Trojan

Résolu
ZeKzU Messages postés 133 Statut Membre -  
 g3n-h@ckm@n -
Bonjour, apres le boot matinal, je vois MSE désactivé, en bon jeune qui se respecte, je lance donc une analyse malwarebytes, qui me trouve deux trojan (BCMiner et MRGGen) hop quarantaine reboot, toujours MSE désactivé, un p'ti combofix, il me trouve plein de bordel, reboot, toujours pas de MSE, un p'ti Ad-remover, reboot, toujours pas !
Alors bon, dernier recours, venir ici ^^
j'ai zhpdiag si vous voulez tout voir

31 réponses

  • 1
  • 2
  1. g3n-h@ckm@n
     
    salut non je veux bien voir le rapport de combofix moi par contre
    0
  2. ZeKzU Messages postés 133 Statut Membre 18
     
    Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.4079.2221 [GMT 2:00]
    Lancé depuis: c:\users\GuiGui\Desktop\EntretienPC\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\GuiGui\AppData\Local\{7ff6db9d-e023-5782-42c7-7bb75de55985}
    c:\users\GuiGui\AppData\Local\{7ff6db9d-e023-5782-42c7-7bb75de55985}\@
    c:\users\GuiGui\AppData\Local\{7ff6db9d-e023-5782-42c7-7bb75de55985}\L\00000004.@
    c:\users\GuiGui\AppData\Local\{7ff6db9d-e023-5782-42c7-7bb75de55985}\L\1afb2d56
    c:\users\GuiGui\AppData\Local\{7ff6db9d-e023-5782-42c7-7bb75de55985}\n
    c:\users\GuiGui\AppData\Local\{7ff6db9d-e023-5782-42c7-7bb75de55985}\U\00000004.@
    c:\users\GuiGui\AppData\Local\{7ff6db9d-e023-5782-42c7-7bb75de55985}\U\00000008.@
    c:\users\GuiGui\AppData\Local\{7ff6db9d-e023-5782-42c7-7bb75de55985}\U\000000cb.@
    c:\users\GuiGui\AppData\Local\{7ff6db9d-e023-5782-42c7-7bb75de55985}\U\80000000.@
    c:\users\GuiGui\AppData\Local\{7ff6db9d-e023-5782-42c7-7bb75de55985}\U\80000032.@
    c:\users\GuiGui\AppData\Local\{7ff6db9d-e023-5782-42c7-7bb75de55985}\U\80000064.@
    c:\users\GuiGui\AppData\Roaming\Microsoft\~DFK36c68a.tmp
    c:\users\GuiGui\AppData\Roaming\Microsoft\1eaadjc.dll
    c:\users\GuiGui\AppData\Roaming\Microsoft\bass.dll
    c:\users\GuiGui\AppData\Roaming\Microsoft\engine_vx.dll
    c:\users\GuiGui\AppData\Roaming\Microsoft\kfgresk.dll
    c:\users\GuiGui\AppData\Roaming\Microsoft\mjcriu.dll
    c:\users\GuiGui\AppData\Roaming\Microsoft\peaadje.dll
    c:\users\GuiGui\AppData\Roaming\Microsoft\qwadjb.dll
    c:\users\GuiGui\AppData\Roaming\Microsoft\rsaadjd.dll
    c:\users\GuiGui\AppData\Roaming\mIRC\logs\status.log
    c:\windows\SysWow64\adobecs5.exe
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2012-06-06 au 2012-07-06 ))))))))))))))))))))))))))))))))))))
    .
    .
    2012-07-06 10:23 . 2012-07-06 10:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-07-06 10:23 . 2012-07-06 10:23 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-07-06 10:23 . 2012-07-06 10:23 -------- d-----w- c:\users\GuiGui\AppData\Local\temp
    2012-07-06 10:23 . 2012-07-06 10:23 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-05 22:05 . 2012-07-05 22:05 -------- d-----w- c:\users\GuiGui\AppData\Local\Downloader
    2012-07-04 18:25 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{604C648B-D2D4-4BCF-826C-4DA41436572D}\mpengine.dll
    2012-07-04 17:30 . 2012-07-06 10:19 -------- d-----w- c:\users\GuiGui\AppData\Local\LogMeIn Hamachi
    2012-07-04 11:04 . 2012-07-04 11:04 -------- d-----w- c:\program files (x86)\Rockstar Games
    2012-07-04 10:42 . 2012-07-04 10:42 -------- d-----w- c:\programdata\Rockstar Games
    2012-07-04 10:23 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-07-03 22:26 . 2012-02-11 13:40 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2839250E-3304-4818-BA5F-E41536B2C336}\gapaengine.dll
    2012-07-03 22:25 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
    2012-06-27 18:07 . 2012-06-27 18:07 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2012-06-23 11:32 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-23 11:32 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-23 11:32 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-23 11:32 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-23 11:32 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-23 11:32 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-23 11:32 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-23 11:32 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-23 11:32 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-19 03:28 . 2012-06-19 03:28 -------- d-----w- c:\users\GuiGui\AppData\Local\Sidhe
    2012-06-18 10:16 . 2012-06-18 10:16 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-18 10:16 . 2012-06-18 10:16 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-17 12:13 . 2012-06-17 12:13 -------- d-----w- c:\users\GuiGui\AppData\Roaming\Apowersoft
    2012-06-17 12:13 . 2010-12-24 09:43 29288 ----a-w- c:\windows\system32\drivers\Apowersoft_AudioDevice.sys
    2012-06-16 15:16 . 2012-06-16 15:16 -------- d-----w- c:\program files (x86)\HmelyoffLabs
    2012-06-16 15:09 . 2012-06-16 15:15 -------- d-----w- c:\program files (x86)\Noel Danjou
    2012-06-16 14:40 . 2012-06-16 14:40 -------- d-----w- c:\programdata\Telestream
    2012-06-16 14:40 . 2012-06-16 15:32 -------- d-----w- c:\users\GuiGui\AppData\Roaming\Wirecast
    2012-06-16 14:40 . 2012-06-16 14:40 -------- d-----w- c:\users\GuiGui\AppData\Roaming\Vara Software
    2012-06-16 14:40 . 2012-06-16 14:40 -------- d-----w- c:\programdata\eSellerate
    2012-06-13 15:06 . 2012-06-13 15:06 -------- d-----w- c:\users\GuiGui\AppData\Local\Macromedia
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-06 10:25 . 2011-07-28 14:38 25640 ----a-w- c:\windows\gdrv.sys
    2012-07-04 18:19 . 2012-04-07 15:02 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-04 18:19 . 2011-07-28 14:47 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-20 14:16 . 2012-05-20 14:00 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-05-20 14:16 . 2011-08-02 15:52 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-05-20 14:15 . 2011-08-02 15:51 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-05-20 14:02 . 2012-05-20 14:00 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-05-15 10:48 . 2012-05-22 23:23 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
    2012-05-15 10:48 . 2012-05-22 23:23 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
    2012-05-15 10:48 . 2012-05-22 23:23 8139072 ----a-w- c:\windows\system32\nvcuda.dll
    2012-05-15 10:48 . 2012-05-22 23:23 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2012-05-15 10:48 . 2012-05-22 23:23 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
    2012-05-15 10:48 . 2012-05-22 23:23 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
    2012-05-15 10:48 . 2012-05-22 23:23 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
    2012-05-15 10:48 . 2012-05-22 23:23 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
    2012-05-15 10:48 . 2012-05-22 23:23 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2012-05-15 10:48 . 2012-05-22 23:23 246592 ----a-w- c:\windows\system32\nvinitx.dll
    2012-05-15 10:48 . 2012-05-22 23:23 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2012-05-15 10:48 . 2012-05-22 23:23 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
    2012-05-15 10:48 . 2012-05-22 23:23 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2012-05-15 10:48 . 2012-05-22 23:23 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2012-05-15 10:48 . 2012-05-22 23:23 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
    2012-05-15 10:48 . 2012-05-22 23:23 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2012-05-15 10:48 . 2012-03-14 19:57 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2012-05-15 10:48 . 2012-03-14 19:57 68928 ----a-w- c:\windows\system32\OpenCL.dll
    2012-05-15 10:48 . 2012-03-14 19:57 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2012-05-15 10:48 . 2012-03-14 19:57 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
    2012-05-15 10:48 . 2012-03-14 19:57 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2012-05-15 10:48 . 2011-10-27 23:37 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2012-05-15 10:48 . 2011-10-27 23:37 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
    2012-05-15 10:48 . 2011-08-17 00:05 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
    2012-05-15 10:48 . 2011-08-17 00:05 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
    2012-05-15 10:48 . 2011-05-21 04:01 2741568 ----a-w- c:\windows\system32\nvapi64.dll
    2012-05-15 10:48 . 2011-05-21 04:01 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
    2012-05-15 09:29 . 2011-07-28 14:57 889664 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-05-15 09:29 . 2011-07-28 14:57 63296 ----a-w- c:\windows\system32\nvshext.dll
    2012-05-15 09:29 . 2011-07-28 14:57 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
    2012-05-15 09:29 . 2011-07-28 14:47 118080 ----a-w- c:\windows\system32\nvmctray.dll
    2012-05-15 09:29 . 2012-03-14 19:58 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
    2012-05-15 09:29 . 2011-07-28 14:57 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
    2012-05-15 09:28 . 2011-07-28 14:47 6151488 ----a-w- c:\windows\system32\nvcpl.dll
    2012-05-15 00:21 . 2012-05-15 00:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2012-05-05 12:26 . 2012-04-07 15:26 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-18 17:08 . 2012-05-22 23:23 31040 ----a-w- c:\windows\system32\nvhdap64.dll
    2012-04-18 17:08 . 2012-05-22 23:23 188736 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
    2012-04-18 17:08 . 2012-03-14 19:57 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
    2012-04-16 14:23 . 2012-04-16 14:23 637848 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-04-16 14:23 . 2011-07-29 09:51 567696 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-04-11 18:00 . 2012-04-16 13:17 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    "Granola"="d:\prog\granola\Granola Personal\granola.exe" [2012-02-21 887016]
    "F.lux"="c:\users\GuiGui\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]
    "Malwarebytes' Anti-Malware"="d:\prog\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    "HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    "QuickTime Task"="d:\prog\quicktime\QTTask.exe" -atboottime
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 MBAMService;MBAMService;d:\prog\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-06 363800]
    R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-04 250056]
    R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2010-12-24 29288]
    R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
    R3 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
    R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
    R3 cpuz135;cpuz135;d:\fichie~1\Temp\cpuz135\cpuz135_x64.sys [x]
    R3 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    R3 driverhardwarev2x64;driverhardwarev2x64;d:\prog\Ma-config\Drivers\driverhardwarev2x64.sys [2011-07-21 16640]
    R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-08-26 25640]
    R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-09-14 30528]
    R3 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\prog\Hi-rez\HiPatchService.exe [2012-06-24 8704]
    R3 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 145008]
    R3 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-07-28 16008]
    R3 maconfservice;Ma-Config Service;d:\prog\Ma-config\maconfservice.exe [2011-11-25 311928]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
    R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-28 1255736]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]
    S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2012-04-11 54728]
    S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-28 254528]
    S2 GatewayAgentService;O&O Gateway Agent Service;c:\program files (x86)\OO Software\Shared\GatewayAgent\ooemcgats.exe [2010-11-19 316744]
    S2 Granola PM Manager;Granola PM Manager;d:\prog\granola\Granola Personal\GranolaManager.exe [2012-02-21 449264]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\prog\hamachi\hamachi-2.exe [2012-06-27 2369960]
    S2 OODefragAgent;O&O Defrag;d:\prog\O&Odefrag\oodag.exe [2010-11-25 3152200]
    S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
    S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-04-11 583200]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
    S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys [2007-02-03 955680]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-07-28 22408]
    S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2011-07-28 66328]
    S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-02-03 58528]
    S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-06-10 91648]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-06-10 208896]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-26 425064]
    .
    .
    --- Autres Services/Pilotes en mémoire ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2012-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 18:19]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
    2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-21 444752]
    .
    [HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2011-05-30 16:50 22408 ----a-w- d:\prog\Internet Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-06-14 110360]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-08 11821160]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2010-08-23 2552320]
    .
    ------- Examen supplémentaire -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Télécharger avec IDM - d:\prog\Internet Download Manager\IEExt.htm
    IE: Télécharger tous les liens avec IDM - d:\prog\Internet Download Manager\IEGetAll.htm
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\GuiGui\AppData\Roaming\Mozilla\Firefox\Profiles\0gzfg4q2.default\
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil64_10_3_162_ActiveX.exe
    SafeBoot-MsMpSvc
    AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
    AddRemove-OpenAL - c:\program files (x86)\OpenAL\oalinst.exe
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
    .
    .
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{1D09C093-F71E-43C3-B948-19316CBD695E}"=hex:51,66,7a,6c,4c,1d,38,12,fd,c3,1a,
    19,2c,b9,ad,06,c6,5e,5a,71,69,e3,2d,4a
    "{0055C089-8582-441B-A0BF-17B458C2A3A8}"=hex:51,66,7a,6c,4c,1d,38,12,e7,c3,46,
    04,b0,cb,75,01,df,a9,54,f4,5d,9c,e7,bc
    "{45D30484-7DED-43D9-957A-D2FD1F046511}"=hex:51,66,7a,6c,4c,1d,38,12,ea,07,c0,
    41,df,33,b7,06,ea,6c,91,bd,1a,5a,21,05
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:54,7c,51,07,cc,bc,cc,01
    .
    [HKEY_USERS\S-1-5-21-2469631386-82068602-2986095981-1000_Classes\Wow6432Node\CLSID\{714bbf8f-1deb-488a-a1c5-9ceb893cbd0a}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000153
    "Therad"=dword:00000022
    "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
    1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_USERS\S-1-5-21-2469631386-82068602-2986095981-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "scansk"=hex(0):3a,45,a7,7b,09,71,fa,cb,7d,35,18,4a,07,b2,cd,a7,c0,47,5a,bd,89,
    16,bb,f0,92,3e,c2,9a,10,20,c0,30,31,60,2a,cb,a8,4d,46,d0,00,00,00,00,00,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG14.00.00.01PROFESSIONAL"="291DB118521AE356BEF3BACBE5FCE5C8034790643D4F3712452775C2BAD832F058F1CFA8AD69B9E2DFE103BC4BE7ED71EF2E8B19FDFCC10A80B7FDEF70C8D0E7A8C541BD85A68E9236D8AC8D058942E20A8362C62ADBD3A147DF8F167A7BE7B2D587E45A6EB9CCC835A5732A68FB37399694CEE401D64D50D58D7F551ACB853EB0644C674E0F508EDFD74864A1DA17387071BBCB115A07317A71D831E5992F211DCEBEB1E0166B9150444D73B048A0C306EFCA3C4058CB031A045790C5475D9013FEB66833FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667A6171C11EC38DE3DA9C6AECB7A5D14075C952D5F632B2A74A3778210D5935BB05EE9EB01172947C01F166003ACFA5C0F850307D69938F2DBF9742B7015F9FA2AF112AD855ED24475C66C95F29CB54B3C9CBFA7E447AB9FD5581994DF28D6561B27BB2C8BEC44096393E2AF56C0986CC9ABCCA7E4FAF9EF423A15CFCE615BF3098C621239F21106D5C2E511AACAB1B96741A23FC4874C09591F0D90C2D1EFC1CFAE78AB45E479926C94D13F7B2F40149AEE2A4F090381EFA30819AED150AD119D24636B7FF7F6671B4E79E36CA7B83C3B49C45BC947A9127FFC45A5A8796314F403FA64482C34A1A8B8224D323144D9766B4508B0720BBC9E081216892C94E42C668B50153F11C3B19F866E990DBF75CD717022FC6620A507B6F144478A767F706F598C6FB52031A654D45BFEBFBA7E157E8318834A94E2119D4E96C9FCF343BDC19518F2D92A344AAA2E4E5593F9C6F5B62C7BA907CAEE6BD2031B8DAD2CF5E783EB1AD3B3AA7A347C29262316F685EBC40F056C4CD8AB98705FFEA38CEFBF96E1F85AD4185016D125D0E482165D554957420FD90B87DA6D1528182FCCC8ACC38B4CC5CE967F7AE086212EA12B8E33B19DCF18167954249364955DE9646E2D3DB46C6D328B4E83F5858DCE42AC9C831E4FB8C3589170130A8352EB9E0FD0952814D1067E900A6C79097BB33BB8D20A5CA4ED58EA93C296A19E0003AE4C129EF8E66AE8C785B1D726FEC5ECF630ADF30B5CD840ADFDE3820063B1068DDF09E3FBEB15923910774B0D573933F3B85B4EA137528B949A228F9F05EF7DC44F3FE74FE6A8240F98442E900798DE443B420C66FBAA6C2671FC56CC3AB6156F67F38C659F6EE11B49B3D069089AED8C64F981F7F2A43BFDD02CD72CBC759CBDB51B9A86E0A2B6C19415E223D467828AA5D0EB466A76EFCACB1978304C9008740F58C04B7BF52DFD2CEB7A9CEE9FE20934456895354CAB51B75FFC25AA606FEB0A088C24428D765B8A6F900C5B52F86C890C798027C4B1E62F5293A79FB00E9001B974538D83E9FB6B8B82762308D1A9E18E85F19A72E6771077492A7442C5"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Heure de fin: 2012-07-06 12:27:08 - La machine a redémarré
    ComboFix-quarantined-files.txt 2012-07-06 10:27
    .
    Avant-CF: 14 540 922 880 octets libres
    Après-CF: 14 551 625 728 octets libres
    .
    - - End Of File - - 96E3FCD29589C269C0DEC3A8348860B8
    0
  3. ZeKzU Messages postés 133 Statut Membre 18
     
