Virus Résolu/Fermé

Question

Bonjour,   
Depuis hier, je suis infecté par un virus que je n'arrive pas à enlever.  
Ce virus fait un peu ramer mon ordis mais c'est surtout mon internet qui en prends un coups et quand je clique sur des liens avec le moteur Google, il m'envoie sur un mauvais site 

Mon antivirus actuel (ESET Smart Security 5) n'arrete de mettre en quarantaine les fichiers suivants:  
"C:\Windows\Installer\{af467269-0ee1-9951-1c84-82b2a67b5aa0}\U\80000000.@"  
"C:\Windows\Installer\{af467269-0ee1-9951-1c84-82b2a67b5aa0}\U\00000008.@"  
"C:\Windows\system32\services.exe"  
"C:\Windows\System32\services.exe"  
"C:\Windows\Installer\{af467269-0ee1-9951-1c84-82b2a67b5aa0}\U\00000008.@"  
"C:\WINDOWS\SYSTEM32\SERVICES.EXE"  
"C:\Windows\system32\services.exe"  
Et des fois, il me demande un redemarrage de l'ordis pour supprimer un fichier qui touche la mémoire vive du nom de "gac_32 desktop.ini"  

J'ai fait une analyse complete avec l'antivirus cité, Malwarebytes et Spybot mais sans succes.

J'espere que quelqu'un va pouvoir m'aider avant ce week-end.  
Dans le cas contraire, je formaterai mais sa peut toujours me retomber dessus apres.  

Configuration: Windows 7 / Firefox 13.0.1

juju666 · Answer

Salut


&#9654 Fais un clic droit et "Enregistrer la cible (du lien sous) -> tonprenom.exe -> destination ton bureau (ET PAS AILLEURS) sur le lien suivant : ComboFix 

&#9654 Ferme les fenêtres  de tous les programmes en cours. 
Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil. 


si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...." 

sur combofix renommé 

Si tu es sur Windows XP, laisse-le installer la console de récupération.

&#9654 Ne touche à rien durant le scan

ComboFix devrait redémarrer ton PC.

&#9654 n'oublie pas de réactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. 

&#9654&#9654 Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message. 

 
&#9654&#9654&#9654 Si, après le redémarrage de votre pc par combofix, vous avez des erreurs "Clé marquée pour suppression" ou des soucis de connexion internet, redémarrez à nouveau votre ordinateur

