Sujet Précédent Sujet Suivant

Virus Gendarmerie

claire -  
 Utilisateur anonyme -
Bonjour,

Je suis nulle en informatique et mon PC vient d'être infecté avec un virus gendarmerie. j'ai tenté de télécharger Roguekiller mais à chaque scan il ne détecte pas de virus (rapport ci-dessous):

RogueKiller V7.6.2 [02/07/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode sans echec avec prise en charge reseau
Utilisateur: Claire [Droits d'admin]
Mode: Recherche -- Date: 07/07/2012 11:18:53

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Entrees de registre: 7 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : TapiSysprep (C:\Users\Claire\AppData\Local\Microsoft\Windows\763\TapiSysprep.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1956556710-1167447761-81823118-1001[...]\Run : TapiSysprep (C:\Users\Claire\AppData\Local\Microsoft\Windows\763\TapiSysprep.exe) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (10.23.16.20:80) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{5E5E7196-0436-4A69-A289-B9853A5358B8} : NameServer (10.69.200.90,10.69.200.91,10.69.200.92) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{5E5E7196-0436-4A69-A289-B9853A5358B8} : NameServer (10.69.200.90,10.69.200.91,10.69.200.92) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [NON CHARGE] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤

¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: ST9320325AS +++++
--- User ---
[MBR] 61ccf068f47c9721d50ec15017c75d4c
[BSP] 7e9c444929c8e4c7cbe094f6a91c74ad : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 821248 | Size: 152463 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 313065472 | Size: 152380 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

voila je suis un peu désemparée parce que je n'ai aucune idée de comment faire. Est-ce quelqu'un aurait une solution. D'avance merci pour votre aide.

Claire

A voir également:

35 réponses

Précédent
  • 1
  • 2
Réponse 21 / 35
claire
 
bonsoir,

je sais pas trop ce que je dois supprimer, pre_scan c'est un programme?

merci du retour
0
Réponse 22 / 35
Utilisateur anonyme
 
ouaip enfin il s'apelle winlogon et l icone est noire et un bioazard bleu dedans
0
Réponse 23 / 35
claire
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | 2.729 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤

~ Update on 29/07/2012 | 04.00 by g3n-h@ckm@n
~ Informations | Evolution : http://gen-hackman.forum-pro.fr/t64-historique-de-l-outil
~ Informations for the switches Pre_Script : http://gen-hackman.forum-pro.fr/t89-les-switchs
~ Feedback Pre_scan : http://gen-hackman.forum-pro.fr/t93-feedback-pre_scan#505
~ Thx to C_XX , Slyk & Saachaa for their help to the evolution of the tool

~ User : Claire (Administrateurs) | SID = S-1-5-21-1956556710-1167447761-81823118-1001
~ Computer : CLAIRE-TOSH

~ System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1
~ Installation Type : Client
~ Registered under : Claire
~ Processor : Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
~ Identification : Intel64 Family 6 Model 37 Stepping 5

Firewall windows : Actif
Windows Defender : Actif

~ Mémory RAM = Total (KB) : 4053860 | Used (%) : 36 | Free (KB) : 2585120
~ Pagefile = Total (KB) : 8105880 | Free (KB) : 6658720
~ Virtual = Total (KB) : 4194180 | Free (KB) : 3985510

¤¤¤¤¤¤¤¤¤¤ | Boot's scripts

labelc2rdrive.exe
labelc2rdrive.exe.config
oobe.cmd
SetupComplete.cmd

¤¤¤¤¤¤¤¤¤¤ | Drives

c:\ -> [Fixed] | [WINDOWS] | Total : 152460 Mo | Free : 39570 Mo -> NTFS
d:\ -> [Fixed] | [Data] | Total : 152380 Mo | Free : 143660 Mo -> NTFS

Scan : 12:29:44 | 29/07/2012

¤¤¤¤¤¤¤¤¤¤ | Browsers

Internet Explorer : 9.0.8112.16421
Mozilla Firefox : 13.0.1 (fr)
Google Chrome : 20.0.1132.57

¤ Par défaut :

[HKCR\http | command] : "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome

¤¤¤¤¤¤¤¤¤¤ | Frameworks

~ [14/07/2009 05:20:10] - C:\Windows\Microsoft.net\Framework\v1.0.3705
~ [14/07/2009 05:20:10] - C:\Windows\Microsoft.net\Framework\v1.1.4322
~ [14/07/2009 05:20:10] - C:\Windows\Microsoft.net\Framework\v2.0.50727
~ [14/07/2009 07:32:38] - C:\Windows\Microsoft.net\Framework\v3.0
~ [14/07/2009 07:32:38] - C:\Windows\Microsoft.net\Framework\v3.5
~ [23/12/2010 10:59:20] - C:\Windows\Microsoft.net\Framework\v4.0.30319

¤¤¤¤¤¤¤¤¤¤ | Windows Updates

¤¤¤¤¤¤¤¤¤¤ | Sessions | Profiles | Directories

~ [HKLM | ProfileList\S-1-5-21-1956556710-1167447761-81823118-1001]|[ProfileImagePath] : C:\Users\Claire
~ [HKLM | ProfileList\S-1-5-21-1956556710-1167447761-81823118-1001]|[RefCount] : 1
~ [HKLM | ProfileList\S-1-5-21-1956556710-1167447761-81823118-1001]|[State] : 256

~ C:\Windows\system32\config\systemprofile
~ C:\Windows\ServiceProfiles\LocalService
~ C:\Windows\ServiceProfiles\NetworkService
~ C:\Users\Claire

[HKLM | ProfileLoader\{F5441CBB-AE7D-4495-905B-161047E58936}]|[DllName] : userenv.dll

