapport
haku78
Messages postés
79
Date d'inscription
mercredi 6 août 2008
Statut
Membre
Dernière intervention
30 avril 2012
24 avril 2012 à 21:39
24 avril 2012 à 21:39
Je suis désolé g3n-h@ckm@n y a un truc que je dois louper.
1- je vais dans ma session perso en mode sans échec je lance le scan
2- à la fin du scan le pc redémarre en mode normal
3- je retourne sur ma session perso, pre_scan demande à se relancer, je lui accorde.
4- le menu de pre_scan s'ouvre et si je refais kill lancer le scan ça bug sur réparation registre car nous sommes revenu en mode normal.
5- et sur le bureau de cette session je n'ai aucun rapport qui est apparu.
1- je vais dans ma session perso en mode sans échec je lance le scan
2- à la fin du scan le pc redémarre en mode normal
3- je retourne sur ma session perso, pre_scan demande à se relancer, je lui accorde.
4- le menu de pre_scan s'ouvre et si je refais kill lancer le scan ça bug sur réparation registre car nous sommes revenu en mode normal.
5- et sur le bureau de cette session je n'ai aucun rapport qui est apparu.
Utilisateur anonyme
24 avril 2012 à 23:08
24 avril 2012 à 23:08
/!\ ATTENTION SUIVRE A LA LETTRE CES INDICATIONS/!\
__________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================
▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur
Telecharge ici : Combofix
Avant d'utiliser ComboFix :
Si tu utilises AVG, IL FAUT IMPERATIVEMENT LE DESINSTALLER avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système.
La simple désactivation du résident n'est pas suffisante.
Télécharge le désinstalleur d'AVG sur ce lien : https://www.avg.com/fr-fr/avg-remover
Choisis la version adéquate (32 ou 64 bits)/!\
Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :
▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau
▶ Lance le
Une fenêtre apparait : clique sur "Disable"
▶ Fais redémarrer l'ordinateur si l'outil te le demande
Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"
_________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur combofix renommé
¤¤¤¤¤¤¤¤¤¤ LAISSE-LE INSTALLER LA CONSOLE DE RECUPERATION S'IL TE LE DEMANDE ¤¤¤¤¤¤¤¤¤¤
▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!
▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
▶▶▶ Si, après le redémarrage de votre pc par combofix, vous avez des erreurs "Clé marquée pour suppression" ou des soucis de connexion internet, redémarrez à nouveau votre ordinateur
haku78
Messages postés
79
Date d'inscription
mercredi 6 août 2008
Statut
Membre
Dernière intervention
30 avril 2012
24 avril 2012 à 23:39
24 avril 2012 à 23:39
"Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message. "
Quand j'ai lu ça je me suis dit que le rapport pre_scan pouvait y être et bingo!
https://pjjoint.malekal.com/files.php?id=20120424_g9v14q13k8x11
encore merci pour ton aide.
j'attends ton analyse avant de me lancer dans combofix
Quand j'ai lu ça je me suis dit que le rapport pre_scan pouvait y être et bingo!
https://pjjoint.malekal.com/files.php?id=20120424_g9v14q13k8x11
encore merci pour ton aide.
j'attends ton analyse avant de me lancer dans combofix
haku78
Messages postés
79
Date d'inscription
mercredi 6 août 2008
Statut
Membre
Dernière intervention
30 avril 2012
25 avril 2012 à 00:54
25 avril 2012 à 00:54
ComboFix 12-04-24.02 - JBMARTIN 25/04/2012 0:32.1.4 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3949.2272 [GMT 2:00]
Lancé depuis: c:\users\JBMARTIN\Desktop\jb.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
c:\users\JBMARTIN\AppData\Roaming\Mozilla\Firefox\Profiles\gwqqpvfq.default\weave\toFetch
c:\users\JBMARTIN\AppData\Roaming\Mozilla\Firefox\Profiles\gwqqpvfq.default\weave\toFetch\clients.json
c:\users\JBMARTIN\AppData\Roaming\Mozilla\Firefox\Profiles\gwqqpvfq.default\weave\toFetch\tabs.json
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-03-24 au 2012-04-24 ))))))))))))))))))))))))))))))))))))
.
.
2012-04-24 20:23 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3666270-7C0A-4CCA-8DD1-4F38A9C9BBD5}\mpengine.dll
2012-04-24 11:24 . 2012-04-24 16:53 -------- d-----w- C:\Pre_Scan
2012-04-24 07:57 . 2012-04-24 07:57 -------- d-----w- c:\users\JBMARTIN\AppData\Roaming\Auslogics
2012-04-24 07:57 . 2012-04-24 07:57 -------- d-----w- c:\program files (x86)\Auslogics
2012-04-24 06:34 . 2012-04-24 06:34 -------- d-----w- c:\windows\fr
2012-04-24 06:32 . 2012-04-24 06:32 -------- d-----w- c:\windows\en
2012-04-24 06:32 . 2012-04-24 06:32 -------- d-----w- c:\windows\el
2012-04-24 06:31 . 2012-04-24 06:31 -------- d-----w- c:\windows\es
2012-04-24 06:31 . 2012-04-24 06:31 -------- d-----w- c:\windows\he
2012-04-24 06:31 . 2012-04-24 06:31 -------- d-----w- c:\windows\it
2012-04-24 06:31 . 2012-04-24 06:31 -------- d-----w- c:\windows\nl
2012-04-24 06:31 . 2012-04-24 06:31 -------- d-----w- c:\windows\de
2012-04-24 06:23 . 2012-03-08 16:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-04-24 06:22 . 2012-04-24 06:22 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-24 06:08 . 2012-04-24 06:08 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ab35fbc11cd21e001\DXSETUP.exe
2012-04-24 06:08 . 2012-04-24 06:08 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\abeae4561cd21e002\MeshBetaRemover.exe
2012-04-24 06:08 . 2012-04-24 06:08 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ab35fbc11cd21e001\dsetup32.dll
2012-04-24 06:08 . 2012-04-24 06:08 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ab35fbc11cd21e001\DSETUP.dll
2012-04-23 20:26 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-23 16:37 . 2012-04-24 11:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-23 16:37 . 2012-04-23 20:54 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-04-23 16:34 . 2012-04-23 16:34 -------- d-----w- c:\users\JBMARTIN\AppData\Roaming\Avira
2012-04-23 16:33 . 2012-04-23 23:15 -------- d-----w- c:\users\JBMARTIN\AppData\Roaming\GetRightToGo
2012-04-23 16:28 . 2012-04-23 16:28 -------- d-----w- c:\users\JBMARTIN\AppData\Roaming\Malwarebytes
2012-04-23 16:28 . 2012-04-23 20:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-23 16:28 . 2012-04-23 16:28 -------- d-----w- c:\programdata\Malwarebytes
2012-04-21 21:44 . 2012-04-23 23:21 -------- d-----w- c:\program files (x86)\Iminent
2012-04-14 08:47 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-14 08:47 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-14 07:49 . 2012-04-14 07:49 -------- d-----w- c:\windows\system32\SPReview
2012-04-14 07:47 . 2012-04-14 07:47 -------- d-----w- c:\windows\system32\EventProviders
