Virus

Résolu
SirMalgache Messages postés 19 Statut Membre -  
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,
Depuis hier, je suis infecté par un virus que je n'arrive pas à enlever.
Ce virus fait un peu ramer mon ordis mais c'est surtout mon internet qui en prends un coups et quand je clique sur des liens avec le moteur Google, il m'envoie sur un mauvais site

Mon antivirus actuel (ESET Smart Security 5) n'arrete de mettre en quarantaine les fichiers suivants:
"C:\Windows\Installer\{af467269-0ee1-9951-1c84-82b2a67b5aa0}\U\80000000.@"
"C:\Windows\Installer\{af467269-0ee1-9951-1c84-82b2a67b5aa0}\U\00000008.@"
"C:\Windows\system32\services.exe"
"C:\Windows\System32\services.exe"
"C:\Windows\Installer\{af467269-0ee1-9951-1c84-82b2a67b5aa0}\U\00000008.@"
"C:\WINDOWS\SYSTEM32\SERVICES.EXE"
"C:\Windows\system32\services.exe"
Et des fois, il me demande un redemarrage de l'ordis pour supprimer un fichier qui touche la mémoire vive du nom de "gac_32 desktop.ini"

J'ai fait une analyse complete avec l'antivirus cité, Malwarebytes et Spybot mais sans succes.

J'espere que quelqu'un va pouvoir m'aider avant ce week-end.
Dans le cas contraire, je formaterai mais sa peut toujours me retomber dessus apres.

13 réponses

  1. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Salut


    ▶ Fais un clic droit et "Enregistrer la cible (du lien sous) -> tonprenom.exe -> destination ton bureau (ET PAS AILLEURS) sur le lien suivant : ComboFix

    Ferme les fenêtres de tous les programmes en cours.
    Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.


    si tu as XP => double clique
    si tu as Vista ou windows 7 => clic droit "executer en tant que...."


    sur combofix renommé

    Si tu es sur Windows XP, laisse-le installer la console de récupération.

    ▶ Ne touche à rien durant le scan

    ComboFix devrait redémarrer ton PC.

    ▶ n'oublie pas de réactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    ▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    ▶▶▶ Si, après le redémarrage de votre pc par combofix, vous avez des erreurs "Clé marquée pour suppression" ou des soucis de connexion internet, redémarrez à nouveau votre ordinateur
    1
  2. SirMalgache Messages postés 19 Statut Membre 1
     