New restorepoint created

¤¤¤¤¤¤¤¤¤¤ | MD5 Control

[MD5.332FEAB1435662FC6C672E25BEB37BE3] - [28/04/2011 07:06:11] - (.© Microsoft Corporation. - Explorateur Windows.) - [2804.5 Ko] - (6.1.7601.17567) - C:\Windows\explorer.exe
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - [16/07/2012 21:30:07] - (.© Microsoft Corporation. - Windows Explorer.) - [2804.5 Ko] - (6.1.7601.17567) - C:\Windows\erdnt\cache86\explorer.exe
[MD5.C235A51CB740E45FFA0EBFB9BAFCDA64] - [14/07/2009 01:56:52] - (.© Microsoft Corporation. - Windows Explorer.) - [2801 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[MD5.F170B4A061C9E026437B193B4D571799] - [10/05/2010 06:51:41] - (.© Microsoft Corporation. - Windows Explorer.) - [2801 Ko] - (6.1.7600.16404) - C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[MD5.9AAAEC8DAC27AA17B053E6352AD233AE] - [10/05/2010 06:55:48] - (.© Microsoft Corporation. - Windows Explorer.) - [2803 Ko] - (6.1.7600.16450) - C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[MD5.0862495E0C825893DB75EF44FAEA8E93] - [28/04/2011 07:06:11] - (.© Microsoft Corporation. - Windows Explorer.) - [2803 Ko] - (6.1.7600.16768) - C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[MD5.700073016DAC1C3D2E7E2CE4223334B6] - [10/05/2010 06:51:41] - (.© Microsoft Corporation. - Windows Explorer.) - [2801 Ko] - (6.1.7600.20500) - C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[MD5.B8EC4BD49CE8F6FC457721BFC210B67F] - [10/05/2010 06:55:48] - (.© Microsoft Corporation. - Windows Explorer.) - [2803 Ko] - (6.1.7600.20563) - C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[MD5.E38899074D4951D31B4040E994DD7C8D] - [28/04/2011 07:06:11] - (.© Microsoft Corporation. - Windows Explorer.) - [2803.5 Ko] - (6.1.7600.20910) - C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[MD5.AC4C51EB24AA95B77F705AB159189E24] - [31/07/2011 14:43:04] - (.© Microsoft Corporation. - Windows Explorer.) - [2805 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - [28/04/2011 07:06:11] - (.© Microsoft Corporation. - Windows Explorer.) - [2804.5 Ko] - (6.1.7601.17567) - C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[MD5.3B69712041F3D63605529BD66DC00C48] - [28/04/2011 07:06:11] - (.© Microsoft Corporation. - Windows Explorer.) - [2804.5 Ko] - (6.1.7601.21669) - C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[MD5.15BC38A7492BEFE831966ADB477CF76F] - [14/07/2009 01:41:14] - (.© Microsoft Corporation. - Windows Explorer.) - [2552 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[MD5.B95EEB0F4E5EFBF1038A35B3351CF047] - [10/05/2010 06:51:41] - (.© Microsoft Corporation. - Windows Explorer.) - [2552 Ko] - (6.1.7600.16404) - C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[MD5.2626FC9755BE22F805D3CFA0CE3EE727] - [10/05/2010 06:55:48] - (.© Microsoft Corporation. - Windows Explorer.) - [2553 Ko] - (6.1.7600.16450) - C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[MD5.2AF58D15EDC06EC6FDACCE1F19482BBF] - [28/04/2011 07:06:11] - (.© Microsoft Corporation. - Windows Explorer.) - [2553.5 Ko] - (6.1.7600.16768) - C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[MD5.9FF6C4C91A3711C0A3B18F87B08B518D] - [10/05/2010 06:51:41] - (.© Microsoft Corporation. - Windows Explorer.) - [2552 Ko] - (6.1.7600.20500) - C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[MD5.C76153C7ECA00FA852BB0C193378F917] - [10/05/2010 06:55:49] - (.© Microsoft Corporation. - Windows Explorer.) - [2553 Ko] - (6.1.7600.20563) - C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[MD5.255CF508D7CFB10E0794D6AC93280BD8] - [28/04/2011 07:06:11] - (.© Microsoft Corporation. - Windows Explorer.) - [2553.5 Ko] - (6.1.7600.20910) - C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[MD5.40D777B7A95E00593EB1568C68514493] - [31/07/2011 14:54:06] - (.© Microsoft Corporation. - Windows Explorer.) - [2555 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - [28/04/2011 07:06:11] - (.© Microsoft Corporation. - Windows Explorer.) - [2555 Ko] - (6.1.7601.17567) - C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[MD5.0FB9C74046656D1579A64660AD67B746] - [28/04/2011 07:06:11] - (.© Microsoft Corporation. - Windows Explorer.) - [2555 Ko] - (6.1.7601.21669) - C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [14/07/2009 01:19:49] - (.© Microsoft Corporation. - Processus d'exécution client-serveur.) - [7.5 Ko] - (6.1.7600.16385) - C:\Windows\System32\csrss.exe
[MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [14/07/2009 01:19:49] - (.© Microsoft Corporation. - Client Server Runtime Process.) - [7.5 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe ->
[MD5.24ACB7E5BE595468E3B9AA488B9B4FCB] - [14/07/2009 01:19:46] - (.© Microsoft Corporation. - Applications Services et Contrôleur.) - [321 Ko] - (6.1.7600.16385) - C:\Windows\System32\services.exe
[MD5.24ACB7E5BE595468E3B9AA488B9B4FCB] - [16/07/2012 21:30:06] - (.© Microsoft Corporation. - Services and Controller app.) - [321 Ko] - (6.1.7600.16385) - C:\Windows\erdnt\cache64\services.exe
[MD5.24ACB7E5BE595468E3B9AA488B9B4FCB] - [14/07/2009 01:19:46] - (.© Microsoft Corporation. - Services and Controller app.) - [321 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[MD5.1911A3356FA3F77CCC825CCBAC038C2A] - [14/07/2009 01:19:50] - (.© Microsoft Corporation. - Gestionnaire de sessions Windows.) - [110 Ko] - (6.1.7600.16385) - C:\Windows\System32\smss.exe
[MD5.1911A3356FA3F77CCC825CCBAC038C2A] - [14/07/2009 01:19:50] - (.© Microsoft Corporation. - Windows Session Manager.) - [110 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
[MD5.BAFE84E637BF7388C96EF48D4D3FDD53] - [31/07/2011 14:47:48] - (.© Microsoft Corporation. - Application d'ouverture de session Userinit.) - [30 Ko] - (6.1.7601.17514) - C:\Windows\System32\userinit.exe
[MD5.61AC3EFDFACFDD3F0F11DD4FD4044223] - [31/07/2011 14:56:47] - (.© Microsoft Corporation. - Application d'ouverture de session Userinit.) - [26 Ko] - (6.1.7601.17514) - C:\Windows\SysWOW64\userinit.exe
[MD5.BAFE84E637BF7388C96EF48D4D3FDD53] - [16/07/2012 21:30:06] - (.© Microsoft Corporation. - Userinit Logon Application.) - [30 Ko] - (6.1.7601.17514) - C:\Windows\erdnt\cache64\userinit.exe
[MD5.61AC3EFDFACFDD3F0F11DD4FD4044223] - [16/07/2012 21:30:07] - (.© Microsoft Corporation. - Userinit Logon Application.) - [26 Ko] - (6.1.7601.17514) - C:\Windows\erdnt\cache86\userinit.exe
[MD5.6F8F1376A13114CC10C0E69274F5A4DE] - [14/07/2009 01:50:33] - (.© Microsoft Corporation. - Userinit Logon Application.) - [29.5 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[MD5.BAFE84E637BF7388C96EF48D4D3FDD53] - [31/07/2011 14:47:48] - (.© Microsoft Corporation. - Userinit Logon Application.) - [30 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[MD5.6DE80F60D7DE9CE6B8C2DDFDF79EF175] - [14/07/2009 01:34:20] - (.© Microsoft Corporation. - Userinit Logon Application.) - [25.5 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[MD5.61AC3EFDFACFDD3F0F11DD4FD4044223] - [31/07/2011 14:56:47] - (.© Microsoft Corporation. - Userinit Logon Application.) - [26 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - [14/07/2009 01:52:37] - (.© Microsoft Corporation. - Application de démarrage de Windows.) - [126 Ko] - (6.1.7600.16385) - C:\Windows\System32\wininit.exe
[MD5.B5C5DCAD3899512020D135600129D665] - [14/07/2009 01:36:49] - (.© Microsoft Corporation. - Application de démarrage de Windows.) - [94 Ko] - (6.1.7600.16385) - C:\Windows\SysWOW64\wininit.exe
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - [16/07/2012 21:30:06] - (.© Microsoft Corporation. - Windows Start-Up Application.) - [126 Ko] - (6.1.7600.16385) - C:\Windows\erdnt\cache64\wininit.exe
[MD5.B5C5DCAD3899512020D135600129D665] - [16/07/2012 21:30:07] - (.© Microsoft Corporation. - Windows Start-Up Application.) - [94 Ko] - (6.1.7600.16385) - C:\Windows\erdnt\cache86\wininit.exe
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - [14/07/2009 01:52:37] - (.© Microsoft Corporation. - Windows Start-Up Application.) - [126 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[MD5.B5C5DCAD3899512020D135600129D665] - [14/07/2009 01:36:49] - (.© Microsoft Corporation. - Windows Start-Up Application.) - [94 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - [31/07/2011 14:48:16] - (.© Microsoft Corporation. - Application d'ouverture de session Windows.) - [381.5 Ko] - (6.1.7601.17514) - C:\Windows\System32\winlogon.exe
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - [16/07/2012 21:30:06] - (.© Microsoft Corporation. - Windows Logon Application.) - [381.5 Ko] - (6.1.7601.17514) - C:\Windows\erdnt\cache64\winlogon.exe
[MD5.132328DF455B0028F13BF0ABEE51A63A] - [14/07/2009 01:52:48] - (.© Microsoft Corporation. - Windows Logon Application.) - [380 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[MD5.DA3E2A6FA9660CC75B471530CE88453A] - [10/05/2010 06:55:48] - (.© Microsoft Corporation. - Windows Logon Application.) - [380.5 Ko] - (6.1.7600.16447) - C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
[MD5.A93D41A4D4B0D91C072D11DD8AF266DE] - [10/05/2010 06:55:48] - (.© Microsoft Corporation. - Windows Logon Application.) - [380.5 Ko] - (6.1.7600.20560) - C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - [31/07/2011 14:48:16] - (.© Microsoft Corporation. - Windows Logon Application.) - [381.5 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - [16/02/2012 23:28:26] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [487 Ko] - (6.1.7601.17752) - C:\Windows\System32\drivers\afd.sys
[MD5.B9384E03479D2506BC924C16A3DB87BC] - [14/07/2009 01:21:44] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [488.5 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[MD5.6EF20DDF3172E97D69F596FB90602F29] - [15/06/2011 09:35:35] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [488 Ko] - (6.1.7600.16802) - C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[MD5.DB9D6C6B2CD95A9CA414D045B627422E] - [16/02/2012 23:28:26] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [487.5 Ko] - (6.1.7600.16937) - C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys
[MD5.FBFF8B7C9D116229E9208A0D1CAEB49B] - [15/06/2011 09:35:34] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [488 Ko] - (6.1.7600.20951) - C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys
[MD5.CCA39961E76B491DDF44B1E90FC8971D] - [16/02/2012 23:28:26] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [487.5 Ko] - (6.1.7600.21115) - C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
[MD5.D31DC7A16DEA4A9BAF179F3D6FBDB38C] - [31/07/2011 14:48:16] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [488 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[MD5.D5B031C308A409A0A576BFF4CF083D30] - [15/06/2011 09:35:35] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [487.5 Ko] - (6.1.7601.17603) - C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - [16/02/2012 23:28:26] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [487 Ko] - (6.1.7601.17752) - C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[MD5.F4AD06143EAC303F55D0E86C40802976] - [15/06/2011 09:35:35] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [487.5 Ko] - (6.1.7601.21712) - C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[MD5.36A14FD1A23F57046361733B792CA8DB] - [16/02/2012 23:28:27] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [486.5 Ko] - (6.1.7601.21887) - C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - [16/07/2012 21:30:06] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [23.56 Ko] - (6.1.7600.16385) - C:\Windows\erdnt\cache64\atapi.sys
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - [14/07/2009 01:19:47] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [23.56 Ko] - (6.1.7600.16385) - C:\Windows\System32\drivers\atapi.sys
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - [14/07/2009 01:19:47] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [23.56 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - [14/07/2009 01:19:47] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [23.56 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[MD5.F036CE71586E93D94DAB220D7BDF4416] - [31/07/2011 14:40:45] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [144 Ko] - (6.1.7601.17514) - C:\Windows\System32\drivers\cdrom.sys
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - [14/07/2009 01:19:54] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [144 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[MD5.F036CE71586E93D94DAB220D7BDF4416] - [31/07/2011 14:40:45] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [144 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys
[MD5.09594D1089C523423B32A4229263F068] - [31/07/2011 14:45:58] - (.© Microsoft Corporation. - MBT Transport driver.) - [255.5 Ko] - (6.1.7601.17514) - C:\Windows\System32\drivers\netbt.sys
[MD5.9162B273A44AB9DCE5B44362731D062A] - [14/07/2009 01:21:29] - (.© Microsoft Corporation. - MBT Transport driver.) - [253 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_bc59ba0910f52e0c\netbt.sys
[MD5.09594D1089C523423B32A4229263F068] - [31/07/2011 14:45:58] - (.© Microsoft Corporation. - MBT Transport driver.) - [255.5 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - [16/07/2012 21:30:06] - (.© Microsoft Corporation. - TDI Translation Driver.) - [116.5 Ko] - (6.1.7601.17514) - C:\Windows\erdnt\cache64\tdx.sys
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - [31/07/2011 14:47:43] - (.© Microsoft Corporation. - TDI Translation Driver.) - [116.5 Ko] - (6.1.7601.17514) - C:\Windows\System32\drivers\tdx.sys
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - [14/07/2009 01:21:15] - (.© Microsoft Corporation. - TDI Translation Driver.) - [97.5 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_4632b9f2f5c6af5e\tdx.sys
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - [31/07/2011 14:47:43] - (.© Microsoft Corporation. - TDI Translation Driver.) - [116.5 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - [31/07/2011 14:49:21] - (.© Microsoft Corporation. - Pilote de cliché instantané du volume.) - [288.88 Ko] - (6.1.7601.17514) - C:\Windows\System32\drivers\volsnap.sys
[MD5.58F82EED8CA24B461441F9C3E4F0BF5C] - [14/07/2009 01:20:09] - (.© Microsoft Corporation. - Volume Shadow Copy Driver.) - [288.08 Ko] - (6.1.7600.16385) - C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - [31/07/2011 14:49:21] - (.© Microsoft Corporation. - Volume Shadow Copy Driver.) - [288.88 Ko] - (6.1.7601.17514) - C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys

12:30:13

¤¤¤¤¤¤¤¤¤¤ | Processes stopped

atiesrxx.exe (888) -> Process stopped
wlanext.exe (1172) -> Process stopped
spoolsv.exe (1276) -> Process stopped
AppleMobileDeviceService.exe (1388) -> Process stopped
atieclxx.exe (1508) -> Process stopped
mDNSResponder.exe (1724) -> Process stopped
ijplmsvc.exe (1788) -> Process stopped
LMS.exe (1824) -> Process stopped
mdm.exe (1900) -> Process stopped
NBService.exe (1928) -> Process stopped
ThpSrv.exe (1104) -> Process stopped
TODDSrv.exe (1428) -> Process stopped
TosCoSrv.exe (1784) -> Process stopped
TecoService.exe (2104) -> Process stopped
WLIDSVC.EXE (2212) -> Process stopped
WLIDSVCM.EXE (2276) -> Process stopped
CFIWmxSvcs64.exe (2508) -> Process stopped
CFSvcs.exe (3012) -> Process stopped
UNS.exe (1408) -> Process stopped
wmpnetwk.exe (336) -> Process stopped
SearchIndexer.exe (2728) -> Process stopped
taskhost.exe (3356) -> Process stopped
explorer.exe (3532) -> Process stopped
SynTPEnh.exe (4036) -> Process stopped
TosReelTimeMonitor.exe (4064) -> Process stopped
cAudioFilterAgent64.exe (3136) -> Process stopped
TPwrMain.exe (3092) -> Process stopped
SmoothView.exe (3248) -> Process stopped
TCrdMain.exe (3252) -> Process stopped
SynTPHelper.exe (2808) -> Process stopped
ThpSrv.exe (3588) -> Process stopped
Teco.exe (3640) -> Process stopped
BJMYPRT.EXE (3692) -> Process stopped
TOPI.exe (3728) -> Process stopped
sidebar.exe (3744) -> Process stopped
NBAgent.exe (3924) -> Process stopped
ItSecMng.exe (4008) -> Process stopped
CNSEMAIN.EXE (3332) -> Process stopped
splwow64.exe (1656) -> Process stopped
Dropbox.exe (2852) -> Process stopped
TosSmartSrv.exe (3740) -> Process stopped
TosSENotify.exe (4648) -> Process stopped
TPCHSrv.exe (3712) -> Process stopped
TPCHWMsg.exe (4864) -> Process stopped
iexplore.exe (5888) -> Process stopped
iexplore.exe (5928) -> Process stopped
iexplore.exe (5048) -> Process stopped
TrustedInstaller.exe (4712) -> Process stopped
sppsvc.exe (1484) -> Process stopped

