Sujet Précédent Sujet Suivant

Trojan

Résolu/Fermé
ZeKzU Messages postés 119 Date d'inscription samedi 3 mai 2008 Statut Membre Dernière intervention 7 juillet 2012 - Modifié par ZeKzU le 6/07/2012 à 12:39
 Utilisateur anonyme - 7 juil. 2012 à 23:01
Bonjour, apres le boot matinal, je vois MSE désactivé, en bon jeune qui se respecte, je lance donc une analyse malwarebytes, qui me trouve deux trojan (BCMiner et MRGGen) hop quarantaine reboot, toujours MSE désactivé, un p'ti combofix, il me trouve plein de bordel, reboot, toujours pas de MSE, un p'ti Ad-remover, reboot, toujours pas !
Alors bon, dernier recours, venir ici ^^
j'ai zhpdiag si vous voulez tout voir


A voir également:

31 réponses

  • 1
  • 2
Réponse 1 / 31
Utilisateur anonyme
6 juil. 2012 à 12:56
salut non je veux bien voir le rapport de combofix moi par contre
0
Réponse 2 / 31
ZeKzU Messages postés 119 Date d'inscription samedi 3 mai 2008 Statut Membre Dernière intervention 7 juillet 2012 18
6 juil. 2012 à 12:59
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.4079.2221 [GMT 2:00]
Lancé depuis: c:\users\GuiGui\Desktop\EntretienPC\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\GuiGui\AppData\Local\{7ff6db9d-e023-5782-42c7-7bb75de55985}
c:\users\GuiGui\AppData\Local\{7ff6db9d-e023-5782-42c7-7bb75de55985}\@
c:\users\GuiGui\AppData\Local\{7ff6db9d-e023-5782-42c7-7bb75de55985}\L\00000004.@
c:\users\GuiGui\AppData\Local\{7ff6db9d-e023-5782-42c7-7bb75de55985}\L\1afb2d56
c:\users\GuiGui\AppData\Local\{7ff6db9d-e023-5782-42c7-7bb75de55985}\n
c:\users\GuiGui\AppData\Local\{7ff6db9d-e023-5782-42c7-7bb75de55985}\U\00000004.@
c:\users\GuiGui\AppData\Local\{7ff6db9d-e023-5782-42c7-7bb75de55985}\U\00000008.@
c:\users\GuiGui\AppData\Local\{7ff6db9d-e023-5782-42c7-7bb75de55985}\U\000000cb.@
c:\users\GuiGui\AppData\Local\{7ff6db9d-e023-5782-42c7-7bb75de55985}\U\80000000.@
c:\users\GuiGui\AppData\Local\{7ff6db9d-e023-5782-42c7-7bb75de55985}\U\80000032.@
c:\users\GuiGui\AppData\Local\{7ff6db9d-e023-5782-42c7-7bb75de55985}\U\80000064.@
c:\users\GuiGui\AppData\Roaming\Microsoft\~DFK36c68a.tmp
c:\users\GuiGui\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\GuiGui\AppData\Roaming\Microsoft\bass.dll
c:\users\GuiGui\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\GuiGui\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\GuiGui\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\GuiGui\AppData\Roaming\Microsoft\peaadje.dll
c:\users\GuiGui\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\GuiGui\AppData\Roaming\Microsoft\rsaadjd.dll
c:\users\GuiGui\AppData\Roaming\mIRC\logs\status.log
c:\windows\SysWow64\adobecs5.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-06-06 au 2012-07-06 ))))))))))))))))))))))))))))))))))))
.
.
2012-07-06 10:23 . 2012-07-06 10:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-06 10:23 . 2012-07-06 10:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-06 10:23 . 2012-07-06 10:23 -------- d-----w- c:\users\GuiGui\AppData\Local\temp
2012-07-06 10:23 . 2012-07-06 10:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-05 22:05 . 2012-07-05 22:05 -------- d-----w- c:\users\GuiGui\AppData\Local\Downloader
2012-07-04 18:25 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{604C648B-D2D4-4BCF-826C-4DA41436572D}\mpengine.dll
2012-07-04 17:30 . 2012-07-06 10:19 -------- d-----w- c:\users\GuiGui\AppData\Local\LogMeIn Hamachi
2012-07-04 11:04 . 2012-07-04 11:04 -------- d-----w- c:\program files (x86)\Rockstar Games
2012-07-04 10:42 . 2012-07-04 10:42 -------- d-----w- c:\programdata\Rockstar Games
2012-07-04 10:23 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-03 22:26 . 2012-02-11 13:40 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2839250E-3304-4818-BA5F-E41536B2C336}\gapaengine.dll
2012-07-03 22:25 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-06-27 18:07 . 2012-06-27 18:07 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-06-23 11:32 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 11:32 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 11:32 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 11:32 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 11:32 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-23 11:32 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 11:32 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 11:32 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 11:32 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 03:28 . 2012-06-19 03:28 -------- d-----w- c:\users\GuiGui\AppData\Local\Sidhe
2012-06-18 10:16 . 2012-06-18 10:16 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-18 10:16 . 2012-06-18 10:16 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-17 12:13 . 2012-06-17 12:13 -------- d-----w- c:\users\GuiGui\AppData\Roaming\Apowersoft
2012-06-17 12:13 . 2010-12-24 09:43 29288 ----a-w- c:\windows\system32\drivers\Apowersoft_AudioDevice.sys
2012-06-16 15:16 . 2012-06-16 15:16 -------- d-----w- c:\program files (x86)\HmelyoffLabs
2012-06-16 15:09 . 2012-06-16 15:15 -------- d-----w- c:\program files (x86)\Noel Danjou
2012-06-16 14:40 . 2012-06-16 14:40 -------- d-----w- c:\programdata\Telestream
2012-06-16 14:40 . 2012-06-16 15:32 -------- d-----w- c:\users\GuiGui\AppData\Roaming\Wirecast
2012-06-16 14:40 . 2012-06-16 14:40 -------- d-----w- c:\users\GuiGui\AppData\Roaming\Vara Software
2012-06-16 14:40 . 2012-06-16 14:40 -------- d-----w- c:\programdata\eSellerate
2012-06-13 15:06 . 2012-06-13 15:06 -------- d-----w- c:\users\GuiGui\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 10:25 . 2011-07-28 14:38 25640 ----a-w- c:\windows\gdrv.sys
2012-07-04 18:19 . 2012-04-07 15:02 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-04 18:19 . 2011-07-28 14:47 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-20 14:16 . 2012-05-20 14:00 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-20 14:16 . 2011-08-02 15:52 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-20 14:15 . 2011-08-02 15:51 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-20 14:02 . 2012-05-20 14:00 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-05-15 10:48 . 2012-05-22 23:23 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-05-22 23:23 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2012-05-22 23:23 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-05-22 23:23 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-05-22 23:23 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-22 23:23 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-22 23:23 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-22 23:23 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-05-22 23:23 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-05-22 23:23 246592 ----a-w- c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2012-05-22 23:23 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-22 23:23 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2012-05-22 23:23 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-05-22 23:23 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-05-22 23:23 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-05-22 23:23 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-03-14 19:57 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-03-14 19:57 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-03-14 19:57 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-03-14 19:57 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-03-14 19:57 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2011-10-27 23:37 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2011-10-27 23:37 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2011-08-17 00:05 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-08-17 00:05 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2011-05-21 04:01 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2011-05-21 04:01 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 09:29 . 2011-07-28 14:57 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-07-28 14:57 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-07-28 14:57 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2011-07-28 14:47 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-03-14 19:58 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2011-07-28 14:57 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-07-28 14:47 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 00:21 . 2012-05-15 00:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-05 12:26 . 2012-04-07 15:26 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-18 17:08 . 2012-05-22 23:23 31040 ----a-w- c:\windows\system32\nvhdap64.dll
2012-04-18 17:08 . 2012-05-22 23:23 188736 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-04-18 17:08 . 2012-03-14 19:57 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2012-04-16 14:23 . 2012-04-16 14:23 637848 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-04-16 14:23 . 2011-07-29 09:51 567696 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-11 18:00 . 2012-04-16 13:17 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Granola"="d:\prog\granola\Granola Personal\granola.exe" [2012-02-21 887016]
"F.lux"="c:\users\GuiGui\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]
"Malwarebytes' Anti-Malware"="d:\prog\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="d:\prog\quicktime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;d:\prog\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-06 363800]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-04 250056]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2010-12-24 29288]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 cpuz135;cpuz135;d:\fichie~1\Temp\cpuz135\cpuz135_x64.sys [x]
R3 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 driverhardwarev2x64;driverhardwarev2x64;d:\prog\Ma-config\Drivers\driverhardwarev2x64.sys [2011-07-21 16640]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-08-26 25640]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-09-14 30528]
R3 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\prog\Hi-rez\HiPatchService.exe [2012-06-24 8704]
R3 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 145008]
R3 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-07-28 16008]
R3 maconfservice;Ma-Config Service;d:\prog\Ma-config\maconfservice.exe [2011-11-25 311928]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-28 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2012-04-11 54728]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-28 254528]
S2 GatewayAgentService;O&O Gateway Agent Service;c:\program files (x86)\OO Software\Shared\GatewayAgent\ooemcgats.exe [2010-11-19 316744]
S2 Granola PM Manager;Granola PM Manager;d:\prog\granola\Granola Personal\GranolaManager.exe [2012-02-21 449264]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\prog\hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 OODefragAgent;O&O Defrag;d:\prog\O&Odefrag\oodag.exe [2010-11-25 3152200]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-04-11 583200]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys [2007-02-03 955680]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-07-28 22408]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2011-07-28 66328]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-02-03 58528]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-06-10 91648]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-06-10 208896]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-26 425064]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
Contenu du dossier 'Tâches planifiées'
.
2012-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 18:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-21 444752]
.
[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 22408 ----a-w- d:\prog\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-06-14 110360]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-08 11821160]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2010-08-23 2552320]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Télécharger avec IDM - d:\prog\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - d:\prog\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\GuiGui\AppData\Roaming\Mozilla\Firefox\Profiles\0gzfg4q2.default\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil64_10_3_162_ActiveX.exe
SafeBoot-MsMpSvc
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-OpenAL - c:\program files (x86)\OpenAL\oalinst.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{1D09C093-F71E-43C3-B948-19316CBD695E}"=hex:51,66,7a,6c,4c,1d,38,12,fd,c3,1a,
19,2c,b9,ad,06,c6,5e,5a,71,69,e3,2d,4a
"{0055C089-8582-441B-A0BF-17B458C2A3A8}"=hex:51,66,7a,6c,4c,1d,38,12,e7,c3,46,
04,b0,cb,75,01,df,a9,54,f4,5d,9c,e7,bc
"{45D30484-7DED-43D9-957A-D2FD1F046511}"=hex:51,66,7a,6c,4c,1d,38,12,ea,07,c0,
41,df,33,b7,06,ea,6c,91,bd,1a,5a,21,05
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:54,7c,51,07,cc,bc,cc,01
.
[HKEY_USERS\S-1-5-21-2469631386-82068602-2986095981-1000_Classes\Wow6432Node\CLSID\{714bbf8f-1deb-488a-a1c5-9ceb893cbd0a}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000153
"Therad"=dword:00000022
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2469631386-82068602-2986095981-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):3a,45,a7,7b,09,71,fa,cb,7d,35,18,4a,07,b2,cd,a7,c0,47,5a,bd,89,
16,bb,f0,92,3e,c2,9a,10,20,c0,30,31,60,2a,cb,a8,4d,46,d0,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="291DB118521AE356BEF3BACBE5FCE5C8034790643D4F3712452775C2BAD832F058F1CFA8AD69B9E2DFE103BC4BE7ED71EF2E8B19FDFCC10A80B7FDEF70C8D0E7A8C541BD85A68E9236D8AC8D058942E20A8362C62ADBD3A147DF8F167A7BE7B2D587E45A6EB9CCC835A5732A68FB37399694CEE401D64D50D58D7F551ACB853EB0644C674E0F508EDFD74864A1DA17387071BBCB115A07317A71D831E5992F211DCEBEB1E0166B9150444D73B048A0C306EFCA3C4058CB031A045790C5475D9013FEB66833FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667A6171C11EC38DE3DA9C6AECB7A5D14075C952D5F632B2A74A3778210D5935BB05EE9EB01172947C01F166003ACFA5C0F850307D69938F2DBF9742B7015F9FA2AF112AD855ED24475C66C95F29CB54B3C9CBFA7E447AB9FD5581994DF28D6561B27BB2C8BEC44096393E2AF56C0986CC9ABCCA7E4FAF9EF423A15CFCE615BF3098C621239F21106D5C2E511AACAB1B96741A23FC4874C09591F0D90C2D1EFC1CFAE78AB45E479926C94D13F7B2F40149AEE2A4F090381EFA30819AED150AD119D24636B7FF7F6671B4E79E36CA7B83C3B49C45BC947A9127FFC45A5A8796314F403FA64482C34A1A8B8224D323144D9766B4508B0720BBC9E081216892C94E42C668B50153F11C3B19F866E990DBF75CD717022FC6620A507B6F144478A767F706F598C6FB52031A654D45BFEBFBA7E157E8318834A94E2119D4E96C9FCF343BDC19518F2D92A344AAA2E4E5593F9C6F5B62C7BA907CAEE6BD2031B8DAD2CF5E783EB1AD3B3AA7A347C29262316F685EBC40F056C4CD8AB98705FFEA38CEFBF96E1F85AD4185016D125D0E482165D554957420FD90B87DA6D1528182FCCC8ACC38B4CC5CE967F7AE086212EA12B8E33B19DCF18167954249364955DE9646E2D3DB46C6D328B4E83F5858DCE42AC9C831E4FB8C3589170130A8352EB9E0FD0952814D1067E900A6C79097BB33BB8D20A5CA4ED58EA93C296A19E0003AE4C129EF8E66AE8C785B1D726FEC5ECF630ADF30B5CD840ADFDE3820063B1068DDF09E3FBEB15923910774B0D573933F3B85B4EA137528B949A228F9F05EF7DC44F3FE74FE6A8240F98442E900798DE443B420C66FBAA6C2671FC56CC3AB6156F67F38C659F6EE11B49B3D069089AED8C64F981F7F2A43BFDD02CD72CBC759CBDB51B9A86E0A2B6C19415E223D467828AA5D0EB466A76EFCACB1978304C9008740F58C04B7BF52DFD2CEB7A9CEE9FE20934456895354CAB51B75FFC25AA606FEB0A088C24428D765B8A6F900C5B52F86C890C798027C4B1E62F5293A79FB00E9001B974538D83E9FB6B8B82762308D1A9E18E85F19A72E6771077492A7442C5"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2012-07-06 12:27:08 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-07-06 10:27
.
Avant-CF: 14 540 922 880 octets libres
Après-CF: 14 551 625 728 octets libres
.
- - End Of File - - 96E3FCD29589C269C0DEC3A8348860B8
0
Réponse 3 / 31
ZeKzU Messages postés 119 Date d'inscription samedi 3 mai 2008 Statut Membre Dernière intervention 7 juillet 2012 18
6 juil. 2012 à 13:00
je pense qu'il y a un lien avec adobe flash, je suis allé hier sur un site de streaming bizarre qui ma lancé une ptite fenetre de flash, j'ai vite tout fermé mais c'étais apparament trop tard
0
Réponse 4 / 31
Utilisateur anonyme
6 juil. 2012 à 13:06
Combofix aurait du etre renommé....
à passer les outils sans savoir ni les connaitre on plante sa machine...