2012-04-14 07:39 . 2012-04-14 07:39 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 06:06 . 2012-04-14 07:39 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-12 17:20 . 2012-02-28 06:49 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-04-12 17:20 . 2012-02-28 01:13 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-04-12 17:20 . 2012-02-28 06:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-12 17:20 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 17:20 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 17:20 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 17:19 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 17:19 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 17:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 17:19 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 17:19 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 17:19 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 17:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-05 15:43 . 2012-04-05 15:43 -------- d-----w- c:\users\JBMARTIN\AppData\Local\ASUS
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-24 19:29 . 2012-01-13 09:52 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-04-14 08:03 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-04-14 08:03 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-04-14 07:39 . 2011-07-26 20:58 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-08 16:50 . 2012-03-08 16:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 16:37 . 2012-03-08 16:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-26 02:13 . 2012-02-26 02:13 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-26 02:13 . 2012-02-26 02:13 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-26 02:13 . 2012-02-26 02:13 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-26 02:13 . 2012-02-26 02:13 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-26 02:13 . 2012-02-26 02:13 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-26 02:13 . 2012-02-26 02:13 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-26 02:13 . 2012-02-26 02:13 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-26 02:13 . 2012-02-26 02:13 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-26 02:13 . 2012-02-26 02:13 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-26 02:13 . 2012-02-26 02:13 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-26 02:13 . 2012-02-26 02:13 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-26 02:13 . 2012-02-26 02:13 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-26 02:13 . 2012-02-26 02:13 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-26 02:13 . 2012-02-26 02:13 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-26 02:13 . 2012-02-26 02:13 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-26 02:13 . 2012-02-26 02:13 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-26 02:13 . 2012-02-26 02:13 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-26 02:13 . 2012-02-26 02:13 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-26 02:13 . 2012-02-26 02:13 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-26 02:13 . 2012-02-26 02:13 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-26 02:13 . 2012-02-26 02:13 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-26 02:13 . 2012-02-26 02:13 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-26 02:13 . 2012-02-26 02:13 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-26 02:13 . 2012-02-26 02:13 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-26 02:13 . 2012-02-26 02:13 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-26 02:13 . 2012-02-26 02:13 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-26 02:13 . 2012-02-26 02:13 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-26 02:13 . 2012-02-26 02:13 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-26 02:13 . 2012-02-26 02:13 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-26 02:13 . 2012-02-26 02:13 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-26 02:13 . 2012-02-26 02:13 448512 ----a-w- c:\windows\system32\html.iec
2012-02-26 02:13 . 2012-02-26 02:13 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-26 02:13 . 2012-02-26 02:13 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-26 02:13 . 2012-02-26 02:13 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-23 08:18 . 2011-07-17 09:59 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 21:03 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 21:03 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 21:03 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 21:03 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 21:06 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 21:06 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 21:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-12 98304]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 1597440]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-02-04 281768]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\PRO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\JBMARTIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-1-12 548528]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2011-6-9 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnablELUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 135664]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-07-26 136360]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
Contenu du dossier 'Tâches planifiées'
.
2012-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 07:39]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 15:50]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 15:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\SysWOW64\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
FF - ProfilePath - c:\users\JBMARTIN\AppData\Roaming\Mozilla\Firefox\Profiles\gwqqpvfq.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2012-04-25 00:50:33
ComboFix-quarantined-files.txt 2012-04-24 22:50
.
Avant-CF: 63 592 202 240 octets libres
Après-CF: 63 333 982 208 octets libres
.
- - End Of File - - FF54BFC10B4F7B3E343FB9E70E81CCB1
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3949.2272 [GMT 2:00]
Lancé depuis: c:\users\JBMARTIN\Desktop\jb.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
c:\users\JBMARTIN\AppData\Roaming\Mozilla\Firefox\Profiles\gwqqpvfq.default\weave\toFetch
c:\users\JBMARTIN\AppData\Roaming\Mozilla\Firefox\Profiles\gwqqpvfq.default\weave\toFetch\clients.json
c:\users\JBMARTIN\AppData\Roaming\Mozilla\Firefox\Profiles\gwqqpvfq.default\weave\toFetch\tabs.json
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-03-24 au 2012-04-24 ))))))))))))))))))))))))))))))))))))
.
.