¤¤¤¤¤¤¤¤¤¤ | Running processes

Boot : Normal

3448 | C:\Users\Claire\Desktop\winlogon.exe - Claire - Normal - "C:\Users\Claire\Desktop\winlogon.exe" - 5888
5784 | c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe - Système - Normal - "c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe" - 556
6116 | C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe - Système - Normal - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe" - 556
3992 | C:\Pre_Scan\pv\winlogon.exe - Claire - Normal - C:\Pre_Scan\pv\winlogon.exe -o"%i | %f - %u - %p - %l - %r" - 2020

¤¤¤¤¤¤¤¤¤¤ | Winlogon

¤

[HKLM | Winlogon]|[Shell] : Explorer.exe
[HKLM64 | Winlogon]|[Shell] : Explorer.exe
[HKLM | Winlogon]|[AutoRestartShell] : 1 -> 0
[HKLM64 | Winlogon]|[AutoRestartShell] : 1 -> 0
[HKLM | Winlogon]|[userinit] : C:\Windows\system32\userinit.exe, -> C:\Windows\SysWOW64\userinit.exe,
[HKLM64 | Winlogon]|[userinit] : C:\Windows\system32\userinit.exe,
[HKLM | Winlogon]|[PowerDownAfterShutdown] : 1
[HKLM64 | Winlogon]|[PowerDownAfterShutdown] : 0 -> 1
[HKLM | Winlogon]|[System] :
[HKLM64 | Winlogon]|[System] :

¤¤¤¤¤¤¤¤¤¤ | Associations

[.exe] : exefile
[exefile | command] : "%1" %*
[.com] : ComFile
[comfile | command] : "%1" %*
[.reg] : regfile
[regfile | command] : regedit.exe "%1"
[.scr] : scrfile
[scrfile | command] : "%1" /S
[.bat] : batfile
[batfile | command] : "%1" %*
[.cmd] : cmdfile
[cmdfile | command] : "%1" %*
[.pif] : piffile
[piffile | command] : "%1" %*
[.url] : InternetShortcut
[InternetShortcut | command] : "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l
[Application.Manifest | command] : rundll32.exe dfshim.dll,ShOpenVerbApplication %1
[Application.Reference | command] : rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2
[Folder | command] : C:\Windows\explorer.exe

¤

[Firefox | Command] | @ : C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"
[Firefox64 | Command] | @ : "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"
[Firefox - Safemode | Command] | @ : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode
[Firefox64 - Safemode | Command] | @ : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode
[IE | Command] | @ : "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
[IE64 | Command] | @ : "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
[Applications | IE | Command] | @ : "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
[Chrome | Command] | @ : "C:\Users\Claire\AppData\Local\Google\Chrome\Application\chrome.exe"
[Chrome64 | Command] | @ : "C:\Users\Claire\AppData\Local\Google\Chrome\Application\chrome.exe"
[Assoc | Applications] | @ : http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s
[Assoc64 | Applications] | @ : http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s

¤¤¤¤¤¤¤¤¤¤ | Corrections diverses

[HKLM | HideDesktopIcons\ClassicStartMenu]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 0
[HKLM64 | HideDesktopIcons\ClassicStartMenu]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 0
[HKLM64 | HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 0
[HKLM64 | HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 0
[HKLM64 | HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 0
[HKLM64 | HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 0
[HKLM64 | HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 0
[HKLM64 | HideDesktopIcons\NewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 0
[HKLM64 | HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0
[HKLM | Advanced\Folder\Hidden\SHOWALL]|[CheckedValue] : 1
[HKLM64 | Advanced\Folder\Hidden\SHOWALL]|[CheckedValue] : 1
[HKU\S-1-5-21-1956556710-1167447761-81823118-1001 | Desktop]|[Wallpaper] : C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
[HKU\S-1-5-18 | Desktop]|[Wallpaper] : (None)
[HKU64\S-1-5-21-1956556710-1167447761-81823118-1001 | Desktop]|[Wallpaper] : C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
[HKU64\S-1-5-18 | Desktop]|[Wallpaper] : (None)
[HKU\S-1-5-19 | Policies\Explorer]|[NoDesktop] : 0
[HKU\S-1-5-20 | Policies\Explorer]|[NoDesktop] : 0
[HKU\S-1-5-21-1956556710-1167447761-81823118-1001 | Policies\Explorer]|[NoDesktop] : -> 0
[HKU\S-1-5-21-1956556710-1167447761-81823118-1001_Classes | Policies\Explorer]|[NoDesktop] : -> 0
[HKU\S-1-5-18 | Policies\Explorer]|[NoDesktop] : -> 0
[HKU64\S-1-5-19 | Policies\Explorer]|[NoDesktop] : 0
[HKU64\S-1-5-20 | Policies\Explorer]|[NoDesktop] : 0
[HKU64\S-1-5-21-1956556710-1167447761-81823118-1001 | Policies\Explorer]|[NoDesktop] : 0
[HKU64\S-1-5-21-1956556710-1167447761-81823118-1001_Classes | Policies\Explorer]|[NoDesktop] : 0
[HKU64\S-1-5-18 | Policies\Explorer]|[NoDesktop] : 0
[HKLM | CurrentVersion\Explorer]|[AlwaysUnloadDll] : 1
[HKLM64 | CurrentVersion\Explorer]|[AlwaysUnloadDll] : -> 1
[HKLM | policies\Explorer]|[NoDesktop] : -> 0
[HKLM64 | policies\Explorer]|[NoDesktop] : 0
[HKU\S-1-5-19 | Explorer\Advanced]|[Hidden] : -> 0
[HKU\S-1-5-20 | Explorer\Advanced]|[Hidden] : -> 0
[HKU\S-1-5-21-1956556710-1167447761-81823118-1001 | Explorer\Advanced]|[Hidden] : -> 0
[HKU\S-1-5-21-1956556710-1167447761-81823118-1001_Classes | Explorer\Advanced]|[Hidden] : -> 0
[HKU\S-1-5-18 | Explorer\Advanced]|[Hidden] : -> 0
[HKU64\S-1-5-19 | Explorer\Advanced]|[Hidden] : 0
[HKU64\S-1-5-20 | Explorer\Advanced]|[Hidden] : 0
[HKU64\S-1-5-21-1956556710-1167447761-81823118-1001 | Explorer\Advanced]|[Hidden] : 0
[HKU64\S-1-5-21-1956556710-1167447761-81823118-1001_Classes | Explorer\Advanced]|[Hidden] : 0
[HKU64\S-1-5-18 | Explorer\Advanced]|[Hidden] : 0
[HKLM | Policies\System]|[DisableRegistryTools] : 0
[HKLM64 | Policies\System]|[DisableRegistryTools] : 0
[HKLM | Control\SafeBoot]|[AlternateShell] : cmd.exe
[HKLM | Control\SafeBoot\Option]|[UseAlternateShell] : -> yes