__________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
----------------------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
KillAll::

ClearJavaCache::

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
[HKEY_USERS\S-1-5-21-2469631386-82068602-2986095981-1000_Classes\Wow6432Node\CLSID\{714bbf8f-1deb-488a-a1c5-9ceb893cbd0a}]
[HKEY_USERS\S-1-5-21-2469631386-82068602-2986095981-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]


------------------------------------------------------------------

▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes

▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix comme sur cette : illustration

▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt


0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 31
ZeKzU Messages postés 119 Date d'inscription samedi 3 mai 2008 Statut Membre Dernière intervention 7 juillet 2012 18
6 juil. 2012 à 13:22
ComboFix 12-07-06.01 - GuiGui 06/07/2012 13:12:04.2.4 - x64
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.4079.2501 [GMT 2:00]
Lancé depuis: c:\users\GuiGui\Desktop\EntretienPC\ComboFix.exe
Commutateurs utilisés :: c:\users\GuiGui\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-06-06 au 2012-07-06 ))))))))))))))))))))))))))))))))))))
.
.
2012-07-06 11:15 . 2012-07-06 11:15 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-06 11:15 . 2012-07-06 11:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-06 11:15 . 2012-07-06 11:15 -------- d-----w- c:\users\GuiGui\AppData\Local\temp
2012-07-06 11:15 . 2012-07-06 11:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-05 22:05 . 2012-07-05 22:05 -------- d-----w- c:\users\GuiGui\AppData\Local\Downloader
2012-07-04 18:25 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{604C648B-D2D4-4BCF-826C-4DA41436572D}\mpengine.dll
2012-07-04 17:30 . 2012-07-06 10:19 -------- d-----w- c:\users\GuiGui\AppData\Local\LogMeIn Hamachi
2012-07-04 11:04 . 2012-07-04 11:04 -------- d-----w- c:\program files (x86)\Rockstar Games
2012-07-04 10:42 . 2012-07-04 10:42 -------- d-----w- c:\programdata\Rockstar Games
2012-07-04 10:23 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-03 22:26 . 2012-02-11 13:40 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2839250E-3304-4818-BA5F-E41536B2C336}\gapaengine.dll
2012-07-03 22:25 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-06-27 18:07 . 2012-06-27 18:07 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-06-23 11:32 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 11:32 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 11:32 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 11:32 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 11:32 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-23 11:32 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 11:32 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 11:32 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 11:32 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 03:28 . 2012-06-19 03:28 -------- d-----w- c:\users\GuiGui\AppData\Local\Sidhe
2012-06-18 10:16 . 2012-06-18 10:16 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-18 10:16 . 2012-06-18 10:16 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-17 12:13 . 2012-06-17 12:13 -------- d-----w- c:\users\GuiGui\AppData\Roaming\Apowersoft
2012-06-17 12:13 . 2010-12-24 09:43 29288 ----a-w- c:\windows\system32\drivers\Apowersoft_AudioDevice.sys
2012-06-16 15:16 . 2012-06-16 15:16 -------- d-----w- c:\program files (x86)\HmelyoffLabs
2012-06-16 15:09 . 2012-06-16 15:15 -------- d-----w- c:\program files (x86)\Noel Danjou
2012-06-16 14:40 . 2012-06-16 14:40 -------- d-----w- c:\programdata\Telestream
2012-06-16 14:40 . 2012-06-16 15:32 -------- d-----w- c:\users\GuiGui\AppData\Roaming\Wirecast
2012-06-16 14:40 . 2012-06-16 14:40 -------- d-----w- c:\users\GuiGui\AppData\Roaming\Vara Software
2012-06-16 14:40 . 2012-06-16 14:40 -------- d-----w- c:\programdata\eSellerate
2012-06-13 15:06 . 2012-06-13 15:06 -------- d-----w- c:\users\GuiGui\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 11:16 . 2011-07-28 14:38 25640 ----a-w- c:\windows\gdrv.sys
2012-07-04 18:19 . 2012-04-07 15:02 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-04 18:19 . 2011-07-28 14:47 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-20 14:16 . 2012-05-20 14:00 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-20 14:16 . 2011-08-02 15:52 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-20 14:15 . 2011-08-02 15:51 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-20 14:02 . 2012-05-20 14:00 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-05-15 10:48 . 2012-05-22 23:23 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-05-22 23:23 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2012-05-22 23:23 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-05-22 23:23 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-05-22 23:23 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-22 23:23 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-22 23:23 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-22 23:23 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-05-22 23:23 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-05-22 23:23 246592 ----a-w- c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2012-05-22 23:23 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-22 23:23 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2012-05-22 23:23 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-05-22 23:23 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-05-22 23:23 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-05-22 23:23 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-03-14 19:57 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-03-14 19:57 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-03-14 19:57 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-03-14 19:57 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-03-14 19:57 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2011-10-27 23:37 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2011-10-27 23:37 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2011-08-17 00:05 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-08-17 00:05 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2011-05-21 04:01 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2011-05-21 04:01 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 09:29 . 2011-07-28 14:57 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-07-28 14:57 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-07-28 14:57 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2011-07-28 14:47 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-03-14 19:58 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2011-07-28 14:57 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-07-28 14:47 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 00:21 . 2012-05-15 00:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-05 12:26 . 2012-04-07 15:26 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-18 17:08 . 2012-05-22 23:23 31040 ----a-w- c:\windows\system32\nvhdap64.dll
2012-04-18 17:08 . 2012-05-22 23:23 188736 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-04-18 17:08 . 2012-03-14 19:57 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2012-04-16 14:23 . 2012-04-16 14:23 637848 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-04-16 14:23 . 2011-07-29 09:51 567696 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-11 18:00 . 2012-04-16 13:17 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-06_10.25.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-07-06 10:31 70416 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-06 10:31 33214 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-07-28 14:30 . 2012-07-06 10:31 10064 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2469631386-82068602-2986095981-1000_UserData.bin
- 2012-07-06 10:25 . 2012-07-06 10:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-06 11:16 . 2012-07-06 11:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-04-12 09:16 . 2012-07-06 10:22 747396 c:\windows\system32\perfh00C.dat
+ 2011-04-12 09:16 . 2012-07-06 10:34 747396 c:\windows\system32\perfh00C.dat
- 2009-07-14 02:36 . 2012-07-06 10:22 654278 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-06 10:34 654278 c:\windows\system32\perfh009.dat
+ 2011-04-12 09:16 . 2012-07-06 10:34 149814 c:\windows\system32\perfc00C.dat
- 2011-04-12 09:16 . 2012-07-06 10:22 149814 c:\windows\system32\perfc00C.dat
+ 2009-07-14 02:36 . 2012-07-06 10:34 122110 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-06 10:22 122110 c:\windows\system32\perfc009.dat
- 2011-07-28 14:01 . 2012-07-06 10:17 376832 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-28 14:01 . 2012-07-06 11:10 376832 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-07-06 10:45 172760 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2012-07-06 10:24 369760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-06 11:15 369760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-28 14:01 . 2012-07-06 11:10 8683520 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-07-28 14:01 . 2012-07-06 10:17 8683520 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-06 10:17 3620864 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-06 11:10 3620864 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-16 14:05 . 2012-07-06 11:15 3291816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-04-16 14:05 . 2012-07-06 10:24 3291816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-07-28 15:13 . 2012-07-06 11:15 33899132 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2469631386-82068602-2986095981-1000-8192.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Granola"="d:\prog\granola\Granola Personal\granola.exe" [2012-02-21 887016]
"F.lux"="c:\users\GuiGui\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]
"Malwarebytes' Anti-Malware"="d:\prog\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="d:\prog\quicktime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;d:\prog\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-06 363800]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-04 250056]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2010-12-24 29288]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 cpuz135;cpuz135;d:\fichie~1\Temp\cpuz135\cpuz135_x64.sys [x]
R3 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 driverhardwarev2x64;driverhardwarev2x64;d:\prog\Ma-config\Drivers\driverhardwarev2x64.sys [2011-07-21 16640]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-08-26 25640]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-09-14 30528]
R3 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\prog\Hi-rez\HiPatchService.exe [2012-06-24 8704]
R3 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 145008]
R3 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-07-28 16008]
R3 maconfservice;Ma-Config Service;d:\prog\Ma-config\maconfservice.exe [2011-11-25 311928]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-28 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2012-04-11 54728]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-28 254528]
S2 GatewayAgentService;O&O Gateway Agent Service;c:\program files (x86)\OO Software\Shared\GatewayAgent\ooemcgats.exe [2010-11-19 316744]
S2 Granola PM Manager;Granola PM Manager;d:\prog\granola\Granola Personal\GranolaManager.exe [2012-02-21 449264]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\prog\hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 OODefragAgent;O&O Defrag;d:\prog\O&Odefrag\oodag.exe [2010-11-25 3152200]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-04-11 583200]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys [2007-02-03 955680]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-07-28 22408]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2011-07-28 66328]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-02-03 58528]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-06-10 91648]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-06-10 208896]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-26 425064]
.
.
Contenu du dossier 'Tâches planifiées'
.
2012-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 18:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-21 444752]
.
[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 22408 ----a-w- d:\prog\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-06-14 110360]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-08 11821160]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2010-08-23 2552320]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Télécharger avec IDM - d:\prog\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - d:\prog\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\GuiGui\AppData\Roaming\Mozilla\Firefox\Profiles\0gzfg4q2.default\
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="291DB118521AE356BEF3BACBE5FCE5C8034790643D4F3712452775C2BAD832F058F1CFA8AD69B9E2DFE103BC4BE7ED71EF2E8B19FDFCC10A80B7FDEF70C8D0E7A8C541BD85A68E9236D8AC8D058942E20A8362C62ADBD3A147DF8F167A7BE7B2D587E45A6EB9CCC835A5732A68FB37399694CEE401D64D50D58D7F551ACB853EB0644C674E0F508EDFD74864A1DA17387071BBCB115A07317A71D831E5992F211DCEBEB1E0166B9150444D73B048A0C306EFCA3C4058CB031A045790C5475D9013FEB66833FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667A6171C11EC38DE3DA9C6AECB7A5D14075C952D5F632B2A74A3778210D5935BB05EE9EB01172947C01F166003ACFA5C0F850307D69938F2DBF9742B7015F9FA2AF112AD855ED24475C66C95F29CB54B3C9CBFA7E447AB9FD5581994DF28D6561B27BB2C8BEC44096393E2AF56C0986CC9ABCCA7E4FAF9EF423A15CFCE615BF3098C621239F21106D5C2E511AACAB1B96741A23FC4874C09591F0D90C2D1EFC1CFAE78AB45E479926C94D13F7B2F40149AEE2A4F090381EFA30819AED150AD119D24636B7FF7F6671B4E79E36CA7B83C3B49C45BC947A9127FFC45A5A8796314F403FA64482C34A1A8B8224D323144D9766B4508B0720BBC9E081216892C94E42C668B50153F11C3B19F866E990DBF75CD717022FC6620A507B6F144478A767F706F598C6FB52031A654D45BFEBFBA7E157E8318834A94E2119D4E96C9FCF343BDC19518F2D92A344AAA2E4E5593F9C6F5B62C7BA907CAEE6BD2031B8DAD2CF5E783EB1AD3B3AA7A347C29262316F685EBC40F056C4CD8AB98705FFEA38CEFBF96E1F85AD4185016D125D0E482165D554957420FD90B87DA6D1528182FCCC8ACC38B4CC5CE967F7AE086212EA12B8E33B19DCF18167954249364955DE9646E2D3DB46C6D328B4E83F5858DCE42AC9C831E4FB8C3589170130A8352EB9E0FD0952814D1067E900A6C79097BB33BB8D20A5CA4ED58EA93C296A19E0003AE4C129EF8E66AE8C785B1D726FEC5ECF630ADF30B5CD840ADFDE3820063B1068DDF09E3FBEB15923910774B0D573933F3B85B4EA137528B949A228F9F05EF7DC44F3FE74FE6A8240F98442E900798DE443B420C66FBAA6C2671FC56CC3AB6156F67F38C659F6EE11B49B3D069089AED8C64F981F7F2A43BFDD02CD72CBC759CBDB51B9A86E0A2B6C19415E223D467828AA5D0EB466A76EFCACB1978304C9008740F58C04B7BF52DFD2CEB7A9CEE9FE20934456895354CAB51B75FFC25AA606FEB0A088C24428D765B8A6F900C5B52F86C890C798027C4B1E62F5293A79FB00E9001B974538D83E9FB6B8B82762308D1A9E18E85F19A72E6771077492A7442C5"
.
Heure de fin: 2012-07-06 13:17:51 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-07-06 11:17
ComboFix2.txt 2012-07-06 10:27
.
Avant-CF: 15 291 781 120 octets libres
Après-CF: 16 128 098 304 octets libres
.
- - End Of File - - F9593151961098C4035A06F0A5EBF4D1
0
Réponse 6 / 31
ZeKzU Messages postés 119 Date d'inscription samedi 3 mai 2008 Statut Membre Dernière intervention 7 juillet 2012 18
6 juil. 2012 à 14:04
sinon j'ai mumble/steam/ts/skype si sa te tente
0
Réponse 7 / 31
Utilisateur anonyme
Modifié par g3n-h@ckm@n le 6/07/2012 à 14:19
je te dis combofix aurait du etre renommé et tu le relances avec le meme nom..