2012-04-24 20:23 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3666270-7C0A-4CCA-8DD1-4F38A9C9BBD5}\mpengine.dll
2012-04-24 11:24 . 2012-04-24 16:53 -------- d-----w- C:\Pre_Scan
2012-04-24 07:57 . 2012-04-24 07:57 -------- d-----w- c:\users\JBMARTIN\AppData\Roaming\Auslogics
2012-04-24 07:57 . 2012-04-24 07:57 -------- d-----w- c:\program files (x86)\Auslogics
2012-04-24 06:34 . 2012-04-24 06:34 -------- d-----w- c:\windows\fr
2012-04-24 06:32 . 2012-04-24 06:32 -------- d-----w- c:\windows\en
2012-04-24 06:32 . 2012-04-24 06:32 -------- d-----w- c:\windows\el
2012-04-24 06:31 . 2012-04-24 06:31 -------- d-----w- c:\windows\es
2012-04-24 06:31 . 2012-04-24 06:31 -------- d-----w- c:\windows\he
2012-04-24 06:31 . 2012-04-24 06:31 -------- d-----w- c:\windows\it
2012-04-24 06:31 . 2012-04-24 06:31 -------- d-----w- c:\windows\nl
2012-04-24 06:31 . 2012-04-24 06:31 -------- d-----w- c:\windows\de
2012-04-24 06:23 . 2012-03-08 16:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-04-24 06:22 . 2012-04-24 06:22 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-24 06:08 . 2012-04-24 06:08 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ab35fbc11cd21e001\DXSETUP.exe
2012-04-24 06:08 . 2012-04-24 06:08 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\abeae4561cd21e002\MeshBetaRemover.exe
2012-04-24 06:08 . 2012-04-24 06:08 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ab35fbc11cd21e001\dsetup32.dll
2012-04-24 06:08 . 2012-04-24 06:08 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ab35fbc11cd21e001\DSETUP.dll
2012-04-23 20:26 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-23 16:37 . 2012-04-24 11:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-23 16:37 . 2012-04-23 20:54 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-04-23 16:34 . 2012-04-23 16:34 -------- d-----w- c:\users\JBMARTIN\AppData\Roaming\Avira
2012-04-23 16:33 . 2012-04-23 23:15 -------- d-----w- c:\users\JBMARTIN\AppData\Roaming\GetRightToGo
2012-04-23 16:28 . 2012-04-23 16:28 -------- d-----w- c:\users\JBMARTIN\AppData\Roaming\Malwarebytes
2012-04-23 16:28 . 2012-04-23 20:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-23 16:28 . 2012-04-23 16:28 -------- d-----w- c:\programdata\Malwarebytes
2012-04-21 21:44 . 2012-04-23 23:21 -------- d-----w- c:\program files (x86)\Iminent
2012-04-14 08:47 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-14 08:47 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-14 07:49 . 2012-04-14 07:49 -------- d-----w- c:\windows\system32\SPReview
2012-04-14 07:47 . 2012-04-14 07:47 -------- d-----w- c:\windows\system32\EventProviders
2012-04-14 07:39 . 2012-04-14 07:39 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 06:06 . 2012-04-14 07:39 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-12 17:20 . 2012-02-28 06:49 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-04-12 17:20 . 2012-02-28 01:13 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-04-12 17:20 . 2012-02-28 06:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-12 17:20 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 17:20 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 17:20 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 17:19 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 17:19 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 17:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 17:19 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 17:19 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 17:19 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 17:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-05 15:43 . 2012-04-05 15:43 -------- d-----w- c:\users\JBMARTIN\AppData\Local\ASUS
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-24 19:29 . 2012-01-13 09:52 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-04-14 08:03 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-04-14 08:03 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-04-14 07:39 . 2011-07-26 20:58 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-08 16:50 . 2012-03-08 16:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 16:37 . 2012-03-08 16:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-26 02:13 . 2012-02-26 02:13 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-26 02:13 . 2012-02-26 02:13 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-26 02:13 . 2012-02-26 02:13 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-26 02:13 . 2012-02-26 02:13 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-26 02:13 . 2012-02-26 02:13 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-26 02:13 . 2012-02-26 02:13 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-26 02:13 . 2012-02-26 02:13 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-26 02:13 . 2012-02-26 02:13 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-26 02:13 . 2012-02-26 02:13 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-26 02:13 . 2012-02-26 02:13 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-26 02:13 . 2012-02-26 02:13 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-26 02:13 . 2012-02-26 02:13 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-26 02:13 . 2012-02-26 02:13 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-26 02:13 . 2012-02-26 02:13 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-26 02:13 . 2012-02-26 02:13 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-26 02:13 . 2012-02-26 02:13 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-26 02:13 . 2012-02-26 02:13 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-26 02:13 . 2012-02-26 02:13 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-26 02:13 . 2012-02-26 02:13 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-26 02:13 . 2012-02-26 02:13 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-26 02:13 . 2012-02-26 02:13 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-26 02:13 . 2012-02-26 02:13 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-26 02:13 . 2012-02-26 02:13 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-26 02:13 . 2012-02-26 02:13 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-26 02:13 . 2012-02-26 02:13 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-26 02:13 . 2012-02-26 02:13 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-26 02:13 . 2012-02-26 02:13 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-26 02:13 . 2012-02-26 02:13 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-26 02:13 . 2012-02-26 02:13 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-26 02:13 . 2012-02-26 02:13 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-26 02:13 . 2012-02-26 02:13 448512 ----a-w- c:\windows\system32\html.iec
2012-02-26 02:13 . 2012-02-26 02:13 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-26 02:13 . 2012-02-26 02:13 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-26 02:13 . 2012-02-26 02:13 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-23 08:18 . 2011-07-17 09:59 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 21:03 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 21:03 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 21:03 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 21:03 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 21:06 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 21:06 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 21:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-12 98304]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 1597440]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-02-04 281768]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\PRO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\JBMARTIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-1-12 548528]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2011-6-9 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnablELUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 135664]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-07-26 136360]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
Contenu du dossier 'Tâches planifiées'
.
2012-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 07:39]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 15:50]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 15:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\SysWOW64\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
FF - ProfilePath - c:\users\JBMARTIN\AppData\Roaming\Mozilla\Firefox\Profiles\gwqqpvfq.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2012-04-25 00:50:33
ComboFix-quarantined-files.txt 2012-04-24 22:50
.
Avant-CF: 63 592 202 240 octets libres
Après-CF: 63 333 982 208 octets libres
.