    je pense qu'il y a un lien avec adobe flash, je suis allé hier sur un site de streaming bizarre qui ma lancé une ptite fenetre de flash, j'ai vite tout fermé mais c'étais apparament trop tard
    0
  4. g3n-h@ckm@n
     
    Combofix aurait du etre renommé....
    à passer les outils sans savoir ni les connaitre on plante sa machine...


    __________________________________________________
    =>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
    =>il est fort déconseillé de le transposer sur un autre ordinateur !<=
    ----------------------------------------------------------------------------


    Toujours avec toutes les protections désactivées, fais ceci :

    ▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
    ▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

    ----------------------------------------------------------
    KillAll::

    ClearJavaCache::

    RegLock::
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    [HKEY_USERS\S-1-5-21-2469631386-82068602-2986095981-1000_Classes\Wow6432Node\CLSID\{714bbf8f-1deb-488a-a1c5-9ceb893cbd0a}]
    [HKEY_USERS\S-1-5-21-2469631386-82068602-2986095981-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]


    ------------------------------------------------------------------

    ▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
    ▶ Quitte le Bloc Notes

    ▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix comme sur cette : illustration

    ▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
    ▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    ▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt

    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. ZeKzU Messages postés 133 Statut Membre 18
     
    ComboFix 12-07-06.01 - GuiGui 06/07/2012 13:12:04.2.4 - x64
    Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.4079.2501 [GMT 2:00]
    Lancé depuis: c:\users\GuiGui\Desktop\EntretienPC\ComboFix.exe
    Commutateurs utilisés :: c:\users\GuiGui\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2012-06-06 au 2012-07-06 ))))))))))))))))))))))))))))))))))))
    .
    .
    2012-07-06 11:15 . 2012-07-06 11:15 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-07-06 11:15 . 2012-07-06 11:15 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-07-06 11:15 . 2012-07-06 11:15 -------- d-----w- c:\users\GuiGui\AppData\Local\temp
    2012-07-06 11:15 . 2012-07-06 11:15 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-05 22:05 . 2012-07-05 22:05 -------- d-----w- c:\users\GuiGui\AppData\Local\Downloader
    2012-07-04 18:25 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{604C648B-D2D4-4BCF-826C-4DA41436572D}\mpengine.dll
    2012-07-04 17:30 . 2012-07-06 10:19 -------- d-----w- c:\users\GuiGui\AppData\Local\LogMeIn Hamachi
    2012-07-04 11:04 . 2012-07-04 11:04 -------- d-----w- c:\program files (x86)\Rockstar Games
    2012-07-04 10:42 . 2012-07-04 10:42 -------- d-----w- c:\programdata\Rockstar Games
    2012-07-04 10:23 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-07-03 22:26 . 2012-02-11 13:40 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2839250E-3304-4818-BA5F-E41536B2C336}\gapaengine.dll
    2012-07-03 22:25 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
    2012-06-27 18:07 . 2012-06-27 18:07 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2012-06-23 11:32 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-23 11:32 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-23 11:32 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-23 11:32 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-23 11:32 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-23 11:32 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-23 11:32 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-23 11:32 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-23 11:32 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-19 03:28 . 2012-06-19 03:28 -------- d-----w- c:\users\GuiGui\AppData\Local\Sidhe
    2012-06-18 10:16 . 2012-06-18 10:16 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-18 10:16 . 2012-06-18 10:16 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-17 12:13 . 2012-06-17 12:13 -------- d-----w- c:\users\GuiGui\AppData\Roaming\Apowersoft
    2012-06-17 12:13 . 2010-12-24 09:43 29288 ----a-w- c:\windows\system32\drivers\Apowersoft_AudioDevice.sys
    2012-06-16 15:16 . 2012-06-16 15:16 -------- d-----w- c:\program files (x86)\HmelyoffLabs
    2012-06-16 15:09 . 2012-06-16 15:15 -------- d-----w- c:\program files (x86)\Noel Danjou
    2012-06-16 14:40 . 2012-06-16 14:40 -------- d-----w- c:\programdata\Telestream
    2012-06-16 14:40 . 2012-06-16 15:32 -------- d-----w- c:\users\GuiGui\AppData\Roaming\Wirecast
    2012-06-16 14:40 . 2012-06-16 14:40 -------- d-----w- c:\users\GuiGui\AppData\Roaming\Vara Software
    2012-06-16 14:40 . 2012-06-16 14:40 -------- d-----w- c:\programdata\eSellerate
    2012-06-13 15:06 . 2012-06-13 15:06 -------- d-----w- c:\users\GuiGui\AppData\Local\Macromedia
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-06 11:16 . 2011-07-28 14:38 25640 ----a-w- c:\windows\gdrv.sys
    2012-07-04 18:19 . 2012-04-07 15:02 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-04 18:19 . 2011-07-28 14:47 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-20 14:16 . 2012-05-20 14:00 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-05-20 14:16 . 2011-08-02 15:52 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-05-20 14:15 . 2011-08-02 15:51 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-05-20 14:02 . 2012-05-20 14:00 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-05-15 10:48 . 2012-05-22 23:23 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
    2012-05-15 10:48 . 2012-05-22 23:23 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
    2012-05-15 10:48 . 2012-05-22 23:23 8139072 ----a-w- c:\windows\system32\nvcuda.dll
    2012-05-15 10:48 . 2012-05-22 23:23 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2012-05-15 10:48 . 2012-05-22 23:23 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
    2012-05-15 10:48 . 2012-05-22 23:23 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
    2012-05-15 10:48 . 2012-05-22 23:23 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
    2012-05-15 10:48 . 2012-05-22 23:23 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
    2012-05-15 10:48 . 2012-05-22 23:23 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2012-05-15 10:48 . 2012-05-22 23:23 246592 ----a-w- c:\windows\system32\nvinitx.dll
    2012-05-15 10:48 . 2012-05-22 23:23 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2012-05-15 10:48 . 2012-05-22 23:23 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
    2012-05-15 10:48 . 2012-05-22 23:23 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2012-05-15 10:48 . 2012-05-22 23:23 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2012-05-15 10:48 . 2012-05-22 23:23 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
    2012-05-15 10:48 . 2012-05-22 23:23 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2012-05-15 10:48 . 2012-03-14 19:57 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2012-05-15 10:48 . 2012-03-14 19:57 68928 ----a-w- c:\windows\system32\OpenCL.dll
    2012-05-15 10:48 . 2012-03-14 19:57 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2012-05-15 10:48 . 2012-03-14 19:57 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
    2012-05-15 10:48 . 2012-03-14 19:57 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2012-05-15 10:48 . 2011-10-27 23:37 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2012-05-15 10:48 . 2011-10-27 23:37 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
    2012-05-15 10:48 . 2011-08-17 00:05 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
    2012-05-15 10:48 . 2011-08-17 00:05 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
    2012-05-15 10:48 . 2011-05-21 04:01 2741568 ----a-w- c:\windows\system32\nvapi64.dll
    2012-05-15 10:48 . 2011-05-21 04:01 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
    2012-05-15 09:29 . 2011-07-28 14:57 889664 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-05-15 09:29 . 2011-07-28 14:57 63296 ----a-w- c:\windows\system32\nvshext.dll
    2012-05-15 09:29 . 2011-07-28 14:57 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
    2012-05-15 09:29 . 2011-07-28 14:47 118080 ----a-w- c:\windows\system32\nvmctray.dll
    2012-05-15 09:29 . 2012-03-14 19:58 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
    2012-05-15 09:29 . 2011-07-28 14:57 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
    2012-05-15 09:28 . 2011-07-28 14:47 6151488 ----a-w- c:\windows\system32\nvcpl.dll
    2012-05-15 00:21 . 2012-05-15 00:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2012-05-05 12:26 . 2012-04-07 15:26 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-18 17:08 . 2012-05-22 23:23 31040 ----a-w- c:\windows\system32\nvhdap64.dll
    2012-04-18 17:08 . 2012-05-22 23:23 188736 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
    2012-04-18 17:08 . 2012-03-14 19:57 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
    2012-04-16 14:23 . 2012-04-16 14:23 637848 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-04-16 14:23 . 2011-07-29 09:51 567696 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-04-11 18:00 . 2012-04-16 13:17 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-07-06_10.25.19 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-11-21 03:09 . 2012-07-06 10:31 70416 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-07-06 10:31 33214 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-07-28 14:30 . 2012-07-06 10:31 10064 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2469631386-82068602-2986095981-1000_UserData.bin
    - 2012-07-06 10:25 . 2012-07-06 10:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-07-06 11:16 . 2012-07-06 11:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-04-12 09:16 . 2012-07-06 10:22 747396 c:\windows\system32\perfh00C.dat
    + 2011-04-12 09:16 . 2012-07-06 10:34 747396 c:\windows\system32\perfh00C.dat
    - 2009-07-14 02:36 . 2012-07-06 10:22 654278 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-07-06 10:34 654278 c:\windows\system32\perfh009.dat
    + 2011-04-12 09:16 . 2012-07-06 10:34 149814 c:\windows\system32\perfc00C.dat
    - 2011-04-12 09:16 . 2012-07-06 10:22 149814 c:\windows\system32\perfc00C.dat
    + 2009-07-14 02:36 . 2012-07-06 10:34 122110 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2012-07-06 10:22 122110 c:\windows\system32\perfc009.dat