SirMalgache · Answer

Bonjour, 
Voilà c'est fait et je copie le contenu du ComboFix.txt
ComboFix 12-06-28.01 - SirMalgache 28/06/2012  17:25:12.1.2 - x64
Microsoft Windows 7 Professionnel N   6.1.7601.1.1252.33.1036.18.4094.2393 [GMT 2:00]
Lancé depuis: c:\users\SirMalgache\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: Pare-feu personnel d'ESET *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Un nouveau point de restauration a été créé
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Default\AppData\Roaming\chrtmp
c:\users\SirMalgache\AppData\Roaming\htaui.dll
c:\windows\apppatch\AppLoc.exe
c:\windows\Installer\{af467269-0ee1-9951-1c84-82b2a67b5aa0}\@
c:\windows\Installer\{af467269-0ee1-9951-1c84-82b2a67b5aa0}\L\00000004.@
c:\windows\Installer\{af467269-0ee1-9951-1c84-82b2a67b5aa0}\L\201d3dde
c:\windows\Installer\{af467269-0ee1-9951-1c84-82b2a67b5aa0}\L\55490ac4
c:\windows\Installer\{af467269-0ee1-9951-1c84-82b2a67b5aa0}\U\00000004.@
c:\windows\Installer\{af467269-0ee1-9951-1c84-82b2a67b5aa0}\U\00000008.@
c:\windows\Installer\{af467269-0ee1-9951-1c84-82b2a67b5aa0}\U\000000cb.@
c:\windows\Installer\{af467269-0ee1-9951-1c84-82b2a67b5aa0}\U\80000032.@
c:\windows\Installer\{af467269-0ee1-9951-1c84-82b2a67b5aa0}\U\80000064.@
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64	mp6C5.tmp
c:\windows\SysWow64	mp6E5.tmp
c:\windows\SysWow64	mpAE58.tmp
c:\windows\SysWow64	mpAEC6.tmp
c:\windows\SysWow64	mpD807.tmp
c:\windows\SysWow64	mpD828.tmp
.
Une copie infectée de c:\windows\system32\services.exe a été trouvée et désinfectée 
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe 
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2012-05-28 au 2012-06-28  ))))))))))))))))))))))))))))))))))))
.
.
2012-06-28 15:32 . 2012-06-28 15:32	--------	d-----w-	c:\users\Default\AppData\Local	emp
2012-06-28 10:56 . 2012-06-28 10:56	--------	d-----w-	c:\users\SirMalgache\AppData\Roaming\Malwarebytes
2012-06-28 10:56 . 2012-06-28 10:56	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-28 10:56 . 2012-06-28 10:56	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-28 10:56 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-28 04:36 . 2012-06-28 04:38	--------	d-----w-	C:\ZHP
2012-06-28 04:36 . 2012-06-28 04:37	--------	d-----w-	c:\program files (x86)\ZHPDiag
2012-06-28 04:19 . 2012-06-28 04:19	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-06-27 19:19 . 2012-06-27 19:19	--------	d-sh--w-	c:\windows\SysWow64\%APPDATA%
2012-06-27 17:49 . 2012-06-27 17:49	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2012-06-26 21:51 . 2012-06-26 21:51	--------	d-----w-	c:\users\SirMalgache\AppData\Roaming\GamesCafe
2012-06-26 21:42 . 2012-06-26 21:42	--------	d-----w-	C:\Down
2012-06-26 21:41 . 2012-06-26 21:41	--------	d-----w-	C:\Perfect World Entertainment
2012-06-24 23:34 . 2012-06-24 23:34	--------	d-----w-	c:\users\SirMalgache\AppData\Roaming\Warner Bros. Interactive Entertainment
2012-06-21 08:37 . 2012-06-21 08:37	3166792	------w-	c:\windows\SysWow64\pbsvc.exe
2012-06-19 10:41 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-19 10:41 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-19 10:41 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-19 10:41 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-19 10:41 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-19 10:41 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-19 10:41 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-19 10:41 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-19 10:41 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-18 04:17 . 2012-06-18 04:17	--------	d-----w-	c:\program files (x86)\Oracle
2012-06-18 04:17 . 2012-06-18 04:17	--------	d-----w-	c:\program files (x86)\Java
2012-06-16 14:30 . 2012-06-16 14:30	--------	d-----w-	c:\program files (x86)\System.Data.SQLite
2012-06-16 06:16 . 2012-06-16 06:16	--------	d-----w-	c:\users\SirMalgache\AppData\Local\Macromedia
2012-06-14 03:48 . 2012-04-26 05:41	77312	----a-w-	c:\windows\system32dpwsx.dll
2012-06-14 03:48 . 2012-04-26 05:41	149504	----a-w-	c:\windows\system32dpcorekmts.dll
2012-06-14 03:48 . 2012-04-26 05:34	9216	----a-w-	c:\windows\system32drmemptylst.exe
2012-06-14 03:48 . 2012-05-04 11:06	5559664	----a-w-	c:\windows\system32
toskrnl.exe
2012-06-14 03:48 . 2012-05-04 10:03	3913072	----a-w-	c:\windows\SysWow64
toskrnl.exe
2012-06-14 03:48 . 2012-05-04 10:03	3968368	----a-w-	c:\windows\SysWow64
tkrnlpa.exe
2012-06-14 03:48 . 2012-05-15 01:32	3146752	----a-w-	c:\windows\system32\win32k.sys
2012-06-14 03:48 . 2012-04-28 03:55	210944	----a-w-	c:\windows\system32\driversdpwd.sys
2012-06-07 17:17 . 2012-06-07 17:17	--------	d-----w-	c:\program files (x86)\Common Files\Wrye Bash
2012-06-07 06:18 . 2012-04-23 11:26	154272	----a-w-	c:\windows\system32\drivers\idmwfp.sys
2012-06-05 23:03 . 2012-06-01 15:36	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-05 23:03 . 2012-06-01 15:36	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-04 23:12 . 2012-06-04 23:12	--------	d-----w-	c:\users\SirMalgache\AppData\Roaming\Ludia
2012-06-04 23:12 . 2012-06-04 23:12	--------	d-----w-	c:\programdata\Ludia
2012-05-29 20:25 . 2012-05-29 20:26	--------	d-----w-	c:\users\SirMalgache\AppData\Local\Insanely Twisted Shadow Planet
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-27 16:21 . 2012-01-26 21:14	283304	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-06-27 16:21 . 2011-10-27 12:33	283304	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-06-27 16:21 . 2011-10-27 12:22	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-06-24 07:40 . 2012-01-26 21:13	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-06-23 19:19 . 2012-03-30 04:10	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 19:19 . 2011-10-26 17:09	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-28 16:01 . 2012-05-28 16:01	50952	----a-w-	c:\windows\system32\certsentry.dll
2012-05-28 16:01 . 2012-05-28 16:01	42760	----a-w-	c:\windows\SysWow64\certsentry.dll
2012-05-21 20:48 . 2011-10-26 13:10	466520	----a-w-	c:\windows\system32\wrap_oal.dll
2012-05-21 20:48 . 2011-10-26 13:10	445016	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2012-05-15 10:48 . 2012-05-25 10:41	68928	----a-w-	c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-05-25 10:41	61248	----a-w-	c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-05-25 10:41	949056	----a-w-	c:\windows\system32
vumdshimx.dll
2012-05-15 10:48 . 2012-05-25 10:41	818496	----a-w-	c:\windows\SysWow64
vumdshim.dll
2012-05-15 10:48 . 2012-05-25 10:41	8139072	----a-w-	c:\windows\system32
vcuda.dll
2012-05-15 10:48 . 2012-05-25 10:41	8105280	----a-w-	c:\windows\SysWow64