12:30:14

¤¤¤¤¤¤¤¤¤¤ | Services Corrections

[RPCSS] : 2 : Actif
[Cmbatt] : 3 : Actif
[Compbatt] : 0 : Actif
[Ndisuio] : 3 : Actif
[Power] : 2 : Actif
[Profsvc] : 2 : Actif
[PlugPlay] : 2 : Actif
[PEAUTH] : 2 : Actif
[nsi] : 2 : Actif
[NLASvc] : 2 : Actif
[MPSsvc] : 2 : Actif
[MMCSS] : 2 : Actif
[luafv] : 2 : Actif
[lltdio] : 2 : Actif
[Iphlpsvc] : 2 : Actif
[IKEEXT] : 2 : Actif
[gpsvc] | Start : 2 : Actif
[lmhosts] : 2 : Actif
[LanmanWorkstation] : 2 : Actif
[LanmanServer] : 2 : Actif
[agp440] | Start : 2 : Inactif
[AudioEndpointBuilder] : 2 : Actif
[Audiosrv] : 2 : Actif
[BFE] : 2 : Actif
[Bits] : 2 : Actif
[CryptSvc] : 2 : Actif
[EapHost] : 2 : Actif
[Wlansvc] : 2 : Actif
[SppSvc] : 2 : Inactif
[SharedAccess] : 2 : Inactif
[windefend] : 2 : Actif
[wuauserv] : 2 : Actif
[WerSvc] : 2 : Actif
[wscsvc] : 2 : Actif

12:30:14

¤¤¤¤¤¤¤¤¤¤ | Internet Explorer

Deleted : S-1-5-21-1956556710-1167447761-81823118-1001 : Proxyserver -> http=127.0.0.1:56847

¤

Deleted : S-1-5-18 : Proxyserver -> http=127.0.0.1:56847

¤

[HKU\S-1-5-21-1956556710-1167447761-81823118-1001 | Main]|[Start Page] : http://www.google.fr/ -> http://www.google.com/
[HKU\S-1-5-18 | Main]|[Start Page] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> http://www.google.com/
[HKU64\S-1-5-21-1956556710-1167447761-81823118-1001 | Main]|[Start Page] : http://www.google.com/
[HKU64\S-1-5-18 | Main]|[Start Page] : http://www.google.com/
[HKU\S-1-5-21-1956556710-1167447761-81823118-1001 | Main]|[Local Page] : C:\Windows\system32\blank.htm
[HKU64\S-1-5-21-1956556710-1167447761-81823118-1001 | Main]|[Local Page] : C:\Windows\system32\blank.htm -> C:\Windows\System32\blank.htm
[HKU\S-1-5-21-1956556710-1167447761-81823118-1001 | Main]|[Search Page] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKU\S-1-5-18 | Main]|[Search Page] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKU64\S-1-5-21-1956556710-1167447761-81823118-1001 | Main]|[Search Page] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKU64\S-1-5-18 | Main]|[Search Page] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKLM | Search]|[SearchAssistant] : http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> http://www.google.com/ie
[HKLM64 | Search]|[SearchAssistant] : http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> http://www.google.com/ie
[HKLM | Main]|[Start Page] : http://go.microsoft.com/fwlink/?LinkId=69157
[HKLM64 | Main]|[Start Page] : http://go.microsoft.com/fwlink/?LinkId=69157
[HKLM | Main]|[Local Page] : C:\Windows\SysWOW64\blank.htm
[HKLM64 | Main]|[Local Page] : C:\Windows\System32\blank.htm -> C:\Windows\System32\blank.htm
[HKLM | Main]|[Default_Search_URL] : http://go.microsoft.com/fwlink/?LinkId=54896
[HKLM64 | Main]|[Default_Search_URL] : http://go.microsoft.com/fwlink/?LinkId=54896
[HKLM | Main]|[Default_Page_URL] : http://go.microsoft.com/fwlink/?LinkId=69157
[HKLM64 | Main]|[Default_Page_URL] : http://go.microsoft.com/fwlink/?LinkId=69157
[HKLM | Main]|[Search Page] : http://go.microsoft.com/fwlink/?LinkId=54896
[HKLM64 | Main]|[Search Page] : http://go.microsoft.com/fwlink/?LinkId=54896
[HKLM | AboutURLs]|[Tabs] : res://ieframe.dll/tabswelcome.htm

¤

[HKU\S-1-5-21-1956556710-1167447761-81823118-1001 | PhishingFilter]|[Enabled] : 2
[HKU64\S-1-5-21-1956556710-1167447761-81823118-1001 | PhishingFilter]|[Enabled] : 2
[HKU\S-1-5-21-1956556710-1167447761-81823118-1001 | PhishingFilter]|[EnabledV8] : 1
[HKU64\S-1-5-21-1956556710-1167447761-81823118-1001 | PhishingFilter]|[EnabledV8] : 1
[HKU\S-1-5-21-1956556710-1167447761-81823118-1001 | Internet settings]|[ProxyOverride] : *.local
[HKU\S-1-5-18 | Internet settings]|[ProxyOverride] : *.local
[HKU64\S-1-5-21-1956556710-1167447761-81823118-1001 | Internet settings]|[ProxyOverride] : *.local
[HKU64\S-1-5-18 | Internet settings]|[ProxyOverride] : *.local
[HKU\S-1-5-19 | Internet settings]|[EnableHttp1_1] : 1
[HKU\S-1-5-20 | Internet settings]|[EnableHttp1_1] : 1
[HKU\S-1-5-21-1956556710-1167447761-81823118-1001 | Internet settings]|[EnableHttp1_1] : 1
[HKU\S-1-5-18 | Internet settings]|[EnableHttp1_1] : 1
[HKU64\S-1-5-19 | Internet settings]|[EnableHttp1_1] : 1
[HKU64\S-1-5-20 | Internet settings]|[EnableHttp1_1] : 1
[HKU64\S-1-5-21-1956556710-1167447761-81823118-1001 | Internet settings]|[EnableHttp1_1] : 1
[HKU64\S-1-5-18 | Internet settings]|[EnableHttp1_1] : 1
[HKU\S-1-5-21-1956556710-1167447761-81823118-1001 | Internet settings]|[MigrateProxy] : 1
[HKU\S-1-5-18 | Internet settings]|[MigrateProxy] : 1
[HKU64\S-1-5-21-1956556710-1167447761-81823118-1001 | Internet settings]|[MigrateProxy] : 1
[HKU64\S-1-5-18 | Internet settings]|[MigrateProxy] : 1
[HKU\S-1-5-19 | Internet settings]|[AutoConfigProxy] : wininet.dll
[HKU\S-1-5-20 | Internet settings]|[AutoConfigProxy] : wininet.dll
[HKU\S-1-5-21-1956556710-1167447761-81823118-1001 | Internet settings]|[AutoConfigProxy] : wininet.dll
[HKU\S-1-5-18 | Internet settings]|[AutoConfigProxy] : wininet.dll
[HKU64\S-1-5-19 | Internet settings]|[AutoConfigProxy] : wininet.dll
[HKU64\S-1-5-20 | Internet settings]|[AutoConfigProxy] : wininet.dll
[HKU64\S-1-5-21-1956556710-1167447761-81823118-1001 | Internet settings]|[AutoConfigProxy] : wininet.dll
[HKU64\S-1-5-18 | Internet settings]|[AutoConfigProxy] : wininet.dll

¤¤¤¤¤¤¤¤¤¤ | Firefox

Profile : 7x7zoa99.default

user_pref("browser.startup.homepage_override.buildID", "20120614114901");
user_pref("browser.startup.homepage_override.mstone", "13.0.1");
user_pref("browser.download.lastDir", "C:\\Users\\Claire\\Desktop");
user_pref("network.proxy.http", "127.0.0.1");
user_pref("network.proxy.http_port", 56847);
user_pref("network.proxy.no_proxies_on", "localhost,127.0.0.1");
user_pref("network.proxy.type", 1);

¤¤¤¤¤¤¤¤¤¤ | Extensions

C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

¤¤¤¤¤¤¤¤¤¤ | Plugins

C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml
C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
C:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml
C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml
C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml

¤¤¤¤¤¤¤¤¤¤ | DNS

[HKLM\SYSTEM\CCS | Tcpip\Parameters]|[DhcpNameServer] : 192.168.1.1
[HKLM\SYSTEM\ControlSet001 | Interfaces\{5E5E7196-0436-4A69-A289-B9853A5358B8}]|[NameServer] : 10.69.200.90,10.69.200.91,10.69.200.92
[HKLM\SYSTEM\ControlSet001 | Interfaces\{B3FCC848-7189-4A9A-9873-52EDA0D7156D}]|[DhcpNameServer] : 192.168.1.1
[HKLM\SYSTEM\ControlSet002 | Interfaces\{5E5E7196-0436-4A69-A289-B9853A5358B8}]|[NameServer] : 10.69.200.90,10.69.200.91,10.69.200.92
[HKLM\SYSTEM\ControlSet002 | Interfaces\{B3FCC848-7189-4A9A-9873-52EDA0D7156D}]|[DhcpNameServer] : 192.168.1.1
[HKLM\SYSTEM\CurrentControlSet | Interfaces\{5E5E7196-0436-4A69-A289-B9853A5358B8}]|[NameServer] : 10.69.200.90,10.69.200.91,10.69.200.92
[HKLM\SYSTEM\CurrentControlSet | Interfaces\{B3FCC848-7189-4A9A-9873-52EDA0D7156D}]|[DhcpNameServer] : 192.168.1.1

¤¤¤¤¤¤¤¤¤¤ | Hosts

C:\Windows\System32\Drivers\etc\hosts : Cleaned :)

¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry

Deleted : [HKLM64\Software\Software]

Impossible to move : C:\Users\Claire\AppData\Local\{76860A03-9EA6-4587-AE16-49E1C8AFD060} -> WLM
Folder Deleted : C:\Users\Claire\AppData\Local\{867C72EE-6721-45D8-882B-B889B94A8A06} -> WLM
Folder Deleted : C:\Users\Claire\AppData\Local\{98C339AD-57D4-4B49-88A3-2267E9A6843B} -> WLM

12:48:55

Impossible to move : C:\Users\Claire\AppData\Local\Temp\~DFBA67ED31EFBF3D45.TMP
Quarantined and deleted successfully : C:\Windows\Prefetch\ADOBEARM.EXE-7105D3A2.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\ADOBE_UPDATER.EXE-422B2046.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\APSDAEMON.EXE-4484BAA6.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\ASHQUICK.EXE-AA982584.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\ASWREGSVR.EXE-AD27A91B.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\ASWREGSVR64.EXE-9CD9EB4D.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\AUDIODG.EXE-BDFD3029.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\AVASTSVC.EXE-AEB722C6.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\AVASTUI.EXE-56B29A08.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\BJMYPRT.EXE-2C6EC7CF.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\CAUDIOFILTERAGENT64.EXE-DADE1F10.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\CCC.EXE-B637C9BF.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\CFIWMXSVCS64.EXE-E079CBBA.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\CFSVCS.EXE-35E839CF.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\CHROME.EXE-1339A47B.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\CHROME.EXE-D999B1BA.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\CLISTART.EXE-0F58A398.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\CMD.EXE-4A81B364.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\CNSEMAIN.EXE-E4A3DD41.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\CSC.EXE-BE9AC2DF.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\CVTRES.EXE-2B9D810D.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\DLLHOST.EXE-40DD444D.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\DLLHOST.EXE-766398D2.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\DLLHOST.EXE-7FAA2E4C.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\DLLHOST.EXE-97229F6A.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\DLLHOST.EXE-B2EB1806.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\DLLHOST.EXE-E7777CC4.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\DLLHOST.EXE-ECB71776.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\DROPBOX.EXE-E130B1F2.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\DW20.EXE-E115992B.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\FLASHPLAYERUPDATESERVICE.EXE-216D9C35.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\GOOGLEUPDATE.EXE-B95715F5.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\INSTALL.EXE-56EEE089.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\INSTALLFLASHPLAYER.EXE-F77F2120.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\INSTLOFFER.EXE-641025E5.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\IPODSERVICE.EXE-37C43D64.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\ITSECMNG.EXE-F0CB947F.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\ITUNESHELPER.EXE-010C3851.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\MAKECAB.EXE-0F1704A4.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\MCAGENT.EXE-414BDE46.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\MCINFO.EXE-73BBFA2D.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\MCODS.EXE-8D46D95B.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\MCSMTFWK.EXE-258D8647.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\MCSYNC.EXE-A4B62562.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\MCUICNT.EXE-DF90E34C.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\MCUPDATE.EXE-3BDA89ED.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\MCVSMAP.EXE-50B39320.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\MCVSSHLD.EXE-85806101.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\MOM.EXE-42E9F9DF.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\MSCORSVW.EXE-57D17DAF.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\MSCORSVW.EXE-C3C515BD.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\MSFEEDSSYNC.EXE-6E6FBDF4.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\MSIEXEC.EXE-A2D55CB6.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\MSIEXEC.EXE-E09A077A.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\NBAGENT.EXE-FD8F7F47.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\NETSH.EXE-CD959116.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\OFFERBOX.EXE-F06D2298.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\PRINTISOLATIONHOST.EXE-E0CD10A9.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\RUNDLL32.EXE-51396F76.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\RUNDLL32.EXE-A3E35360.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\RUNDLL32.EXE-A97FC16F.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\RUNDLL32.EXE-E0339639.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\RUNONCE.EXE-0E293DD6.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\RUNONCE.EXE-D0649312.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SAIICPL.EXE-B8307A71.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SAUI.EXE-5CA19F3E.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SAUI.EXE-6A83656D.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SAUPD.EXE-1E90320D.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SC.EXE-945D79AE.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SEARCHINDEXER.EXE-4A6353B9.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SIDEBAR.EXE-FA75EA61.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SMARTFACEVWATCHER.EXE-A9E78692.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SOFTWAREUPDATE.EXE-6F5E018F.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SPLWOW64.EXE-297C4568.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SPPSVC.EXE-B0F8131B.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SVCHOST.EXE-05F624AB.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SVCHOST.EXE-C871F054.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SYNTPENH.EXE-E6DC1353.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SYNTPHELPER.EXE-0A20AAC4.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\TAPISYSPREP.EXE-C6988E3C.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\TASKHOST.EXE-7238F31D.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\TCRDKBB.EXE-BD533577.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\TCRDMAIN.EXE-3DBFB9C5.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\TECO.EXE-D194ABE2.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\TEMPROTRAY.EXE-214D4BC9.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\THPSRV.EXE-C147AF7B.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\TOPI.EXE-139542E9.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\TOSHIBAREMINDER.EXE-82C396B3.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\TOSHIBASERVICESTATION.EXE-92A6EAE9.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\TOSNCCORE.EXE-3F6C75EF.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\TOSREELTIMEMONITOR.EXE-231838A8.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\TOSSENOTIFY.EXE-BC36C1CB.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\TOSSMARTSRV.EXE-BCFE7888.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\TOSVOLREGULATOR.EXE-99D29444.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\TOSWAITSRV.EXE-4901C686.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\TOSWAITSRV.EXE-B7D084DF.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\TPCHSRV.EXE-1AF64E0B.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\TPCHWMSG.EXE-0A89392A.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\TWEBCAMERA.EXE-82879EEF.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\UNS.EXE-E6E49771.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\USERINIT.EXE-2257A3E7.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\VCREDIST_X86_SP1.EXE-08439203.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\WMPNETWK.EXE-D9F2A96F.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\WMPNSCFG.EXE-FC0D39BF.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\WUAUCLT.EXE-70318591.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\WUAUCLT.EXE-DBD66530.pf

¤¤¤¤¤¤¤¤¤¤ | quarantined at reboot

Quarantined and deleted Successfully at Reboot : C:\Users\Claire\AppData\Local\{76860A03-9EA6-4587-AE16-49E1C8AFD060}
Quarantined and deleted Successfully at Reboot : C:\Users\Claire\AppData\Local\Temp\~DFBA67ED31EFBF3D45.TMP