- - End Of File - - FF54BFC10B4F7B3E343FB9E70E81CCB1
Utilisateur anonyme
25 avril 2012 à 01:34
25 avril 2012 à 01:34
__________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
----------------------------------------------------------------------------
Toujours avec toutes les protections désactivées, fais ceci :
▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :
----------------------------------------------------------
KillAll::
ClearJavaCache::
File::
c:\windows\system32\acovcnt.exe
Folder::
c:\programdata\Spybot - Search & Destroy
c:\program files (x86)\Spybot - Search & Destroy
c:\program files (x86)\Iminent
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"=-
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
------------------------------------------------------------------
▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes
▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix comme sur cette : illustration
▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt
haku78
Messages postés
79
Date d'inscription
mercredi 6 août 2008
Statut
Membre
Dernière intervention
30 avril 2012
25 avril 2012 à 13:26
25 avril 2012 à 13:26
ComboFix 12-04-24.02 - JBMARTIN 25/04/2012 8:21.2.4 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3949.2458 [GMT 2:00]
Lancé depuis: c:\users\JBMARTIN\Desktop\jb.exe
Commutateurs utilisés :: c:\users\JBMARTIN\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\acovcnt.exe"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Iminent
c:\program files (x86)\Iminent\Iminent.InstallLog
c:\program files (x86)\Spybot - Search & Destroy
c:\program files (x86)\Spybot - Search & Destroy\advcheck.dll
c:\program files (x86)\Spybot - Search & Destroy\aports.dll
c:\program files (x86)\Spybot - Search & Destroy\blindman.exe
c:\program files (x86)\Spybot - Search & Destroy\Default configuration.ini
c:\program files (x86)\Spybot - Search & Destroy\DelZip179.dll
c:\program files (x86)\Spybot - Search & Destroy\Dummies\dummy.cd_clint.dll
c:\program files (x86)\Spybot - Search & Destroy\Dummies\dummy.dap.gif
c:\program files (x86)\Spybot - Search & Destroy\Dummies\dummy.data.xml
c:\program files (x86)\Spybot - Search & Destroy\Dummies\dummy.default.gif
c:\program files (x86)\Spybot - Search & Destroy\Dummies\dummy.related.htm
c:\program files (x86)\Spybot - Search & Destroy\Help\Brasil.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Cesky.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Deutsch.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\English.chm
c:\program files (x86)\Spybot - Search & Destroy\Help\English.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Espanol.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Francais.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Hellenic.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Italiano.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Japanese.license.ansi.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Japanese.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Korean.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Nederlands.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Polski.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Russkiy.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Slovensky.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Srpski.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Suomi.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Includes\Adware.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\AdwareC.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Browserpages.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\CLSIDs.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\Cookies.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Cookies.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\Dialer.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Dialer.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\DialerC.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Domains.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\HeavyDuty.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Hijackers.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\HijackersC.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\iPhone.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Keyloggers.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\KeyloggersC.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Logs.uts
c:\program files (x86)\Spybot - Search & Destroy\Includes\LSP.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\LSP.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\Malware.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\MalwareC.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\OperaPlugins.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\ProcWatch.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\PUPS.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\PUPSC.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\RegWatch.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\RegXLinks.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\Revision.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Revision.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\Searchpages.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\Security.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\SecurityC.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Services.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\Spybots.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\SpybotsC.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Spyware.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\SpywareC.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Startup.tnfo
c:\program files (x86)\Spybot - Search & Destroy\Includes\Targets.nfo
c:\program files (x86)\Spybot - Search & Destroy\Includes\Tracks.uti
c:\program files (x86)\Spybot - Search & Destroy\Includes\Trojans.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\TrojansC-02.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\TrojansC-03.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\TrojansC-04.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\TrojansC-05.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\TrojansC.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\TTLASSH.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\URL-Blacklist.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\X509White.sbs
c:\program files (x86)\Spybot - Search & Destroy\Languages\Afrikaans.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Arabic.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Azeri.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Bahasa Indonesia.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Belarusskiy.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Bosanski.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Brasil.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Bulgarski.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Catalan.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Cesky.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Chinese (simplified).sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Chinese (traditional).sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Dansk.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Deutsch.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Eesti.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\English.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Espanol.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Esperanto.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Euskera.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Farsi.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Francais.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Furlan.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Galego.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Hebrew.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Hellenic.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Hindi.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Hrvatski.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Islenska.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Italiano.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Japanese.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Korean.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Latvian.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Letzebuergesch.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Lietuviu.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Magyar.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Makedonski.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Melayu.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Nederlands.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Norsk.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Polski.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Portugues.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Romaneste.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Russkiy.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Shqip.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Slovenscina.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Slovensky.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Srpski.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Suomi.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Svenska.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Thai.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Turkce.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Ukrainian.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Uzbek.sbl
c:\program files (x86)\Spybot - Search & Destroy\messages.zres
c:\program files (x86)\Spybot - Search & Destroy\OptOut.ini
c:\program files (x86)\Spybot - Search & Destroy\Plugins\Chai.dll
c:\program files (x86)\Spybot - Search & Destroy\Plugins\Fennel.dll
c:\program files (x86)\Spybot - Search & Destroy\Plugins\Mate.dll
c:\program files (x86)\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll
c:\program files (x86)\Spybot - Search & Destroy\QDTNDRIKZC.scr
c:\program files (x86)\Spybot - Search & Destroy\REVNOVFRDBA.scr
c:\program files (x86)\Spybot - Search & Destroy\SDFiles.exe
c:\program files (x86)\Spybot - Search & Destroy\SDHelper.dll
c:\program files (x86)\Spybot - Search & Destroy\SDMain.exe
c:\program files (x86)\Spybot - Search & Destroy\SDShred.exe
c:\program files (x86)\Spybot - Search & Destroy\SDUpdate.exe
c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\program files (x86)\Spybot - Search & Destroy\Skins\Colorblind.ini
c:\program files (x86)\Spybot - Search & Destroy\Skins\Italia.ini
c:\program files (x86)\Spybot - Search & Destroy\Skins\Italia.jpg
c:\program files (x86)\Spybot - Search & Destroy\Skins\Peace.ini
c:\program files (x86)\Spybot - Search & Destroy\Skins\Peace.jpg
c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe
c:\program files (x86)\Spybot - Search & Destroy\sqlite3.dll
c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe
c:\program files (x86)\Spybot - Search & Destroy\Tools.dll
c:\program files (x86)\Spybot - Search & Destroy\unins000.dat
c:\program files (x86)\Spybot - Search & Destroy\unins000.exe
c:\program files (x86)\Spybot - Search & Destroy\unins000.msg
c:\program files (x86)\Spybot - Search & Destroy\UninsSrv.dll
c:\program files (x86)\Spybot - Search & Destroy\Update.exe
c:\program files (x86)\Spybot - Search & Destroy\Updates\advcheck165.exe
c:\program files (x86)\Spybot - Search & Destroy\Updates\advcheck165.zip
c:\program files (x86)\Spybot - Search & Destroy\Updates\clsid.zip
c:\program files (x86)\Spybot - Search & Destroy\Updates\downloaded.ini
c:\program files (x86)\Spybot - Search & Destroy\Updates\online.ini
c:\program files (x86)\Spybot - Search & Destroy\Updates\online.ini.uiz
c:\program files (x86)\Spybot - Search & Destroy\Updates\teatimer166.exe
c:\program files (x86)\Spybot - Search & Destroy\Updates\teatimer166.zip
c:\program files (x86)\Spybot - Search & Destroy\WDPVEAP.scr
c:\program files (x86)\Spybot - Search & Destroy\WHNYLR.scr
c:\programdata\Spybot - Search & Destroy
c:\programdata\Spybot - Search & Destroy\Configuration.ini
c:\programdata\Spybot - Search & Destroy\Excludes\Bots.sbe
c:\programdata\Spybot - Search & Destroy\Excludes\Cookies.sbe
c:\programdata\Spybot - Search & Destroy\Excludes\FileExt.sbe
c:\programdata\Spybot - Search & Destroy\Excludes\Links.sbe
c:\programdata\Spybot - Search & Destroy\Excludes\Single.sbe
c:\programdata\Spybot - Search & Destroy\Excludes\SystemInternals.sbe
c:\programdata\Spybot - Search & Destroy\Excludes\UpdateDL.sbe
c:\programdata\Spybot - Search & Destroy\Excludes\WaitFor.sbe
c:\programdata\Spybot - Search & Destroy\Immunization.ini
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar1.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar10.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar11.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar12.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar13.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar14.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar15.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar16.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar17.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar18.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar19.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar20.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar21.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar22.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar23.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar24.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar25.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar26.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar27.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar3.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar4.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar5.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar6.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar7.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar8.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar9.zip
c:\windows\system32\acovcnt.exe
.