vwgf2um.dll
2012-05-15 10:48 . 2012-05-25 10:41	5982528	----a-w-	c:\windows\SysWow64
vcuda.dll
2012-05-15 10:48 . 2012-05-25 10:41	364352	----a-w-	c:\windows\system32
vdecodemft.dll
2012-05-15 10:48 . 2012-05-25 10:41	301376	----a-w-	c:\windows\SysWow64
vdecodemft.dll
2012-05-15 10:48 . 2012-05-25 10:41	2881856	----a-w-	c:\windows\system32
vcuvenc.dll
2012-05-15 10:48 . 2012-05-25 10:41	2741568	----a-w-	c:\windows\system32
vapi64.dll
2012-05-15 10:48 . 2012-05-25 10:41	2681664	----a-w-	c:\windows\system32
vcuvid.dll
2012-05-15 10:48 . 2012-05-25 10:41	25743168	----a-w-	c:\windows\system32
voglv64.dll
2012-05-15 10:48 . 2012-05-25 10:41	2524992	----a-w-	c:\windows\SysWow64
vcuvid.dll
2012-05-15 10:48 . 2012-05-25 10:41	25248064	----a-w-	c:\windows\system32
vcompiler.dll
2012-05-15 10:48 . 2012-05-25 10:41	246592	----a-w-	c:\windows\system32
vinitx.dll
2012-05-15 10:48 . 2012-05-25 10:41	2445120	----a-w-	c:\windows\SysWow64
vcuvenc.dll
2012-05-15 10:48 . 2012-05-25 10:41	2368832	----a-w-	c:\windows\SysWow64
vapi.dll
2012-05-15 10:48 . 2012-05-25 10:41	202048	----a-w-	c:\windows\SysWow64
vinit.dll
2012-05-15 10:48 . 2012-05-25 10:41	19607872	----a-w-	c:\windows\SysWow64
voglv32.dll
2012-05-15 10:48 . 2012-05-25 10:41	18044224	----a-w-	c:\windows\system32
vd3dumx.dll
2012-05-15 10:48 . 2012-05-25 10:41	17551680	----a-w-	c:\windows\SysWow64
vcompiler.dll
2012-05-15 10:48 . 2012-05-25 10:41	1738048	----a-w-	c:\windows\system32
vdispco64.dll
2012-05-15 10:48 . 2012-05-25 10:41	15322432	----a-w-	c:\windows\SysWow64
vd3dum.dll
2012-05-15 10:48 . 2012-05-25 10:41	1468224	----a-w-	c:\windows\system32
vgenco64.dll
2012-05-15 10:48 . 2012-05-25 10:41	14298944	----a-w-	c:\windows\system32\drivers
vlddmkm.sys
2012-05-15 10:48 . 2012-05-25 10:41	10194752	----a-w-	c:\windows\system32
vwgf2umx.dll
2012-05-15 09:29 . 2012-05-25 10:42	889664	----a-w-	c:\windows\system32
vvsvc.exe
2012-05-15 09:29 . 2012-05-25 10:42	63296	----a-w-	c:\windows\system32
vshext.dll
2012-05-15 09:29 . 2012-05-25 10:42	2561856	----a-w-	c:\windows\system32
vsvcr.dll
2012-05-15 09:29 . 2012-05-25 10:42	118080	----a-w-	c:\windows\system32
vmctray.dll
2012-05-15 09:29 . 2012-05-25 10:42	2621723	----a-w-	c:\windows\system32
vcoproc.bin
2012-05-15 09:29 . 2012-05-25 10:42	3149632	----a-w-	c:\windows\system32
vsvc64.dll
2012-05-15 09:28 . 2012-05-25 10:42	6151488	----a-w-	c:\windows\system32
vcpl.dll
2012-05-15 00:21 . 2012-05-15 00:21	423744	----a-w-	c:\windows\SysWow64
vStreaming.exe
2012-05-04 17:29 . 2012-03-04 18:06	772504	----a-w-	c:\windows\SysWow64
pdeployJava1.dll
2012-05-04 17:29 . 2011-10-26 17:11	687504	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-05-01 21:21 . 2012-05-01 21:21	1131153	----a-w-	c:\windows\SysWow64\unins002.exe
2012-04-21 18:42 . 2012-04-21 18:43	1131145	----a-w-	c:\windows\SysWow64\unins001.exe
2012-04-18 17:08 . 2012-05-25 10:41	31040	----a-w-	c:\windows\system32
vhdap64.dll
2012-04-18 17:08 . 2012-05-25 10:41	188736	----a-w-	c:\windows\system32\drivers
vhda64v.sys
2012-04-18 17:08 . 2012-02-22 13:57	1451840	----a-w-	c:\windows\system32
vhdagenco6420103.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2011-10-26 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2011-07-30 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[-] 2011-02-25 . 778D85E6829C6FF3E2EF329D80287F1D . 2379776 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2010-11-21 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
.
[-] 2009-08-23 . 5A48047A1A721C71976BF9D8BBEE0C45 . 499712 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3eegedit.exe
[-] 2009-07-14 . 5A48047A1A721C71976BF9D8BBEE0C45 . 471040 . . [6.1.7600.16385] .. c:\windowsegedit.exe
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2011-08-19 20:13	505344	----a-w-	c:\program files\Classic Explorer\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files (x86)\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SuperF4"="c:\program files\SuperF4\SuperF4.exe" [2010-10-23 47616]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-01-29 888120]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-02-02 3034432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AsioThk32Reg"="CTASIO.DLL" [2010-03-18 47104]
"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]
"Module Loader"="c:\program files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-23 57344]
"AudioDrvEmulator"="c:\program files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-23 57344]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"TrayServer"="c:\program files (x86)\MAGIX\Video deluxe MX Premium\TrayServer_fr.exe" [2008-09-01 90112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 102912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2010-03-18 158808]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-10-26 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-10-26 79360]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2010-03-18 706648]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2010-03-18 141912]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2010-03-18 141912]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2010-03-18 681048]
R3 DAUpdaterSvc;Dragon Age: Origins - Application de mise à jour;d:\program files\BioWare\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-07-21 16640]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 136176]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\x64\maconfservice.exe [2011-11-25 427640]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-12-21 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-12-21 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-12-21 161280]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [2010-12-21 128000]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers	susbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-02-14 736104]
R3 vm3dmp;vm3dmp;c:\windows\system32\DRIVERS\vm3dmp.sys [2011-03-25 106032]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R3 vmmouse;VMware Pointing Device;c:\windows\system32\DRIVERS\vmmouse.sys [2011-03-25 13872]
R3 X6va005;X6va005;c:\users\SIRMAL~1\AppData\Local\Temp\005BA6D.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 zlportio;zlportio;d:\program files\UltraStar Deluxe\zlportio.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 sptd;sptd;c:\windows\SystemRoot\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-10-03 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-10-03 130864]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-04-23 154272]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision
vSCPAPISvr.exe [2012-05-15 382272]