    Bonjour,
    Voilà c'est fait et je copie le contenu du ComboFix.txt
    ComboFix 12-06-28.01 - SirMalgache 28/06/2012 17:25:12.1.2 - x64
    Microsoft Windows 7 Professionnel N 6.1.7601.1.1252.33.1036.18.4094.2393 [GMT 2:00]
    Lancé depuis: c:\users\SirMalgache\Desktop\ComboFix.exe
    AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: Pare-feu personnel d'ESET *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Un nouveau point de restauration a été créé
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Default\AppData\Roaming\chrtmp
    c:\users\SirMalgache\AppData\Roaming\htaui.dll
    c:\windows\apppatch\AppLoc.exe
    c:\windows\Installer\{af467269-0ee1-9951-1c84-82b2a67b5aa0}\@
    c:\windows\Installer\{af467269-0ee1-9951-1c84-82b2a67b5aa0}\L\00000004.@
    c:\windows\Installer\{af467269-0ee1-9951-1c84-82b2a67b5aa0}\L\201d3dde
    c:\windows\Installer\{af467269-0ee1-9951-1c84-82b2a67b5aa0}\L\55490ac4
    c:\windows\Installer\{af467269-0ee1-9951-1c84-82b2a67b5aa0}\U\00000004.@
    c:\windows\Installer\{af467269-0ee1-9951-1c84-82b2a67b5aa0}\U\00000008.@
    c:\windows\Installer\{af467269-0ee1-9951-1c84-82b2a67b5aa0}\U\000000cb.@
    c:\windows\Installer\{af467269-0ee1-9951-1c84-82b2a67b5aa0}\U\80000032.@
    c:\windows\Installer\{af467269-0ee1-9951-1c84-82b2a67b5aa0}\U\80000064.@
    c:\windows\SysWow64\muzapp.exe
    c:\windows\SysWow64\tmp6C5.tmp
    c:\windows\SysWow64\tmp6E5.tmp
    c:\windows\SysWow64\tmpAE58.tmp
    c:\windows\SysWow64\tmpAEC6.tmp
    c:\windows\SysWow64\tmpD807.tmp
    c:\windows\SysWow64\tmpD828.tmp
    .
    Une copie infectée de c:\windows\system32\services.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2012-05-28 au 2012-06-28 ))))))))))))))))))))))))))))))))))))
    .
    .
    2012-06-28 15:32 . 2012-06-28 15:32 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-06-28 10:56 . 2012-06-28 10:56 -------- d-----w- c:\users\SirMalgache\AppData\Roaming\Malwarebytes
    2012-06-28 10:56 . 2012-06-28 10:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-06-28 10:56 . 2012-06-28 10:56 -------- d-----w- c:\programdata\Malwarebytes
    2012-06-28 10:56 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-28 04:36 . 2012-06-28 04:38 -------- d-----w- C:\ZHP
    2012-06-28 04:36 . 2012-06-28 04:37 -------- d-----w- c:\program files (x86)\ZHPDiag
    2012-06-28 04:19 . 2012-06-28 04:19 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-06-27 19:19 . 2012-06-27 19:19 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-06-27 17:49 . 2012-06-27 17:49 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
    2012-06-26 21:51 . 2012-06-26 21:51 -------- d-----w- c:\users\SirMalgache\AppData\Roaming\GamesCafe
    2012-06-26 21:42 . 2012-06-26 21:42 -------- d-----w- C:\Down
    2012-06-26 21:41 . 2012-06-26 21:41 -------- d-----w- C:\Perfect World Entertainment
    2012-06-24 23:34 . 2012-06-24 23:34 -------- d-----w- c:\users\SirMalgache\AppData\Roaming\Warner Bros. Interactive Entertainment
    2012-06-21 08:37 . 2012-06-21 08:37 3166792 ------w- c:\windows\SysWow64\pbsvc.exe
    2012-06-19 10:41 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-19 10:41 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-19 10:41 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-19 10:41 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-19 10:41 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-19 10:41 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-19 10:41 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-19 10:41 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-19 10:41 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-18 04:17 . 2012-06-18 04:17 -------- d-----w- c:\program files (x86)\Oracle
    2012-06-18 04:17 . 2012-06-18 04:17 -------- d-----w- c:\program files (x86)\Java
    2012-06-16 14:30 . 2012-06-16 14:30 -------- d-----w- c:\program files (x86)\System.Data.SQLite
    2012-06-16 06:16 . 2012-06-16 06:16 -------- d-----w- c:\users\SirMalgache\AppData\Local\Macromedia
    2012-06-14 03:48 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-14 03:48 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-14 03:48 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-06-14 03:48 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-14 03:48 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-06-14 03:48 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-14 03:48 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
    2012-06-14 03:48 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-07 17:17 . 2012-06-07 17:17 -------- d-----w- c:\program files (x86)\Common Files\Wrye Bash
    2012-06-07 06:18 . 2012-04-23 11:26 154272 ----a-w- c:\windows\system32\drivers\idmwfp.sys
    2012-06-05 23:03 . 2012-06-01 15:36 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-05 23:03 . 2012-06-01 15:36 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-04 23:12 . 2012-06-04 23:12 -------- d-----w- c:\users\SirMalgache\AppData\Roaming\Ludia
    2012-06-04 23:12 . 2012-06-04 23:12 -------- d-----w- c:\programdata\Ludia
    2012-05-29 20:25 . 2012-05-29 20:26 -------- d-----w- c:\users\SirMalgache\AppData\Local\Insanely Twisted Shadow Planet
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-27 16:21 . 2012-01-26 21:14 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-06-27 16:21 . 2011-10-27 12:33 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-06-27 16:21 . 2011-10-27 12:22 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-06-24 07:40 . 2012-01-26 21:13 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-06-23 19:19 . 2012-03-30 04:10 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-23 19:19 . 2011-10-26 17:09 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-28 16:01 . 2012-05-28 16:01 50952 ----a-w- c:\windows\system32\certsentry.dll
    2012-05-28 16:01 . 2012-05-28 16:01 42760 ----a-w- c:\windows\SysWow64\certsentry.dll
    2012-05-21 20:48 . 2011-10-26 13:10 466520 ----a-w- c:\windows\system32\wrap_oal.dll
    2012-05-21 20:48 . 2011-10-26 13:10 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2012-05-15 10:48 . 2012-05-25 10:41 68928 ----a-w- c:\windows\system32\OpenCL.dll
    2012-05-15 10:48 . 2012-05-25 10:41 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2012-05-15 10:48 . 2012-05-25 10:41 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
    2012-05-15 10:48 . 2012-05-25 10:41 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
    2012-05-15 10:48 . 2012-05-25 10:41 8139072 ----a-w- c:\windows\system32\nvcuda.dll
    2012-05-15 10:48 . 2012-05-25 10:41 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2012-05-15 10:48 . 2012-05-25 10:41 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2012-05-15 10:48 . 2012-05-25 10:41 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
    2012-05-15 10:48 . 2012-05-25 10:41 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
    2012-05-15 10:48 . 2012-05-25 10:41 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