Une copie infectée de c:\windows\SysWow64\userinit.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\ERDNT\cache86\userinit.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-03-25 au 2012-04-25 ))))))))))))))))))))))))))))))))))))
.
.
2012-04-25 11:08 . 2012-04-25 11:08 -------- d-----w- c:\users\PRO\AppData\Local\temp
2012-04-25 11:08 . 2012-04-25 11:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-24 22:38 . 2012-04-24 22:38 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3666270-7C0A-4CCA-8DD1-4F38A9C9BBD5}\offreg.dll
2012-04-24 20:23 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3666270-7C0A-4CCA-8DD1-4F38A9C9BBD5}\mpengine.dll
2012-04-24 11:24 . 2012-04-24 16:53 -------- d-----w- C:\Pre_Scan
2012-04-24 07:57 . 2012-04-24 07:57 -------- d-----w- c:\users\JBMARTIN\AppData\Roaming\Auslogics
2012-04-24 07:57 . 2012-04-24 07:57 -------- d-----w- c:\program files (x86)\Auslogics
2012-04-24 06:34 . 2012-04-24 06:34 -------- d-----w- c:\windows\fr
2012-04-24 06:32 . 2012-04-24 06:32 -------- d-----w- c:\windows\en
2012-04-24 06:32 . 2012-04-24 06:32 -------- d-----w- c:\windows\el
2012-04-24 06:31 . 2012-04-24 06:31 -------- d-----w- c:\windows\es
2012-04-24 06:31 . 2012-04-24 06:31 -------- d-----w- c:\windows\he
2012-04-24 06:31 . 2012-04-24 06:31 -------- d-----w- c:\windows\it
2012-04-24 06:31 . 2012-04-24 06:31 -------- d-----w- c:\windows\nl
2012-04-24 06:31 . 2012-04-24 06:31 -------- d-----w- c:\windows\de
2012-04-24 06:23 . 2012-03-08 16:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-04-24 06:22 . 2012-04-24 06:22 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-24 06:08 . 2012-04-24 06:08 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ab35fbc11cd21e001\DXSETUP.exe
2012-04-24 06:08 . 2012-04-24 06:08 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\abeae4561cd21e002\MeshBetaRemover.exe
2012-04-24 06:08 . 2012-04-24 06:08 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ab35fbc11cd21e001\dsetup32.dll
2012-04-24 06:08 . 2012-04-24 06:08 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ab35fbc11cd21e001\DSETUP.dll
2012-04-23 20:26 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-23 16:34 . 2012-04-23 16:34 -------- d-----w- c:\users\JBMARTIN\AppData\Roaming\Avira
2012-04-23 16:33 . 2012-04-23 23:15 -------- d-----w- c:\users\JBMARTIN\AppData\Roaming\GetRightToGo
2012-04-23 16:28 . 2012-04-23 16:28 -------- d-----w- c:\users\JBMARTIN\AppData\Roaming\Malwarebytes
2012-04-23 16:28 . 2012-04-23 20:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-23 16:28 . 2012-04-23 16:28 -------- d-----w- c:\programdata\Malwarebytes
2012-04-14 08:47 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-14 08:47 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-14 07:49 . 2012-04-14 07:49 -------- d-----w- c:\windows\system32\SPReview
2012-04-14 07:47 . 2012-04-14 07:47 -------- d-----w- c:\windows\system32\EventProviders
2012-04-14 07:39 . 2012-04-14 07:39 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 06:06 . 2012-04-14 07:39 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-12 17:20 . 2012-02-28 06:49 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-04-12 17:20 . 2012-02-28 01:13 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-04-12 17:20 . 2012-02-28 06:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-12 17:20 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 17:20 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 17:20 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 17:19 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 17:19 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 17:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 17:19 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 17:19 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 17:19 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 17:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-05 15:43 . 2012-04-05 15:43 -------- d-----w- c:\users\JBMARTIN\AppData\Local\ASUS
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 08:03 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-04-14 08:03 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-04-14 07:39 . 2011-07-26 20:58 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-08 16:50 . 2012-03-08 16:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 16:37 . 2012-03-08 16:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-26 02:13 . 2012-02-26 02:13 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-26 02:13 . 2012-02-26 02:13 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-26 02:13 . 2012-02-26 02:13 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-26 02:13 . 2012-02-26 02:13 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-26 02:13 . 2012-02-26 02:13 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-26 02:13 . 2012-02-26 02:13 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-26 02:13 . 2012-02-26 02:13 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-26 02:13 . 2012-02-26 02:13 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-26 02:13 . 2012-02-26 02:13 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-26 02:13 . 2012-02-26 02:13 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-26 02:13 . 2012-02-26 02:13 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-26 02:13 . 2012-02-26 02:13 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-26 02:13 . 2012-02-26 02:13 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-26 02:13 . 2012-02-26 02:13 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-26 02:13 . 2012-02-26 02:13 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-26 02:13 . 2012-02-26 02:13 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-26 02:13 . 2012-02-26 02:13 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-26 02:13 . 2012-02-26 02:13 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-26 02:13 . 2012-02-26 02:13 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-26 02:13 . 2012-02-26 02:13 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-26 02:13 . 2012-02-26 02:13 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-26 02:13 . 2012-02-26 02:13 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-26 02:13 . 2012-02-26 02:13 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-26 02:13 . 2012-02-26 02:13 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-26 02:13 . 2012-02-26 02:13 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-26 02:13 . 2012-02-26 02:13 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-26 02:13 . 2012-02-26 02:13 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-26 02:13 . 2012-02-26 02:13 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-26 02:13 . 2012-02-26 02:13 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-26 02:13 . 2012-02-26 02:13 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-26 02:13 . 2012-02-26 02:13 448512 ----a-w- c:\windows\system32\html.iec
2012-02-26 02:13 . 2012-02-26 02:13 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-26 02:13 . 2012-02-26 02:13 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-26 02:13 . 2012-02-26 02:13 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-23 08:18 . 2011-07-17 09:59 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 21:03 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 21:03 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 21:03 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 21:03 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 21:06 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 21:06 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 21:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-24_22.41.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-04-25 06:12 35220 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-07-15 15:58 . 2012-04-24 20:19 7944 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2795626641-3094803326-748952498-1001_UserData.bin