    - 2011-07-28 14:01 . 2012-07-06 10:17 376832 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-07-28 14:01 . 2012-07-06 11:10 376832 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:46 . 2012-07-06 10:45 172760 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    - 2009-07-14 05:01 . 2012-07-06 10:24 369760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-07-06 11:15 369760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-07-28 14:01 . 2012-07-06 11:10 8683520 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-07-28 14:01 . 2012-07-06 10:17 8683520 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-07-06 10:17 3620864 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-07-06 11:10 3620864 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-04-16 14:05 . 2012-07-06 11:15 3291816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2012-04-16 14:05 . 2012-07-06 10:24 3291816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-07-28 15:13 . 2012-07-06 11:15 33899132 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2469631386-82068602-2986095981-1000-8192.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    "Granola"="d:\prog\granola\Granola Personal\granola.exe" [2012-02-21 887016]
    "F.lux"="c:\users\GuiGui\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]
    "Malwarebytes' Anti-Malware"="d:\prog\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    "HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    "QuickTime Task"="d:\prog\quicktime\QTTask.exe" -atboottime
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 MBAMService;MBAMService;d:\prog\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-06 363800]
    R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-04 250056]
    R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2010-12-24 29288]
    R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
    R3 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
    R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
    R3 cpuz135;cpuz135;d:\fichie~1\Temp\cpuz135\cpuz135_x64.sys [x]
    R3 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    R3 driverhardwarev2x64;driverhardwarev2x64;d:\prog\Ma-config\Drivers\driverhardwarev2x64.sys [2011-07-21 16640]
    R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-08-26 25640]
    R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-09-14 30528]
    R3 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\prog\Hi-rez\HiPatchService.exe [2012-06-24 8704]
    R3 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 145008]
    R3 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-07-28 16008]
    R3 maconfservice;Ma-Config Service;d:\prog\Ma-config\maconfservice.exe [2011-11-25 311928]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
    R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-28 1255736]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]
    S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2012-04-11 54728]
    S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-28 254528]
    S2 GatewayAgentService;O&O Gateway Agent Service;c:\program files (x86)\OO Software\Shared\GatewayAgent\ooemcgats.exe [2010-11-19 316744]
    S2 Granola PM Manager;Granola PM Manager;d:\prog\granola\Granola Personal\GranolaManager.exe [2012-02-21 449264]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\prog\hamachi\hamachi-2.exe [2012-06-27 2369960]
    S2 OODefragAgent;O&O Defrag;d:\prog\O&Odefrag\oodag.exe [2010-11-25 3152200]
    S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
    S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-04-11 583200]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
    S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys [2007-02-03 955680]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-07-28 22408]
    S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2011-07-28 66328]
    S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-02-03 58528]
    S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-06-10 91648]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-06-10 208896]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-26 425064]
    .
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2012-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 18:19]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
    2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-21 444752]
    .
    [HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2011-05-30 16:50 22408 ----a-w- d:\prog\Internet Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-06-14 110360]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-08 11821160]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2010-08-23 2552320]
    .
    ------- Examen supplémentaire -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Télécharger avec IDM - d:\prog\Internet Download Manager\IEExt.htm
    IE: Télécharger tous les liens avec IDM - d:\prog\Internet Download Manager\IEGetAll.htm
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\GuiGui\AppData\Roaming\Mozilla\Firefox\Profiles\0gzfg4q2.default\
    .
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG14.00.00.01PROFESSIONAL"="291DB118521AE356BEF3BACBE5FCE5C8034790643D4F3712452775C2BAD832F058F1CFA8AD69B9E2DFE103BC4BE7ED71EF2E8B19FDFCC10A80B7FDEF70C8D0E7A8C541BD85A68E9236D8AC8D058942E20A8362C62ADBD3A147DF8F167A7BE7B2D587E45A6EB9CCC835A5732A68FB37399694CEE401D64D50D58D7F551ACB853EB0644C674E0F508EDFD74864A1DA17387071BBCB115A07317A71D831E5992F211DCEBEB1E0166B9150444D73B048A0C306EFCA3C4058CB031A045790C5475D9013FEB66833FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667A6171C11EC38DE3DA9C6AECB7A5D14075C952D5F632B2A74A3778210D5935BB05EE9EB01172947C01F166003ACFA5C0F850307D69938F2DBF9742B7015F9FA2AF112AD855ED24475C66C95F29CB54B3C9CBFA7E447AB9FD5581994DF28D6561B27BB2C8BEC44096393E2AF56C0986CC9ABCCA7E4FAF9EF423A15CFCE615BF3098C621239F21106D5C2E511AACAB1B96741A23FC4874C09591F0D90C2D1EFC1CFAE78AB45E479926C94D13F7B2F40149AEE2A4F090381EFA30819AED150AD119D24636B7FF7F6671B4E79E36CA7B83C3B49C45BC947A9127FFC45A5A8796314F403FA64482C34A1A8B8224D323144D9766B4508B0720BBC9E081216892C94E42C668B50153F11C3B19F866E990DBF75CD717022FC6620A507B6F144478A767F706F598C6FB52031A654D45BFEBFBA7E157E8318834A94E2119D4E96C9FCF343BDC19518F2D92A344AAA2E4E5593F9C6F5B62C7BA907CAEE6BD2031B8DAD2CF5E783EB1AD3B3AA7A347C29262316F685EBC40F056C4CD8AB98705FFEA38CEFBF96E1F85AD4185016D125D0E482165D554957420FD90B87DA6D1528182FCCC8ACC38B4CC5CE967F7AE086212EA12B8E33B19DCF18167954249364955DE9646E2D3DB46C6D328B4E83F5858DCE42AC9C831E4FB8C3589170130A8352EB9E0FD0952814D1067E900A6C79097BB33BB8D20A5CA4ED58EA93C296A19E0003AE4C129EF8E66AE8C785B1D726FEC5ECF630ADF30B5CD840ADFDE3820063B1068DDF09E3FBEB15923910774B0D573933F3B85B4EA137528B949A228F9F05EF7DC44F3FE74FE6A8240F98442E900798DE443B420C66FBAA6C2671FC56CC3AB6156F67F38C659F6EE11B49B3D069089AED8C64F981F7F2A43BFDD02CD72CBC759CBDB51B9A86E0A2B6C19415E223D467828AA5D0EB466A76EFCACB1978304C9008740F58C04B7BF52DFD2CEB7A9CEE9FE20934456895354CAB51B75FFC25AA606FEB0A088C24428D765B8A6F900C5B52F86C890C798027C4B1E62F5293A79FB00E9001B974538D83E9FB6B8B82762308D1A9E18E85F19A72E6771077492A7442C5"
    .
    Heure de fin: 2012-07-06 13:17:51 - La machine a redémarré
    ComboFix-quarantined-files.txt 2012-07-06 11:17
    ComboFix2.txt 2012-07-06 10:27
    .
    Avant-CF: 15 291 781 120 octets libres
    Après-CF: 16 128 098 304 octets libres
    .
    - - End Of File - - F9593151961098C4035A06F0A5EBF4D1
    0
  7. ZeKzU Messages postés 133 Statut Membre 18
     
    sinon j'ai mumble/steam/ts/skype si sa te tente
    0
  8. g3n-h@ckm@n
     
    je te dis combofix aurait du etre renommé et tu le relances avec le meme nom..

    c'est pas grave c'est la journée aujourd'hui personne comprend rien...^^

    ====================

    bref

    Attention : cet outil peut etre détecté à tort comme virus

    tous les processus "non vitaux de windows" vont être coupés , enregistre ton travail.

    Désactive toutes tes protections si possible , antivirus , sandbox , etc....

    telecharge et enregistre Pre_Scan sur ton bureau :

    http://forums-fec.be/gen-hackman/Pre_Scan.exe
    http://general-changelog-team.fr/fr/downloads/viewdownload/41-outils-de-gen-hackman/52-pre-scan

    Avertissement :Il y aura une extinction du bureau pendant le scan --> pas de panique.

    une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan_la_date_et_l'heure.txt" sur le bureau.

    si l'outil est relancé plusieurs fois , il te proposera un menu et qu'aucune option n'est demandée, lance l'option "Kill"

    si l'outil est bloqué par l'infection utilise cette version avec extension .pif :

    http://forums-fec.be/gen-hackman/Pre_Scan.pif

    si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"

    Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler

    Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra sur le bureau en fin de scan

    NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)

    Heberge le rapport sur http://pjjoint.malekal.com puis donne le lien obtenu en echange sur le forum où tu te fais aider

    Si possible , confirme ou infirme l'utilisation de Defogger par Pre_Scan
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  9. ZeKzU Messages postés 133 Statut Membre 18
     
    mince désolé encore un peu dans la paté ^^
    et tes trois fichier sont des 404 not found
    0
  10. g3n-h@ckm@n
     
    ouaip trompé de fiche désolé , j'ai edité maintenant ils fonctionnent
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  11. ZeKzU Messages postés 133 Statut Membre 18
     
    Sa bloque a Extensions Firefox
    0
  12. g3n-h@ckm@n
     
    je comprends pas j ai pas d'erreur dans le code ...

    heberge le rapport qui est dans c:\ et debug.txt qui est dans le dossier pre_scan dans c:\ aussi
    0
  13. ZeKzU Messages postés 133 Statut Membre 18
     
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | 2.706 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤

    ~ Mis à jour le 06/07/2012 |08.30 par g3n-h@ckm@n
    ~ Informations Evolution : https://gen-hackman.kanak.fr/
    ~ Informations sur les switchs Pre_Script : https://gen-hackman.kanak.fr/
    ~ Feedback Pre_scan : https://gen-hackman.kanak.fr/#505
    ~ Merci à C_XX , Slyk & Saachaa pour leur apport à l'évolution de l'outil

    ~ Utilisateur : GuiGui (Administrateurs) | SID = S-1-5-21-2469631386-82068602-2986095981-1000
    ~ Ordinateur : GUIGUI-PC

    ~ Système d'exploitation : Windows 7 Professional (64 bits) Professional Service Pack 1
    ~ Type d'installation : Client
    ~ Enregistré sous : GuiGui
    ~ Processeur : Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz
    ~ Identification : Intel64 Family 6 Model 42 Stepping 7

    Pare-feu windows : Actif
    Windows Defender : Inactif

    ~ Mémoire RAM = Total (KB) : 4177270 | Used (%) : 24 | Free (KB) : 3146510
    ~ Pagefile = Total (KB) : 8352690 | Free (KB) : 7239240
    ~ Virtuelle = Total (KB) : 4194180 | Free (KB) : 4025400

    ¤¤¤¤¤¤¤¤¤¤ | Scripts de boot

    ¤¤¤¤¤¤¤¤¤¤ | Drives

    c:\ -> [Fixed] | [] | Total : 57230 Mo | Free : 15430 Mo -> NTFS
    d:\ -> [Fixed] | [] | Total : 953860 Mo | Free : 544820 Mo -> NTFS