    2012-05-15 10:48 . 2012-05-25 10:41 2741568 ----a-w- c:\windows\system32\nvapi64.dll
    2012-05-15 10:48 . 2012-05-25 10:41 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
    2012-05-15 10:48 . 2012-05-25 10:41 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
    2012-05-15 10:48 . 2012-05-25 10:41 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2012-05-15 10:48 . 2012-05-25 10:41 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
    2012-05-15 10:48 . 2012-05-25 10:41 246592 ----a-w- c:\windows\system32\nvinitx.dll
    2012-05-15 10:48 . 2012-05-25 10:41 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2012-05-15 10:48 . 2012-05-25 10:41 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
    2012-05-15 10:48 . 2012-05-25 10:41 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
    2012-05-15 10:48 . 2012-05-25 10:41 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2012-05-15 10:48 . 2012-05-25 10:41 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
    2012-05-15 10:48 . 2012-05-25 10:41 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2012-05-15 10:48 . 2012-05-25 10:41 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
    2012-05-15 10:48 . 2012-05-25 10:41 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2012-05-15 10:48 . 2012-05-25 10:41 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
    2012-05-15 10:48 . 2012-05-25 10:41 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2012-05-15 10:48 . 2012-05-25 10:41 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2012-05-15 09:29 . 2012-05-25 10:42 889664 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-05-15 09:29 . 2012-05-25 10:42 63296 ----a-w- c:\windows\system32\nvshext.dll
    2012-05-15 09:29 . 2012-05-25 10:42 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
    2012-05-15 09:29 . 2012-05-25 10:42 118080 ----a-w- c:\windows\system32\nvmctray.dll
    2012-05-15 09:29 . 2012-05-25 10:42 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
    2012-05-15 09:29 . 2012-05-25 10:42 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
    2012-05-15 09:28 . 2012-05-25 10:42 6151488 ----a-w- c:\windows\system32\nvcpl.dll
    2012-05-15 00:21 . 2012-05-15 00:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2012-05-04 17:29 . 2012-03-04 18:06 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-05-04 17:29 . 2011-10-26 17:11 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-05-01 21:21 . 2012-05-01 21:21 1131153 ----a-w- c:\windows\SysWow64\unins002.exe
    2012-04-21 18:42 . 2012-04-21 18:43 1131145 ----a-w- c:\windows\SysWow64\unins001.exe
    2012-04-18 17:08 . 2012-05-25 10:41 31040 ----a-w- c:\windows\system32\nvhdap64.dll
    2012-04-18 17:08 . 2012-05-25 10:41 188736 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
    2012-04-18 17:08 . 2012-02-22 13:57 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
    [-] 2011-10-26 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
    .
    [-] 2011-07-30 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
    [7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
    .
    [7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [-] 2011-02-25 . 778D85E6829C6FF3E2EF329D80287F1D . 2379776 . . [6.1.7600.16385] .. c:\windows\explorer.exe
    [7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [7] 2010-11-21 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
    .
    [-] 2009-08-23 . 5A48047A1A721C71976BF9D8BBEE0C45 . 499712 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
    [-] 2009-07-14 . 5A48047A1A721C71976BF9D8BBEE0C45 . 471040 . . [6.1.7600.16385] .. c:\windows\regedit.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
    @="{594D4122-1F87-41E2-96C7-825FB4796516}"
    [HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
    2011-08-19 20:13 505344 ----a-w- c:\program files\Classic Explorer\ClassicExplorer32.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SuperCopier2.exe"="c:\program files (x86)\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
    "RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "SuperF4"="c:\program files\SuperF4\SuperF4.exe" [2010-10-23 47616]
    "KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-01-29 888120]
    "DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-02-02 3034432]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AsioThk32Reg"="CTASIO.DLL" [2010-03-18 47104]
    "CTHelper"="CTHELPER.EXE" [2010-03-18 19456]
    "Module Loader"="c:\program files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-23 57344]
    "AudioDrvEmulator"="c:\program files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-23 57344]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "TrayServer"="c:\program files (x86)\MAGIX\Video deluxe MX Premium\TrayServer_fr.exe" [2008-09-01 90112]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 102912]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer6"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 136176]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
    R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2010-03-18 158808]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-10-26 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-10-26 79360]
    R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2010-03-18 706648]
    R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2010-03-18 141912]
    R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2010-03-18 141912]
    R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2010-03-18 681048]
    R3 DAUpdaterSvc;Dragon Age: Origins - Application de mise à jour;d:\program files\BioWare\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-07-21 16640]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
    R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 136176]
    R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\x64\maconfservice.exe [2011-11-25 427640]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-12-21 127488]
    R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-12-21 18944]
    R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-12-21 161280]
    R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [2010-12-21 128000]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-02-14 736104]
    R3 vm3dmp;vm3dmp;c:\windows\system32\DRIVERS\vm3dmp.sys [2011-03-25 106032]
    R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
    R3 vmmouse;VMware Pointing Device;c:\windows\system32\DRIVERS\vmmouse.sys [2011-03-25 13872]
    R3 X6va005;X6va005;c:\users\SIRMAL~1\AppData\Local\Temp\005BA6D.tmp [x]
    R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
    R3 zlportio;zlportio;d:\program files\UltraStar Deluxe\zlportio.sys [x]
    S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
    S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-10-03 224048]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-10-03 130864]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
    S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-04-23 154272]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