S2 WinFLdrv;WinFLdrv;SysWOW64\WinFLdrv.sys [x]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2011-06-20 196704]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2010-03-18 158808]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2010-03-18 706648]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2010-03-18 681048]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 52584]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-04 283200]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers
vhda64v.sys [2012-04-18 188736]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-16 676968]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS	ap0901t.sys [2009-09-16 31232]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-10-03 146736]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-10-03 165680]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
.
2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 19:19]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 20:40]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 20:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49	23432	----a-w-	c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2011-08-19 20:14	629248	----a-w-	c:\program files\Classic Explorer\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://friendly-google-search.blogspot.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Envoyer à OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.2.1 89.2.0.1 89.2.0.2
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - 
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKLM-Run-htaui - c:\users\SirMalgache\AppData\Roaming\htaui.dll
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Monopoly Deluxe - d:\program files\Monopoly Deluxe\Monopoly Deluxe\GameInstlr.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-UT3 CBP3 Vol 3 - c:\users\SirMalgache\Documents\My Games\Unreal Tournament 3\cbp3-vol3-uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\SIRMAL~1\AppData\Local\Temp\005BA6D.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-2818983625-3034285788-288326488-1016\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:32,7a,eb,f1,1d,a9,4f,6f,5d,00,62,b0,f0,ef,c4,fb,3a,64,77,50,a7,e2,95,
   cc,66,a0,00,c8,c5,1a,c0,b6,25,0d,1b,87,47,9c,99,1c,c8,76,75,ba,6f,4f,6a,6c,\
"??"=hex:78,9b,50,84,e4,fb,7c,5a,90,ac,90,ee,a4,3f,a4,88
.
[HKEY_USERS\S-1-5-21-2818983625-3034285788-288326488-1016\Software\SecuROM\License information*]
"datasecu"=hex:81,d5,4a,a0,be,3a,59,67,bd,31,56,42,75,64,67,e7,25,75,7c,be,9b,
   90,43,13,5c,96,14,4f,c2,b7,21,16,c3,66,a8,33,05,14,a9,52,07,0e,14,3f,76,3c,\
"rkeysecu"=hex:fe,f4,84,2b,26,92,a8,08,ee,5d,1c,6e,bc,35,11,52
.
[HKEY_USERS\S-1-5-21-2818983625-3034285788-288326488-1016_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):6d,3c,c3,89,18,70,ec,fd,cf,2e,fc,fb,c2,55,e0,fa,76,8f,2d,3f,9c,
   b6,a2,56,24,82,d8,65,9a,6f,f2,77,e4,4e,8f,d9,e7,75,45,fd,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2818983625-3034285788-288326488-1016_Classes\Wow6432Node\CLSID\{5f41a9b4-2fc6-4a2d-9663-5f615bfaeb54}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000053
"Therad"=dword:0000001c
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2818983625-3034285788-288326488-1016_Classes\Wow6432Node\CLSID\{6b697af1-9745-43bf-90b8-a912d76f79a2}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000080
"Therad"=dword:0000002b
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,54,8d,98,e5,c2,04,0d,8b,81,ed,08,ed,75,7e,01,75,ee,7f,30,1e,eb,cb,\
.
[HKEY_USERS\S-1-5-21-2818983625-3034285788-288326488-1016_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):c9,9d,5d,5e,86,09,bf,37,91,c8,6b,5e,c7,79,02,a3,1e,59,05,78,fe,
   23,6f,0d,c2,47,5e,fc,3f,31,b8,e3,36,19,b8,56,0d,93,09,20,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\Windows\SysWOW64\Macromed\Flash\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\Windows\SysWOW64\Macromed\Flash\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\Windows\SysWOW64\Macromed\Flash\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\Windows\SysWOW64\Macromed\Flash\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="690AFAF592EF73C089BF500C32087D8D4D2F0C7C26BDE8D06D9B271DB6EC8BCEC9641854C3B9B5ECAEABD02C132076692CDBC8B1B160E7E5FBED92A65EAD1B3BFCFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B98085D575E7D6A3B98088EDD5E5BE2F6E6675AC947E04A78C44ECE7C99713145CF6160C527DA4CDE97EACEC76F01B772F4AE674D7BFA99682A86CCE713F555C03BCF1B1D3ABE8E08967BCB1C01467E5C1020F789A4C798F9231E63DB82F2FEE1925DD844D52CC70D4F0B562945DB0F2B2DF608324E486078EDF51AE0E70A651F9AD94F3D8C88EC29AAF86F0B87073F047D45061E9541C591A06C6B2856A2F7CDEB96A43088F929FB672A8C83244F156F039ED144AD3DC95823684683F366D72AF4EA756A06EB5C0B180496770B804D5B981D43C55C882742B4D30EE9FCC25B527832525A548B16BEA4F3696E42AC559AE6DB25E1FBB3492AE29B1A7441E98A4B0BC9BE15D84FA063C7E85717E32552DF6FFC32807B94D0CE94B234652353237C1715B2D18A6CF2A80ED6A5BF9B851C4606A49FA95BC392D1020D9B9D1B381730D97A9AEB775DBDA3DD358C60AC27BCCBD17A920D339F17BA382505A432178C9665E45664BDE3E24CEA7FB911EAAA74D04FAB24FB2D479A73187995A489B15CC39F43B9DE937FF97F4135CD8DBF753899CCEAE2EB08228E49D40BE96ED30E942D42070C23BFF9CA7EBE5A5DB6A9AEAC526F69517795581670F85F10F1D8F6762F5B278B1D1F5E566B1877F192B8C2AF86AFE2655B3BD68AFDE0FE0BC7737A7609CB1F665CA2FB4FCF5296094992E1CF28569109FA754F776DBC79D12B126A3FDFC96DC115CDE41A194A4892A9EF00518C863799DACFB59F1C92DFCFFABA5C2E38DF14B41FB86FD2952CA074211F55AAEC3219E8A56EC475CC39C6E3B881ACD47FEA9ACB769039C8FBFB3587C780DE086621FEBE2A8678A2265FC9E08D137678049D0B06BB1420FBE28FA419548A5B487BEFB55458E392033284840FC12E9E937AFCF359311AC625C7148CE825454F00100E8E56476397A75F7E1AA7C6A7C951F862692C400895AE0B85912EBA4E83F5EE3F5CE83177D1D380752F5A2EE4E196FB7C00DA735C363570B85A10B8D70426459AF92172274E024CE56ECAAD6216F5E0CC52B67C26990D9F5393ABE9A52040A38DC2880F8CDC5DDB22850EA2AE57BA6D2902022D89F03C27D06B93BA126D2701D5971EAAD514C62FCC25B20BED5E6148BA2E75FE40357DF5FE97CB3B0943F134885ED21144CB5327DF82348957A11DFC0100BD8D94213FE082CDCC210E3D6E7D8D7D8DAFAEA2CA0B285908E4B4E151FACBA0F99768B2A320CF4B04C4B4BB997B1F62A81880F7A98445E4148866A0989441"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\UAService7.exe
c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
c:\windows\SysWOW64\CtHelper.exe
c:\program files (x86)\Creative\Entertainment Center\EAXLoadr.exe
.
**************************************************************************
.
Heure de fin: 2012-06-28  17:42:15 - La machine a redémarré
ComboFix-quarantined-files.txt  2012-06-28 15:42
.
Avant-CF: 202 717 274 112 octets libres
Après-CF: 202 677 465 088 octets libres
.
- - End Of File - - 69529D4546BC5FAD7B9EDD3690A2811A