c'est pas grave c'est la journée aujourd'hui personne comprend rien...^^

====================

bref

Attention : cet outil peut etre détecté à tort comme virus

tous les processus "non vitaux de windows" vont être coupés , enregistre ton travail.

Désactive toutes tes protections si possible , antivirus , sandbox , etc....

telecharge et enregistre Pre_Scan sur ton bureau :

http://forums-fec.be/gen-hackman/Pre_Scan.exe
http://general-changelog-team.fr/fr/downloads/viewdownload/41-outils-de-gen-hackman/52-pre-scan

Avertissement :Il y aura une extinction du bureau pendant le scan --> pas de panique.

une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan_la_date_et_l'heure.txt" sur le bureau.

si l'outil est relancé plusieurs fois , il te proposera un menu et qu'aucune option n'est demandée, lance l'option "Kill"

si l'outil est bloqué par l'infection utilise cette version avec extension .pif :

http://forums-fec.be/gen-hackman/Pre_Scan.pif

si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"

Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler

Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra sur le bureau en fin de scan


NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)

Heberge le rapport sur http://pjjoint.malekal.com puis donne le lien obtenu en echange sur le forum où tu te fais aider

Si possible , confirme ou infirme l'utilisation de Defogger par Pre_Scan
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 8 / 31
ZeKzU Messages postés 119 Date d'inscription samedi 3 mai 2008 Statut Membre Dernière intervention 7 juillet 2012 18
6 juil. 2012 à 14:13
mince désolé encore un peu dans la paté ^^
et tes trois fichier sont des 404 not found
0
Réponse 9 / 31
Utilisateur anonyme
Modifié par g3n-h@ckm@n le 6/07/2012 à 14:19
ouaip trompé de fiche désolé , j'ai edité maintenant ils fonctionnent
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 10 / 31
ZeKzU Messages postés 119 Date d'inscription samedi 3 mai 2008 Statut Membre Dernière intervention 7 juillet 2012 18
6 juil. 2012 à 14:28
Sa bloque a Extensions Firefox
0
Réponse 11 / 31
Utilisateur anonyme
6 juil. 2012 à 15:00
je comprends pas j ai pas d'erreur dans le code ...

heberge le rapport qui est dans c:\ et debug.txt qui est dans le dossier pre_scan dans c:\ aussi
0
Réponse 12 / 31
ZeKzU Messages postés 119 Date d'inscription samedi 3 mai 2008 Statut Membre Dernière intervention 7 juillet 2012 18
Modifié par ZeKzU le 6/07/2012 à 15:04
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | 2.706 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤

~ Mis à jour le 06/07/2012 |08.30 par g3n-h@ckm@n
~ Informations Evolution : https://gen-hackman.kanak.fr/
~ Informations sur les switchs Pre_Script : https://gen-hackman.kanak.fr/
~ Feedback Pre_scan : https://gen-hackman.kanak.fr/#505
~ Merci à C_XX , Slyk & Saachaa pour leur apport à l'évolution de l'outil

~ Utilisateur : GuiGui (Administrateurs) | SID = S-1-5-21-2469631386-82068602-2986095981-1000
~ Ordinateur : GUIGUI-PC

~ Système d'exploitation : Windows 7 Professional (64 bits) Professional Service Pack 1
~ Type d'installation : Client
~ Enregistré sous : GuiGui
~ Processeur : Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz
~ Identification : Intel64 Family 6 Model 42 Stepping 7

Pare-feu windows : Actif
Windows Defender : Inactif

~ Mémoire RAM = Total (KB) : 4177270 | Used (%) : 24 | Free (KB) : 3146510
~ Pagefile = Total (KB) : 8352690 | Free (KB) : 7239240
~ Virtuelle = Total (KB) : 4194180 | Free (KB) : 4025400

¤¤¤¤¤¤¤¤¤¤ | Scripts de boot


¤¤¤¤¤¤¤¤¤¤ | Drives

c:\ -> [Fixed] | [] | Total : 57230 Mo | Free : 15430 Mo -> NTFS
d:\ -> [Fixed] | [] | Total : 953860 Mo | Free : 544820 Mo -> NTFS

Scan : 14:20:35 | 06/07/2012

¤¤¤¤¤¤¤¤¤¤ | Navigateurs

Internet Explorer : 9.0.8112.16421
Mozilla Firefox : 13.0.1 (fr)

¤ Par défaut :

[HKCR\http | command] : "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome


¤¤¤¤¤¤¤¤¤¤ | Frameworks

~ [14/07/2009 05:20:10] - C:\Windows\Microsoft.net\Framework\v1.0.3705
~ [14/07/2009 05:20:10] - C:\Windows\Microsoft.net\Framework\v1.1.4322
~ [14/07/2009 05:20:10] - C:\Windows\Microsoft.net\Framework\v1.0.3705
~ [14/07/2009 05:20:10] - C:\Windows\Microsoft.net\Framework\v1.1.4322
~ [14/07/2009 05:20:10] - C:\Windows\Microsoft.net\Framework\v2.0.50727
~ [14/07/2009 07:32:38] - C:\Windows\Microsoft.net\Framework\v3.0
~ [14/07/2009 07:32:38] - C:\Windows\Microsoft.net\Framework\v3.5
~ [28/07/2011 17:41:53] - C:\Windows\Microsoft.net\Framework\v4.0.30319

¤¤¤¤¤¤¤¤¤¤ | Windows Updates



¤¤¤¤¤¤¤¤¤¤ | Sessions | Profiles | Directories

~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1000] : ProfileImagePath -> C:\Users\GuiGui
~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1000] : RefCount -> 3
~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1000] : State -> 0
~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1003] : ProfileImagePath -> C:\Users\UpdatusUser
~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1003] : RefCount -> 0
~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1003] : State -> 0
~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1004] : ProfileImagePath -> C:\Users\UpdatusUser
~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1004] : RefCount -> 0
~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1004] : State -> 0
~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1006] : ProfileImagePath -> C:\Users\UpdatusUser
~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1006] : RefCount -> 1
~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1006] : State -> 0

~ C:\Windows\system32\config\systemprofile
~ C:\Windows\ServiceProfiles\LocalService
~ C:\Windows\ServiceProfiles\NetworkService
~ C:\Users\GuiGui
~ C:\Users\UpdatusUser
~ C:\Users\UpdatusUser
~ C:\Users\UpdatusUser

[HKLM | ProfileLoader\{F5441CBB-AE7D-4495-905B-161047E58936}] : DllName -> userenv.dll