    S2 WinFLdrv;WinFLdrv;SysWOW64\WinFLdrv.sys [x]
    S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2011-06-20 196704]
    S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2010-03-18 158808]
    S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2010-03-18 706648]
    S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2010-03-18 681048]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 52584]
    S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-04 283200]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-16 676968]
    S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-10-03 146736]
    S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-10-03 165680]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2011-03-04 10:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 19:19]
    .
    2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 20:40]
    .
    2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 20:40]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
    @="{594D4122-1F87-41E2-96C7-825FB4796516}"
    [HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
    2011-08-19 20:14 629248 ----a-w- c:\program files\Classic Explorer\ClassicExplorer64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Examen supplémentaire -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://friendly-google-search.blogspot.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: &Envoyer à OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Télécharger avec IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
    IE: Télécharger tous les liens avec IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
    TCP: DhcpNameServer = 192.168.2.1 89.2.0.1 89.2.0.2
    DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    FF - ProfilePath -
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    HKLM-Run-htaui - c:\users\SirMalgache\AppData\Roaming\htaui.dll
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-Monopoly Deluxe - d:\program files\Monopoly Deluxe\Monopoly Deluxe\GameInstlr.exe
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
    AddRemove-UT3 CBP3 Vol 3 - c:\users\SirMalgache\Documents\My Games\Unreal Tournament 3\cbp3-vol3-uninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
    "ImagePath"="\??\c:\users\SIRMAL~1\AppData\Local\Temp\005BA6D.tmp"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
    "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_USERS\S-1-5-21-2818983625-3034285788-288326488-1016\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:32,7a,eb,f1,1d,a9,4f,6f,5d,00,62,b0,f0,ef,c4,fb,3a,64,77,50,a7,e2,95,
    cc,66,a0,00,c8,c5,1a,c0,b6,25,0d,1b,87,47,9c,99,1c,c8,76,75,ba,6f,4f,6a,6c,\
    "??"=hex:78,9b,50,84,e4,fb,7c,5a,90,ac,90,ee,a4,3f,a4,88
    .
    [HKEY_USERS\S-1-5-21-2818983625-3034285788-288326488-1016\Software\SecuROM\License information*]
    "datasecu"=hex:81,d5,4a,a0,be,3a,59,67,bd,31,56,42,75,64,67,e7,25,75,7c,be,9b,
    90,43,13,5c,96,14,4f,c2,b7,21,16,c3,66,a8,33,05,14,a9,52,07,0e,14,3f,76,3c,\
    "rkeysecu"=hex:fe,f4,84,2b,26,92,a8,08,ee,5d,1c,6e,bc,35,11,52
    .
    [HKEY_USERS\S-1-5-21-2818983625-3034285788-288326488-1016_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "scansk"=hex(0):6d,3c,c3,89,18,70,ec,fd,cf,2e,fc,fb,c2,55,e0,fa,76,8f,2d,3f,9c,
    b6,a2,56,24,82,d8,65,9a,6f,f2,77,e4,4e,8f,d9,e7,75,45,fd,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-2818983625-3034285788-288326488-1016_Classes\Wow6432Node\CLSID\{5f41a9b4-2fc6-4a2d-9663-5f615bfaeb54}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000053
    "Therad"=dword:0000001c
    "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
    1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_USERS\S-1-5-21-2818983625-3034285788-288326488-1016_Classes\Wow6432Node\CLSID\{6b697af1-9745-43bf-90b8-a912d76f79a2}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000080
    "Therad"=dword:0000002b
    "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
    38,95,44,54,8d,98,e5,c2,04,0d,8b,81,ed,08,ed,75,7e,01,75,ee,7f,30,1e,eb,cb,\
    .
    [HKEY_USERS\S-1-5-21-2818983625-3034285788-288326488-1016_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):c9,9d,5d,5e,86,09,bf,37,91,c8,6b,5e,c7,79,02,a3,1e,59,05,78,fe,
    23,6f,0d,c2,47,5e,fc,3f,31,b8,e3,36,19,b8,56,0d,93,09,20,00,00,00,00,00,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG15.00.00.01PROFESSIONAL"="690AFAF592EF73C089BF500C32087D8D4D2F0C7C26BDE8D06D9B271DB6EC8BCEC9641854C3B9B5ECAEABD02C132076692CDBC8B1B160E7E5FBED92A65EAD1B3BFCFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B98085D575E7D6A3B98088EDD5E5BE2F6E6675AC947E04A78C44ECE7C99713145CF6160C527DA4CDE97EACEC76F01B772F4AE674D7BFA99682A86CCE713F555C03BCF1B1D3ABE8E08967BCB1C01467E5C1020F789A4C798F9231E63DB82F2FEE1925DD844D52CC70D4F0B562945DB0F2B2DF608324E486078EDF51AE0E70A651F9AD94F3D8C88EC29AAF86F0B87073F047D45061E9541C591A06C6B2856A2F7CDEB96A43088F929FB672A8C83244F156F039ED144AD3DC95823684683F366D72AF4EA756A06EB5C0B180496770B804D5B981D43C55C882742B4D30EE9FCC25B527832525A548B16BEA4F3696E42AC559AE6DB25E1FBB3492AE29B1A7441E98A4B0BC9BE15D84FA063C7E85717E32552DF6FFC32807B94D0CE94B234652353237C1715B2D18A6CF2A80ED6A5BF9B851C4606A49FA95BC392D1020D9B9D1B381730D97A9AEB775DBDA3DD358C60AC27BCCBD17A920D339F17BA382505A432178C9665E45664BDE3E24CEA7FB911EAAA74D04FAB24FB2D479A73187995A489B15CC39F43B9DE937FF97F4135CD8DBF753899CCEAE2EB08228E49D40BE96ED30E942D42070C23BFF9CA7EBE5A5DB6A9AEAC526F69517795581670F85F10F1D8F6762F5B278B1D1F5E566B1877F192B8C2AF86AFE2655B3BD68AFDE0FE0BC7737A7609CB1F665CA2FB4FCF5296094992E1CF28569109FA754F776DBC79D12B126A3FDFC96DC115CDE41A194A4892A9EF00518C863799DACFB59F1C92DFCFFABA5C2E38DF14B41FB86FD2952CA074211F55AAEC3219E8A56EC475CC39C6E3B881ACD47FEA9ACB769039C8FBFB3587C780DE086621FEBE2A8678A2265FC9E08D137678049D0B06BB1420FBE28FA419548A5B487BEFB55458E392033284840FC12E9E937AFCF359311AC625C7148CE825454F00100E8E56476397A75F7E1AA7C6A7C951F862692C400895AE0B85912EBA4E83F5EE3F5CE83177D1D380752F5A2EE4E196FB7C00DA735C363570B85A10B8D70426459AF92172274E024CE56ECAAD6216F5E0CC52B67C26990D9F5393ABE9A52040A38DC2880F8CDC5DDB22850EA2AE57BA6D2902022D89F03C27D06B93BA126D2701D5971EAAD514C62FCC25B20BED5E6148BA2E75FE40357DF5FE97CB3B0943F134885ED21144CB5327DF82348957A11DFC0100BD8D94213FE082CDCC210E3D6E7D8D7D8DAFAEA2CA0B285908E4B4E151FACBA0F99768B2A320CF4B04C4B4BB997B1F62A81880F7A98445E4148866A0989441"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\windows\SysWOW64\UAService7.exe
    c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    c:\windows\SysWOW64\CtHelper.exe
    c:\program files (x86)\Creative\Entertainment Center\EAXLoadr.exe
    .
    **************************************************************************
    .
    Heure de fin: 2012-06-28 17:42:15 - La machine a redémarré
    ComboFix-quarantined-files.txt 2012-06-28 15:42
    .
    Avant-CF: 202 717 274 112 octets libres
    Après-CF: 202 677 465 088 octets libres
    .
    - - End Of File - - 69529D4546BC5FAD7B9EDD3690A2811A