Y'a quand meme un truc que j'ai remarqué, depuis que j'ai lancé le combofix, ESET s'est calmé, l'ordis et mon internet est plus rapide et les liens de Google fonctionnent.
Je pourrais considéré que le probleme est résolu mais avant ça, est_ce que je dois faire autre chose?

Configuration: Windows 7 / Firefox 13.0.1

juju666 · Answer

De retour On n'a pas fini ===================================================== __________________________________________________ =>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <= =>il est fort déconseillé de le transposer sur un autre ordinateur !<= ---------------------------------------------------------------------------- Toujours avec toutes les protections désactivées, fais ceci : ▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes) ▶ Copie/colle dans le bloc-notes ce qui est entre les lignes ci dessous (sans les lignes) : ---------------------------------------------------------- KillAll:: ClearJavaCache:: Driver:: X6va005 X6va008 WinFLdrv File:: c:\windows\SysWOW64\Drivers\X6va008 c:\users\SIRMAL~1\AppData\Local\Temp\005BA6D.tmp c:\windows\SysWOW64\WinFLdrv.sys Folder:: c:\windows\SysWow64\%APPDATA% RegLock:: [HKEY_USERS\S-1-5-21-2818983625-3034285788-288326488-1016\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] [HKEY_USERS\S-1-5-21-2818983625-3034285788-288326488-1016\Software\SecuROM\License information*] [HKEY_USERS\S-1-5-21-2818983625-3034285788-288326488-1016_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] [HKEY_USERS\S-1-5-21-2818983625-3034285788-288326488-1016_Classes\Wow6432Node\CLSID\{5f41a9b4-2fc6-4a2d-9663-5f615bfaeb54}] [HKEY_USERS\S-1-5-21-2818983625-3034285788-288326488-1016_Classes\Wow6432Node\CLSID\{6b697af1-9745-43bf-90b8-a912d76f79a2}] [HKEY_USERS\S-1-5-21-2818983625-3034285788-288326488-1016_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] ------------------------------------------------------------------ ▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt ▶ Quitte le Bloc Notes ▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix comme ceci : Illustration ▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé. ▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu. ▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt

SirMalgache · Answer

ComboFix 12-06-28.01 - SirMalgache 28/06/2012  20:17:27.2.2 - x64
Microsoft Windows 7 Professionnel N   6.1.7601.1.1252.33.1036.18.4094.2473 [GMT 2:00]
Lancé depuis: c:\users\SirMalgache\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\SirMalgache\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: Pare-feu personnel d'ESET *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Un nouveau point de restauration a été créé
.
FILE ::
"c:\users\SIRMAL~1\AppData\Local\Temp\005BA6D.tmp"
"c:\windows\SysWOW64\Drivers\X6va008"
"c:\windows\SysWOW64\WinFLdrv.sys"
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\%APPDATA%
c:\windows\SysWow64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
c:\windows\SysWOW64\WinFLdrv.sys
.
.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WINFLDRV
-------\Legacy_X6VA005
-------\Legacy_X6VA008
-------\Service_WinFLdrv
-------\Service_X6va005
-------\Service_X6va008
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2012-05-28 au 2012-06-28  ))))))))))))))))))))))))))))))))))))
.
.
2012-06-28 10:56 . 2012-06-28 10:56	--------	d-----w-	c:\users\SirMalgache\AppData\Roaming\Malwarebytes
2012-06-28 10:56 . 2012-06-28 10:56	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-28 10:56 . 2012-06-28 10:56	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-28 10:56 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-28 04:36 . 2012-06-28 16:34	--------	d-----w-	c:\program files (x86)\ZHPDiag
2012-06-27 17:49 . 2012-06-27 17:49	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2012-06-26 21:51 . 2012-06-26 21:51	--------	d-----w-	c:\users\SirMalgache\AppData\Roaming\GamesCafe
2012-06-24 23:34 . 2012-06-24 23:34	--------	d-----w-	c:\users\SirMalgache\AppData\Roaming\Warner Bros. Interactive Entertainment
2012-06-21 08:37 . 2012-06-21 08:37	3166792	------w-	c:\windows\SysWow64\pbsvc.exe
2012-06-19 10:41 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-19 10:41 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-19 10:41 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-19 10:41 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-19 10:41 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-19 10:41 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-19 10:41 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-19 10:41 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-19 10:41 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-18 04:17 . 2012-06-18 04:17	--------	d-----w-	c:\program files (x86)\Oracle
2012-06-18 04:17 . 2012-06-18 04:17	--------	d-----w-	c:\program files (x86)\Java
2012-06-16 14:30 . 2012-06-16 14:30	--------	d-----w-	c:\program files (x86)\System.Data.SQLite
2012-06-16 06:16 . 2012-06-16 06:16	--------	d-----w-	c:\users\SirMalgache\AppData\Local\Macromedia
2012-06-14 03:48 . 2012-04-26 05:41	77312	----a-w-	c:\windows\system32dpwsx.dll
2012-06-14 03:48 . 2012-04-26 05:41	149504	----a-w-	c:\windows\system32dpcorekmts.dll
2012-06-14 03:48 . 2012-04-26 05:34	9216	----a-w-	c:\windows\system32drmemptylst.exe
2012-06-14 03:48 . 2012-05-04 11:06	5559664	----a-w-	c:\windows\system32
toskrnl.exe
2012-06-14 03:48 . 2012-05-04 10:03	3913072	----a-w-	c:\windows\SysWow64
toskrnl.exe
2012-06-14 03:48 . 2012-05-04 10:03	3968368	----a-w-	c:\windows\SysWow64
tkrnlpa.exe
2012-06-14 03:48 . 2012-05-15 01:32	3146752	----a-w-	c:\windows\system32\win32k.sys
2012-06-14 03:48 . 2012-04-28 03:55	210944	----a-w-	c:\windows\system32\driversdpwd.sys
2012-06-07 17:17 . 2012-06-07 17:17	--------	d-----w-	c:\program files (x86)\Common Files\Wrye Bash
2012-06-07 06:18 . 2012-04-23 11:26	154272	----a-w-	c:\windows\system32\drivers\idmwfp.sys
2012-06-05 23:03 . 2012-06-01 15:36	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-05 23:03 . 2012-06-01 15:36	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-04 23:12 . 2012-06-04 23:12	--------	d-----w-	c:\users\SirMalgache\AppData\Roaming\Ludia
2012-06-04 23:12 . 2012-06-04 23:12	--------	d-----w-	c:\programdata\Ludia
2012-05-29 20:25 . 2012-05-29 20:26	--------	d-----w-	c:\users\SirMalgache\AppData\Local\Insanely Twisted Shadow Planet
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-28 17:26 . 2012-01-26 21:14	283304	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-06-28 17:26 . 2011-10-27 12:33	283304	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-06-28 17:25 . 2011-10-27 12:22	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-06-24 07:40 . 2012-01-26 21:13	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-06-23 19:19 . 2012-03-30 04:10	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 19:19 . 2011-10-26 17:09	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-28 16:01 . 2012-05-28 16:01	50952	----a-w-	c:\windows\system32\certsentry.dll
2012-05-28 16:01 . 2012-05-28 16:01	42760	----a-w-	c:\windows\SysWow64\certsentry.dll
2012-05-21 20:48 . 2011-10-26 13:10	466520	----a-w-	c:\windows\system32\wrap_oal.dll
2012-05-21 20:48 . 2011-10-26 13:10	445016	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2012-05-15 10:48 . 2012-05-25 10:41	68928	----a-w-	c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-05-25 10:41	61248	----a-w-	c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-05-25 10:41	949056	----a-w-	c:\windows\system32
vumdshimx.dll
2012-05-15 10:48 . 2012-05-25 10:41	818496	----a-w-	c:\windows\SysWow64
vumdshim.dll
2012-05-15 10:48 . 2012-05-25 10:41	8139072	----a-w-	c:\windows\system32
vcuda.dll
2012-05-15 10:48 . 2012-05-25 10:41	8105280	----a-w-	c:\windows\SysWow64
vwgf2um.dll
2012-05-15 10:48 . 2012-05-25 10:41	5982528	----a-w-	c:\windows\SysWow64
vcuda.dll
2012-05-15 10:48 . 2012-05-25 10:41	364352	----a-w-	c:\windows\system32
vdecodemft.dll
2012-05-15 10:48 . 2012-05-25 10:41	301376	----a-w-	c:\windows\SysWow64
vdecodemft.dll
2012-05-15 10:48 . 2012-05-25 10:41	2881856	----a-w-	c:\windows\system32
vcuvenc.dll
2012-05-15 10:48 . 2012-05-25 10:41	2741568	----a-w-	c:\windows\system32
vapi64.dll
2012-05-15 10:48 . 2012-05-25 10:41	2681664	----a-w-	c:\windows\system32
vcuvid.dll
2012-05-15 10:48 . 2012-05-25 10:41	25743168	----a-w-	c:\windows\system32
voglv64.dll
2012-05-15 10:48 . 2012-05-25 10:41	2524992	----a-w-	c:\windows\SysWow64
vcuvid.dll
2012-05-15 10:48 . 2012-05-25 10:41	25248064	----a-w-	c:\windows\system32
vcompiler.dll
2012-05-15 10:48 . 2012-05-25 10:41	246592	----a-w-	c:\windows\system32
vinitx.dll
2012-05-15 10:48 . 2012-05-25 10:41	2445120	----a-w-	c:\windows\SysWow64
vcuvenc.dll
2012-05-15 10:48 . 2012-05-25 10:41	2368832	----a-w-	c:\windows\SysWow64
vapi.dll
2012-05-15 10:48 . 2012-05-25 10:41	202048	----a-w-	c:\windows\SysWow64
vinit.dll
2012-05-15 10:48 . 2012-05-25 10:41	19607872	----a-w-	c:\windows\SysWow64
voglv32.dll
2012-05-15 10:48 . 2012-05-25 10:41	18044224	----a-w-	c:\windows\system32
vd3dumx.dll
2012-05-15 10:48 . 2012-05-25 10:41	17551680	----a-w-	c:\windows\SysWow64
vcompiler.dll
2012-05-15 10:48 . 2012-05-25 10:41	1738048	----a-w-	c:\windows\system32
vdispco64.dll
2012-05-15 10:48 . 2012-05-25 10:41	15322432	----a-w-	c:\windows\SysWow64
vd3dum.dll
2012-05-15 10:48 . 2012-05-25 10:41	1468224	----a-w-	c:\windows\system32
vgenco64.dll
2012-05-15 10:48 . 2012-05-25 10:41	14298944	----a-w-	c:\windows\system32\drivers
vlddmkm.sys
2012-05-15 10:48 . 2012-05-25 10:41	10194752	----a-w-	c:\windows\system32
vwgf2umx.dll
2012-05-15 09:29 . 2012-05-25 10:42	889664	----a-w-	c:\windows\system32
vvsvc.exe
2012-05-15 09:29 . 2012-05-25 10:42	63296	----a-w-	c:\windows\system32
vshext.dll
2012-05-15 09:29 . 2012-05-25 10:42	2561856	----a-w-	c:\windows\system32
vsvcr.dll
2012-05-15 09:29 . 2012-05-25 10:42	118080	----a-w-	c:\windows\system32
vmctray.dll
2012-05-15 09:29 . 2012-05-25 10:42	2621723	----a-w-	c:\windows\system32
vcoproc.bin
2012-05-15 09:29 . 2012-05-25 10:42	3149632	----a-w-	c:\windows\system32
vsvc64.dll
2012-05-15 09:28 . 2012-05-25 10:42	6151488	----a-w-	c:\windows\system32
vcpl.dll
2012-05-15 00:21 . 2012-05-15 00:21	423744	----a-w-	c:\windows\SysWow64
vStreaming.exe
2012-05-04 17:29 . 2012-03-04 18:06	772504	----a-w-	c:\windows\SysWow64
pdeployJava1.dll
2012-05-04 17:29 . 2011-10-26 17:11	687504	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-05-01 21:21 . 2012-05-01 21:21	1131153	----a-w-	c:\windows\SysWow64\unins002.exe
2012-04-21 18:42 . 2012-04-21 18:43	1131145	----a-w-	c:\windows\SysWow64\unins001.exe
2012-04-18 17:08 . 2012-05-25 10:41	31040	----a-w-	c:\windows\system32
vhdap64.dll
2012-04-18 17:08 . 2012-05-25 10:41	188736	----a-w-	c:\windows\system32\drivers
vhda64v.sys
2012-04-18 17:08 . 2012-02-22 13:57	1451840	----a-w-	c:\windows\system32
vhdagenco6420103.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2011-10-26 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2011-07-30 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[-] 2011-02-25 . 778D85E6829C6FF3E2EF329D80287F1D . 2379776 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2010-11-21 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
.
[-] 2009-08-23 . 5A48047A1A721C71976BF9D8BBEE0C45 . 499712 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3eegedit.exe
[-] 2009-07-14 . 5A48047A1A721C71976BF9D8BBEE0C45 . 471040 . . [6.1.7600.16385] .. c:\windowsegedit.exe
.
(((((((((((((((((((((((((((((   SnapShot@2012-06-28_15.34.47   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:10 . 2012-06-28 16:41	53328              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:09 . 2012-06-28 18:30	65508              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-30 22:35 . 2012-06-28 18:30	11394              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2818983625-3034285788-288326488-1016_UserData.bin
+ 2011-10-26 19:07 . 2012-05-17 22:32	5020              c:\windows\SysWOW64\sys_drv_2.dat