+ 2011-07-15 15:58 . 2012-04-25 06:12 7944 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2795626641-3094803326-748952498-1001_UserData.bin
- 2012-04-24 20:17 . 2012-04-24 20:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-25 11:09 . 2012-04-25 11:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-24 20:17 . 2012-04-24 20:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-25 11:09 . 2012-04-25 11:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-15 18:25 . 2012-04-25 06:50 258536 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-04-25 11:08 . 2012-04-25 11:08 151992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-04-24 11:15 284664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-25 11:08 284664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-25 11:08 . 2012-04-25 11:08 285432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2795626641-3094803326-748952498-1001-12288.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-12 98304]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 1597440]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-02-04 281768]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\PRO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\JBMARTIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-1-12 548528]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2011-6-9 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnablELUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 135664]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-07-26 136360]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
Contenu du dossier 'Tâches planifiées'
.
2012-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 07:39]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 15:50]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 15:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\SysWOW64\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
FF - ProfilePath - c:\users\JBMARTIN\AppData\Roaming\Mozilla\Firefox\Profiles\gwqqpvfq.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - c:\program files (x86)\Spybot - Search & Destroy\unins000.exe
.
.
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
.
**************************************************************************
.
Heure de fin: 2012-04-25 13:15:03 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-04-25 11:15
ComboFix2.txt 2012-04-24 22:50
.
Avant-CF: 63 329 705 984 octets libres
Après-CF: 63 262 212 096 octets libres
.
- - End Of File - - 6E4585322DAD41B3C14FD9E966BF1AF9
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3949.2458 [GMT 2:00]
Lancé depuis: c:\users\JBMARTIN\Desktop\jb.exe
Commutateurs utilisés :: c:\users\JBMARTIN\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\acovcnt.exe"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Iminent
c:\program files (x86)\Iminent\Iminent.InstallLog
c:\program files (x86)\Spybot - Search & Destroy
c:\program files (x86)\Spybot - Search & Destroy\advcheck.dll
c:\program files (x86)\Spybot - Search & Destroy\aports.dll
c:\program files (x86)\Spybot - Search & Destroy\blindman.exe
c:\program files (x86)\Spybot - Search & Destroy\Default configuration.ini
c:\program files (x86)\Spybot - Search & Destroy\DelZip179.dll
c:\program files (x86)\Spybot - Search & Destroy\Dummies\dummy.cd_clint.dll
c:\program files (x86)\Spybot - Search & Destroy\Dummies\dummy.dap.gif
c:\program files (x86)\Spybot - Search & Destroy\Dummies\dummy.data.xml
c:\program files (x86)\Spybot - Search & Destroy\Dummies\dummy.default.gif
c:\program files (x86)\Spybot - Search & Destroy\Dummies\dummy.related.htm
c:\program files (x86)\Spybot - Search & Destroy\Help\Brasil.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Cesky.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Deutsch.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\English.chm
c:\program files (x86)\Spybot - Search & Destroy\Help\English.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Espanol.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Francais.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Hellenic.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Italiano.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Japanese.license.ansi.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Japanese.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Korean.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Nederlands.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Polski.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Russkiy.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Slovensky.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Srpski.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Help\Suomi.license.txt
c:\program files (x86)\Spybot - Search & Destroy\Includes\Adware.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\AdwareC.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Browserpages.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\CLSIDs.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\Cookies.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Cookies.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\Dialer.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Dialer.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\DialerC.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Domains.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\HeavyDuty.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Hijackers.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\HijackersC.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\iPhone.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Keyloggers.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\KeyloggersC.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Logs.uts
c:\program files (x86)\Spybot - Search & Destroy\Includes\LSP.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\LSP.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\Malware.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\MalwareC.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\OperaPlugins.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\ProcWatch.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\PUPS.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\PUPSC.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\RegWatch.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\RegXLinks.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\Revision.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Revision.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\Searchpages.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\Security.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\SecurityC.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Services.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\Spybots.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\SpybotsC.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Spyware.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\SpywareC.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\Startup.tnfo
c:\program files (x86)\Spybot - Search & Destroy\Includes\Targets.nfo
c:\program files (x86)\Spybot - Search & Destroy\Includes\Tracks.uti
c:\program files (x86)\Spybot - Search & Destroy\Includes\Trojans.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\TrojansC-02.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\TrojansC-03.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\TrojansC-04.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\TrojansC-05.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\TrojansC.sbi
c:\program files (x86)\Spybot - Search & Destroy\Includes\TTLASSH.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\URL-Blacklist.sbs
c:\program files (x86)\Spybot - Search & Destroy\Includes\X509White.sbs