    Y'a quand meme un truc que j'ai remarqué, depuis que j'ai lancé le combofix, ESET s'est calmé, l'ordis et mon internet est plus rapide et les liens de Google fonctionnent.
    Je pourrais considéré que le probleme est résolu mais avant ça, est_ce que je dois faire autre chose?

    Configuration: Windows 7 / Firefox 13.0.1
    0
  3. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    De retour

    On n'a pas fini

    =====================================================


    __________________________________________________
    =>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
    =>il est fort déconseillé de le transposer sur un autre ordinateur !<=
    ----------------------------------------------------------------------------


    Toujours avec toutes les protections désactivées, fais ceci :

    ▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
    ▶ Copie/colle dans le bloc-notes ce qui est entre les lignes ci dessous (sans les lignes) :

    ----------------------------------------------------------

    KillAll::

    ClearJavaCache::

    Driver::
    X6va005
    X6va008
    WinFLdrv

    File::
    c:\windows\SysWOW64\Drivers\X6va008
    c:\users\SIRMAL~1\AppData\Local\Temp\005BA6D.tmp
    c:\windows\SysWOW64\WinFLdrv.sys

    Folder::
    c:\windows\SysWow64\%APPDATA%

    RegLock::
    [HKEY_USERS\S-1-5-21-2818983625-3034285788-288326488-1016\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    [HKEY_USERS\S-1-5-21-2818983625-3034285788-288326488-1016\Software\SecuROM\License information*]
    [HKEY_USERS\S-1-5-21-2818983625-3034285788-288326488-1016_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    [HKEY_USERS\S-1-5-21-2818983625-3034285788-288326488-1016_Classes\Wow6432Node\CLSID\{5f41a9b4-2fc6-4a2d-9663-5f615bfaeb54}]
    [HKEY_USERS\S-1-5-21-2818983625-3034285788-288326488-1016_Classes\Wow6432Node\CLSID\{6b697af1-9745-43bf-90b8-a912d76f79a2}]
    [HKEY_USERS\S-1-5-21-2818983625-3034285788-288326488-1016_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    ------------------------------------------------------------------

    ▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
    ▶ Quitte le Bloc Notes

    ▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix comme ceci : Illustration

    ▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
    ▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    ▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt

    0
  4. SirMalgache Messages postés 19 Statut Membre 1
     
    ComboFix 12-06-28.01 - SirMalgache 28/06/2012 20:17:27.2.2 - x64
    Microsoft Windows 7 Professionnel N 6.1.7601.1.1252.33.1036.18.4094.2473 [GMT 2:00]
    Lancé depuis: c:\users\SirMalgache\Desktop\ComboFix.exe
    Commutateurs utilisés :: c:\users\SirMalgache\Desktop\CFScript.txt
    AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: Pare-feu personnel d'ESET *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Un nouveau point de restauration a été créé
    .
    FILE ::
    "c:\users\SIRMAL~1\AppData\Local\Temp\005BA6D.tmp"
    "c:\windows\SysWOW64\Drivers\X6va008"
    "c:\windows\SysWOW64\WinFLdrv.sys"
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\SysWow64\%APPDATA%
    c:\windows\SysWow64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
    c:\windows\SysWOW64\WinFLdrv.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_WINFLDRV
    -------\Legacy_X6VA005
    -------\Legacy_X6VA008
    -------\Service_WinFLdrv
    -------\Service_X6va005
    -------\Service_X6va008
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2012-05-28 au 2012-06-28 ))))))))))))))))))))))))))))))))))))
    .
    .
    2012-06-28 10:56 . 2012-06-28 10:56 -------- d-----w- c:\users\SirMalgache\AppData\Roaming\Malwarebytes
    2012-06-28 10:56 . 2012-06-28 10:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-06-28 10:56 . 2012-06-28 10:56 -------- d-----w- c:\programdata\Malwarebytes
    2012-06-28 10:56 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-28 04:36 . 2012-06-28 16:34 -------- d-----w- c:\program files (x86)\ZHPDiag
    2012-06-27 17:49 . 2012-06-27 17:49 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
    2012-06-26 21:51 . 2012-06-26 21:51 -------- d-----w- c:\users\SirMalgache\AppData\Roaming\GamesCafe
    2012-06-24 23:34 . 2012-06-24 23:34 -------- d-----w- c:\users\SirMalgache\AppData\Roaming\Warner Bros. Interactive Entertainment
    2012-06-21 08:37 . 2012-06-21 08:37 3166792 ------w- c:\windows\SysWow64\pbsvc.exe
    2012-06-19 10:41 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-19 10:41 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-19 10:41 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-19 10:41 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-19 10:41 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-19 10:41 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-19 10:41 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-19 10:41 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-19 10:41 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-18 04:17 . 2012-06-18 04:17 -------- d-----w- c:\program files (x86)\Oracle
    2012-06-18 04:17 . 2012-06-18 04:17 -------- d-----w- c:\program files (x86)\Java
    2012-06-16 14:30 . 2012-06-16 14:30 -------- d-----w- c:\program files (x86)\System.Data.SQLite
    2012-06-16 06:16 . 2012-06-16 06:16 -------- d-----w- c:\users\SirMalgache\AppData\Local\Macromedia
    2012-06-14 03:48 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-14 03:48 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-14 03:48 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-06-14 03:48 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-14 03:48 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-06-14 03:48 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-14 03:48 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
    2012-06-14 03:48 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-07 17:17 . 2012-06-07 17:17 -------- d-----w- c:\program files (x86)\Common Files\Wrye Bash
    2012-06-07 06:18 . 2012-04-23 11:26 154272 ----a-w- c:\windows\system32\drivers\idmwfp.sys
    2012-06-05 23:03 . 2012-06-01 15:36 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-05 23:03 . 2012-06-01 15:36 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-04 23:12 . 2012-06-04 23:12 -------- d-----w- c:\users\SirMalgache\AppData\Roaming\Ludia
    2012-06-04 23:12 . 2012-06-04 23:12 -------- d-----w- c:\programdata\Ludia
    2012-05-29 20:25 . 2012-05-29 20:26 -------- d-----w- c:\users\SirMalgache\AppData\Local\Insanely Twisted Shadow Planet
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-28 17:26 . 2012-01-26 21:14 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-06-28 17:26 . 2011-10-27 12:33 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-06-28 17:25 . 2011-10-27 12:22 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-06-24 07:40 . 2012-01-26 21:13 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-06-23 19:19 . 2012-03-30 04:10 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-23 19:19 . 2011-10-26 17:09 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-28 16:01 . 2012-05-28 16:01 50952 ----a-w- c:\windows\system32\certsentry.dll
    2012-05-28 16:01 . 2012-05-28 16:01 42760 ----a-w- c:\windows\SysWow64\certsentry.dll
    2012-05-21 20:48 . 2011-10-26 13:10 466520 ----a-w- c:\windows\system32\wrap_oal.dll
    2012-05-21 20:48 . 2011-10-26 13:10 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2012-05-15 10:48 . 2012-05-25 10:41 68928 ----a-w- c:\windows\system32\OpenCL.dll
    2012-05-15 10:48 . 2012-05-25 10:41 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2012-05-15 10:48 . 2012-05-25 10:41 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
    2012-05-15 10:48 . 2012-05-25 10:41 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
    2012-05-15 10:48 . 2012-05-25 10:41 8139072 ----a-w- c:\windows\system32\nvcuda.dll
    2012-05-15 10:48 . 2012-05-25 10:41 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2012-05-15 10:48 . 2012-05-25 10:41 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2012-05-15 10:48 . 2012-05-25 10:41 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
    2012-05-15 10:48 . 2012-05-25 10:41 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
    2012-05-15 10:48 . 2012-05-25 10:41 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
    2012-05-15 10:48 . 2012-05-25 10:41 2741568 ----a-w- c:\windows\system32\nvapi64.dll
    2012-05-15 10:48 . 2012-05-25 10:41 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
    2012-05-15 10:48 . 2012-05-25 10:41 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
    2012-05-15 10:48 . 2012-05-25 10:41 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2012-05-15 10:48 . 2012-05-25 10:41 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
    2012-05-15 10:48 . 2012-05-25 10:41 246592 ----a-w- c:\windows\system32\nvinitx.dll
    2012-05-15 10:48 . 2012-05-25 10:41 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2012-05-15 10:48 . 2012-05-25 10:41 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
    2012-05-15 10:48 . 2012-05-25 10:41 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
    2012-05-15 10:48 . 2012-05-25 10:41 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2012-05-15 10:48 . 2012-05-25 10:41 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
    2012-05-15 10:48 . 2012-05-25 10:41 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2012-05-15 10:48 . 2012-05-25 10:41 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
    2012-05-15 10:48 . 2012-05-25 10:41 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2012-05-15 10:48 . 2012-05-25 10:41 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
    2012-05-15 10:48 . 2012-05-25 10:41 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2012-05-15 10:48 . 2012-05-25 10:41 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2012-05-15 09:29 . 2012-05-25 10:42 889664 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-05-15 09:29 . 2012-05-25 10:42 63296 ----a-w- c:\windows\system32\nvshext.dll
    2012-05-15 09:29 . 2012-05-25 10:42 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
    2012-05-15 09:29 . 2012-05-25 10:42 118080 ----a-w- c:\windows\system32\nvmctray.dll
    2012-05-15 09:29 . 2012-05-25 10:42 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
    2012-05-15 09:29 . 2012-05-25 10:42 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
    2012-05-15 09:28 . 2012-05-25 10:42 6151488 ----a-w- c:\windows\system32\nvcpl.dll
    2012-05-15 00:21 . 2012-05-15 00:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2012-05-04 17:29 . 2012-03-04 18:06 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-05-04 17:29 . 2011-10-26 17:11 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-05-01 21:21 . 2012-05-01 21:21 1131153 ----a-w- c:\windows\SysWow64\unins002.exe
    2012-04-21 18:42 . 2012-04-21 18:43 1131145 ----a-w- c:\windows\SysWow64\unins001.exe
    2012-04-18 17:08 . 2012-05-25 10:41 31040 ----a-w- c:\windows\system32\nvhdap64.dll
    2012-04-18 17:08 . 2012-05-25 10:41 188736 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
    2012-04-18 17:08 . 2012-02-22 13:57 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
    [-] 2011-10-26 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
    .
    [-] 2011-07-30 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
    [7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
    .
    [7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [-] 2011-02-25 . 778D85E6829C6FF3E2EF329D80287F1D . 2379776 . . [6.1.7600.16385] .. c:\windows\explorer.exe
    [7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [7] 2010-11-21 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
    .
    [-] 2009-08-23 . 5A48047A1A721C71976BF9D8BBEE0C45 . 499712 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
    [-] 2009-07-14 . 5A48047A1A721C71976BF9D8BBEE0C45 . 471040 . . [6.1.7600.16385] .. c:\windows\regedit.exe
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-06-28_15.34.47 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-11-21 03:10 . 2012-06-28 16:41 53328 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:09 . 2012-06-28 18:30 65508 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2012-01-30 22:35 . 2012-06-28 18:30 11394 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2818983625-3034285788-288326488-1016_UserData.bin
    + 2011-10-26 19:07 . 2012-05-17 22:32 5020 c:\windows\SysWOW64\sys_drv_2.dat