12:54:43

¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair

[HKLM | Safeboot] -> OK
[HKLM | Safeboot\Minimal] -> OK
[HKLM | Safeboot\Network] -> OK

¤

[HKLM | Minimal\AppMgmt] : Service -> OK
[HKLM | Minimal\Base] : Driver Group -> OK
[HKLM | Minimal\Boot Bus Extender] : Driver Group -> OK
[HKLM | Minimal\Boot file system] : Driver Group -> OK
[HKLM | Minimal\CryptSvc] : Service -> OK
[HKLM | Minimal\DcomLaunch] : Service -> OK
[HKLM | Minimal\dmadmin] : -> Service
[HKLM | Minimal\dmboot.sys] : -> Driver
[HKLM | Minimal\dmio.sys] : -> Driver
[HKLM | Minimal\dmload.sys] : -> Driver
[HKLM | Minimal\dmserver] : -> Service
[HKLM | Minimal\EventLog]: Service -> OK
[HKLM | Minimal\File system] : Driver Group -> OK
[HKLM | Minimal\Filter] : Driver Group -> OK
[HKLM | Minimal\HelpSvc] : Service -> OK
[HKLM | Minimal\Netlogon] : Service -> OK
[HKLM | Minimal\PCI Configuration] : Driver Group -> OK
[HKLM | Minimal\PlugPlay] : Service -> OK
[HKLM | Minimal\PNP Filter] : Driver Group -> OK
[HKLM | Minimal\Primary disk] : Driver Group -> OK
[HKLM | Minimal\RpcSs] : Service -> OK
[HKLM | Minimal\SCSI Class] : Driver Group -> OK
[HKLM | Minimal\sermouse.sys] : Driver -> OK
[HKLM | Minimal\sr.sys] : FSFilter System Recovery -> OK
[HKLM | Minimal\SRService] : -> Service
[HKLM | Minimal\System Bus Extender] : Driver Group -> OK
[HKLM | Minimal\vds] : Service -> OK
[HKLM | Minimal\vga.sys] : Driver -> OK
[HKLM | Minimal\vgasave.sys] : Driver -> OK
[HKLM | Minimal\WinMgmt] : Service -> OK
[HKLM | Minimal\{36FC9E60-C465-11CF-8056-444553540000}] : Universal Serial Bus controllers -> OK
[HKLM | Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] : CD-ROM Drive -> OK
[HKLM | Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] : DiskDrive -> OK
[HKLM | Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] : Standard floppy disk controller -> OK
[HKLM | Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] : Hdc -> OK
[HKLM | Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] : Keyboard -> OK
[HKLM | Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] : Mouse -> OK
[HKLM | Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] : PCMCIA Adapters -> OK
[HKLM | Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] : SCSIAdapter -> OK
[HKLM | Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] : System -> OK
[HKLM | Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] : Floppy disk drive -> OK
[HKLM | Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] : Volume shadow copy -> OK
[HKLM | Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] : Volume -> OK
[HKLM | Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] : Human Interface Devices -> OK

¤

[HKLM | Network\AFD] : Service -> OK
[HKLM | Network\AppMgmt] : Service -> OK
[HKLM | Network\Base] : Driver Group -> OK
[HKLM | Network\Boot Bus Extender] : Driver Group -> OK
[HKLM | Network\Boot file system] : Driver Group -> OK
[HKLM | Network\Browser] : Service -> OK
[HKLM | Network\CryptSvc] : Service -> OK
[HKLM | Network\DcomLaunch] : Service -> OK
[HKLM | Network\Dhcp] : Service -> OK
[HKLM | Network\dmadmin] : -> Service
[HKLM | Network\dmboot.sys] : -> Driver
[HKLM | Network\dmio.sys] : -> Driver
[HKLM | Network\dmload.sys] : -> Driver
[HKLM | Network\dmserver] : -> Service
[HKLM | Network\DnsCache] : Service -> OK
[HKLM | Network\EventLog] : Service -> OK
[HKLM | Network\File system] : Driver Group -> OK
[HKLM | Network\Filter] : Driver Group -> OK
[HKLM | Network\HelpSvc] : Service -> OK
[HKLM | Network\ip6fw.sys] : Driver -> OK
[HKLM | Network\ipnat.sys] : Driver -> OK
[HKLM | Network\LanmanServer] : Service -> OK
[HKLM | Network\LanmanWorkstation] : Service -> OK
[HKLM | Network\LmHosts] : Service -> OK
[HKLM | Network\Messenger] : Service -> OK
[HKLM | Network\NDIS] : Driver Group -> OK
[HKLM | Network\NDIS Wrapper] : Driver Group -> OK
[HKLM | Network\Ndisuio] : Service -> OK
[HKLM | Network\NetBIOS] : Service -> OK
[HKLM | Network\NetBIOSGroup] : Driver Group -> OK
[HKLM | Network\NetBT] : Service -> OK
[HKLM | Network\NetDDEGroup] : Driver Group -> OK
[HKLM | Network\Netlogon] : Service -> OK
[HKLM | Network\NetMan] : Service -> OK
[HKLM | Network\Network] : Driver Group -> OK
[HKLM | Network\NetworkProvider] : Driver Group -> OK
[HKLM | Network\NtLmSsp] : Service -> OK
[HKLM | Network\PCI Configuration] : Driver Group -> OK
[HKLM | Network\PlugPlay] : Service -> OK
[HKLM | Network\PNP Filter] : Driver Group -> OK
[HKLM | Network\PNP_TDI] : Driver Group -> OK
[HKLM | Network\Primary disk] : Driver Group -> OK
[HKLM | Network\rdpcdd.sys] : Driver -> OK
[HKLM | Network\rdpdd.sys] : Driver -> OK
[HKLM | Network\rdpwd.sys] : Driver -> OK
[HKLM | Network\rdsessmgr] : Service -> OK
[HKLM | Network\RpcSs] : Service -> OK
[HKLM | Network\SCSI Class] : Driver Group -> OK
[HKLM | Network\sermouse.sys] : Driver -> OK
[HKLM | Network\sharedaccess] : Service -> OK
[HKLM | Network\sr.sys] : FSFilter System Recovery -> OK
[HKLM | Network\SRService] : -> Service
[HKLM | Network\Streams Drivers] : Driver Group -> OK
[HKLM | Network\SYMTDI] : Service -> OK
[HKLM | Network\System Bus Extender] : Driver Group -> OK
[HKLM | Network\Tcpip] : Service -> OK
[HKLM | Network\TDI] : Driver Group -> OK
[HKLM | Network\tdpipe.sys] : Driver -> OK
[HKLM | Network\tdtcp.sys] : Driver -> OK
[HKLM | Network\termservice] : Service -> OK
[HKLM | Network\UploadMgr] : -> Service
[HKLM | Network\vga.sys] : Driver -> OK
[HKLM | Network\vgasave.sys] : Driver -> OK
[HKLM | Network\WinMgmt] : Service -> OK
[HKLM | Network\Wlansvc] : Service -> OK
[HKLM | Network\{36FC9E60-C465-11CF-8056-444553540000}] : Universal Serial Bus controllers -> OK
[HKLM | Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] : CD-ROM Drive -> OK
[HKLM | Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] : DiskDrive -> OK
[HKLM | Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] : Standard floppy disk controller -> OK
[HKLM | Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] : Hdc -> OK
[HKLM | Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] : Keyboard -> OK
[HKLM | Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] : Mouse -> OK
[HKLM | Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] : Net -> OK
[HKLM | Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] : NetClient -> OK
[HKLM | Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] : NetService -> OK
[HKLM | Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] : NetTrans -> OK
[HKLM | Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] : PCMCIA Adapters -> OK
[HKLM | Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] : SCSIAdapter -> OK
[HKLM | Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] : System -> OK
[HKLM | Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] : Floppy disk drive -> OK
[HKLM | Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] : Volume -> OK
[HKLM | Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] : Human Interface Devices -> OK