    Scan : 14:20:35 | 06/07/2012

    ¤¤¤¤¤¤¤¤¤¤ | Navigateurs

    Internet Explorer : 9.0.8112.16421
    Mozilla Firefox : 13.0.1 (fr)

    ¤ Par défaut :

    [HKCR\http | command] : "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome

    ¤¤¤¤¤¤¤¤¤¤ | Frameworks

    ~ [14/07/2009 05:20:10] - C:\Windows\Microsoft.net\Framework\v1.0.3705
    ~ [14/07/2009 05:20:10] - C:\Windows\Microsoft.net\Framework\v1.1.4322
    ~ [14/07/2009 05:20:10] - C:\Windows\Microsoft.net\Framework\v1.0.3705
    ~ [14/07/2009 05:20:10] - C:\Windows\Microsoft.net\Framework\v1.1.4322
    ~ [14/07/2009 05:20:10] - C:\Windows\Microsoft.net\Framework\v2.0.50727
    ~ [14/07/2009 07:32:38] - C:\Windows\Microsoft.net\Framework\v3.0
    ~ [14/07/2009 07:32:38] - C:\Windows\Microsoft.net\Framework\v3.5
    ~ [28/07/2011 17:41:53] - C:\Windows\Microsoft.net\Framework\v4.0.30319

    ¤¤¤¤¤¤¤¤¤¤ | Windows Updates

    ¤¤¤¤¤¤¤¤¤¤ | Sessions | Profiles | Directories

    ~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1000] : ProfileImagePath -> C:\Users\GuiGui
    ~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1000] : RefCount -> 3
    ~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1000] : State -> 0
    ~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1003] : ProfileImagePath -> C:\Users\UpdatusUser
    ~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1003] : RefCount -> 0
    ~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1003] : State -> 0
    ~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1004] : ProfileImagePath -> C:\Users\UpdatusUser
    ~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1004] : RefCount -> 0
    ~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1004] : State -> 0
    ~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1006] : ProfileImagePath -> C:\Users\UpdatusUser
    ~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1006] : RefCount -> 1
    ~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1006] : State -> 0

    ~ C:\Windows\system32\config\systemprofile
    ~ C:\Windows\ServiceProfiles\LocalService
    ~ C:\Windows\ServiceProfiles\NetworkService
    ~ C:\Users\GuiGui
    ~ C:\Users\UpdatusUser
    ~ C:\Users\UpdatusUser
    ~ C:\Users\UpdatusUser

    [HKLM | ProfileLoader\{F5441CBB-AE7D-4495-905B-161047E58936}] : DllName -> userenv.dll

    Nouveau point de restauration créé

    ¤¤¤¤¤¤¤¤¤¤ | Contrôle MD5

    [MD5.332FEAB1435662FC6C672E25BEB37BE3] - [28/07/2011 17:00:03] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2804.5 Ko] - (6.1.7601.17567) - C:\Windows\explorer.exe
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] - [16/12/2011 17:09:40] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2804.5 Ko] - (6.1.7601.17567) - C:\Windows\ERDNT\cache86\explorer.exe
    [MD5.AC4C51EB24AA95B77F705AB159189E24] - [21/11/2010 05:24:11] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2805 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] - [28/07/2011 17:00:03] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2804.5 Ko] - (6.1.7601.17567) - C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [MD5.3B69712041F3D63605529BD66DC00C48] - [28/07/2011 17:00:03] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2804.5 Ko] - (6.1.7601.21669) - C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [MD5.40D777B7A95E00593EB1568C68514493] - [21/11/2010 05:24:25] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2555 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - [28/07/2011 17:00:03] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2555 Ko] - (6.1.7601.17567) - C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [MD5.0FB9C74046656D1579A64660AD67B746] - [28/07/2011 17:00:03] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2555 Ko] - (6.1.7601.21669) - C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [14/07/2009 01:19:49] - (.© Microsoft Corporation. Tous droits réservés. - Processus d'exécution client-serveur.) - [7.5 Ko] - (6.1.7600.16385) - C:\Windows\System32\csrss.exe
    [MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [14/07/2009 01:19:49] - (.© Microsoft Corporation. Tous droits réservés. - Processus d'exécution client-serveur.) - [7.5 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe ->
    [MD5.24ACB7E5BE595468E3B9AA488B9B4FCB] - [14/07/2009 01:19:46] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [321 Ko] - (6.1.7600.16385) - C:\Windows\System32\services.exe
    [MD5.24ACB7E5BE595468E3B9AA488B9B4FCB] - [16/12/2011 17:09:40] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [321 Ko] - (6.1.7600.16385) - C:\Windows\ERDNT\cache64\services.exe
    [MD5.24ACB7E5BE595468E3B9AA488B9B4FCB] - [14/07/2009 01:19:46] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [321 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [MD5.1911A3356FA3F77CCC825CCBAC038C2A] - [14/07/2009 01:19:50] - (.© Microsoft Corporation. Tous droits réservés. - Gestionnaire de sessions Windows.) - [110 Ko] - (6.1.7600.16385) - C:\Windows\System32\smss.exe
    [MD5.1911A3356FA3F77CCC825CCBAC038C2A] - [14/07/2009 01:19:50] - (.© Microsoft Corporation. All rights reserved. - Windows Session Manager.) - [110 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
    [MD5.BAFE84E637BF7388C96EF48D4D3FDD53] - [21/11/2010 05:24:28] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Userinit.) - [30 Ko] - (6.1.7601.17514) - C:\Windows\System32\userinit.exe
    [MD5.61AC3EFDFACFDD3F0F11DD4FD4044223] - [21/11/2010 05:23:55] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Userinit.) - [26 Ko] - (6.1.7601.17514) - C:\Windows\SysWOW64\userinit.exe
    [MD5.BAFE84E637BF7388C96EF48D4D3FDD53] - [16/12/2011 17:09:40] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Userinit.) - [30 Ko] - (6.1.7601.17514) - C:\Windows\ERDNT\cache64\userinit.exe
    [MD5.61AC3EFDFACFDD3F0F11DD4FD4044223] - [16/12/2011 17:09:40] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Userinit.) - [26 Ko] - (6.1.7601.17514) - C:\Windows\ERDNT\cache86\userinit.exe
    [MD5.BAFE84E637BF7388C96EF48D4D3FDD53] - [21/11/2010 05:24:28] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Userinit.) - [30 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
    [MD5.61AC3EFDFACFDD3F0F11DD4FD4044223] - [21/11/2010 05:23:55] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Userinit.) - [26 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] - [14/07/2009 01:52:37] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [126 Ko] - (6.1.7600.16385) - C:\Windows\System32\wininit.exe
    [MD5.B5C5DCAD3899512020D135600129D665] - [14/07/2009 01:36:49] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [94 Ko] - (6.1.7600.16385) - C:\Windows\SysWOW64\wininit.exe
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] - [16/12/2011 17:09:40] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [126 Ko] - (6.1.7600.16385) - C:\Windows\ERDNT\cache64\wininit.exe
    [MD5.B5C5DCAD3899512020D135600129D665] - [16/12/2011 17:09:40] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [94 Ko] - (6.1.7600.16385) - C:\Windows\ERDNT\cache86\wininit.exe
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] - [14/07/2009 01:52:37] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [126 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
    [MD5.B5C5DCAD3899512020D135600129D665] - [14/07/2009 01:36:49] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [94 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
    [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - [21/11/2010 05:24:29] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Windows.) - [381.5 Ko] - (6.1.7601.17514) - C:\Windows\System32\winlogon.exe
    [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - [16/12/2011 17:09:40] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Windows.) - [381.5 Ko] - (6.1.7601.17514) - C:\Windows\ERDNT\cache64\winlogon.exe
    [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - [21/11/2010 05:24:29] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Windows.) - [381.5 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [MD5.1C7857B62DE5994A75B054A9FD4C3825] - [15/02/2012 00:46:32] - (.© Microsoft Corporation. Tous droits réservés. - Ancillary Function Driver for WinSock.) - [487 Ko] - (6.1.7601.17752) - C:\Windows\System32\drivers\afd.sys
    [MD5.D31DC7A16DEA4A9BAF179F3D6FBDB38C] - [21/11/2010 05:24:08] - (.© Microsoft Corporation. All rights reserved. - Ancillary Function Driver for WinSock.) - [488 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
    [MD5.D5B031C308A409A0A576BFF4CF083D30] - [28/07/2011 16:59:53] - (.© Microsoft Corporation. All rights reserved. - Ancillary Function Driver for WinSock.) - [487.5 Ko] - (6.1.7601.17603) - C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
    [MD5.1C7857B62DE5994A75B054A9FD4C3825] - [15/02/2012 00:46:32] - (.© Microsoft Corporation. All rights reserved. - Ancillary Function Driver for WinSock.) - [487 Ko] - (6.1.7601.17752) - C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
    [MD5.F4AD06143EAC303F55D0E86C40802976] - [28/07/2011 16:59:53] - (.© Microsoft Corporation. All rights reserved. - Ancillary Function Driver for WinSock.) - [487.5 Ko] - (6.1.7601.21712) - C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
    [MD5.36A14FD1A23F57046361733B792CA8DB] - [15/02/2012 00:46:32] - (.© Microsoft Corporation. All rights reserved. - Ancillary Function Driver for WinSock.) - [486.5 Ko] - (6.1.7601.21887) - C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] - [16/12/2011 17:09:39] - (.© Microsoft Corporation. All rights reserved. - ATAPI IDE Miniport Driver.) - [23.56 Ko] - (6.1.7600.16385) - C:\Windows\ERDNT\cache64\atapi.sys
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] - [14/07/2009 01:19:47] - (.© Microsoft Corporation. All rights reserved. - ATAPI IDE Miniport Driver.) - [23.56 Ko] - (6.1.7600.16385) - C:\Windows\System32\drivers\atapi.sys
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] - [14/07/2009 01:19:47] - (.© Microsoft Corporation. All rights reserved. - ATAPI IDE Miniport Driver.) - [23.56 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
    [MD5.F036CE71586E93D94DAB220D7BDF4416] - [21/11/2010 05:23:47] - (.© Microsoft Corporation. All rights reserved. - SCSI CD-ROM Driver.) - [144 Ko] - (6.1.7601.17514) - C:\Windows\System32\drivers\cdrom.sys
    [MD5.F036CE71586E93D94DAB220D7BDF4416] - [21/11/2010 05:23:47] - (.© Microsoft Corporation. All rights reserved. - SCSI CD-ROM Driver.) - [144 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys
    [MD5.09594D1089C523423B32A4229263F068] - [21/11/2010 05:23:51] - (.© Microsoft Corporation. All rights reserved. - MBT Transport driver.) - [255.5 Ko] - (6.1.7601.17514) - C:\Windows\System32\drivers\netbt.sys
    [MD5.09594D1089C523423B32A4229263F068] - [21/11/2010 05:23:51] - (.© Microsoft Corporation. All rights reserved. - MBT Transport driver.) - [255.5 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - [06/07/2012 12:26:07] - (.© Microsoft Corporation. All rights reserved. - TDI Translation Driver.) - [116.5 Ko] - (6.1.7601.17514) - C:\Windows\ERDNT\cache64\tdx.sys
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - [21/11/2010 05:24:32] - (.© Microsoft Corporation. All rights reserved. - TDI Translation Driver.) - [116.5 Ko] - (6.1.7601.17514) - C:\Windows\System32\drivers\tdx.sys
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - [21/11/2010 05:24:32] - (.© Microsoft Corporation. All rights reserved. - TDI Translation Driver.) - [116.5 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys
    [MD5.0D08D2F3B3FF84E433346669B5E0F639] - [21/11/2010 05:23:47] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de cliché instantané du volume.) - [288.88 Ko] - (6.1.7601.17514) - C:\Windows\System32\drivers\volsnap.sys
    [MD5.0D08D2F3B3FF84E433346669B5E0F639] - [21/11/2010 05:23:47] - (.© Microsoft Corporation. All rights reserved. - Volume Shadow Copy Driver.) - [288.88 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys

    14:20:54

    ¤¤¤¤¤¤¤¤¤¤ | Processus

    nvSCPAPISvr.exe (796) -> Processus stoppé
    PresentationFontCache.exe (840) -> Processus stoppé
    WUDFHost.exe (1180) -> Processus stoppé
    spoolsv.exe (1440) -> Processus stoppé
    ooemcgats.exe (1616) -> Processus stoppé
    taskhost.exe (1716) -> Processus stoppé
    GranolaManager.exe (1736) -> Processus stoppé
    hamachi-2.exe (1896) -> Processus stoppé
    explorer.exe (1936) -> Processus stoppé
    oodag.exe (1728) -> Processus stoppé
    TimeMgmtDaemon.exe (1152) -> Processus stoppé
    SolutoService.exe (2044) -> Processus stoppé
    RPMDaemon.exe (2924) -> Processus stoppé
    LCore.exe (2092) -> Processus stoppé
    RAVCpl64.exe (2156) -> Processus stoppé
    SetPoint.exe (2140) -> Processus stoppé
    msseces.exe (2120) -> Processus stoppé
    sidebar.exe (2220) -> Processus stoppé
    granola.exe (2304) -> Processus stoppé
    flux.exe (2264) -> Processus stoppé
    KHALMNPR.exe (2800) -> Processus stoppé
    nusb3mon.exe (2904) -> Processus stoppé
    WMPSideShowGadget.exe (3536) -> Processus stoppé
    wmplayer.exe (3660) -> Processus stoppé
    SearchIndexer.exe (3972) -> Processus stoppé
    wmpnetwk.exe (4060) -> Processus stoppé
    taskhost.exe (3244) -> Processus stoppé
    firefox.exe (2084) -> Processus stoppé
    AlarmClock.exe (4220) -> Processus stoppé
    LMS.exe (4784) -> Processus stoppé
    mbamservice.exe (4812) -> Processus stoppé
    UNS.exe (4936) -> Processus stoppé
    plugin-container.exe (1104) -> Processus stoppé
    FlashPlayerPlugin_11_3_300_262.exe (1708) -> Processus stoppé
    FlashPlayerPlugin_11_3_300_262.exe (4428) -> Processus stoppé
    Steam.exe (4240) -> Processus stoppé
    SteamService.exe (1972) -> Processus stoppé
    Agent.exe (520) -> Processus stoppé
    conhost.exe (3824) -> Processus stoppé
    Diablo III.exe (3264) -> Processus stoppé
    winamp.exe (4400) -> Processus stoppé
    SearchProtocolHost.exe (4480) -> Processus stoppé

    ¤¤¤¤¤¤¤¤¤¤ | Processus en cours

    Demarrage : Normal

    4652 | D:\Mes documents\winlogon.exe - GuiGui - Normal - "D:\Mes documents\winlogon.exe" - 2084
    1732 | C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe - Système - Normal - "C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe" - 564
    3432 | C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe - Système - Normal - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe" - 564
    3500 | C:\Pre_Scan\Pv.exe - GuiGui - Normal - C:\Pre_Scan\Pv.exe -o"%i | %f - %u - %p - %l - %r" - 2460

    ¤¤¤¤¤¤¤¤¤¤ | Winlogon

    ¤

    [HKLM | Winlogon] | Shell : Explorer.exe
    [HKLM | Winlogon] | AutoRestartShell : 1 -> 0
    [HKLM | Winlogon] | userinit : C:\Windows\system32\userinit.exe,
    [HKLM | Winlogon] | PowerDownAfterShutdown : -> 1
    [HKLM | Winlogon] | System :

    ¤¤¤¤¤¤¤¤¤¤ | Associations

    [.exe] : exefile
    [exefile | command] : "%1" %*
    [.com] : ComFile
    [comfile | command] : "%1" %*
    [.reg] : regfile
    [regfile | command] : regedit.exe "%1"
    [.scr] : scrfile
    [scrfile | command] : "%1" /S
    [.bat] : batfile
    [batfile | command] : "%1" %*
    [.cmd] : cmdfile
    [cmdfile | command] : "%1" %*
    [.pif] : piffile
    [piffile | command] : "%1" %*
    [.url] : InternetShortcut
    [InternetShortcut | command] : "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l
    [Application.Manifest | command] : rundll32.exe dfshim.dll,ShOpenVerbApplication %1
    [Application.Reference | command] : rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2
    [Folder | command] : C:\Windows\Explorer.exe -> C:\Windows\explorer.exe

    ¤

    [Firefox | Command] | @ : C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"
    [Firefox - Safemode | Command] | @ : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode
    [IE | Command] | @ : "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
    [Applications | IE | Command] | @ : "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
    [Assoc | Applications] | @ : http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s

    ¤¤¤¤¤¤¤¤¤¤ | Corrections diverses

    [HKLM | HideDesktopIcons\ClassicStartMenu] | {9343812e-1c37-4a49-a12e-4b2d810d956b} : 1 -> 0
    [HKLM | HideDesktopIcons\NewStartPanel] | {F02C1A0D-BE21-4350-88B0-7367FC96EF3C} : 1 -> 0
    [HKLM | HideDesktopIcons\NewStartPanel] | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> 0
    [HKLM | HideDesktopIcons\NewStartPanel] | {208D2C60-3AEA-1069-A2D7-08002B30309D} : 1 -> 0
    [HKLM | HideDesktopIcons\NewStartPanel] | {871C5380-42A0-1069-A2EA-08002B30309D} : 1 -> 0
    [HKLM | HideDesktopIcons\NewStartPanel] | {5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} : 1 -> 0
    [HKLM | HideDesktopIcons\NewStartPanel] | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> 0
    [HKLM | HideDesktopIcons\NewStartPanel] | {9343812e-1c37-4a49-a12e-4b2d810d956b} : 1 -> 0
    [HKLM | Advanced\Folder\Hidden\SHOWALL] | CheckedValue : 1
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Desktop] | Wallpaper : C:\Users\GuiGui\AppData\Roaming\Mozilla\Firefox\Fond d'écran.bmp
    [HKU\S-1-5-18 | Desktop] | Wallpaper : (None)
    [HKU\S-1-5-19 | Policies\Explorer] | NoDesktop : -> 0
    [HKU\S-1-5-20 | Policies\Explorer] | NoDesktop : -> 0
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Policies\Explorer] | NoDesktop : -> 0
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000_Classes | Policies\Explorer] | NoDesktop : -> 0
    [HKU\S-1-5-18 | Policies\Explorer] | NoDesktop : -> 0
    [HKLM | CurrentVersion\Explorer] | AlwaysUnloadDll : -> 1
    [HKLM | policies\Explorer] | NoDesktop : -> 0
    [HKU\S-1-5-19 | Explorer\Advanced] | Hidden : -> 0
    [HKU\S-1-5-20 | Explorer\Advanced] | Hidden : -> 0
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Explorer\Advanced] | Hidden : 1 -> 0
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000_Classes | Explorer\Advanced] | Hidden : -> 0
    [HKU\S-1-5-18 | Explorer\Advanced] | Hidden : -> 0
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Policies\Explorer] | NoDriveTypeAutoRun : 0 -> 145
    [HKLM | policies\Explorer] | NoDriveTypeAutoRun : 0 -> 145
    [HKLM | Policies\System] | DisableRegistryTools : 0
    [HKLM | Control\SafeBoot] | AlternateShell : cmd.exe

    14:20:54

    ¤¤¤¤¤¤¤¤¤¤ | Services

    [RPCSS] | Start : 2 : Actif
    [Cmbatt] | Start : 3 : Inactif
    [Compbatt] | Start : 3 -> 0 : Inactif
    [Ndisuio] | Start : 3 : Inactif
    [Power] | Start : 2 : Actif
    [Profsvc] | Start : 2 : Actif
    [PlugPlay] | Start : 2 : Actif
    [PEAUTH] | Start : 2 : Actif
    [NVSvc] | Start : 3 -> 2 : Inactif
    [nsi] | Start : 2 : Actif
    [NLASvc] | Start : 2 : Actif
    [MPSsvc] | Start : 2 : Actif
    [MMCSS] | Start : 2 : Actif
    [luafv] | Start : 2 : Actif
    [lltdio] | Start : 2 : Actif
    [Iphlpsvc] | Start : 2 : Actif
    [IKEEXT] | Start : 2 : Actif
    [gpsvc] | Start : 2 : Actif
    [lmhosts] | Start : 2 : Actif
    [LanmanWorkstation] | Start : 2 : Actif
    [LanmanServer] | Start : 2 : Actif
    [agp440] | Start : 3 -> 2 : Inactif
    [AudioEndpointBuilder] | Start : 2 : Actif
    [Audiosrv] | Start : 2 : Actif
    [BFE] | Start : 2 : Actif
    [Bits] | Start : 3 -> 2 : Inactif
    [CryptSvc] | Start : 2 : Actif
    [EapHost] | Start : 3 -> 2 : Inactif
    [Wlansvc] | Start : 3 -> 2 : Inactif
    [SppSvc] | Start : 2 : Inactif
    [SharedAccess] | Start : 2 : Inactif
    [windefend] | Start : 3 -> 2 : Inactif
    [wuauserv] | Start : 2 : Actif
    [WerSvc] | Start : 3 -> 2 : Inactif
    [wscsvc] | Start : 2 : Actif

    14:20:54

    ¤¤¤¤¤¤¤¤¤¤ | Internet Explorer

    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Main] | Start Page : https://www.msn.com/fr-fr -> https://www.google.com/?gws_rd=ssl
    [HKU\S-1-5-18 | Main] | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> https://www.google.com/?gws_rd=ssl
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Main] | Local Page : C:\Windows\system32\blank.htm
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Main] | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    [HKU\S-1-5-18 | Main] | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    [HKLM | Search] | SearchAssistant : https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm -> http://www.google.com/toolbar/ie8/sidebar.html
    [HKLM | Main] | Start Page : https://www.msn.com/fr-fr -> https://www.msn.com/fr-fr/?ocid=iehp
    [HKLM | Main] | Local Page : C:\Windows\SysWOW64\blank.htm
    [HKLM | Main] | Default_Search_URL : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    [HKLM | Main] | Default_Page_URL : https://www.msn.com/fr-fr/?ocid=iehp
    [HKLM | Main] | Search Page : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    [HKLM | AboutURLs] | Tabs : res://ieframe.dll/tabswelcome.htm

    ¤

    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | PhishingFilter] | Enabled : 2
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | PhishingFilter] | EnabledV8 : 1
    [HKU\S-1-5-19 | Internet settings] | EnableHttp1_1 : 1
    [HKU\S-1-5-20 | Internet settings] | EnableHttp1_1 : 1
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Internet settings] | EnableHttp1_1 : 1
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Internet settings] | MigrateProxy : 1
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Internet settings] | WarnonBadCertRecving : 1
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Internet settings] | WarnOnHTTPSToHTTPRedirect : 1
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Internet settings] | WarnonZoneCrossing : 1
    [HKU\S-1-5-19 | Internet settings] | AutoConfigProxy : wininet.dll
    [HKU\S-1-5-20 | Internet settings] | AutoConfigProxy : wininet.dll
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Internet settings] | AutoConfigProxy : wininet.dll

    ¤

    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000\Software\Microsoft\Internet Explorer\SearchScopes\${searchCLSID}] | (@ieframe.dll,-12512) -> https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] | (Bing) -> https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8E045791-A32F-41AA-9F81-DED6FF4C7F05}] | (Google) -> https://www.google.com/webhp?hl=en&gws_rd=ssl{searchTerms}

    [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] | (@ieframe.dll,-12512) -> https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&FORM=IE8SRC

    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}] | () ->
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D016000}] | () ->
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D016800}] | () ->
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D017600}] | () ->
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}] | () ->