- 2012-01-31 08:38 . 2012-06-28 01:41	4916              c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-01-31 08:38 . 2012-06-28 18:27	4916              c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-06-28 18:28 . 2012-06-28 18:28	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-28 15:34 . 2012-06-28 15:34	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-28 15:34 . 2012-06-28 15:34	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-28 18:28 . 2012-06-28 18:28	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-11-21 06:58 . 2012-06-28 16:45	747850              c:\windows\system32\perfh00C.dat
- 2010-11-21 06:58 . 2012-06-28 15:23	747850              c:\windows\system32\perfh00C.dat
- 2009-07-14 02:36 . 2012-06-28 15:23	654880              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-28 16:45	654880              c:\windows\system32\perfh009.dat
+ 2010-11-21 06:58 . 2012-06-28 16:45	149490              c:\windows\system32\perfc00C.dat
- 2010-11-21 06:58 . 2012-06-28 15:23	149490              c:\windows\system32\perfc00C.dat
+ 2009-07-14 02:36 . 2012-06-28 16:45	121752              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-28 15:23	121752              c:\windows\system32\perfc009.dat
- 2012-06-17 17:21 . 2012-06-28 15:33	1296656              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-06-17 17:21 . 2012-06-28 18:27	1296656              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-06-28 15:33	1642984              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-28 18:27	1642984              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-26 12:34 . 2012-06-28 18:27	61401808              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2818983625-3034285788-288326488-1016-12288.dat
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2011-08-19 20:13	505344	----a-w-	c:\program files\Classic Explorer\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files (x86)\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SuperF4"="c:\program files\SuperF4\SuperF4.exe" [2010-10-23 47616]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-01-29 888120]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-02-02 3034432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AsioThk32Reg"="CTASIO.DLL" [2010-03-18 47104]
"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]
"Module Loader"="c:\program files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-23 57344]
"AudioDrvEmulator"="c:\program files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-23 57344]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"TrayServer"="c:\program files (x86)\MAGIX\Video deluxe MX Premium\TrayServer_fr.exe" [2008-09-01 90112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 102912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2010-03-18 158808]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-10-26 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-10-26 79360]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2010-03-18 706648]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2010-03-18 141912]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2010-03-18 141912]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2010-03-18 681048]
R3 DAUpdaterSvc;Dragon Age: Origins - Application de mise à jour;d:\program files\BioWare\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-07-21 16640]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 136176]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\x64\maconfservice.exe [2011-11-25 427640]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-12-21 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-12-21 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-12-21 161280]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [2010-12-21 128000]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers	susbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-02-14 736104]
R3 vm3dmp;vm3dmp;c:\windows\system32\DRIVERS\vm3dmp.sys [2011-03-25 106032]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R3 vmmouse;VMware Pointing Device;c:\windows\system32\DRIVERS\vmmouse.sys [2011-03-25 13872]
R3 zlportio;zlportio;d:\program files\UltraStar Deluxe\zlportio.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 sptd;sptd;c:\windows\SystemRoot\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-10-03 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-10-03 130864]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\program files\Tribes Ascend\HiRezGames\HiPatchService.exe [2012-06-24 8704]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-04-23 154272]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision
vSCPAPISvr.exe [2012-05-15 382272]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2011-06-20 196704]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2010-03-18 158808]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2010-03-18 706648]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2010-03-18 681048]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 52584]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-04 283200]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers
vhda64v.sys [2012-04-18 188736]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-16 676968]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS	ap0901t.sys [2009-09-16 31232]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-10-03 146736]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-10-03 165680]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
.
2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 19:19]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 20:40]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 20:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49	23432	----a-w-	c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2011-08-19 20:14	629248	----a-w-	c:\program files\Classic Explorer\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"htaui"="c:\users\SirMalgache\AppData\Roaming\htaui.dll" [BU]
"combofix"="c:\combofix\CF18607.3XE" [2010-11-21 345088]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://friendly-google-search.blogspot.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Envoyer à OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.2.1 89.2.0.1 89.2.0.2
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - 
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-2818983625-3034285788-288326488-1016\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:32,7a,eb,f1,1d,a9,4f,6f,5d,00,62,b0,f0,ef,c4,fb,3a,64,77,50,a7,e2,95,
   cc,66,a0,00,c8,c5,1a,c0,b6,25,0d,1b,87,47,9c,99,1c,c8,76,75,ba,6f,4f,6a,6c,\
"??"=hex:78,9b,50,84,e4,fb,7c,5a,90,ac,90,ee,a4,3f,a4,88
.
[HKEY_USERS\S-1-5-21-2818983625-3034285788-288326488-1016\Software\SecuROM\License information*]
"datasecu"=hex:81,d5,4a,a0,be,3a,59,67,bd,31,56,42,75,64,67,e7,25,75,7c,be,9b,
   90,43,13,5c,96,14,4f,c2,b7,21,16,c3,66,a8,33,05,14,a9,52,07,0e,14,3f,76,3c,\
"rkeysecu"=hex:fe,f4,84,2b,26,92,a8,08,ee,5d,1c,6e,bc,35,11,52
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="690AFAF592EF73C089BF500C32087D8D4D2F0C7C26BDE8D06D9B271DB6EC8BCEC9641854C3B9B5ECAEABD02C132076692CDBC8B1B160E7E5FBED92A65EAD1B3BFCFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B98085D575E7D6A3B98088EDD5E5BE2F6E6675AC947E04A78C44ECE7C99713145CF6160C527DA4CDE97EACEC76F01B772F4AE674D7BFA99682A86CCE713F555C03BCF1B1D3ABE8E08967BCB1C01467E5C1020F789A4C798F9231E63DB82F2FEE1925DD844D52CC70D4F0B562945DB0F2B2DF608324E486078EDF51AE0E70A651F9AD94F3D8C88EC29AAF86F0B87073F047D45061E9541C591A06C6B2856A2F7CDEB96A43088F929FB672A8C83244F156F039ED144AD3DC95823684683F366D72AF4EA756A06EB5C0B180496770B804D5B981D43C55C882742B4D30EE9FCC25B527832525A548B16BEA4F3696E42AC559AE6DB25E1FBB3492AE29B1A7441E98A4B0BC9BE15D84FA063C7E85717E32552DF6FFC32807B94D0CE94B234652353237C1715B2D18A6CF2A80ED6A5BF9B851C4606A49FA95BC392D1020D9B9D1B381730D97A9AEB775DBDA3DD358C60AC27BCCBD17A920D339F17BA382505A432178C9665E45664BDE3E24CEA7FB911EAAA74D04FAB24FB2D479A73187995A489B15CC39F43B9DE937FF97F4135CD8DBF753899CCEAE2EB08228E49D40BE96ED30E942D42070C23BFF9CA7EBE5A5DB6A9AEAC526F69517795581670F85F10F1D8F6762F5B278B1D1F5E566B1877F192B8C2AF86AFE2655B3BD68AFDE0FE0BC7737A7609CB1F665CA2FB4FCF5296094992E1CF28569109FA754F776DBC79D12B126A3FDFC96DC115CDE41A194A4892A9EF00518C863799DACFB59F1C92DFCFFABA5C2E38DF14B41FB86FD2952CA074211F55AAEC3219E8A56EC475CC39C6E3B881ACD47FEA9ACB769039C8FBFB3587C780DE086621FEBE2A8678A2265FC9E08D137678049D0B06BB1420FBE28FA419548A5B487BEFB55458E392033284840FC12E9E937AFCF359311AC625C7148CE825454F00100E8E56476397A75F7E1AA7C6A7C951F862692C400895AE0B85912EBA4E83F5EE3F5CE83177D1D380752F5A2EE4E196FB7C00DA735C363570B85A10B8D70426459AF92172274E024CE56ECAAD6216F5E0CC52B67C26990D9F5393ABE9A52040A38DC2880F8CDC5DDB22850EA2AE57BA6D2902022D89F03C27D06B93BA126D2701D5971EAAD514C62FCC25B20BED5E6148BA2E75FE40357DF5FE97CB3B0943F134885ED21144CB5327DF82348957A11DFC0100BD8D94213FE082CDCC210E3D6E7D8D7D8DAFAEA2CA0B285908E4B4E151FACBA0F99768B2A320CF4B04C4B4BB997B1F62A81880F7A98445E4148866A0989441"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\UAService7.exe
c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
c:\windows\SysWOW64\CtHelper.exe
c:\program files (x86)\Creative\Entertainment Center\EAXLoadr.exe
.
**************************************************************************
.
Heure de fin: 2012-06-28  20:36:04 - La machine a redémarré
ComboFix-quarantined-files.txt  2012-06-28 18:36
ComboFix.txt  2012-06-28 15:42
.
Avant-CF: 59 444 817 920 octets libres
Après-CF: 59 089 088 512 octets libres
.
- - End Of File - - C19E57C63C83E2CBA11C7111C87768A0