Nouveau point de restauration créé


¤¤¤¤¤¤¤¤¤¤ | Contrôle MD5

[MD5.332FEAB1435662FC6C672E25BEB37BE3] - [28/07/2011 17:00:03] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2804.5 Ko] - (6.1.7601.17567) - C:\Windows\explorer.exe
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - [16/12/2011 17:09:40] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2804.5 Ko] - (6.1.7601.17567) - C:\Windows\ERDNT\cache86\explorer.exe
[MD5.AC4C51EB24AA95B77F705AB159189E24] - [21/11/2010 05:24:11] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2805 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - [28/07/2011 17:00:03] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2804.5 Ko] - (6.1.7601.17567) - C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[MD5.3B69712041F3D63605529BD66DC00C48] - [28/07/2011 17:00:03] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2804.5 Ko] - (6.1.7601.21669) - C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[MD5.40D777B7A95E00593EB1568C68514493] - [21/11/2010 05:24:25] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2555 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - [28/07/2011 17:00:03] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2555 Ko] - (6.1.7601.17567) - C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[MD5.0FB9C74046656D1579A64660AD67B746] - [28/07/2011 17:00:03] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2555 Ko] - (6.1.7601.21669) - C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [14/07/2009 01:19:49] - (.© Microsoft Corporation. Tous droits réservés. - Processus d'exécution client-serveur.) - [7.5 Ko] - (6.1.7600.16385) - C:\Windows\System32\csrss.exe
[MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [14/07/2009 01:19:49] - (.© Microsoft Corporation. Tous droits réservés. - Processus d'exécution client-serveur.) - [7.5 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe ->
[MD5.24ACB7E5BE595468E3B9AA488B9B4FCB] - [14/07/2009 01:19:46] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [321 Ko] - (6.1.7600.16385) - C:\Windows\System32\services.exe
[MD5.24ACB7E5BE595468E3B9AA488B9B4FCB] - [16/12/2011 17:09:40] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [321 Ko] - (6.1.7600.16385) - C:\Windows\ERDNT\cache64\services.exe
[MD5.24ACB7E5BE595468E3B9AA488B9B4FCB] - [14/07/2009 01:19:46] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [321 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[MD5.1911A3356FA3F77CCC825CCBAC038C2A] - [14/07/2009 01:19:50] - (.© Microsoft Corporation. Tous droits réservés. - Gestionnaire de sessions Windows.) - [110 Ko] - (6.1.7600.16385) - C:\Windows\System32\smss.exe
[MD5.1911A3356FA3F77CCC825CCBAC038C2A] - [14/07/2009 01:19:50] - (.© Microsoft Corporation. All rights reserved. - Windows Session Manager.) - [110 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
[MD5.BAFE84E637BF7388C96EF48D4D3FDD53] - [21/11/2010 05:24:28] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Userinit.) - [30 Ko] - (6.1.7601.17514) - C:\Windows\System32\userinit.exe
[MD5.61AC3EFDFACFDD3F0F11DD4FD4044223] - [21/11/2010 05:23:55] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Userinit.) - [26 Ko] - (6.1.7601.17514) - C:\Windows\SysWOW64\userinit.exe
[MD5.BAFE84E637BF7388C96EF48D4D3FDD53] - [16/12/2011 17:09:40] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Userinit.) - [30 Ko] - (6.1.7601.17514) - C:\Windows\ERDNT\cache64\userinit.exe
[MD5.61AC3EFDFACFDD3F0F11DD4FD4044223] - [16/12/2011 17:09:40] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Userinit.) - [26 Ko] - (6.1.7601.17514) - C:\Windows\ERDNT\cache86\userinit.exe
[MD5.BAFE84E637BF7388C96EF48D4D3FDD53] - [21/11/2010 05:24:28] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Userinit.) - [30 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[MD5.61AC3EFDFACFDD3F0F11DD4FD4044223] - [21/11/2010 05:23:55] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Userinit.) - [26 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - [14/07/2009 01:52:37] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [126 Ko] - (6.1.7600.16385) - C:\Windows\System32\wininit.exe
[MD5.B5C5DCAD3899512020D135600129D665] - [14/07/2009 01:36:49] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [94 Ko] - (6.1.7600.16385) - C:\Windows\SysWOW64\wininit.exe
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - [16/12/2011 17:09:40] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [126 Ko] - (6.1.7600.16385) - C:\Windows\ERDNT\cache64\wininit.exe
[MD5.B5C5DCAD3899512020D135600129D665] - [16/12/2011 17:09:40] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [94 Ko] - (6.1.7600.16385) - C:\Windows\ERDNT\cache86\wininit.exe
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - [14/07/2009 01:52:37] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [126 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[MD5.B5C5DCAD3899512020D135600129D665] - [14/07/2009 01:36:49] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [94 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - [21/11/2010 05:24:29] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Windows.) - [381.5 Ko] - (6.1.7601.17514) - C:\Windows\System32\winlogon.exe
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - [16/12/2011 17:09:40] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Windows.) - [381.5 Ko] - (6.1.7601.17514) - C:\Windows\ERDNT\cache64\winlogon.exe
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - [21/11/2010 05:24:29] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Windows.) - [381.5 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - [15/02/2012 00:46:32] - (.© Microsoft Corporation. Tous droits réservés. - Ancillary Function Driver for WinSock.) - [487 Ko] - (6.1.7601.17752) - C:\Windows\System32\drivers\afd.sys
[MD5.D31DC7A16DEA4A9BAF179F3D6FBDB38C] - [21/11/2010 05:24:08] - (.© Microsoft Corporation. All rights reserved. - Ancillary Function Driver for WinSock.) - [488 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[MD5.D5B031C308A409A0A576BFF4CF083D30] - [28/07/2011 16:59:53] - (.© Microsoft Corporation. All rights reserved. - Ancillary Function Driver for WinSock.) - [487.5 Ko] - (6.1.7601.17603) - C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - [15/02/2012 00:46:32] - (.© Microsoft Corporation. All rights reserved. - Ancillary Function Driver for WinSock.) - [487 Ko] - (6.1.7601.17752) - C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[MD5.F4AD06143EAC303F55D0E86C40802976] - [28/07/2011 16:59:53] - (.© Microsoft Corporation. All rights reserved. - Ancillary Function Driver for WinSock.) - [487.5 Ko] - (6.1.7601.21712) - C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[MD5.36A14FD1A23F57046361733B792CA8DB] - [15/02/2012 00:46:32] - (.© Microsoft Corporation. All rights reserved. - Ancillary Function Driver for WinSock.) - [486.5 Ko] - (6.1.7601.21887) - C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - [16/12/2011 17:09:39] - (.© Microsoft Corporation. All rights reserved. - ATAPI IDE Miniport Driver.) - [23.56 Ko] - (6.1.7600.16385) - C:\Windows\ERDNT\cache64\atapi.sys
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - [14/07/2009 01:19:47] - (.© Microsoft Corporation. All rights reserved. - ATAPI IDE Miniport Driver.) - [23.56 Ko] - (6.1.7600.16385) - C:\Windows\System32\drivers\atapi.sys
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - [14/07/2009 01:19:47] - (.© Microsoft Corporation. All rights reserved. - ATAPI IDE Miniport Driver.) - [23.56 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[MD5.F036CE71586E93D94DAB220D7BDF4416] - [21/11/2010 05:23:47] - (.© Microsoft Corporation. All rights reserved. - SCSI CD-ROM Driver.) - [144 Ko] - (6.1.7601.17514) - C:\Windows\System32\drivers\cdrom.sys
[MD5.F036CE71586E93D94DAB220D7BDF4416] - [21/11/2010 05:23:47] - (.© Microsoft Corporation. All rights reserved. - SCSI CD-ROM Driver.) - [144 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys
[MD5.09594D1089C523423B32A4229263F068] - [21/11/2010 05:23:51] - (.© Microsoft Corporation. All rights reserved. - MBT Transport driver.) - [255.5 Ko] - (6.1.7601.17514) - C:\Windows\System32\drivers\netbt.sys
[MD5.09594D1089C523423B32A4229263F068] - [21/11/2010 05:23:51] - (.© Microsoft Corporation. All rights reserved. - MBT Transport driver.) - [255.5 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - [06/07/2012 12:26:07] - (.© Microsoft Corporation. All rights reserved. - TDI Translation Driver.) - [116.5 Ko] - (6.1.7601.17514) - C:\Windows\ERDNT\cache64\tdx.sys
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - [21/11/2010 05:24:32] - (.© Microsoft Corporation. All rights reserved. - TDI Translation Driver.) - [116.5 Ko] - (6.1.7601.17514) - C:\Windows\System32\drivers\tdx.sys
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - [21/11/2010 05:24:32] - (.© Microsoft Corporation. All rights reserved. - TDI Translation Driver.) - [116.5 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - [21/11/2010 05:23:47] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de cliché instantané du volume.) - [288.88 Ko] - (6.1.7601.17514) - C:\Windows\System32\drivers\volsnap.sys
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - [21/11/2010 05:23:47] - (.© Microsoft Corporation. All rights reserved. - Volume Shadow Copy Driver.) - [288.88 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys

14:20:54

¤¤¤¤¤¤¤¤¤¤ | Processus

nvSCPAPISvr.exe (796) -> Processus stoppé
PresentationFontCache.exe (840) -> Processus stoppé
WUDFHost.exe (1180) -> Processus stoppé
spoolsv.exe (1440) -> Processus stoppé
ooemcgats.exe (1616) -> Processus stoppé
taskhost.exe (1716) -> Processus stoppé
GranolaManager.exe (1736) -> Processus stoppé
hamachi-2.exe (1896) -> Processus stoppé
explorer.exe (1936) -> Processus stoppé
oodag.exe (1728) -> Processus stoppé
TimeMgmtDaemon.exe (1152) -> Processus stoppé
SolutoService.exe (2044) -> Processus stoppé
RPMDaemon.exe (2924) -> Processus stoppé
LCore.exe (2092) -> Processus stoppé
RAVCpl64.exe (2156) -> Processus stoppé
SetPoint.exe (2140) -> Processus stoppé
msseces.exe (2120) -> Processus stoppé
sidebar.exe (2220) -> Processus stoppé
granola.exe (2304) -> Processus stoppé
flux.exe (2264) -> Processus stoppé
KHALMNPR.exe (2800) -> Processus stoppé
nusb3mon.exe (2904) -> Processus stoppé
WMPSideShowGadget.exe (3536) -> Processus stoppé
wmplayer.exe (3660) -> Processus stoppé
SearchIndexer.exe (3972) -> Processus stoppé
wmpnetwk.exe (4060) -> Processus stoppé
taskhost.exe (3244) -> Processus stoppé
firefox.exe (2084) -> Processus stoppé
AlarmClock.exe (4220) -> Processus stoppé
LMS.exe (4784) -> Processus stoppé
mbamservice.exe (4812) -> Processus stoppé
UNS.exe (4936) -> Processus stoppé
plugin-container.exe (1104) -> Processus stoppé
FlashPlayerPlugin_11_3_300_262.exe (1708) -> Processus stoppé
FlashPlayerPlugin_11_3_300_262.exe (4428) -> Processus stoppé
Steam.exe (4240) -> Processus stoppé
SteamService.exe (1972) -> Processus stoppé
Agent.exe (520) -> Processus stoppé
conhost.exe (3824) -> Processus stoppé
Diablo III.exe (3264) -> Processus stoppé
winamp.exe (4400) -> Processus stoppé
SearchProtocolHost.exe (4480) -> Processus stoppé

¤¤¤¤¤¤¤¤¤¤ | Processus en cours

Demarrage : Normal

4652 | D:\Mes documents\winlogon.exe - GuiGui - Normal - "D:\Mes documents\winlogon.exe" - 2084
1732 | C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe - Système - Normal - "C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe" - 564
3432 | C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe - Système - Normal - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe" - 564
3500 | C:\Pre_Scan\Pv.exe - GuiGui - Normal - C:\Pre_Scan\Pv.exe -o"%i | %f - %u - %p - %l - %r" - 2460

¤¤¤¤¤¤¤¤¤¤ | Winlogon


¤

[HKLM | Winlogon] | Shell : Explorer.exe
[HKLM | Winlogon] | AutoRestartShell : 1 -> 0
[HKLM | Winlogon] | userinit : C:\Windows\system32\userinit.exe,
[HKLM | Winlogon] | PowerDownAfterShutdown : -> 1
[HKLM | Winlogon] | System :

¤¤¤¤¤¤¤¤¤¤ | Associations

[.exe] : exefile
[exefile | command] : "%1" %*
[.com] : ComFile
[comfile | command] : "%1" %*
[.reg] : regfile
[regfile | command] : regedit.exe "%1"
[.scr] : scrfile
[scrfile | command] : "%1" /S
[.bat] : batfile
[batfile | command] : "%1" %*
[.cmd] : cmdfile
[cmdfile | command] : "%1" %*
[.pif] : piffile
[piffile | command] : "%1" %*
[.url] : InternetShortcut
[InternetShortcut | command] : "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l
[Application.Manifest | command] : rundll32.exe dfshim.dll,ShOpenVerbApplication %1
[Application.Reference | command] : rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2
[Folder | command] : C:\Windows\Explorer.exe -> C:\Windows\explorer.exe

¤

[Firefox | Command] | @ : C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"
[Firefox - Safemode | Command] | @ : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode
[IE | Command] | @ : "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
[Applications | IE | Command] | @ : "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
[Assoc | Applications] | @ : http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s

¤¤¤¤¤¤¤¤¤¤ | Corrections diverses

[HKLM | HideDesktopIcons\ClassicStartMenu] | {9343812e-1c37-4a49-a12e-4b2d810d956b} : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel] | {F02C1A0D-BE21-4350-88B0-7367FC96EF3C} : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel] | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel] | {208D2C60-3AEA-1069-A2D7-08002B30309D} : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel] | {871C5380-42A0-1069-A2EA-08002B30309D} : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel] | {5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel] | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel] | {9343812e-1c37-4a49-a12e-4b2d810d956b} : 1 -> 0
[HKLM | Advanced\Folder\Hidden\SHOWALL] | CheckedValue : 1
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Desktop] | Wallpaper : C:\Users\GuiGui\AppData\Roaming\Mozilla\Firefox\Fond d'écran.bmp
[HKU\S-1-5-18 | Desktop] | Wallpaper : (None)
[HKU\S-1-5-19 | Policies\Explorer] | NoDesktop : -> 0
[HKU\S-1-5-20 | Policies\Explorer] | NoDesktop : -> 0
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Policies\Explorer] | NoDesktop : -> 0
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000_Classes | Policies\Explorer] | NoDesktop : -> 0
[HKU\S-1-5-18 | Policies\Explorer] | NoDesktop : -> 0
[HKLM | CurrentVersion\Explorer] | AlwaysUnloadDll : -> 1
[HKLM | policies\Explorer] | NoDesktop : -> 0
[HKU\S-1-5-19 | Explorer\Advanced] | Hidden : -> 0
[HKU\S-1-5-20 | Explorer\Advanced] | Hidden : -> 0
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Explorer\Advanced] | Hidden : 1 -> 0
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000_Classes | Explorer\Advanced] | Hidden : -> 0
[HKU\S-1-5-18 | Explorer\Advanced] | Hidden : -> 0
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Policies\Explorer] | NoDriveTypeAutoRun : 0 -> 145
[HKLM | policies\Explorer] | NoDriveTypeAutoRun : 0 -> 145
[HKLM | Policies\System] | DisableRegistryTools : 0
[HKLM | Control\SafeBoot] | AlternateShell : cmd.exe

14:20:54


¤¤¤¤¤¤¤¤¤¤ | Services

[RPCSS] | Start : 2 : Actif
[Cmbatt] | Start : 3 : Inactif
[Compbatt] | Start : 3 -> 0 : Inactif
[Ndisuio] | Start : 3 : Inactif
[Power] | Start : 2 : Actif
[Profsvc] | Start : 2 : Actif
[PlugPlay] | Start : 2 : Actif
[PEAUTH] | Start : 2 : Actif
[NVSvc] | Start : 3 -> 2 : Inactif
[nsi] | Start : 2 : Actif
[NLASvc] | Start : 2 : Actif
[MPSsvc] | Start : 2 : Actif
[MMCSS] | Start : 2 : Actif
[luafv] | Start : 2 : Actif
[lltdio] | Start : 2 : Actif
[Iphlpsvc] | Start : 2 : Actif
[IKEEXT] | Start : 2 : Actif
[gpsvc] | Start : 2 : Actif
[lmhosts] | Start : 2 : Actif
[LanmanWorkstation] | Start : 2 : Actif
[LanmanServer] | Start : 2 : Actif
[agp440] | Start : 3 -> 2 : Inactif
[AudioEndpointBuilder] | Start : 2 : Actif
[Audiosrv] | Start : 2 : Actif
[BFE] | Start : 2 : Actif
[Bits] | Start : 3 -> 2 : Inactif
[CryptSvc] | Start : 2 : Actif
[EapHost] | Start : 3 -> 2 : Inactif
[Wlansvc] | Start : 3 -> 2 : Inactif
[SppSvc] | Start : 2 : Inactif
[SharedAccess] | Start : 2 : Inactif
[windefend] | Start : 3 -> 2 : Inactif
[wuauserv] | Start : 2 : Actif
[WerSvc] | Start : 3 -> 2 : Inactif
[wscsvc] | Start : 2 : Actif

14:20:54


¤¤¤¤¤¤¤¤¤¤ | Internet Explorer

[HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Main] | Start Page : https://www.msn.com/fr-fr -> https://www.google.com/?gws_rd=ssl
[HKU\S-1-5-18 | Main] | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> https://www.google.com/?gws_rd=ssl
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Main] | Local Page : C:\Windows\system32\blank.htm
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Main] | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKU\S-1-5-18 | Main] | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKLM | Search] | SearchAssistant : https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm -> http://www.google.com/toolbar/ie8/sidebar.html
[HKLM | Main] | Start Page : https://www.msn.com/fr-fr -> https://www.msn.com/fr-fr/?ocid=iehp
[HKLM | Main] | Local Page : C:\Windows\SysWOW64\blank.htm
[HKLM | Main] | Default_Search_URL : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKLM | Main] | Default_Page_URL : https://www.msn.com/fr-fr/?ocid=iehp
[HKLM | Main] | Search Page : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKLM | AboutURLs] | Tabs : res://ieframe.dll/tabswelcome.htm

¤

[HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | PhishingFilter] | Enabled : 2
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | PhishingFilter] | EnabledV8 : 1
[HKU\S-1-5-19 | Internet settings] | EnableHttp1_1 : 1
[HKU\S-1-5-20 | Internet settings] | EnableHttp1_1 : 1
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Internet settings] | EnableHttp1_1 : 1
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Internet settings] | MigrateProxy : 1
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Internet settings] | WarnonBadCertRecving : 1
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Internet settings] | WarnOnHTTPSToHTTPRedirect : 1
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Internet settings] | WarnonZoneCrossing : 1
[HKU\S-1-5-19 | Internet settings] | AutoConfigProxy : wininet.dll
[HKU\S-1-5-20 | Internet settings] | AutoConfigProxy : wininet.dll
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Internet settings] | AutoConfigProxy : wininet.dll

¤

[HKU\S-1-5-21-2469631386-82068602-2986095981-1000\Software\Microsoft\Internet Explorer\SearchScopes\${searchCLSID}] | (@ieframe.dll,-12512) -> https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] | (Bing) -> https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src=IE-SearchBox&FORM=IE8SRC
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8E045791-A32F-41AA-9F81-DED6FF4C7F05}] | (Google) -> https://www.google.com/webhp?hl=en&gws_rd=ssl{searchTerms}

[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] | (@ieframe.dll,-12512) -> https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&FORM=IE8SRC

[HKU\S-1-5-21-2469631386-82068602-2986095981-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}] | () ->
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D016000}] | () ->
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D016800}] | () ->
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D017600}] | () ->
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}] | () ->

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0002df01-0000-0000-c000-000000000046}] | (iexplore.exe) -> C:\Program Files (x86)\Internet Explorer
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{003B91A6-61E3-4591-891D-01E94C8CB11E}] | (Silverlight.Configuration.exe) -> C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] | (tabtip.exe) -> C:\Program Files (x86)\Common Files\Microsoft Shared\Ink
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] | (wpcer.exe) -> C:\Windows\SysWOW64
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08f24d68-9087-4b24-81ad-7b34af3e3ed5}] | (Acrobat Elements.exe) -> C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat Elements
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695}] | (winfxdocobj.exe) -> C:\Windows\SysWOW64
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] | (wuapp.exe) -> C:\Windows\SysWOW64
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{130c40f0-1bcb-4852-8b63-291cf90a600b}] | (msdt.exe) -> C:\Windows\SysWOW64
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B3FB63-66F4-4EFC-B717-BB283B85E79B}] | (AcroBroker.exe) -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] | (dfsvc.exe) -> C:\Windows\microsoft.net\framework\v2.0.50727
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1e7a3a27-8c57-4900-a440-f8fc8e51e0af}] | (BingApp.exe) -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1ec76a37-1762-46ff-9b14-765b3e6793be}] | (agcp.exe) -> C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] | () ->
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2391d819-9d17-44ec-9ac1-f6aa07549469}] | (wermgr.exe) -> C:\Windows\system32
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] | (ieinstal.exe) -> C:\Program Files (x86)\Internet Explorer
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{358E6F10-DE8A-4602-8424-179CA217F8EE}] | (AcroRd32Info.exe) -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{380689D0-AFAA-47E6-B80E-A33436FE314B}] | (wlcomm.exe) -> C:\Program Files (x86)\Windows Live\Contacts\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B9A6E32-36C9-4946-B78C-3F58E3785EC1}] | (unpack200.exe) -> C:\Program Files (x86)\Java\jre7\bin
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}] | (jp2launcher.exe) -> C:\Program Files (x86)\Java\jre7\bin
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49CF0734-BF9A-4444-BC9F-C26E56AF042F}] | (SonarHost.exe) -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4becf16c-74f0-429b-8d3e-4fba507ac661}] | (acrord32.exe) -> C:\Program Files (x86)\adobe\acrobat 7.0\reader
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}] | (javaws.exe) -> C:\Program Files (x86)\Java\jre7\bin
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] | (wmplayer.exe) -> %ProgramFiles%\Windows Media Player
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}-32] | (wmplayer.exe) -> %ProgramFiles(x86)%\Windows Media Player
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] | (iedw.exe) -> C:\Program Files (x86)\Internet Explorer
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76E2369A-75BA-41F9-8B9E-16059E5CF9A6}] | (AdobeARM.exe) -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] | (CertEnrollCtrl.exe) -> C:\Windows\SysWOW64\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] | () ->
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D016000}] | (esnlauncher2.exe) -> C:\Program Files (x86)\Battlelog Web Plugins
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D016800}] | (esnlauncher3.exe) -> C:\Program Files (x86)\Battlelog Web Plugins
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D017600}] | (esnlauncher3.exe) -> C:\Program Files (x86)\Battlelog Web Plugins
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] | (verclsid.exe) -> C:\Windows\SysWOW64
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] | (ctfmon.exe) -> C:\Windows\SysWOW64
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] | (helppane.exe) -> C:\Windows
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E1F80F4-953F-41E7-8460-E64AE5BE4ED3}] | (AdobeCollabSync.exe) -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9019d14b-638d-4383-bb95-441b7f57eafb}] | (wlstartup.exe) -> C:\Program Files (x86)\Windows Live\Installer\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95a4104c-1c49-4c2a-9830-1be0f47e926c}] | (acrobat.exe) -> C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C6A861C-B233-4994-AFB1-C158EE4FC578}] | (AcroRd32.exe) -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9da1d2cb-796d-4bec-bbaa-0aa9ccd80e15}] | (Acrobat Elements.exe) -> C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat Elements
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a1ad1bbb-3b33-4260-a74c-5fd8bc1479fc}] | (splwow64.exe) -> C:\Windows
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] | (xpsviewer.exe) -> C:\Windows\SysWOW64\xpsviewer
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] | (cmd.exe) -> C:\Windows\SysWOW64
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] | (TSWbPrxy.exe) -> C:\Windows\system32
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD18A03F-31CC-4CC0-B52D-9E199122923D}] | () ->
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] | (dfsvc.exe) -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AED-AECE-4E27-9BCB-5358B13F9FF9}] | (dfsvc.exe) -> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}] | (ssvagent.exe) -> C:\Program Files (x86)\Java\jre7\bin
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D133B285-8A43-4EC7-93BE-9B909C2370F5}] | (msnmsgr.exe) -> C:\Program Files (x86)\Windows Live\Messenger\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB9524B3-24F4-48fa-91C5-B8EEF1C0A14F}] | () ->
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] | (notepad.exe) -> C:\Windows\SysWOW64
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}] | (IDMan.exe) -> D:\Prog\Internet Download Manager
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e5f90a07-7db7-4dcb-bd6d-d3fecd376ca3}] | (acrord32.exe) -> C:\Program Files (x86)\adobe\acrobat 6.0\reader
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] | (presentationhost.exe) -> C:\Windows\SysWOW64
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f971150e-a83b-4d57-9c22-9535668d07d8}] | (BingBar.exe) -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] | (FlashUtil32_11_2_202_235_ActiveX.exe) -> C:\Windows\SysWOW64\Macromed\Flash
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fb9e068b-c612-4fa8-bdb9-d728a716a420}] | (acrobat.exe) -> C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat

¤¤¤¤¤¤¤¤¤¤ | Firefox


Profile : 0gzfg4q2.default

user_pref("browser.startup.homepage_override.buildID", "20120614114901");
user_pref("browser.startup.homepage_override.mstone", "13.0.1");
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | 2.706 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤

~ Mis à jour le 06/07/2012 |08.30 par g3n-h@ckm@n
~ Informations Evolution : https://gen-hackman.kanak.fr/
~ Informations sur les switchs Pre_Script : https://gen-hackman.kanak.fr/
~ Feedback Pre_scan : https://gen-hackman.kanak.fr/#505
~ Merci à C_XX , Slyk & Saachaa pour leur apport à l'évolution de l'outil

~ Utilisateur : GuiGui (Administrateurs) | SID = S-1-5-21-2469631386-82068602-2986095981-1000
~ Ordinateur : GUIGUI-PC

~ Système d'exploitation : Windows 7 Professional (64 bits) Professional Service Pack 1
~ Type d'installation : Client
~ Enregistré sous : GuiGui
~ Processeur : Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz
~ Identification : Intel64 Family 6 Model 42 Stepping 7

Pare-feu windows : Actif
Windows Defender : Inactif

~ Mémoire RAM = Total (KB) : 4177270 | Used (%) : 24 | Free (KB) : 3153260
~ Pagefile = Total (KB) : 8352690 | Free (KB) : 7289170
~ Virtuelle = Total (KB) : 4194180 | Free (KB) : 4019420

¤¤¤¤¤¤¤¤¤¤ | Scripts de boot


¤¤¤¤¤¤¤¤¤¤ | Drives

c:\ -> [Fixed] | [] | Total : 57230 Mo | Free : 15430 Mo -> NTFS
d:\ -> [Fixed] | [] | Total : 953860 Mo | Free : 544820 Mo -> NTFS

Scan : 14:27:41 | 06/07/2012

¤¤¤¤¤¤¤¤¤¤ | Navigateurs

Internet Explorer : 9.0.8112.16421
Mozilla Firefox : 13.0.1 (fr)

¤ Par défaut :

[HKCR\http | command] : "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome


¤¤¤¤¤¤¤¤¤¤ | Frameworks

~ [14/07/2009 05:20:10] - C:\Windows\Microsoft.net\Framework\v1.0.3705
~ [14/07/2009 05:20:10] - C:\Windows\Microsoft.net\Framework\v1.1.4322
~ [14/07/2009 05:20:10] - C:\Windows\Microsoft.net\Framework\v1.0.3705
~ [14/07/2009 05:20:10] - C:\Windows\Microsoft.net\Framework\v1.1.4322
~ [14/07/2009 05:20:10] - C:\Windows\Microsoft.net\Framework\v2.0.50727
~ [14/07/2009 07:32:38] - C:\Windows\Microsoft.net\Framework\v3.0
~ [14/07/2009 07:32:38] - C:\Windows\Microsoft.net\Framework\v3.5
~ [28/07/2011 17:41:53] - C:\Windows\Microsoft.net\Framework\v4.0.30319

¤¤¤¤¤¤¤¤¤¤ | Windows Updates



¤¤¤¤¤¤¤¤¤¤ | Sessions | Profiles | Directories

~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1000] : ProfileImagePath -> C:\Users\GuiGui
~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1000] : RefCount -> 4
~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1000] : State -> 0
~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1003] : ProfileImagePath -> C:\Users\UpdatusUser
~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1003] : RefCount -> 0
~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1003] : State -> 0
~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1004] : ProfileImagePath -> C:\Users\UpdatusUser
~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1004] : RefCount -> 0
~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1004] : State -> 0
~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1006] : ProfileImagePath -> C:\Users\UpdatusUser
~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1006] : RefCount -> 1
~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1006] : State -> 0

~ C:\Windows\system32\config\systemprofile
~ C:\Windows\ServiceProfiles\LocalService
~ C:\Windows\ServiceProfiles\NetworkService
~ C:\Users\GuiGui
~ C:\Users\UpdatusUser
~ C:\Users\UpdatusUser
~ C:\Users\UpdatusUser

[HKLM | ProfileLoader\{F5441CBB-AE7D-4495-905B-161047E58936}] : DllName -> userenv.dll

Nouveau point de restauration créé


¤¤¤¤¤¤¤¤¤¤ | Contrôle MD5

[MD5.332FEAB1435662FC6C672E25BEB37BE3] - [28/07/2011 17:00:03] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2804.5 Ko] - (6.1.7601.17567) - C:\Windows\explorer.exe
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - [16/12/2011 17:09:40] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2804.5 Ko] - (6.1.7601.17567) - C:\Windows\ERDNT\cache86\explorer.exe
[MD5.AC4C51EB24AA95B77F705AB159189E24] - [21/11/2010 05:24:11] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2805 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - [28/07/2011 17:00:03] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2804.5 Ko] - (6.1.7601.17567) - C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[MD5.3B69712041F3D63605529BD66DC00C48] - [28/07/2011 17:00:03] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2804.5 Ko] - (6.1.7601.21669) - C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[MD5.40D777B7A95E00593EB1568C68514493] - [21/11/2010 05:24:25] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2555 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - [28/07/2011 17:00:03] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2555 Ko] - (6.1.7601.17567) - C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[MD5.0FB9C74046656D1579A64660AD67B746] - [28/07/2011 17:00:03] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2555 Ko] - (6.1.7601.21669) - C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [14/07/2009 01:19:49] - (.© Microsoft Corporation. Tous droits réservés. - Processus d'exécution client-serveur.) - [7.5 Ko] - (6.1.7600.16385) - C:\Windows\System32\csrss.exe
[MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [14/07/2009 01:19:49] - (.© Microsoft Corporation. Tous droits réservés. - Processus d'exécution client-serveur.) - [7.5 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe ->
[MD5.24ACB7E5BE595468E3B9AA488B9B4FCB] - [14/07/2009 01:19:46] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [321 Ko] - (6.1.7600.16385) - C:\Windows\System32\services.exe
[MD5.24ACB7E5BE595468E3B9AA488B9B4FCB] - [16/12/2011 17:09:40] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [321 Ko] - (6.1.7600.16385) - C:\Windows\ERDNT\cache64\services.exe
[MD5.24ACB7E5BE595468E3B9AA488B9B4FCB] - [14/07/2009 01:19:46] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [321 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[MD5.1911A3356FA3F77CCC825CCBAC038C2A] - [14/07/2009 01:19:50] - (.© Microsoft Corporation. Tous droits réservés. - Gestionnaire de sessions Windows.) - [110 Ko] - (6.1.7600.16385) - C:\Windows\System32\smss.exe
[MD5.1911A3356FA3F77CCC825CCBAC038C2A] - [14/07/2009 01:19:50] - (.© Microsoft Corporation. All rights reserved. - Windows Session Manager.) - [110 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
[MD5.BAFE84E637BF7388C96EF48D4D3FDD53] - [21/11/2010 05:24:28] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Userinit.) - [30 Ko] - (6.1.7601.17514) - C:\Windows\System32\userinit.exe
[MD5.61AC3EFDFACFDD3F0F11DD4FD4044223] - [21/11/2010 05:23:55] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Userinit.) - [26 Ko] - (6.1.7601.17514) - C:\Windows\SysWOW64\userinit.exe
[MD5.BAFE84E637BF7388C96EF48D4D3FDD53] - [16/12/2011 17:09:40] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Userinit.) - [30 Ko] - (6.1.7601.17514) - C:\Windows\ERDNT\cache64\userinit.exe
[MD5.61AC3EFDFACFDD3F0F11DD4FD4044223] - [16/12/2011 17:09:40] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Userinit.) - [26 Ko] - (6.1.7601.17514) - C:\Windows\ERDNT\cache86\userinit.exe
[MD5.BAFE84E637BF7388C96EF48D4D3FDD53] - [21/11/2010 05:24:28] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Userinit.) - [30 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[MD5.61AC3EFDFACFDD3F0F11DD4FD4044223] - [21/11/2010 05:23:55] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Userinit.) - [26 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - [14/07/2009 01:52:37] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [126 Ko] - (6.1.7600.16385) - C:\Windows\System32\wininit.exe
[MD5.B5C5DCAD3899512020D135600129D665] - [14/07/2009 01:36:49] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [94 Ko] - (6.1.7600.16385) - C:\Windows\SysWOW64\wininit.exe
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - [16/12/2011 17:09:40] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [126 Ko] - (6.1.7600.16385) - C:\Windows\ERDNT\cache64\wininit.exe
[MD5.B5C5DCAD3899512020D135600129D665] - [16/12/2011 17:09:40] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [94 Ko] - (6.1.7600.16385) - C:\Windows\ERDNT\cache86\wininit.exe
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - [14/07/2009 01:52:37] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [126 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[MD5.B5C5DCAD3899512020D135600129D665] - [14/07/2009 01:36:49] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [94 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - [21/11/2010 05:24:29] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Windows.) - [381.5 Ko] - (6.1.7601.17514) - C:\Windows\System32\winlogon.exe
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - [16/12/2011 17:09:40] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Windows.) - [381.5 Ko] - (6.1.7601.17514) - C:\Windows\ERDNT\cache64\winlogon.exe
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - [21/11/2010 05:24:29] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Windows.) - [381.5 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - [15/02/2012 00:46:32] - (.© Microsoft Corporation. Tous droits réservés. - Ancillary Function Driver for WinSock.) - [487 Ko] - (6.1.7601.17752) - C:\Windows\System32\drivers\afd.sys
[MD5.D31DC7A16DEA4A9BAF179F3D6FBDB38C] - [21/11/2010 05:24:08] - (.© Microsoft Corporation. All rights reserved. - Ancillary Function Driver for WinSock.) - [488 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[MD5.D5B031C308A409A0A576BFF4CF083D30] - [28/07/2011 16:59:53] - (.© Microsoft Corporation. All rights reserved. - Ancillary Function Driver for WinSock.) - [487.5 Ko] - (6.1.7601.17603) - C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - [15/02/2012 00:46:32] - (.© Microsoft Corporation. All rights reserved. - Ancillary Function Driver for WinSock.) - [487 Ko] - (6.1.7601.17752) - C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[MD5.F4AD06143EAC303F55D0E86C40802976] - [28/07/2011 16:59:53] - (.© Microsoft Corporation. All rights reserved. - Ancillary Function Driver for WinSock.) - [487.5 Ko] - (6.1.7601.21712) - C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[MD5.36A14FD1A23F57046361733B792CA8DB] - [15/02/2012 00:46:32] - (.© Microsoft Corporation. All rights reserved. - Ancillary Function Driver for WinSock.) - [486.5 Ko] - (6.1.7601.21887) - C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - [16/12/2011 17:09:39] - (.© Microsoft Corporation. All rights reserved. - ATAPI IDE Miniport Driver.) - [23.56 Ko] - (6.1.7600.16385) - C:\Windows\ERDNT\cache64\atapi.sys
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - [14/07/2009 01:19:47] - (.© Microsoft Corporation. All rights reserved. - ATAPI IDE Miniport Driver.) - [23.56 Ko] - (6.1.7600.16385) - C:\Windows\System32\drivers\atapi.sys
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - [14/07/2009 01:19:47] - (.© Microsoft Corporation. All rights reserved. - ATAPI IDE Miniport Driver.) - [23.56 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[MD5.F036CE71586E93D94DAB220D7BDF4416] - [21/11/2010 05:23:47] - (.© Microsoft Corporation. All rights reserved. - SCSI CD-ROM Driver.) - [144 Ko] - (6.1.7601.17514) - C:\Windows\System32\drivers\cdrom.sys
[MD5.F036CE71586E93D94DAB220D7BDF4416] - [21/11/2010 05:23:47] - (.© Microsoft Corporation. All rights reserved. - SCSI CD-ROM Driver.) - [144 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys
[MD5.09594D1089C523423B32A4229263F068] - [21/11/2010 05:23:51] - (.© Microsoft Corporation. All rights reserved. - MBT Transport driver.) - [255.5 Ko] - (6.1.7601.17514) - C:\Windows\System32\drivers\netbt.sys
[MD5.09594D1089C523423B32A4229263F068] - [21/11/2010 05:23:51] - (.© Microsoft Corporation. All rights reserved. - MBT Transport driver.) - [255.5 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - [06/07/2012 12:26:07] - (.© Microsoft Corporation. All rights reserved. - TDI Translation Driver.) - [116.5 Ko] - (6.1.7601.17514) - C:\Windows\ERDNT\cache64\tdx.sys
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - [21/11/2010 05:24:32] - (.© Microsoft Corporation. All rights reserved. - TDI Translation Driver.) - [116.5 Ko] - (6.1.7601.17514) - C:\Windows\System32\drivers\tdx.sys
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - [21/11/2010 05:24:32] - (.© Microsoft Corporation. All rights reserved. - TDI Translation Driver.) - [116.5 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - [21/11/2010 05:23:47] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de cliché instantané du volume.) - [288.88 Ko] - (6.1.7601.17514) - C:\Windows\System32\drivers\volsnap.sys
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - [21/11/2010 05:23:47] - (.© Microsoft Corporation. All rights reserved. - Volume Shadow Copy Driver.) - [288.88 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys

14:27:58

¤¤¤¤¤¤¤¤¤¤ | Processus

WUDFHost.exe (1240) -> Processus stoppé
taskhost.exe (3244) -> Processus stoppé
PresentationFontCache.exe (4112) -> Processus stoppé
explorer.exe (684) -> Processus stoppé
WUDFHost.exe (2024) -> Processus stoppé
rundll32.exe (1636) -> Processus stoppé
TimeMgmtDaemon.exe (1732) -> Processus stoppé
SearchIndexer.exe (3004) -> Processus stoppé
wmpnetwk.exe (2316) -> Processus stoppé
LMS.exe (3432) -> Processus stoppé
spoolsv.exe (1984) -> Processus stoppé
AlarmClock.exe (3304) -> Processus stoppé
firefox.exe (3356) -> Processus stoppé
taskmgr.exe (4476) -> Processus stoppé
SearchProtocolHost.exe (4572) -> Processus stoppé
SearchFilterHost.exe (4596) -> Processus stoppé

¤¤¤¤¤¤¤¤¤¤ | Processus en cours

Demarrage : Normal

944 | D:\Mes documents\Pre_Scan.pif - GuiGui - High - "D:\Mes documents\Pre_Scan.pif" - 3356
4472 | C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe - Système - Normal - "C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe" - 564
640 | C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe - Système - Normal - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe" - 564
4244 | C:\Pre_Scan\Pv.exe - GuiGui - Normal - C:\Pre_Scan\Pv.exe -o"%i | %f - %u - %p - %l - %r" - 4980

¤¤¤¤¤¤¤¤¤¤ | Winlogon


¤

[HKLM | Winlogon] | Shell : Explorer.exe
[HKLM | Winlogon] | AutoRestartShell : 0
[HKLM | Winlogon] | userinit : C:\Windows\system32\userinit.exe,
[HKLM | Winlogon] | PowerDownAfterShutdown : 1
[HKLM | Winlogon] | System :

¤¤¤¤¤¤¤¤¤¤ | Associations

[.exe] : exefile
[exefile | command] : "%1" %*
[.com] : ComFile
[comfile | command] : "%1" %*
[.reg] : regfile
[regfile | command] : regedit.exe "%1"
[.scr] : scrfile
[scrfile | command] : "%1" /S
[.bat] : batfile
[batfile | command] : "%1" %*
[.cmd] : cmdfile
[cmdfile | command] : "%1" %*
[.pif] : piffile
[piffile | command] : "%1" %*
[.url] : InternetShortcut
[InternetShortcut | command] : "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l
[Application.Manifest | command] : rundll32.exe dfshim.dll,ShOpenVerbApplication %1
[Application.Reference | command] : rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2
[Folder | command] : C:\Windows\explorer.exe

¤

[Firefox | Command] | @ : "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"
[Firefox - Safemode | Command] | @ : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode
[IE | Command] | @ : "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
[Applications | IE | Command] | @ : "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
[Assoc | Applications] | @ : http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s

¤¤¤¤¤¤¤¤¤¤ | Corrections diverses

[HKLM | HideDesktopIcons\ClassicStartMenu] | {9343812e-1c37-4a49-a12e-4b2d810d956b} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {F02C1A0D-BE21-4350-88B0-7367FC96EF3C} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {208D2C60-3AEA-1069-A2D7-08002B30309D} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {871C5380-42A0-1069-A2EA-08002B30309D} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 0
[HKLM | HideDesktopIcons\NewStartPanel] | {9343812e-1c37-4a49-a12e-4b2d810d956b} : 0
[HKLM | Advanced\Folder\Hidden\SHOWALL] | CheckedValue : 1
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Desktop] | Wallpaper : C:\Users\GuiGui\AppData\Roaming\Mozilla\Firefox\Fond d'écran.bmp
[HKU\S-1-5-18 | Desktop] | Wallpaper : (None)
[HKU\S-1-5-19 | Policies\Explorer] | NoDesktop : 0
[HKU\S-1-5-20 | Policies\Explorer] | NoDesktop : 0
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Policies\Explorer] | NoDesktop : 0
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000_Classes | Policies\Explorer] | NoDesktop : 0
[HKU\S-1-5-18 | Policies\Explorer] | NoDesktop : 0
[HKLM | CurrentVersion\Explorer] | AlwaysUnloadDll : 1
[HKLM | policies\Explorer] | NoDesktop : 0
[HKU\S-1-5-19 | Explorer\Advanced] | Hidden : 0
[HKU\S-1-5-20 | Explorer\Advanced] | Hidden : 0
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Explorer\Advanced] | Hidden : 0
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000_Classes | Explorer\Advanced] | Hidden : 0
[HKU\S-1-5-18 | Explorer\Advanced] | Hidden : 0
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Policies\Explorer] | NoDriveTypeAutoRun : 145
[HKLM | policies\Explorer] | NoDriveTypeAutoRun : 145
[HKLM | Policies\System] | DisableRegistryTools : 0
[HKLM | Control\SafeBoot] | AlternateShell : cmd.exe

14:27:58


¤¤¤¤¤¤¤¤¤¤ | Services

[RPCSS] | Start : 2 : Actif
[Cmbatt] | Start : 3 : Inactif
[Compbatt] | Start : 0 : Inactif
[Ndisuio] | Start : 3 : Inactif
[Power] | Start : 2 : Actif
0
Réponse 13 / 31
ZeKzU Messages postés 119 Date d'inscription samedi 3 mai 2008 Statut Membre Dernière intervention 7 juillet 2012 18
6 juil. 2012 à 15:06
[Profsvc] | Start : 2 : Actif
[PlugPlay] | Start : 2 : Actif
[PEAUTH] | Start : 2 : Actif
[NVSvc] | Start : 3 -> 2 : Inactif
[nsi] | Start : 2 : Actif
[NLASvc] | Start : 2 : Actif
[MPSsvc] | Start : 2 : Actif
[MMCSS] | Start : 2 : Actif
[luafv] | Start : 2 : Actif
[lltdio] | Start : 2 : Actif
[Iphlpsvc] | Start : 2 : Actif
[IKEEXT] | Start : 2 : Actif
[gpsvc] | Start : 2 : Actif
[lmhosts] | Start : 2 : Actif
[LanmanWorkstation] | Start : 2 : Actif
[LanmanServer] | Start : 2 : Actif
[agp440] | Start : 2 : Inactif
[AudioEndpointBuilder] | Start : 2 : Actif
[Audiosrv] | Start : 2 : Actif
[BFE] | Start : 2 : Actif
[Bits] | Start : 2 : Actif
[CryptSvc] | Start : 2 : Actif
[EapHost] | Start : 2 : Actif
[Wlansvc] | Start : 2 : Actif
[SppSvc] | Start : 2 : Inactif
[SharedAccess] | Start : 2 : Inactif
[windefend] | Start : 3 -> 2 : Inactif
[wuauserv] | Start : 2 : Actif
[WerSvc] | Start : 2 : Actif
[wscsvc] | Start : 2 : Actif

14:37:28


¤¤¤¤¤¤¤¤¤¤ | Internet Explorer

[HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Main] | Start Page : https://www.google.com/?gws_rd=ssl
[HKU\S-1-5-18 | Main] | Start Page : https://www.google.com/?gws_rd=ssl
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Main] | Local Page : C:\Windows\system32\blank.htm
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Main] | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKU\S-1-5-18 | Main] | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKLM | Search] | SearchAssistant : http://www.google.com/toolbar/ie8/sidebar.html
[HKLM | Main] | Start Page : https://www.msn.com/fr-fr/?ocid=iehp
[HKLM | Main] | Local Page : C:\Windows\SysWOW64\blank.htm
[HKLM | Main] | Default_Search_URL : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKLM | Main] | Default_Page_URL : https://www.msn.com/fr-fr/?ocid=iehp
[HKLM | Main] | Search Page : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKLM | AboutURLs] | Tabs : res://ieframe.dll/tabswelcome.htm