    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0002df01-0000-0000-c000-000000000046}] | (iexplore.exe) -> C:\Program Files (x86)\Internet Explorer
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{003B91A6-61E3-4591-891D-01E94C8CB11E}] | (Silverlight.Configuration.exe) -> C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] | (tabtip.exe) -> C:\Program Files (x86)\Common Files\Microsoft Shared\Ink
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] | (wpcer.exe) -> C:\Windows\SysWOW64
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08f24d68-9087-4b24-81ad-7b34af3e3ed5}] | (Acrobat Elements.exe) -> C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat Elements
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695}] | (winfxdocobj.exe) -> C:\Windows\SysWOW64
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] | (wuapp.exe) -> C:\Windows\SysWOW64
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{130c40f0-1bcb-4852-8b63-291cf90a600b}] | (msdt.exe) -> C:\Windows\SysWOW64
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B3FB63-66F4-4EFC-B717-BB283B85E79B}] | (AcroBroker.exe) -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] | (dfsvc.exe) -> C:\Windows\microsoft.net\framework\v2.0.50727
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1e7a3a27-8c57-4900-a440-f8fc8e51e0af}] | (BingApp.exe) -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1ec76a37-1762-46ff-9b14-765b3e6793be}] | (agcp.exe) -> C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] | () ->
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2391d819-9d17-44ec-9ac1-f6aa07549469}] | (wermgr.exe) -> C:\Windows\system32
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] | (ieinstal.exe) -> C:\Program Files (x86)\Internet Explorer
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{358E6F10-DE8A-4602-8424-179CA217F8EE}] | (AcroRd32Info.exe) -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{380689D0-AFAA-47E6-B80E-A33436FE314B}] | (wlcomm.exe) -> C:\Program Files (x86)\Windows Live\Contacts\
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B9A6E32-36C9-4946-B78C-3F58E3785EC1}] | (unpack200.exe) -> C:\Program Files (x86)\Java\jre7\bin
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}] | (jp2launcher.exe) -> C:\Program Files (x86)\Java\jre7\bin
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49CF0734-BF9A-4444-BC9F-C26E56AF042F}] | (SonarHost.exe) -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4becf16c-74f0-429b-8d3e-4fba507ac661}] | (acrord32.exe) -> C:\Program Files (x86)\adobe\acrobat 7.0\reader
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}] | (javaws.exe) -> C:\Program Files (x86)\Java\jre7\bin
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] | (wmplayer.exe) -> %ProgramFiles%\Windows Media Player
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}-32] | (wmplayer.exe) -> %ProgramFiles(x86)%\Windows Media Player
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] | (iedw.exe) -> C:\Program Files (x86)\Internet Explorer
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76E2369A-75BA-41F9-8B9E-16059E5CF9A6}] | (AdobeARM.exe) -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] | (CertEnrollCtrl.exe) -> C:\Windows\SysWOW64\
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] | () ->
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D016000}] | (esnlauncher2.exe) -> C:\Program Files (x86)\Battlelog Web Plugins
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D016800}] | (esnlauncher3.exe) -> C:\Program Files (x86)\Battlelog Web Plugins
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D017600}] | (esnlauncher3.exe) -> C:\Program Files (x86)\Battlelog Web Plugins
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] | (verclsid.exe) -> C:\Windows\SysWOW64
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] | (ctfmon.exe) -> C:\Windows\SysWOW64
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] | (helppane.exe) -> C:\Windows
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E1F80F4-953F-41E7-8460-E64AE5BE4ED3}] | (AdobeCollabSync.exe) -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9019d14b-638d-4383-bb95-441b7f57eafb}] | (wlstartup.exe) -> C:\Program Files (x86)\Windows Live\Installer\
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95a4104c-1c49-4c2a-9830-1be0f47e926c}] | (acrobat.exe) -> C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C6A861C-B233-4994-AFB1-C158EE4FC578}] | (AcroRd32.exe) -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9da1d2cb-796d-4bec-bbaa-0aa9ccd80e15}] | (Acrobat Elements.exe) -> C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat Elements
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a1ad1bbb-3b33-4260-a74c-5fd8bc1479fc}] | (splwow64.exe) -> C:\Windows
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] | (xpsviewer.exe) -> C:\Windows\SysWOW64\xpsviewer
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] | (cmd.exe) -> C:\Windows\SysWOW64
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] | (TSWbPrxy.exe) -> C:\Windows\system32
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD18A03F-31CC-4CC0-B52D-9E199122923D}] | () ->
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] | (dfsvc.exe) -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AED-AECE-4E27-9BCB-5358B13F9FF9}] | (dfsvc.exe) -> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}] | (ssvagent.exe) -> C:\Program Files (x86)\Java\jre7\bin
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D133B285-8A43-4EC7-93BE-9B909C2370F5}] | (msnmsgr.exe) -> C:\Program Files (x86)\Windows Live\Messenger\
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB9524B3-24F4-48fa-91C5-B8EEF1C0A14F}] | () ->
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] | (notepad.exe) -> C:\Windows\SysWOW64
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}] | (IDMan.exe) -> D:\Prog\Internet Download Manager
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e5f90a07-7db7-4dcb-bd6d-d3fecd376ca3}] | (acrord32.exe) -> C:\Program Files (x86)\adobe\acrobat 6.0\reader
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] | (presentationhost.exe) -> C:\Windows\SysWOW64
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f971150e-a83b-4d57-9c22-9535668d07d8}] | (BingBar.exe) -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] | (FlashUtil32_11_2_202_235_ActiveX.exe) -> C:\Windows\SysWOW64\Macromed\Flash
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fb9e068b-c612-4fa8-bdb9-d728a716a420}] | (acrobat.exe) -> C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat

    ¤¤¤¤¤¤¤¤¤¤ | Firefox

    Profile : 0gzfg4q2.default

    user_pref("browser.startup.homepage_override.buildID", "20120614114901");
    user_pref("browser.startup.homepage_override.mstone", "13.0.1");
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | 2.706 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤

    ~ Mis à jour le 06/07/2012 |08.30 par g3n-h@ckm@n
    ~ Informations Evolution : https://gen-hackman.kanak.fr/
    ~ Informations sur les switchs Pre_Script : https://gen-hackman.kanak.fr/
    ~ Feedback Pre_scan : https://gen-hackman.kanak.fr/#505
    ~ Merci à C_XX , Slyk & Saachaa pour leur apport à l'évolution de l'outil

    ~ Utilisateur : GuiGui (Administrateurs) | SID = S-1-5-21-2469631386-82068602-2986095981-1000
    ~ Ordinateur : GUIGUI-PC

    ~ Système d'exploitation : Windows 7 Professional (64 bits) Professional Service Pack 1
    ~ Type d'installation : Client
    ~ Enregistré sous : GuiGui
    ~ Processeur : Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz
    ~ Identification : Intel64 Family 6 Model 42 Stepping 7

    Pare-feu windows : Actif
    Windows Defender : Inactif

    ~ Mémoire RAM = Total (KB) : 4177270 | Used (%) : 24 | Free (KB) : 3153260
    ~ Pagefile = Total (KB) : 8352690 | Free (KB) : 7289170
    ~ Virtuelle = Total (KB) : 4194180 | Free (KB) : 4019420

    ¤¤¤¤¤¤¤¤¤¤ | Scripts de boot

    ¤¤¤¤¤¤¤¤¤¤ | Drives

    c:\ -> [Fixed] | [] | Total : 57230 Mo | Free : 15430 Mo -> NTFS
    d:\ -> [Fixed] | [] | Total : 953860 Mo | Free : 544820 Mo -> NTFS

    Scan : 14:27:41 | 06/07/2012

    ¤¤¤¤¤¤¤¤¤¤ | Navigateurs

    Internet Explorer : 9.0.8112.16421
    Mozilla Firefox : 13.0.1 (fr)

    ¤ Par défaut :

    [HKCR\http | command] : "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome

    ¤¤¤¤¤¤¤¤¤¤ | Frameworks

    ~ [14/07/2009 05:20:10] - C:\Windows\Microsoft.net\Framework\v1.0.3705
    ~ [14/07/2009 05:20:10] - C:\Windows\Microsoft.net\Framework\v1.1.4322
    ~ [14/07/2009 05:20:10] - C:\Windows\Microsoft.net\Framework\v1.0.3705
    ~ [14/07/2009 05:20:10] - C:\Windows\Microsoft.net\Framework\v1.1.4322
    ~ [14/07/2009 05:20:10] - C:\Windows\Microsoft.net\Framework\v2.0.50727
    ~ [14/07/2009 07:32:38] - C:\Windows\Microsoft.net\Framework\v3.0
    ~ [14/07/2009 07:32:38] - C:\Windows\Microsoft.net\Framework\v3.5
    ~ [28/07/2011 17:41:53] - C:\Windows\Microsoft.net\Framework\v4.0.30319

    ¤¤¤¤¤¤¤¤¤¤ | Windows Updates

    ¤¤¤¤¤¤¤¤¤¤ | Sessions | Profiles | Directories

    ~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1000] : ProfileImagePath -> C:\Users\GuiGui
    ~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1000] : RefCount -> 4
    ~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1000] : State -> 0
    ~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1003] : ProfileImagePath -> C:\Users\UpdatusUser
    ~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1003] : RefCount -> 0
    ~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1003] : State -> 0
    ~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1004] : ProfileImagePath -> C:\Users\UpdatusUser
    ~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1004] : RefCount -> 0
    ~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1004] : State -> 0
    ~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1006] : ProfileImagePath -> C:\Users\UpdatusUser
    ~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1006] : RefCount -> 1
    ~ [HKLM | ProfileList\S-1-5-21-2469631386-82068602-2986095981-1006] : State -> 0

    ~ C:\Windows\system32\config\systemprofile
    ~ C:\Windows\ServiceProfiles\LocalService
    ~ C:\Windows\ServiceProfiles\NetworkService
    ~ C:\Users\GuiGui
    ~ C:\Users\UpdatusUser
    ~ C:\Users\UpdatusUser
    ~ C:\Users\UpdatusUser

    [HKLM | ProfileLoader\{F5441CBB-AE7D-4495-905B-161047E58936}] : DllName -> userenv.dll

    Nouveau point de restauration créé

    ¤¤¤¤¤¤¤¤¤¤ | Contrôle MD5

    [MD5.332FEAB1435662FC6C672E25BEB37BE3] - [28/07/2011 17:00:03] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2804.5 Ko] - (6.1.7601.17567) - C:\Windows\explorer.exe
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] - [16/12/2011 17:09:40] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2804.5 Ko] - (6.1.7601.17567) - C:\Windows\ERDNT\cache86\explorer.exe
    [MD5.AC4C51EB24AA95B77F705AB159189E24] - [21/11/2010 05:24:11] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2805 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] - [28/07/2011 17:00:03] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2804.5 Ko] - (6.1.7601.17567) - C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [MD5.3B69712041F3D63605529BD66DC00C48] - [28/07/2011 17:00:03] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2804.5 Ko] - (6.1.7601.21669) - C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [MD5.40D777B7A95E00593EB1568C68514493] - [21/11/2010 05:24:25] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2555 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - [28/07/2011 17:00:03] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2555 Ko] - (6.1.7601.17567) - C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [MD5.0FB9C74046656D1579A64660AD67B746] - [28/07/2011 17:00:03] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2555 Ko] - (6.1.7601.21669) - C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [14/07/2009 01:19:49] - (.© Microsoft Corporation. Tous droits réservés. - Processus d'exécution client-serveur.) - [7.5 Ko] - (6.1.7600.16385) - C:\Windows\System32\csrss.exe
    [MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [14/07/2009 01:19:49] - (.© Microsoft Corporation. Tous droits réservés. - Processus d'exécution client-serveur.) - [7.5 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe ->
    [MD5.24ACB7E5BE595468E3B9AA488B9B4FCB] - [14/07/2009 01:19:46] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [321 Ko] - (6.1.7600.16385) - C:\Windows\System32\services.exe
    [MD5.24ACB7E5BE595468E3B9AA488B9B4FCB] - [16/12/2011 17:09:40] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [321 Ko] - (6.1.7600.16385) - C:\Windows\ERDNT\cache64\services.exe
    [MD5.24ACB7E5BE595468E3B9AA488B9B4FCB] - [14/07/2009 01:19:46] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [321 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [MD5.1911A3356FA3F77CCC825CCBAC038C2A] - [14/07/2009 01:19:50] - (.© Microsoft Corporation. Tous droits réservés. - Gestionnaire de sessions Windows.) - [110 Ko] - (6.1.7600.16385) - C:\Windows\System32\smss.exe
    [MD5.1911A3356FA3F77CCC825CCBAC038C2A] - [14/07/2009 01:19:50] - (.© Microsoft Corporation. All rights reserved. - Windows Session Manager.) - [110 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
    [MD5.BAFE84E637BF7388C96EF48D4D3FDD53] - [21/11/2010 05:24:28] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Userinit.) - [30 Ko] - (6.1.7601.17514) - C:\Windows\System32\userinit.exe
    [MD5.61AC3EFDFACFDD3F0F11DD4FD4044223] - [21/11/2010 05:23:55] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Userinit.) - [26 Ko] - (6.1.7601.17514) - C:\Windows\SysWOW64\userinit.exe
    [MD5.BAFE84E637BF7388C96EF48D4D3FDD53] - [16/12/2011 17:09:40] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Userinit.) - [30 Ko] - (6.1.7601.17514) - C:\Windows\ERDNT\cache64\userinit.exe
    [MD5.61AC3EFDFACFDD3F0F11DD4FD4044223] - [16/12/2011 17:09:40] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Userinit.) - [26 Ko] - (6.1.7601.17514) - C:\Windows\ERDNT\cache86\userinit.exe
    [MD5.BAFE84E637BF7388C96EF48D4D3FDD53] - [21/11/2010 05:24:28] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Userinit.) - [30 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
    [MD5.61AC3EFDFACFDD3F0F11DD4FD4044223] - [21/11/2010 05:23:55] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Userinit.) - [26 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] - [14/07/2009 01:52:37] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [126 Ko] - (6.1.7600.16385) - C:\Windows\System32\wininit.exe
    [MD5.B5C5DCAD3899512020D135600129D665] - [14/07/2009 01:36:49] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [94 Ko] - (6.1.7600.16385) - C:\Windows\SysWOW64\wininit.exe
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] - [16/12/2011 17:09:40] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [126 Ko] - (6.1.7600.16385) - C:\Windows\ERDNT\cache64\wininit.exe
    [MD5.B5C5DCAD3899512020D135600129D665] - [16/12/2011 17:09:40] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [94 Ko] - (6.1.7600.16385) - C:\Windows\ERDNT\cache86\wininit.exe
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] - [14/07/2009 01:52:37] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [126 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
    [MD5.B5C5DCAD3899512020D135600129D665] - [14/07/2009 01:36:49] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [94 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
    [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - [21/11/2010 05:24:29] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Windows.) - [381.5 Ko] - (6.1.7601.17514) - C:\Windows\System32\winlogon.exe
    [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - [16/12/2011 17:09:40] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Windows.) - [381.5 Ko] - (6.1.7601.17514) - C:\Windows\ERDNT\cache64\winlogon.exe
    [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - [21/11/2010 05:24:29] - (.© Microsoft Corporation. Tous droits réservés. - Application d'ouverture de session Windows.) - [381.5 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [MD5.1C7857B62DE5994A75B054A9FD4C3825] - [15/02/2012 00:46:32] - (.© Microsoft Corporation. Tous droits réservés. - Ancillary Function Driver for WinSock.) - [487 Ko] - (6.1.7601.17752) - C:\Windows\System32\drivers\afd.sys
    [MD5.D31DC7A16DEA4A9BAF179F3D6FBDB38C] - [21/11/2010 05:24:08] - (.© Microsoft Corporation. All rights reserved. - Ancillary Function Driver for WinSock.) - [488 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
    [MD5.D5B031C308A409A0A576BFF4CF083D30] - [28/07/2011 16:59:53] - (.© Microsoft Corporation. All rights reserved. - Ancillary Function Driver for WinSock.) - [487.5 Ko] - (6.1.7601.17603) - C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
    [MD5.1C7857B62DE5994A75B054A9FD4C3825] - [15/02/2012 00:46:32] - (.© Microsoft Corporation. All rights reserved. - Ancillary Function Driver for WinSock.) - [487 Ko] - (6.1.7601.17752) - C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
    [MD5.F4AD06143EAC303F55D0E86C40802976] - [28/07/2011 16:59:53] - (.© Microsoft Corporation. All rights reserved. - Ancillary Function Driver for WinSock.) - [487.5 Ko] - (6.1.7601.21712) - C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
    [MD5.36A14FD1A23F57046361733B792CA8DB] - [15/02/2012 00:46:32] - (.© Microsoft Corporation. All rights reserved. - Ancillary Function Driver for WinSock.) - [486.5 Ko] - (6.1.7601.21887) - C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] - [16/12/2011 17:09:39] - (.© Microsoft Corporation. All rights reserved. - ATAPI IDE Miniport Driver.) - [23.56 Ko] - (6.1.7600.16385) - C:\Windows\ERDNT\cache64\atapi.sys
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] - [14/07/2009 01:19:47] - (.© Microsoft Corporation. All rights reserved. - ATAPI IDE Miniport Driver.) - [23.56 Ko] - (6.1.7600.16385) - C:\Windows\System32\drivers\atapi.sys
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] - [14/07/2009 01:19:47] - (.© Microsoft Corporation. All rights reserved. - ATAPI IDE Miniport Driver.) - [23.56 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
    [MD5.F036CE71586E93D94DAB220D7BDF4416] - [21/11/2010 05:23:47] - (.© Microsoft Corporation. All rights reserved. - SCSI CD-ROM Driver.) - [144 Ko] - (6.1.7601.17514) - C:\Windows\System32\drivers\cdrom.sys
    [MD5.F036CE71586E93D94DAB220D7BDF4416] - [21/11/2010 05:23:47] - (.© Microsoft Corporation. All rights reserved. - SCSI CD-ROM Driver.) - [144 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys
    [MD5.09594D1089C523423B32A4229263F068] - [21/11/2010 05:23:51] - (.© Microsoft Corporation. All rights reserved. - MBT Transport driver.) - [255.5 Ko] - (6.1.7601.17514) - C:\Windows\System32\drivers\netbt.sys
    [MD5.09594D1089C523423B32A4229263F068] - [21/11/2010 05:23:51] - (.© Microsoft Corporation. All rights reserved. - MBT Transport driver.) - [255.5 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - [06/07/2012 12:26:07] - (.© Microsoft Corporation. All rights reserved. - TDI Translation Driver.) - [116.5 Ko] - (6.1.7601.17514) - C:\Windows\ERDNT\cache64\tdx.sys
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - [21/11/2010 05:24:32] - (.© Microsoft Corporation. All rights reserved. - TDI Translation Driver.) - [116.5 Ko] - (6.1.7601.17514) - C:\Windows\System32\drivers\tdx.sys
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - [21/11/2010 05:24:32] - (.© Microsoft Corporation. All rights reserved. - TDI Translation Driver.) - [116.5 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys
    [MD5.0D08D2F3B3FF84E433346669B5E0F639] - [21/11/2010 05:23:47] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de cliché instantané du volume.) - [288.88 Ko] - (6.1.7601.17514) - C:\Windows\System32\drivers\volsnap.sys
    [MD5.0D08D2F3B3FF84E433346669B5E0F639] - [21/11/2010 05:23:47] - (.© Microsoft Corporation. All rights reserved. - Volume Shadow Copy Driver.) - [288.88 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys

    14:27:58

    ¤¤¤¤¤¤¤¤¤¤ | Processus

    WUDFHost.exe (1240) -> Processus stoppé
    taskhost.exe (3244) -> Processus stoppé
    PresentationFontCache.exe (4112) -> Processus stoppé
    explorer.exe (684) -> Processus stoppé
    WUDFHost.exe (2024) -> Processus stoppé
    rundll32.exe (1636) -> Processus stoppé
    TimeMgmtDaemon.exe (1732) -> Processus stoppé
    SearchIndexer.exe (3004) -> Processus stoppé
    wmpnetwk.exe (2316) -> Processus stoppé
    LMS.exe (3432) -> Processus stoppé
    spoolsv.exe (1984) -> Processus stoppé
    AlarmClock.exe (3304) -> Processus stoppé
    firefox.exe (3356) -> Processus stoppé
    taskmgr.exe (4476) -> Processus stoppé
    SearchProtocolHost.exe (4572) -> Processus stoppé
    SearchFilterHost.exe (4596) -> Processus stoppé

    ¤¤¤¤¤¤¤¤¤¤ | Processus en cours

    Demarrage : Normal

    944 | D:\Mes documents\Pre_Scan.pif - GuiGui - High - "D:\Mes documents\Pre_Scan.pif" - 3356
    4472 | C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe - Système - Normal - "C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe" - 564
    640 | C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe - Système - Normal - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe" - 564
    4244 | C:\Pre_Scan\Pv.exe - GuiGui - Normal - C:\Pre_Scan\Pv.exe -o"%i | %f - %u - %p - %l - %r" - 4980

    ¤¤¤¤¤¤¤¤¤¤ | Winlogon

    ¤

    [HKLM | Winlogon] | Shell : Explorer.exe
    [HKLM | Winlogon] | AutoRestartShell : 0
    [HKLM | Winlogon] | userinit : C:\Windows\system32\userinit.exe,
    [HKLM | Winlogon] | PowerDownAfterShutdown : 1
    [HKLM | Winlogon] | System :

    ¤¤¤¤¤¤¤¤¤¤ | Associations

    [.exe] : exefile
    [exefile | command] : "%1" %*
    [.com] : ComFile
    [comfile | command] : "%1" %*
    [.reg] : regfile
    [regfile | command] : regedit.exe "%1"
    [.scr] : scrfile
    [scrfile | command] : "%1" /S
    [.bat] : batfile
    [batfile | command] : "%1" %*
    [.cmd] : cmdfile
    [cmdfile | command] : "%1" %*
    [.pif] : piffile
    [piffile | command] : "%1" %*
    [.url] : InternetShortcut
    [InternetShortcut | command] : "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l
    [Application.Manifest | command] : rundll32.exe dfshim.dll,ShOpenVerbApplication %1
    [Application.Reference | command] : rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2
    [Folder | command] : C:\Windows\explorer.exe

    ¤

    [Firefox | Command] | @ : "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"
    [Firefox - Safemode | Command] | @ : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode
    [IE | Command] | @ : "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
    [Applications | IE | Command] | @ : "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
    [Assoc | Applications] | @ : http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s

    ¤¤¤¤¤¤¤¤¤¤ | Corrections diverses

    [HKLM | HideDesktopIcons\ClassicStartMenu] | {9343812e-1c37-4a49-a12e-4b2d810d956b} : 0
    [HKLM | HideDesktopIcons\NewStartPanel] | {F02C1A0D-BE21-4350-88B0-7367FC96EF3C} : 0
    [HKLM | HideDesktopIcons\NewStartPanel] | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 0
    [HKLM | HideDesktopIcons\NewStartPanel] | {208D2C60-3AEA-1069-A2D7-08002B30309D} : 0
    [HKLM | HideDesktopIcons\NewStartPanel] | {871C5380-42A0-1069-A2EA-08002B30309D} : 0
    [HKLM | HideDesktopIcons\NewStartPanel] | {5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} : 0
    [HKLM | HideDesktopIcons\NewStartPanel] | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 0
    [HKLM | HideDesktopIcons\NewStartPanel] | {9343812e-1c37-4a49-a12e-4b2d810d956b} : 0
    [HKLM | Advanced\Folder\Hidden\SHOWALL] | CheckedValue : 1
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Desktop] | Wallpaper : C:\Users\GuiGui\AppData\Roaming\Mozilla\Firefox\Fond d'écran.bmp
    [HKU\S-1-5-18 | Desktop] | Wallpaper : (None)
    [HKU\S-1-5-19 | Policies\Explorer] | NoDesktop : 0
    [HKU\S-1-5-20 | Policies\Explorer] | NoDesktop : 0
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Policies\Explorer] | NoDesktop : 0
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000_Classes | Policies\Explorer] | NoDesktop : 0
    [HKU\S-1-5-18 | Policies\Explorer] | NoDesktop : 0
    [HKLM | CurrentVersion\Explorer] | AlwaysUnloadDll : 1
    [HKLM | policies\Explorer] | NoDesktop : 0
    [HKU\S-1-5-19 | Explorer\Advanced] | Hidden : 0
    [HKU\S-1-5-20 | Explorer\Advanced] | Hidden : 0
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Explorer\Advanced] | Hidden : 0
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000_Classes | Explorer\Advanced] | Hidden : 0
    [HKU\S-1-5-18 | Explorer\Advanced] | Hidden : 0
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Policies\Explorer] | NoDriveTypeAutoRun : 145
    [HKLM | policies\Explorer] | NoDriveTypeAutoRun : 145
    [HKLM | Policies\System] | DisableRegistryTools : 0
    [HKLM | Control\SafeBoot] | AlternateShell : cmd.exe

    14:27:58

    ¤¤¤¤¤¤¤¤¤¤ | Services

    [RPCSS] | Start : 2 : Actif
    [Cmbatt] | Start : 3 : Inactif
    [Compbatt] | Start : 0 : Inactif
    [Ndisuio] | Start : 3 : Inactif
    [Power] | Start : 2 : Actif
    0
  14. ZeKzU Messages postés 133 Statut Membre 18
     
    [Profsvc] | Start : 2 : Actif
    [PlugPlay] | Start : 2 : Actif
    [PEAUTH] | Start : 2 : Actif
    [NVSvc] | Start : 3 -> 2 : Inactif
    [nsi] | Start : 2 : Actif
    [NLASvc] | Start : 2 : Actif
    [MPSsvc] | Start : 2 : Actif
    [MMCSS] | Start : 2 : Actif
    [luafv] | Start : 2 : Actif
    [lltdio] | Start : 2 : Actif
    [Iphlpsvc] | Start : 2 : Actif
    [IKEEXT] | Start : 2 : Actif
    [gpsvc] | Start : 2 : Actif
    [lmhosts] | Start : 2 : Actif
    [LanmanWorkstation] | Start : 2 : Actif
    [LanmanServer] | Start : 2 : Actif
    [agp440] | Start : 2 : Inactif
    [AudioEndpointBuilder] | Start : 2 : Actif
    [Audiosrv] | Start : 2 : Actif
    [BFE] | Start : 2 : Actif
    [Bits] | Start : 2 : Actif
    [CryptSvc] | Start : 2 : Actif
    [EapHost] | Start : 2 : Actif
    [Wlansvc] | Start : 2 : Actif
    [SppSvc] | Start : 2 : Inactif
    [SharedAccess] | Start : 2 : Inactif
    [windefend] | Start : 3 -> 2 : Inactif
    [wuauserv] | Start : 2 : Actif
    [WerSvc] | Start : 2 : Actif
    [wscsvc] | Start : 2 : Actif