Un detail que j'ai pas précisé, apres le 1er lancement de combofix, j'ai ce message qui me fait à chaque démarrage:
http://tinypic.com/images/goodbye.jpg

juju666 · Answer

C'est quoi la DLL qu'il sait pas lancer ? ça ? 
"htaui"="c:\users\SirMalgache\AppData\Roaming\htaui.dll" [BU]

SirMalgache · Answer

Aucune idée! C'est apres le 1er lancement de Combofix que sa me fait ça maintenant.

juju666 · Answer

oui mais à chaque démarrage ?

SirMalgache · Answer

Oui

juju666 · Answer

j'arrive pas à voir ta copie d'écran

c'est bien ce fichier qu'il arrive pas à lancer ?

c:\users\SirMalgache\AppData\Roaming\htaui.dll

SirMalgache · Answer

Oui c'est ça mais c'est bon, j'ai pu réglé ce probleme avec Ccleaner.
Y'a autre chose que je dois faire avant de reprendre mes activités?

juju666 · Answer

Hello de retour

Nous allons réaliser un diagnostic de ton PC : 

&#9654 Télécharge ZHPDiag (de Nicolas Coolman) 

ou :ZHPDiag

&#9654 Enregistre le sur ton Bureau.

Une fois le téléchargement achevé, 

&#9654 Installe et lance ZHPDiag.exe ( Si tu es sous Vista ou 7, une fois le logiciel ouvert clique sur le bouton "UAC")

&#9654 Clique sur le tournevis puis sur Tous pour cocher toutes les cases des options.

&#9654 Clique sur la loupe pour lancer l'analyse.

A la fin de l'analyse, 

&#9654 Pour me transmettre ton rapport utilise le site http://pjjoint.malekal.com 

&#9654 Clique sur Parcourir et cherche le fichier C:\ZHP\ZHPDiag.txt

&#9654 Clique sur Ouvrir.

&#9654 Clique sur "Envoyer le fichier".

Un lien de cette forme :

https://pjjoint.malekal.com/files.php?id=ZHPDiag_20120312_q15b11x7g11u5

est ajouté dans la page.

&#9654 Copie ce lien dans ta réponse.

SirMalgache · Answer

Salut!
Juste pour dire que j'ai formaté depuis un moment mon ordis pour accueillir au propre ma nouvelle config.
Donc comme le dernier com a un peu tarder, je conclue ce topic comme résolu.
Merci pour ton aide Juju666

juju666 · Answer

ben c'est c0n mais c'est ton choix ...

merci du retour quand meme.

Virus

13 réponses

Discussions similaires

Newsletters