¤

[HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | PhishingFilter] | Enabled : 2
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | PhishingFilter] | EnabledV8 : 1
[HKU\S-1-5-19 | Internet settings] | EnableHttp1_1 : 1
[HKU\S-1-5-20 | Internet settings] | EnableHttp1_1 : 1
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Internet settings] | EnableHttp1_1 : 1
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Internet settings] | MigrateProxy : 1
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Internet settings] | WarnonBadCertRecving : 1
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Internet settings] | WarnOnHTTPSToHTTPRedirect : 1
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Internet settings] | WarnonZoneCrossing : 1
[HKU\S-1-5-19 | Internet settings] | AutoConfigProxy : wininet.dll
[HKU\S-1-5-20 | Internet settings] | AutoConfigProxy : wininet.dll
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Internet settings] | AutoConfigProxy : wininet.dll

¤

[HKU\S-1-5-21-2469631386-82068602-2986095981-1000\Software\Microsoft\Internet Explorer\SearchScopes\${searchCLSID}] | (@ieframe.dll,-12512) -> https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] | (Bing) -> https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src=IE-SearchBox&FORM=IE8SRC
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8E045791-A32F-41AA-9F81-DED6FF4C7F05}] | (Google) -> https://www.google.com/webhp?hl=en&gws_rd=ssl{searchTerms}

[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] | (@ieframe.dll,-12512) -> https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&FORM=IE8SRC

[HKU\S-1-5-21-2469631386-82068602-2986095981-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}] | () ->
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D016000}] | () ->
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D016800}] | () ->
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D017600}] | () ->
[HKU\S-1-5-21-2469631386-82068602-2986095981-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}] | () ->

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0002df01-0000-0000-c000-000000000046}] | (iexplore.exe) -> C:\Program Files (x86)\Internet Explorer
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{003B91A6-61E3-4591-891D-01E94C8CB11E}] | (Silverlight.Configuration.exe) -> C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] | (tabtip.exe) -> C:\Program Files (x86)\Common Files\Microsoft Shared\Ink
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] | (wpcer.exe) -> C:\Windows\SysWOW64
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08f24d68-9087-4b24-81ad-7b34af3e3ed5}] | (Acrobat Elements.exe) -> C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat Elements
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695}] | (winfxdocobj.exe) -> C:\Windows\SysWOW64
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] | (wuapp.exe) -> C:\Windows\SysWOW64
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{130c40f0-1bcb-4852-8b63-291cf90a600b}] | (msdt.exe) -> C:\Windows\SysWOW64
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B3FB63-66F4-4EFC-B717-BB283B85E79B}] | (AcroBroker.exe) -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] | (dfsvc.exe) -> C:\Windows\microsoft.net\framework\v2.0.50727
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1e7a3a27-8c57-4900-a440-f8fc8e51e0af}] | (BingApp.exe) -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1ec76a37-1762-46ff-9b14-765b3e6793be}] | (agcp.exe) -> C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] | () ->
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2391d819-9d17-44ec-9ac1-f6aa07549469}] | (wermgr.exe) -> %systemroot%\system32
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] | (ieinstal.exe) -> C:\Program Files (x86)\Internet Explorer
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{358E6F10-DE8A-4602-8424-179CA217F8EE}] | (AcroRd32Info.exe) -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{380689D0-AFAA-47E6-B80E-A33436FE314B}] | (wlcomm.exe) -> C:\Program Files (x86)\Windows Live\Contacts\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B9A6E32-36C9-4946-B78C-3F58E3785EC1}] | (unpack200.exe) -> C:\Program Files (x86)\Java\jre7\bin
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}] | (jp2launcher.exe) -> C:\Program Files (x86)\Java\jre7\bin
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49CF0734-BF9A-4444-BC9F-C26E56AF042F}] | (SonarHost.exe) -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4becf16c-74f0-429b-8d3e-4fba507ac661}] | (acrord32.exe) -> C:\Program Files (x86)\adobe\acrobat 7.0\reader
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}] | (javaws.exe) -> C:\Program Files (x86)\Java\jre7\bin
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] | (wmplayer.exe) -> %ProgramFiles%\Windows Media Player
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}-32] | (wmplayer.exe) -> %ProgramFiles(x86)%\Windows Media Player
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] | (iedw.exe) -> C:\Program Files (x86)\Internet Explorer
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76E2369A-75BA-41F9-8B9E-16059E5CF9A6}] | (AdobeARM.exe) -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] | (CertEnrollCtrl.exe) -> C:\Windows\SysWOW64\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] | () ->
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D016000}] | (esnlauncher2.exe) -> C:\Program Files (x86)\Battlelog Web Plugins
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D016800}] | (esnlauncher3.exe) -> C:\Program Files (x86)\Battlelog Web Plugins
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D017600}] | (esnlauncher3.exe) -> C:\Program Files (x86)\Battlelog Web Plugins
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] | (verclsid.exe) -> C:\Windows\SysWOW64
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] | (ctfmon.exe) -> C:\Windows\SysWOW64
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] | (helppane.exe) -> C:\Windows
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E1F80F4-953F-41E7-8460-E64AE5BE4ED3}] | (AdobeCollabSync.exe) -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9019d14b-638d-4383-bb95-441b7f57eafb}] | (wlstartup.exe) -> C:\Program Files (x86)\Windows Live\Installer\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95a4104c-1c49-4c2a-9830-1be0f47e926c}] | (acrobat.exe) -> C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C6A861C-B233-4994-AFB1-C158EE4FC578}] | (AcroRd32.exe) -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9da1d2cb-796d-4bec-bbaa-0aa9ccd80e15}] | (Acrobat Elements.exe) -> C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat Elements
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a1ad1bbb-3b33-4260-a74c-5fd8bc1479fc}] | (splwow64.exe) -> C:\Windows
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] | (xpsviewer.exe) -> C:\Windows\SysWOW64\xpsviewer
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] | (cmd.exe) -> C:\Windows\SysWOW64
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] | (TSWbPrxy.exe) -> %systemroot%\system32
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD18A03F-31CC-4CC0-B52D-9E199122923D}] | () ->
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] | (dfsvc.exe) -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AED-AECE-4E27-9BCB-5358B13F9FF9}] | (dfsvc.exe) -> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}] | (ssvagent.exe) -> C:\Program Files (x86)\Java\jre7\bin
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D133B285-8A43-4EC7-93BE-9B909C2370F5}] | (msnmsgr.exe) -> C:\Program Files (x86)\Windows Live\Messenger\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB9524B3-24F4-48fa-91C5-B8EEF1C0A14F}] | () ->
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] | (notepad.exe) -> C:\Windows\SysWOW64
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}] | (IDMan.exe) -> D:\Prog\Internet Download Manager
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e5f90a07-7db7-4dcb-bd6d-d3fecd376ca3}] | (acrord32.exe) -> C:\Program Files (x86)\adobe\acrobat 6.0\reader
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] | (presentationhost.exe) -> C:\Windows\SysWOW64
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f971150e-a83b-4d57-9c22-9535668d07d8}] | (BingBar.exe) -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] | (FlashUtil32_11_2_202_235_ActiveX.exe) -> C:\Windows\SysWOW64\Macromed\Flash
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fb9e068b-c612-4fa8-bdb9-d728a716a420}] | (acrobat.exe) -> C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat

¤¤¤¤¤¤¤¤¤¤ | Firefox


Profile : 0gzfg4q2.default

user_pref("browser.startup.homepage_override.buildID", "20120614114901");
user_pref("browser.startup.homepage_override.mstone", "13.0.1");

ET le debug
[Rest_Reg_Tmgr_A]
[Rest_Reg_Tmgr_B]
[Stop_Proc]
[Assoc_Ext]
[List_sess]
[Recup_List_File_sing]
[Recup_List_File_Doub]
[Assoc_net]
[Corr_Exp]
[Corr_Sys]
[Header]
[Nav_srch]
[FMWK_list]
[Head_sess]
[Rest_P_A]
[Rest_P_B]
[1st_MD5]
[Proc_Act_List]
[Modif_winlgn]
[Param_svc]
[Prx]
[Param_IE]
[IE_List | CLSID]
[Perm_Reg]
[Rest_Reg_Tmgr_A]
[Rest_Reg_Tmgr_B]
[Stop_Proc]
[Assoc_Ext]
[List_sess]
[Recup_List_File_sing]
[Recup_List_File_Doub]
[Assoc_net]
[Corr_Exp]
[Corr_Sys]
[Header]
[Nav_srch]
[FMWK_list]
[Head_sess]
[Rest_P_A]
[Rest_P_B]
[1st_MD5]
[Proc_Act_List]
[Modif_winlgn]
[Param_svc]
[Prx]
[Param_IE]
[IE_List | CLSID]
[Perm_Reg]
[Rest_Reg_Tmgr_A]
[Rest_Reg_Tmgr_B]
[Stop_Proc]
[Assoc_Ext]
[List_sess]
[Recup_List_File_sing]
[Recup_List_File_Doub]
[Assoc_net]
[Corr_Exp]
[Corr_Sys]
[Header]
[Nav_srch]
[FMWK_list]
[Head_sess]
[Rest_P_A]
[Rest_P_B]
[1st_MD5]
[Proc_Act_List]
[Modif_winlgn]
[Param_svc]
[Prx]
[Param_IE]
[IE_List | CLSID]
0
Réponse 14 / 31
Utilisateur anonyme
6 juil. 2012 à 15:20
heuseusement que je dis de pas le poster sur le forum et de l'heberger sur un autre site et de donner le lien ensuite

bref telecharge la version .pif et lance-le en mode sans echec stp
0
Réponse 15 / 31
ZeKzU Messages postés 119 Date d'inscription samedi 3 mai 2008 Statut Membre Dernière intervention 7 juillet 2012 18
6 juil. 2012 à 15:45
j'ai essayé les trois versions sa bloque au meme endroit, et puis tu me dis juste d'héberger, j'ai donc logiquement utilisé le lien d'avant malekal mais ce site lag trop pour esperer upload qqe chose dessus
0
Réponse 16 / 31
Utilisateur anonyme
6 juil. 2012 à 15:47
ouaip le serveur n'a pas du mettre à jour en temps reel alors....

suis ce tutoriel

https://forums.cnetfrance.fr/tutoriels-securite-informatique/179557-dr-web-cureit-le-tutoriel
0
Réponse 17 / 31
ZeKzU Messages postés 119 Date d'inscription samedi 3 mai 2008 Statut Membre Dernière intervention 7 juillet 2012 18
7 juil. 2012 à 11:55
re ! j'ai fais tourné le scan cette nuit, cependant en voulant vite voir si j'ai vendu des trucs sur diablo 3 j'ai complètement oublié d'enregistrer le rapport il y avais deux virus + plein de fichier texte, qu'il nommais de "script virus" et des sortes de fichier texte "lien" vers le web, j'ai reinstallé MSE et il marche
0
Réponse 18 / 31
Utilisateur anonyme
7 juil. 2012 à 12:19
ok le rapport est là :

c:\users\ta session\DrWeb\CureIt.log

tu vas certainement devoir le zipper , ensuite heberge l'archive sur http://pjjoint.malekal.com puis donne le lien obtenu
0
Réponse 19 / 31
ZeKzU Messages postés 119 Date d'inscription samedi 3 mai 2008 Statut Membre Dernière intervention 7 juillet 2012 18
Modifié par ZeKzU le 7/07/2012 à 16:03
ton site en plus de lagger ne supporte pas les archives
donc 1fichier https://9webuk.1fichier.com/
et j'ai fais un scan mse il m'a trouvé 3 Sirefef (trojan) mais qui étais dans d'autre zone de quarantaines Qoobox/drweb
0
Réponse 20 / 31
Utilisateur anonyme
7 juil. 2012 à 17:22
je sais pas ce que c est ton site mais il m'ouvre des pages de pub pourrries

passe par https://www.cjoint.com/
0

Discussions similaires

Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
C'est quoi "Win32:Trojan-gen {Other}"
Uzumaki -
Utilisateur anonyme -

5 réponses