c:\program files (x86)\Spybot - Search & Destroy\Languages\Afrikaans.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Arabic.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Azeri.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Bahasa Indonesia.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Belarusskiy.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Bosanski.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Brasil.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Bulgarski.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Catalan.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Cesky.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Chinese (simplified).sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Chinese (traditional).sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Dansk.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Deutsch.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Eesti.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\English.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Espanol.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Esperanto.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Euskera.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Farsi.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Francais.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Furlan.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Galego.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Hebrew.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Hellenic.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Hindi.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Hrvatski.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Islenska.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Italiano.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Japanese.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Korean.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Latvian.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Letzebuergesch.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Lietuviu.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Magyar.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Makedonski.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Melayu.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Nederlands.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Norsk.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Polski.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Portugues.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Romaneste.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Russkiy.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Shqip.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Slovenscina.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Slovensky.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Srpski.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Suomi.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Svenska.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Thai.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Turkce.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Ukrainian.sbl
c:\program files (x86)\Spybot - Search & Destroy\Languages\Uzbek.sbl
c:\program files (x86)\Spybot - Search & Destroy\messages.zres
c:\program files (x86)\Spybot - Search & Destroy\OptOut.ini
c:\program files (x86)\Spybot - Search & Destroy\Plugins\Chai.dll
c:\program files (x86)\Spybot - Search & Destroy\Plugins\Fennel.dll
c:\program files (x86)\Spybot - Search & Destroy\Plugins\Mate.dll
c:\program files (x86)\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll
c:\program files (x86)\Spybot - Search & Destroy\QDTNDRIKZC.scr
c:\program files (x86)\Spybot - Search & Destroy\REVNOVFRDBA.scr
c:\program files (x86)\Spybot - Search & Destroy\SDFiles.exe
c:\program files (x86)\Spybot - Search & Destroy\SDHelper.dll
c:\program files (x86)\Spybot - Search & Destroy\SDMain.exe
c:\program files (x86)\Spybot - Search & Destroy\SDShred.exe
c:\program files (x86)\Spybot - Search & Destroy\SDUpdate.exe
c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\program files (x86)\Spybot - Search & Destroy\Skins\Colorblind.ini
c:\program files (x86)\Spybot - Search & Destroy\Skins\Italia.ini
c:\program files (x86)\Spybot - Search & Destroy\Skins\Italia.jpg
c:\program files (x86)\Spybot - Search & Destroy\Skins\Peace.ini
c:\program files (x86)\Spybot - Search & Destroy\Skins\Peace.jpg
c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe
c:\program files (x86)\Spybot - Search & Destroy\sqlite3.dll
c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe
c:\program files (x86)\Spybot - Search & Destroy\Tools.dll
c:\program files (x86)\Spybot - Search & Destroy\unins000.dat
c:\program files (x86)\Spybot - Search & Destroy\unins000.exe
c:\program files (x86)\Spybot - Search & Destroy\unins000.msg
c:\program files (x86)\Spybot - Search & Destroy\UninsSrv.dll
c:\program files (x86)\Spybot - Search & Destroy\Update.exe
c:\program files (x86)\Spybot - Search & Destroy\Updates\advcheck165.exe
c:\program files (x86)\Spybot - Search & Destroy\Updates\advcheck165.zip
c:\program files (x86)\Spybot - Search & Destroy\Updates\clsid.zip
c:\program files (x86)\Spybot - Search & Destroy\Updates\downloaded.ini
c:\program files (x86)\Spybot - Search & Destroy\Updates\online.ini
c:\program files (x86)\Spybot - Search & Destroy\Updates\online.ini.uiz
c:\program files (x86)\Spybot - Search & Destroy\Updates\teatimer166.exe
c:\program files (x86)\Spybot - Search & Destroy\Updates\teatimer166.zip
c:\program files (x86)\Spybot - Search & Destroy\WDPVEAP.scr
c:\program files (x86)\Spybot - Search & Destroy\WHNYLR.scr
c:\programdata\Spybot - Search & Destroy
c:\programdata\Spybot - Search & Destroy\Configuration.ini
c:\programdata\Spybot - Search & Destroy\Excludes\Bots.sbe
c:\programdata\Spybot - Search & Destroy\Excludes\Cookies.sbe
c:\programdata\Spybot - Search & Destroy\Excludes\FileExt.sbe
c:\programdata\Spybot - Search & Destroy\Excludes\Links.sbe
c:\programdata\Spybot - Search & Destroy\Excludes\Single.sbe
c:\programdata\Spybot - Search & Destroy\Excludes\SystemInternals.sbe
c:\programdata\Spybot - Search & Destroy\Excludes\UpdateDL.sbe
c:\programdata\Spybot - Search & Destroy\Excludes\WaitFor.sbe
c:\programdata\Spybot - Search & Destroy\Immunization.ini
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar1.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar10.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar11.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar12.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar13.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar14.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar15.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar16.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar17.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar18.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar19.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar20.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar21.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar22.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar23.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar24.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar25.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar26.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar27.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar3.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar4.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar5.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar6.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar7.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar8.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar9.zip
c:\windows\system32\acovcnt.exe
.
Une copie infectée de c:\windows\SysWow64\userinit.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\ERDNT\cache86\userinit.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-03-25 au 2012-04-25 ))))))))))))))))))))))))))))))))))))
.
.
2012-04-25 11:08 . 2012-04-25 11:08 -------- d-----w- c:\users\PRO\AppData\Local\temp
2012-04-25 11:08 . 2012-04-25 11:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-24 22:38 . 2012-04-24 22:38 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3666270-7C0A-4CCA-8DD1-4F38A9C9BBD5}\offreg.dll
2012-04-24 20:23 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3666270-7C0A-4CCA-8DD1-4F38A9C9BBD5}\mpengine.dll
2012-04-24 11:24 . 2012-04-24 16:53 -------- d-----w- C:\Pre_Scan
2012-04-24 07:57 . 2012-04-24 07:57 -------- d-----w- c:\users\JBMARTIN\AppData\Roaming\Auslogics
2012-04-24 07:57 . 2012-04-24 07:57 -------- d-----w- c:\program files (x86)\Auslogics
2012-04-24 06:34 . 2012-04-24 06:34 -------- d-----w- c:\windows\fr
2012-04-24 06:32 . 2012-04-24 06:32 -------- d-----w- c:\windows\en
2012-04-24 06:32 . 2012-04-24 06:32 -------- d-----w- c:\windows\el
2012-04-24 06:31 . 2012-04-24 06:31 -------- d-----w- c:\windows\es
2012-04-24 06:31 . 2012-04-24 06:31 -------- d-----w- c:\windows\he
2012-04-24 06:31 . 2012-04-24 06:31 -------- d-----w- c:\windows\it
2012-04-24 06:31 . 2012-04-24 06:31 -------- d-----w- c:\windows\nl
2012-04-24 06:31 . 2012-04-24 06:31 -------- d-----w- c:\windows\de
2012-04-24 06:23 . 2012-03-08 16:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-04-24 06:22 . 2012-04-24 06:22 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-24 06:08 . 2012-04-24 06:08 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ab35fbc11cd21e001\DXSETUP.exe
2012-04-24 06:08 . 2012-04-24 06:08 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\abeae4561cd21e002\MeshBetaRemover.exe
2012-04-24 06:08 . 2012-04-24 06:08 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ab35fbc11cd21e001\dsetup32.dll
2012-04-24 06:08 . 2012-04-24 06:08 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ab35fbc11cd21e001\DSETUP.dll
2012-04-23 20:26 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-23 16:34 . 2012-04-23 16:34 -------- d-----w- c:\users\JBMARTIN\AppData\Roaming\Avira
2012-04-23 16:33 . 2012-04-23 23:15 -------- d-----w- c:\users\JBMARTIN\AppData\Roaming\GetRightToGo
2012-04-23 16:28 . 2012-04-23 16:28 -------- d-----w- c:\users\JBMARTIN\AppData\Roaming\Malwarebytes
2012-04-23 16:28 . 2012-04-23 20:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-23 16:28 . 2012-04-23 16:28 -------- d-----w- c:\programdata\Malwarebytes
2012-04-14 08:47 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-14 08:47 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-14 07:49 . 2012-04-14 07:49 -------- d-----w- c:\windows\system32\SPReview
2012-04-14 07:47 . 2012-04-14 07:47 -------- d-----w- c:\windows\system32\EventProviders
2012-04-14 07:39 . 2012-04-14 07:39 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 06:06 . 2012-04-14 07:39 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-12 17:20 . 2012-02-28 06:49 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-04-12 17:20 . 2012-02-28 01:13 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-04-12 17:20 . 2012-02-28 06:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-12 17:20 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 17:20 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 17:20 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 17:19 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 17:19 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 17:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 17:19 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 17:19 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 17:19 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 17:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-05 15:43 . 2012-04-05 15:43 -------- d-----w- c:\users\JBMARTIN\AppData\Local\ASUS
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 08:03 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-04-14 08:03 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-04-14 07:39 . 2011-07-26 20:58 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-08 16:50 . 2012-03-08 16:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 16:37 . 2012-03-08 16:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-26 02:13 . 2012-02-26 02:13 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-26 02:13 . 2012-02-26 02:13 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-26 02:13 . 2012-02-26 02:13 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-26 02:13 . 2012-02-26 02:13 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-26 02:13 . 2012-02-26 02:13 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-26 02:13 . 2012-02-26 02:13 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-26 02:13 . 2012-02-26 02:13 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-26 02:13 . 2012-02-26 02:13 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-26 02:13 . 2012-02-26 02:13 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-26 02:13 . 2012-02-26 02:13 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-26 02:13 . 2012-02-26 02:13 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-26 02:13 . 2012-02-26 02:13 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-26 02:13 . 2012-02-26 02:13 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-26 02:13 . 2012-02-26 02:13 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-26 02:13 . 2012-02-26 02:13 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-26 02:13 . 2012-02-26 02:13 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-26 02:13 . 2012-02-26 02:13 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-26 02:13 . 2012-02-26 02:13 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-26 02:13 . 2012-02-26 02:13 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-26 02:13 . 2012-02-26 02:13 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-26 02:13 . 2012-02-26 02:13 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-26 02:13 . 2012-02-26 02:13 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-26 02:13 . 2012-02-26 02:13 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-26 02:13 . 2012-02-26 02:13 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-26 02:13 . 2012-02-26 02:13 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-26 02:13 . 2012-02-26 02:13 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-26 02:13 . 2012-02-26 02:13 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-26 02:13 . 2012-02-26 02:13 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-26 02:13 . 2012-02-26 02:13 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-26 02:13 . 2012-02-26 02:13 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-26 02:13 . 2012-02-26 02:13 448512 ----a-w- c:\windows\system32\html.iec
2012-02-26 02:13 . 2012-02-26 02:13 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-26 02:13 . 2012-02-26 02:13 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-26 02:13 . 2012-02-26 02:13 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-23 08:18 . 2011-07-17 09:59 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 21:03 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 21:03 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 21:03 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 21:03 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 21:06 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 21:06 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 21:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-24_22.41.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-04-25 06:12 35220 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-07-15 15:58 . 2012-04-24 20:19 7944 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2795626641-3094803326-748952498-1001_UserData.bin
+ 2011-07-15 15:58 . 2012-04-25 06:12 7944 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2795626641-3094803326-748952498-1001_UserData.bin
- 2012-04-24 20:17 . 2012-04-24 20:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-25 11:09 . 2012-04-25 11:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-24 20:17 . 2012-04-24 20:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-25 11:09 . 2012-04-25 11:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-15 18:25 . 2012-04-25 06:50 258536 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-04-25 11:08 . 2012-04-25 11:08 151992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-04-24 11:15 284664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-25 11:08 284664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-25 11:08 . 2012-04-25 11:08 285432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2795626641-3094803326-748952498-1001-12288.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-12 98304]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 1597440]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-02-04 281768]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\PRO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\JBMARTIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-1-12 548528]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2011-6-9 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnablELUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 135664]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-07-26 136360]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
Contenu du dossier 'Tâches planifiées'
.
2012-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 07:39]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 15:50]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 15:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\SysWOW64\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
FF - ProfilePath - c:\users\JBMARTIN\AppData\Roaming\Mozilla\Firefox\Profiles\gwqqpvfq.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - c:\program files (x86)\Spybot - Search & Destroy\unins000.exe
.
.
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
.
**************************************************************************
.
Heure de fin: 2012-04-25 13:15:03 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-04-25 11:15
ComboFix2.txt 2012-04-24 22:50
.
Avant-CF: 63 329 705 984 octets libres
Après-CF: 63 262 212 096 octets libres
.
- - End Of File - - 6E4585322DAD41B3C14FD9E966BF1AF9
haku78
Messages postés
79
Date d'inscription
mercredi 6 août 2008
Statut
Membre
Dernière intervention
30 avril 2012
25 avril 2012 à 14:58
25 avril 2012 à 14:58
Aucune amélioration du côté de ma session "pro"...
Dois je lancer combofix à partir de celle-ci en mode sans échec?
Dois je lancer combofix à partir de celle-ci en mode sans échec?