    - 2012-01-31 08:38 . 2012-06-28 01:41 4916 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    + 2012-01-31 08:38 . 2012-06-28 18:27 4916 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    + 2012-06-28 18:28 . 2012-06-28 18:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-06-28 15:34 . 2012-06-28 15:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-06-28 15:34 . 2012-06-28 15:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-06-28 18:28 . 2012-06-28 18:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2010-11-21 06:58 . 2012-06-28 16:45 747850 c:\windows\system32\perfh00C.dat
    - 2010-11-21 06:58 . 2012-06-28 15:23 747850 c:\windows\system32\perfh00C.dat
    - 2009-07-14 02:36 . 2012-06-28 15:23 654880 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-06-28 16:45 654880 c:\windows\system32\perfh009.dat
    + 2010-11-21 06:58 . 2012-06-28 16:45 149490 c:\windows\system32\perfc00C.dat
    - 2010-11-21 06:58 . 2012-06-28 15:23 149490 c:\windows\system32\perfc00C.dat
    + 2009-07-14 02:36 . 2012-06-28 16:45 121752 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2012-06-28 15:23 121752 c:\windows\system32\perfc009.dat
    - 2012-06-17 17:21 . 2012-06-28 15:33 1296656 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2012-06-17 17:21 . 2012-06-28 18:27 1296656 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2009-07-14 05:01 . 2012-06-28 15:33 1642984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-06-28 18:27 1642984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-10-26 12:34 . 2012-06-28 18:27 61401808 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2818983625-3034285788-288326488-1016-12288.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
    @="{594D4122-1F87-41E2-96C7-825FB4796516}"
    [HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
    2011-08-19 20:13 505344 ----a-w- c:\program files\Classic Explorer\ClassicExplorer32.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SuperCopier2.exe"="c:\program files (x86)\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
    "RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "SuperF4"="c:\program files\SuperF4\SuperF4.exe" [2010-10-23 47616]
    "KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-01-29 888120]
    "DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-02-02 3034432]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AsioThk32Reg"="CTASIO.DLL" [2010-03-18 47104]
    "CTHelper"="CTHELPER.EXE" [2010-03-18 19456]
    "Module Loader"="c:\program files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-23 57344]
    "AudioDrvEmulator"="c:\program files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-23 57344]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "TrayServer"="c:\program files (x86)\MAGIX\Video deluxe MX Premium\TrayServer_fr.exe" [2008-09-01 90112]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 102912]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer6"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 136176]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
    R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2010-03-18 158808]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-10-26 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-10-26 79360]
    R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2010-03-18 706648]
    R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2010-03-18 141912]
    R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2010-03-18 141912]
    R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2010-03-18 681048]
    R3 DAUpdaterSvc;Dragon Age: Origins - Application de mise à jour;d:\program files\BioWare\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-07-21 16640]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
    R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 136176]
    R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\x64\maconfservice.exe [2011-11-25 427640]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-12-21 127488]
    R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-12-21 18944]
    R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-12-21 161280]
    R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [2010-12-21 128000]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-02-14 736104]
    R3 vm3dmp;vm3dmp;c:\windows\system32\DRIVERS\vm3dmp.sys [2011-03-25 106032]
    R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
    R3 vmmouse;VMware Pointing Device;c:\windows\system32\DRIVERS\vmmouse.sys [2011-03-25 13872]
    R3 zlportio;zlportio;d:\program files\UltraStar Deluxe\zlportio.sys [x]
    S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
    S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-10-03 224048]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-10-03 130864]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
    S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
    S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\program files\Tribes Ascend\HiRezGames\HiPatchService.exe [2012-06-24 8704]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-04-23 154272]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
    S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2011-06-20 196704]
    S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2010-03-18 158808]
    S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2010-03-18 706648]
    S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2010-03-18 681048]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 52584]
    S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-04 283200]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-16 676968]
    S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-10-03 146736]
    S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-10-03 165680]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2011-03-04 10:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 19:19]
    .
    2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 20:40]
    .
    2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 20:40]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
    @="{594D4122-1F87-41E2-96C7-825FB4796516}"
    [HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
    2011-08-19 20:14 629248 ----a-w- c:\program files\Classic Explorer\ClassicExplorer64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "htaui"="c:\users\SirMalgache\AppData\Roaming\htaui.dll" [BU]
    "combofix"="c:\combofix\CF18607.3XE" [2010-11-21 345088]
    .
    ------- Examen supplémentaire -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://friendly-google-search.blogspot.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: &Envoyer à OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Télécharger avec IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
    IE: Télécharger tous les liens avec IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
    TCP: DhcpNameServer = 192.168.2.1 89.2.0.1 89.2.0.2
    DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    FF - ProfilePath -
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_USERS\S-1-5-21-2818983625-3034285788-288326488-1016\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:32,7a,eb,f1,1d,a9,4f,6f,5d,00,62,b0,f0,ef,c4,fb,3a,64,77,50,a7,e2,95,
    cc,66,a0,00,c8,c5,1a,c0,b6,25,0d,1b,87,47,9c,99,1c,c8,76,75,ba,6f,4f,6a,6c,\
    "??"=hex:78,9b,50,84,e4,fb,7c,5a,90,ac,90,ee,a4,3f,a4,88
    .
    [HKEY_USERS\S-1-5-21-2818983625-3034285788-288326488-1016\Software\SecuROM\License information*]
    "datasecu"=hex:81,d5,4a,a0,be,3a,59,67,bd,31,56,42,75,64,67,e7,25,75,7c,be,9b,
    90,43,13,5c,96,14,4f,c2,b7,21,16,c3,66,a8,33,05,14,a9,52,07,0e,14,3f,76,3c,\
    "rkeysecu"=hex:fe,f4,84,2b,26,92,a8,08,ee,5d,1c,6e,bc,35,11,52
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG15.00.00.01PROFESSIONAL"="690AFAF592EF73C089BF500C32087D8D4D2F0C7C26BDE8D06D9B271DB6EC8BCEC9641854C3B9B5ECAEABD02C132076692CDBC8B1B160E7E5FBED92A65EAD1B3BFCFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B98085D575E7D6A3B98088EDD5E5BE2F6E6675AC947E04A78C44ECE7C99713145CF6160C527DA4CDE97EACEC76F01B772F4AE674D7BFA99682A86CCE713F555C03BCF1B1D3ABE8E08967BCB1C01467E5C1020F789A4C798F9231E63DB82F2FEE1925DD844D52CC70D4F0B562945DB0F2B2DF608324E486078EDF51AE0E70A651F9AD94F3D8C88EC29AAF86F0B87073F047D45061E9541C591A06C6B2856A2F7CDEB96A43088F929FB672A8C83244F156F039ED144AD3DC95823684683F366D72AF4EA756A06EB5C0B180496770B804D5B981D43C55C882742B4D30EE9FCC25B527832525A548B16BEA4F3696E42AC559AE6DB25E1FBB3492AE29B1A7441E98A4B0BC9BE15D84FA063C7E85717E32552DF6FFC32807B94D0CE94B234652353237C1715B2D18A6CF2A80ED6A5BF9B851C4606A49FA95BC392D1020D9B9D1B381730D97A9AEB775DBDA3DD358C60AC27BCCBD17A920D339F17BA382505A432178C9665E45664BDE3E24CEA7FB911EAAA74D04FAB24FB2D479A73187995A489B15CC39F43B9DE937FF97F4135CD8DBF753899CCEAE2EB08228E49D40BE96ED30E942D42070C23BFF9CA7EBE5A5DB6A9AEAC526F69517795581670F85F10F1D8F6762F5B278B1D1F5E566B1877F192B8C2AF86AFE2655B3BD68AFDE0FE0BC7737A7609CB1F665CA2FB4FCF5296094992E1CF28569109FA754F776DBC79D12B126A3FDFC96DC115CDE41A194A4892A9EF00518C863799DACFB59F1C92DFCFFABA5C2E38DF14B41FB86FD2952CA074211F55AAEC3219E8A56EC475CC39C6E3B881ACD47FEA9ACB769039C8FBFB3587C780DE086621FEBE2A8678A2265FC9E08D137678049D0B06BB1420FBE28FA419548A5B487BEFB55458E392033284840FC12E9E937AFCF359311AC625C7148CE825454F00100E8E56476397A75F7E1AA7C6A7C951F862692C400895AE0B85912EBA4E83F5EE3F5CE83177D1D380752F5A2EE4E196FB7C00DA735C363570B85A10B8D70426459AF92172274E024CE56ECAAD6216F5E0CC52B67C26990D9F5393ABE9A52040A38DC2880F8CDC5DDB22850EA2AE57BA6D2902022D89F03C27D06B93BA126D2701D5971EAAD514C62FCC25B20BED5E6148BA2E75FE40357DF5FE97CB3B0943F134885ED21144CB5327DF82348957A11DFC0100BD8D94213FE082CDCC210E3D6E7D8D7D8DAFAEA2CA0B285908E4B4E151FACBA0F99768B2A320CF4B04C4B4BB997B1F62A81880F7A98445E4148866A0989441"
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\windows\SysWOW64\UAService7.exe
    c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    c:\windows\SysWOW64\CtHelper.exe
    c:\program files (x86)\Creative\Entertainment Center\EAXLoadr.exe
    .
    **************************************************************************
    .
    Heure de fin: 2012-06-28 20:36:04 - La machine a redémarré
    ComboFix-quarantined-files.txt 2012-06-28 18:36
    ComboFix.txt 2012-06-28 15:42
    .
    Avant-CF: 59 444 817 920 octets libres
    Après-CF: 59 089 088 512 octets libres
    .
    - - End Of File - - C19E57C63C83E2CBA11C7111C87768A0

    Un detail que j'ai pas précisé, apres le 1er lancement de combofix, j'ai ce message qui me fait à chaque démarrage:
    http://tinypic.com/images/goodbye.jpg
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    C'est quoi la DLL qu'il sait pas lancer ? ça ?
    "htaui"="c:\users\SirMalgache\AppData\Roaming\htaui.dll" [BU]

    0
  7. SirMalgache Messages postés 19 Statut Membre 1
     
    Aucune idée! C'est apres le 1er lancement de Combofix que sa me fait ça maintenant.
    0
  8. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    oui mais à chaque démarrage ?
    0
  9. SirMalgache Messages postés 19 Statut Membre 1
     
    Oui
    0
  10. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    j'arrive pas à voir ta copie d'écran

    c'est bien ce fichier qu'il arrive pas à lancer ?

    c:\users\SirMalgache\AppData\Roaming\htaui.dll
    0
  11. SirMalgache Messages postés 19 Statut Membre 1
     
    Oui c'est ça mais c'est bon, j'ai pu réglé ce probleme avec Ccleaner.
    Y'a autre chose que je dois faire avant de reprendre mes activités?
    0
  12. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Hello de retour

    Nous allons réaliser un diagnostic de ton PC :

    ▶ Télécharge ZHPDiag (de Nicolas Coolman)

    ou :ZHPDiag

    Enregistre le sur ton Bureau.

    Une fois le téléchargement achevé,

    ▶ Installe et lance ZHPDiag.exe ( Si tu es sous Vista ou 7, une fois le logiciel ouvert clique sur le bouton "UAC")

    ▶ Clique sur le tournevis puis sur Tous pour cocher toutes les cases des options.

    ▶ Clique sur la loupe pour lancer l'analyse.

    A la fin de l'analyse,

    ▶ Pour me transmettre ton rapport utilise le site http://pjjoint.malekal.com

    ▶ Clique sur Parcourir et cherche le fichier C:\ZHP\ZHPDiag.txt

    ▶ Clique sur Ouvrir.

    ▶ Clique sur "Envoyer le fichier".

    Un lien de cette forme :

    https://pjjoint.malekal.com/files.php?id=ZHPDiag_20120312_q15b11x7g11u5

    est ajouté dans la page.

    ▶ Copie ce lien dans ta réponse.
    0
  13. SirMalgache Messages postés 19 Statut Membre 1
     
    Salut!
    Juste pour dire que j'ai formaté depuis un moment mon ordis pour accueillir au propre ma nouvelle config.
    Donc comme le dernier com a un peu tarder, je conclue ce topic comme résolu.
    Merci pour ton aide Juju666
    0
  14. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    ben c'est c0n mais c'est ton choix ...

    merci du retour quand meme.
    0