    14:37:28

    ¤¤¤¤¤¤¤¤¤¤ | Internet Explorer

    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Main] | Start Page : https://www.google.com/?gws_rd=ssl
    [HKU\S-1-5-18 | Main] | Start Page : https://www.google.com/?gws_rd=ssl
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Main] | Local Page : C:\Windows\system32\blank.htm
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Main] | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    [HKU\S-1-5-18 | Main] | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    [HKLM | Search] | SearchAssistant : http://www.google.com/toolbar/ie8/sidebar.html
    [HKLM | Main] | Start Page : https://www.msn.com/fr-fr/?ocid=iehp
    [HKLM | Main] | Local Page : C:\Windows\SysWOW64\blank.htm
    [HKLM | Main] | Default_Search_URL : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    [HKLM | Main] | Default_Page_URL : https://www.msn.com/fr-fr/?ocid=iehp
    [HKLM | Main] | Search Page : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    [HKLM | AboutURLs] | Tabs : res://ieframe.dll/tabswelcome.htm

    ¤

    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | PhishingFilter] | Enabled : 2
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | PhishingFilter] | EnabledV8 : 1
    [HKU\S-1-5-19 | Internet settings] | EnableHttp1_1 : 1
    [HKU\S-1-5-20 | Internet settings] | EnableHttp1_1 : 1
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Internet settings] | EnableHttp1_1 : 1
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Internet settings] | MigrateProxy : 1
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Internet settings] | WarnonBadCertRecving : 1
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Internet settings] | WarnOnHTTPSToHTTPRedirect : 1
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Internet settings] | WarnonZoneCrossing : 1
    [HKU\S-1-5-19 | Internet settings] | AutoConfigProxy : wininet.dll
    [HKU\S-1-5-20 | Internet settings] | AutoConfigProxy : wininet.dll
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000 | Internet settings] | AutoConfigProxy : wininet.dll

    ¤

    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000\Software\Microsoft\Internet Explorer\SearchScopes\${searchCLSID}] | (@ieframe.dll,-12512) -> https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] | (Bing) -> https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8E045791-A32F-41AA-9F81-DED6FF4C7F05}] | (Google) -> https://www.google.com/webhp?hl=en&gws_rd=ssl{searchTerms}

    [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] | (@ieframe.dll,-12512) -> https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&FORM=IE8SRC

    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}] | () ->
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D016000}] | () ->
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D016800}] | () ->
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D017600}] | () ->
    [HKU\S-1-5-21-2469631386-82068602-2986095981-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}] | () ->

    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0002df01-0000-0000-c000-000000000046}] | (iexplore.exe) -> C:\Program Files (x86)\Internet Explorer
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{003B91A6-61E3-4591-891D-01E94C8CB11E}] | (Silverlight.Configuration.exe) -> C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] | (tabtip.exe) -> C:\Program Files (x86)\Common Files\Microsoft Shared\Ink
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] | (wpcer.exe) -> C:\Windows\SysWOW64
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08f24d68-9087-4b24-81ad-7b34af3e3ed5}] | (Acrobat Elements.exe) -> C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat Elements
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695}] | (winfxdocobj.exe) -> C:\Windows\SysWOW64
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] | (wuapp.exe) -> C:\Windows\SysWOW64
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{130c40f0-1bcb-4852-8b63-291cf90a600b}] | (msdt.exe) -> C:\Windows\SysWOW64
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B3FB63-66F4-4EFC-B717-BB283B85E79B}] | (AcroBroker.exe) -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] | (dfsvc.exe) -> C:\Windows\microsoft.net\framework\v2.0.50727
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1e7a3a27-8c57-4900-a440-f8fc8e51e0af}] | (BingApp.exe) -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1ec76a37-1762-46ff-9b14-765b3e6793be}] | (agcp.exe) -> C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] | () ->
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2391d819-9d17-44ec-9ac1-f6aa07549469}] | (wermgr.exe) -> %systemroot%\system32
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] | (ieinstal.exe) -> C:\Program Files (x86)\Internet Explorer
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{358E6F10-DE8A-4602-8424-179CA217F8EE}] | (AcroRd32Info.exe) -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{380689D0-AFAA-47E6-B80E-A33436FE314B}] | (wlcomm.exe) -> C:\Program Files (x86)\Windows Live\Contacts\
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B9A6E32-36C9-4946-B78C-3F58E3785EC1}] | (unpack200.exe) -> C:\Program Files (x86)\Java\jre7\bin
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}] | (jp2launcher.exe) -> C:\Program Files (x86)\Java\jre7\bin
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49CF0734-BF9A-4444-BC9F-C26E56AF042F}] | (SonarHost.exe) -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4becf16c-74f0-429b-8d3e-4fba507ac661}] | (acrord32.exe) -> C:\Program Files (x86)\adobe\acrobat 7.0\reader
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}] | (javaws.exe) -> C:\Program Files (x86)\Java\jre7\bin
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] | (wmplayer.exe) -> %ProgramFiles%\Windows Media Player
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}-32] | (wmplayer.exe) -> %ProgramFiles(x86)%\Windows Media Player
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] | (iedw.exe) -> C:\Program Files (x86)\Internet Explorer
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76E2369A-75BA-41F9-8B9E-16059E5CF9A6}] | (AdobeARM.exe) -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] | (CertEnrollCtrl.exe) -> C:\Windows\SysWOW64\
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] | () ->
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D016000}] | (esnlauncher2.exe) -> C:\Program Files (x86)\Battlelog Web Plugins
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D016800}] | (esnlauncher3.exe) -> C:\Program Files (x86)\Battlelog Web Plugins
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D017600}] | (esnlauncher3.exe) -> C:\Program Files (x86)\Battlelog Web Plugins
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] | (verclsid.exe) -> C:\Windows\SysWOW64
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] | (ctfmon.exe) -> C:\Windows\SysWOW64
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] | (helppane.exe) -> C:\Windows
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E1F80F4-953F-41E7-8460-E64AE5BE4ED3}] | (AdobeCollabSync.exe) -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9019d14b-638d-4383-bb95-441b7f57eafb}] | (wlstartup.exe) -> C:\Program Files (x86)\Windows Live\Installer\
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95a4104c-1c49-4c2a-9830-1be0f47e926c}] | (acrobat.exe) -> C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C6A861C-B233-4994-AFB1-C158EE4FC578}] | (AcroRd32.exe) -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9da1d2cb-796d-4bec-bbaa-0aa9ccd80e15}] | (Acrobat Elements.exe) -> C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat Elements
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a1ad1bbb-3b33-4260-a74c-5fd8bc1479fc}] | (splwow64.exe) -> C:\Windows
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] | (xpsviewer.exe) -> C:\Windows\SysWOW64\xpsviewer
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] | (cmd.exe) -> C:\Windows\SysWOW64
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] | (TSWbPrxy.exe) -> %systemroot%\system32
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD18A03F-31CC-4CC0-B52D-9E199122923D}] | () ->
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] | (dfsvc.exe) -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AED-AECE-4E27-9BCB-5358B13F9FF9}] | (dfsvc.exe) -> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}] | (ssvagent.exe) -> C:\Program Files (x86)\Java\jre7\bin
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D133B285-8A43-4EC7-93BE-9B909C2370F5}] | (msnmsgr.exe) -> C:\Program Files (x86)\Windows Live\Messenger\
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB9524B3-24F4-48fa-91C5-B8EEF1C0A14F}] | () ->
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] | (notepad.exe) -> C:\Windows\SysWOW64
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}] | (IDMan.exe) -> D:\Prog\Internet Download Manager
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e5f90a07-7db7-4dcb-bd6d-d3fecd376ca3}] | (acrord32.exe) -> C:\Program Files (x86)\adobe\acrobat 6.0\reader
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] | (presentationhost.exe) -> C:\Windows\SysWOW64
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f971150e-a83b-4d57-9c22-9535668d07d8}] | (BingBar.exe) -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] | (FlashUtil32_11_2_202_235_ActiveX.exe) -> C:\Windows\SysWOW64\Macromed\Flash
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fb9e068b-c612-4fa8-bdb9-d728a716a420}] | (acrobat.exe) -> C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat

    ¤¤¤¤¤¤¤¤¤¤ | Firefox

    Profile : 0gzfg4q2.default

    user_pref("browser.startup.homepage_override.buildID", "20120614114901");
    user_pref("browser.startup.homepage_override.mstone", "13.0.1");

    ET le debug
    [Rest_Reg_Tmgr_A]
    [Rest_Reg_Tmgr_B]
    [Stop_Proc]
    [Assoc_Ext]
    [List_sess]
    [Recup_List_File_sing]
    [Recup_List_File_Doub]
    [Assoc_net]
    [Corr_Exp]
    [Corr_Sys]
    [Header]
    [Nav_srch]
    [FMWK_list]
    [Head_sess]
    [Rest_P_A]
    [Rest_P_B]
    [1st_MD5]
    [Proc_Act_List]
    [Modif_winlgn]
    [Param_svc]
    [Prx]
    [Param_IE]
    [IE_List | CLSID]
    [Perm_Reg]
    [Rest_Reg_Tmgr_A]
    [Rest_Reg_Tmgr_B]
    [Stop_Proc]
    [Assoc_Ext]
    [List_sess]
    [Recup_List_File_sing]
    [Recup_List_File_Doub]
    [Assoc_net]
    [Corr_Exp]
    [Corr_Sys]
    [Header]
    [Nav_srch]
    [FMWK_list]
    [Head_sess]
    [Rest_P_A]
    [Rest_P_B]
    [1st_MD5]
    [Proc_Act_List]
    [Modif_winlgn]
    [Param_svc]
    [Prx]
    [Param_IE]
    [IE_List | CLSID]
    [Perm_Reg]
    [Rest_Reg_Tmgr_A]
    [Rest_Reg_Tmgr_B]
    [Stop_Proc]
    [Assoc_Ext]
    [List_sess]
    [Recup_List_File_sing]
    [Recup_List_File_Doub]
    [Assoc_net]
    [Corr_Exp]
    [Corr_Sys]
    [Header]
    [Nav_srch]
    [FMWK_list]
    [Head_sess]
    [Rest_P_A]
    [Rest_P_B]
    [1st_MD5]
    [Proc_Act_List]
    [Modif_winlgn]
    [Param_svc]
    [Prx]
    [Param_IE]
    [IE_List | CLSID]
    0
  15. g3n-h@ckm@n
     
    heuseusement que je dis de pas le poster sur le forum et de l'heberger sur un autre site et de donner le lien ensuite

    bref telecharge la version .pif et lance-le en mode sans echec stp
    0
  16. ZeKzU Messages postés 133 Statut Membre 18
     
    j'ai essayé les trois versions sa bloque au meme endroit, et puis tu me dis juste d'héberger, j'ai donc logiquement utilisé le lien d'avant malekal mais ce site lag trop pour esperer upload qqe chose dessus
    0
  17. ZeKzU Messages postés 133 Statut Membre 18
     
    re ! j'ai fais tourné le scan cette nuit, cependant en voulant vite voir si j'ai vendu des trucs sur diablo 3 j'ai complètement oublié d'enregistrer le rapport il y avais deux virus + plein de fichier texte, qu'il nommais de "script virus" et des sortes de fichier texte "lien" vers le web, j'ai reinstallé MSE et il marche
    0
  18. g3n-h@ckm@n
     
    ok le rapport est là :

    c:\users\ta session\DrWeb\CureIt.log

    tu vas certainement devoir le zipper , ensuite heberge l'archive sur http://pjjoint.malekal.com puis donne le lien obtenu
    0
  19. ZeKzU Messages postés 133 Statut Membre 18
     
    ton site en plus de lagger ne supporte pas les archives
    donc 1fichier https://9webuk.1fichier.com/
    et j'ai fais un scan mse il m'a trouvé 3 Sirefef (trojan) mais qui étais dans d'autre zone de quarantaines Qoobox/drweb
    0
  • 1
  • 2