¤¤¤¤¤¤¤¤¤¤ | Heuristic | Suspect

¤¤¤¤¤¤¤¤¤¤ | IFEO

12:54:57

¤¤¤¤¤¤¤¤¤¤ | Run

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[NBAgent] : "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[Microsoft Default Manager] : "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[StartCCC] : "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[ITSecMng] : %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[TWebCamera] : "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[ToshibaServiceStation] : C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[CanonSolutionMenuEx] : C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[APSDaemon] : "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[Adobe ARM] : "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
[HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[SynTPEnh] : %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
[HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[TosSENotify] : C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [05/02/2010 17:45:06]
[HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[TosReelTimeMonitor] : %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
[HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[TosNC] : %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
[HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[Toshiba TEMPRO] : C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [11/02/2010 02:40:24]
[HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[SmartAudio] : C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
[HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[cAudioFilterAgent] : C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [12/08/2010 01:27:01]
[HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[TPwrMain] : %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
[HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[HSON] : %ProgramFiles%\TOSHIBA\TBS\HSON.exe
[HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[SmoothView] : %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
[HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[00TCrdMain] : %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
[HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[SmartFaceVWatcher] : %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
[HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[ThpSrv] : C:\Windows\system32\thpsrv /logon
[HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[Teco] : "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
[HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[TosWaitSrv] : %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
[HKLM64\SOFTWARE\Microso
0
Réponse 24 / 35
Utilisateur anonyme
 
heberge le rapport sur http://pjjoint.malekal.com
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 35
claire
 
http://pjjoint.malekal.com/files.php?read=20120729_y8w7t6x7b9
0
Réponse 26 / 35
Utilisateur anonyme
 
Télécharge et enregistre ADWcleaner sur ton bureau :

ADWCleaner (Merci à Xplode)

Lance le,

(Pour vista et seven => clic droit "executer en tant qu'administrateur")

clique sur suppression et poste son rapport.
0
Réponse 27 / 35
claire
 
# AdwCleaner v1.703 - Rapport créé le 29/07/2012 à 19:23:41
# Mis à jour le 20/07/2012 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : Claire - CLAIRE-TOSH
# Exécuté depuis : C:\Users\Claire\Desktop\adwcleaner.exe
# Option [Suppression]

***** [Services] *****

***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Users\Claire\AppData\LocalLow\AskToolbar
Dossier Supprimé : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Dossier Supprimé : C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Fichier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Offerbox.lnk

***** [Registre] *****

Clé Supprimée : HKCU\Software\AppDataLow\AskToolbarInfo
Clé Supprimée : HKCU\Software\AppDataLow\Software\AskToolbar
Clé Supprimée : HKCU\Software\Ask.com
Clé Supprimée : HKCU\Software\SweetIm
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Clé Supprimée : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Clé Supprimée : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé Supprimée : HKLM\SOFTWARE\Classes\OfferBoxUI.TheBoxCtrl
Clé Supprimée : HKLM\SOFTWARE\Classes\OfferBoxUI.TheBoxCtrl.1
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ForceRenive
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Clé Supprimée : HKLM\SOFTWARE\SweetIM
[x64] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{0EE02110-967B-4256-ACA6-BC8AC7CB7E61}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{8216BD4A-4DC2-4DCE-9AFF-C86C5ACC6757}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D4D390BE-98E6-4633-AD1B-B18B54BE5E76}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{8ABB9FA2-0740-4AD9-8F54-1192254B3CF4}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0EE02110-967B-4256-ACA6-BC8AC7CB7E61}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{8216BD4A-4DC2-4DCE-9AFF-C86C5ACC6757}
[x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D4D390BE-98E6-4633-AD1B-B18B54BE5E76}
[x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
[x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
[x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v13.0.1 (fr)

Nom du profil : default
Fichier : C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\7x7zoa99.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

-\\ Google Chrome v20.0.1132.57

Fichier : C:\Users\Claire\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[S1].txt - [4821 octets] - [29/07/2012 19:23:41]

########## EOF - C:\AdwCleaner[S1].txt - [4949 octets] ##########
0
Réponse 28 / 35
Utilisateur anonyme
 
mets malwarebytes à jour , fais un scan complet , supprime tout ce qu il trouve puis poste le rapport
0
Réponse 29 / 35
claire
 
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Version de la base de données: v2012.07.29.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Claire :: CLAIRE-TOSH [administrateur]

29/07/2012 19:38:04
mbam-log-2012-07-29 (19-38-04).txt

Type d'examen: Examen complet (C:\|D:\|E:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 405741
Temps écoulé: 1 heure(s), 5 minute(s), 10 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 2
C:\Users\Claire\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Mis en quarantaine et supprimé avec succès.
C:\Users\Claire\Downloads\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Mis en quarantaine et supprimé avec succès.

(fin)
0
Réponse 30 / 35
Utilisateur anonyme
 
bien quels souis persistent ?
0
Réponse 31 / 35
claire
 
a priori aucun problème. est ce que je dois supprimer tous les programmes pour scanner le pc?

un grand merci pour votre aide en tout cas.

claire
0
Réponse 32 / 35
Utilisateur anonyme
 
alors on fait le menage :)

https://gen-hackman.kanak.fr/#1037
0
Réponse 33 / 35
claire
 
derniere ligne du rapport PureRa 1.7

Total space cleaned: 345.10 MB
0
Utilisateur anonyme
 
magnifique !! ^^
0
Réponse 34 / 35
claire
 
# DelFix v8.9 - Rapport créé le 03/08/2012 à 00:35:33
# Mis à jour le 27/07/12 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : Claire - CLAIRE-TOSH (Administrateur)
# Exécuté depuis : C:\Users\Claire\Desktop\delfix.exe
# Option [Suppression]

~~~~~~ Dossiers(s) ~~~~~~

Supprimé : C:\Qoobox
Supprimé : C:\pre_scan
Supprimé : C:\Users\Claire\Desktop\RK_Quarantine

~~~~~~ Fichier(s) ~~~~~~

Supprimé : C:\Users\Claire\Desktop\Cequejeveux3.exe <-- Combofix
Supprimé : C:\AdwCleaner[S1].txt
Supprimé : C:\ComboFix.txt
Supprimé : C:\Users\Claire\Desktop\adwcleaner.exe
Supprimé : C:\Users\Claire\Desktop\Pre_Scan_29_07_2012_12_29_44.txt
Supprimé : C:\Users\Claire\Desktop\Pre_script.txt
Supprimé : C:\Users\Claire\Desktop\RKreport[1].txt
Supprimé : C:\Users\Claire\Desktop\RKreport[2].txt
Supprimé : C:\Users\Claire\Downloads\Defogger.exe
Supprimé : C:\Windows\grep.exe
Supprimé : C:\Windows\PEV.exe
Supprimé : C:\Windows\NIRCMD.exe
Supprimé : C:\Windows\MBR.exe
Supprimé : C:\Windows\SED.exe
Supprimé : C:\Windows\SWREG.exe
Supprimé : C:\Windows\SWSC.exe
Supprimé : C:\Windows\SWXCACLS.exe
Supprimé : C:\Windows\Zip.exe

~~~~~~ Registre ~~~~~~

Clé Supprimée : HKCU\Software\g3n-h@ckm@n
Clé Supprimée : HKLM\SOFTWARE\AdwCleaner
Clé Supprimée : HKLM\SOFTWARE\Swearware
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~~~~~~ Autres ~~~~~~

-> Prefetch Vidé

*************************

DelFix[S1].txt - [1528 octets] - [03/08/2012 00:35:33]

########## EOF - C:\DelFix[S1].txt - [1652 octets] ##########
0
Réponse 35 / 35
Utilisateur anonyme
 
cequejeveux3.exe ^^ excellent ^^
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses