Desktop.ini

Ariane -  
moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,

Bonjour, j'ai des desktop.ini qui pop up partout dans mes dossiers et sur mon bureau alors je sais pas comment retirer tout ca.

j'ai besoin d'aide stp

Merci

5 réponses

  1. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    bonjour

    Attention, avant de commencer, lit attentivement la procédure, et imprime la

    Aide à l'utilisation
    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    Télécharge ComboFix de sUBs que tu renommes ARIANNE avant de l'enregistrersur ton Bureau :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    /!\ Déconnecte-toi du net et <gras>DESACTIVES TOUTES LES DEFENSES, antivirus et antispyware y compris /!\ </gras>

    ---> Double-clique sur ComboFix.exe
    Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter

    SURTOUT INSTALLES LA CONSOLE DE RECUPERATION
    (si il te propose de l'installer remets internet)

    ---> Mets-le en langue française F
    Tape sur la touche 1 (Yes) pour démarrer le scan.

    Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC

    En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

    Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

    /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

    Note : Le rapport se trouve également là : C:\ComboFix.txt

    0
  2. Ariane
     
    ComboFix 12-07-18.04 - Chantal 2012-07-18 20:00:15.2.4 - x64
    Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.2.1036.18.5611.3574 [GMT -4:00]
    Lancé depuis: c:\users\Chantal\Desktop\Ariane.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\intellidownload\gunzip.exe
    c:\programdata\ntuser.dat
    c:\users\Chantal\AppData\Local\assembly\tmp
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\_ctypes.pyd
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\_elementtree.pyd
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\_hashlib.pyd
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\_socket.pyd
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\_ssl.pyd
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\pyexpat.pyd
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\pysqlite2._sqlite.pyd
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\python26.dll
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\pythoncom26.dll
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\PyWinTypes26.dll
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\select.pyd
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\unicodedata.pyd
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\win32api.pyd
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\win32com.shell.shell.pyd
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\win32crypt.pyd
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\win32event.pyd
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\win32file.pyd
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\win32inet.pyd
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\win32pdh.pyd
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\win32process.pyd
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\windows._cacheinvalidation.pyd
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\wx._controls_.pyd
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\wx._core_.pyd
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\wx._gdi_.pyd
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\wx._html2.pyd
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\wx._misc_.pyd
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\wx._windows_.pyd
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\wx._wizard.pyd
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\wxbase293u_net_vc.dll
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\wxbase293u_vc.dll
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\wxmsw293u_adv_vc.dll
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\wxmsw293u_core_vc.dll
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\wxmsw293u_html_vc.dll
    c:\users\Chantal\AppData\Local\Temp\_MEI40442\wxmsw293u_webview_vc.dll
    c:\windows\SysWow64\tmp.reg
    .
    Une copie infectée de c:\windows\SysWow64\userinit.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2012-06-19 au 2012-07-19 ))))))))))))))))))))))))))))))))))))
    .
    .
    2012-07-19 00:09 . 2012-07-19 00:09 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-17 12:40 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1896FB50-0A22-42E7-B81B-68AFEEF259C7}\mpengine.dll
    2012-07-13 14:19 . 2012-07-15 16:21 -------- d-----w- c:\users\Chantal\AppData\Local\CentrED
    2012-07-13 14:18 . 2012-07-13 14:18 -------- d-----w- c:\program files (x86)\AKS DataBasis
    2012-07-12 16:57 . 2012-07-14 13:03 -------- d-----w- c:\users\Chantal\AppData\Roaming\Pandora's Box 3
    2012-07-12 15:15 . 2012-07-13 14:42 -------- d-----w- c:\users\Chantal\AppData\Local\join.me
    2012-07-11 20:51 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 19:50 . 2012-06-02 11:57 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-07-11 19:50 . 2012-06-02 11:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-07-11 19:50 . 2012-06-02 08:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-07-11 19:01 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-11 19:01 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-07-10 19:37 . 2012-07-18 23:50 -------- d-s---w- c:\users\Chantal\Google Drive
    2012-07-10 19:36 . 2012-07-10 19:36 -------- d-----w- c:\program files (x86)\Google
    2012-07-07 18:13 . 2012-07-07 18:13 -------- d-----w- C:\_OTL
    2012-07-07 15:56 . 2012-07-07 15:56 512 ----a-w- C:\PhysicalMBR.bin
    2012-07-07 15:49 . 2012-07-07 15:49 -------- d-----w- c:\users\Chantal\AppData\Roaming\Yahoo!
    2012-07-05 13:42 . 2012-07-06 21:10 -------- d-----w- c:\program files (x86)\Yahoo!
    2012-07-05 01:12 . 2012-07-05 01:12 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-07-05 01:12 . 2012-07-05 01:12 -------- d-----w- c:\program files (x86)\Oracle
    2012-06-30 03:15 . 2012-06-30 03:15 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
    2012-06-30 02:51 . 2012-07-07 15:35 -------- d-----w- c:\users\Chantal\AppData\Roaming\CheckPoint
    2012-06-30 02:51 . 2012-06-30 02:51 -------- d-----w- c:\programdata\CheckPoint
    2012-06-29 02:31 . 2012-07-03 00:21 -------- d-----w- c:\program files (x86)\OApps
    2012-06-29 02:30 . 2012-07-19 00:08 -------- d-----w- c:\program files (x86)\intellidownload
    2012-06-28 16:03 . 2012-06-28 16:48 -------- d-sh--r- c:\programdata\DTSCache
    2012-06-28 16:03 . 2012-06-28 16:03 -------- d-----w- c:\users\Chantal\AppData\Roaming\DTS
    2012-06-28 15:56 . 2012-06-28 15:56 -------- d--h--w- c:\programdata\Common Files
    2012-06-20 18:10 . 2012-06-20 18:10 -------- d-----w- c:\program files (x86)\Common Files\Skype
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-11 20:47 . 2011-09-21 21:06 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-07-11 20:47 . 2012-03-30 19:05 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-11 20:47 . 2011-10-01 14:19 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-03 16:21 . 2012-02-25 20:10 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-07-03 16:21 . 2011-11-29 12:36 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-07-03 16:21 . 2011-11-29 12:36 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-07-03 16:21 . 2011-11-29 12:36 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-07-03 16:21 . 2011-11-29 12:36 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-07-03 16:21 . 2011-11-29 12:36 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-07-03 16:21 . 2011-11-29 12:35 41224 ----a-w- c:\windows\avastSS.scr
    2012-07-03 16:21 . 2011-11-29 12:35 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-07-03 16:21 . 2011-09-13 15:27 285328 ----a-w- c:\windows\system32\aswBoot.exe
    2012-06-02 22:19 . 2012-06-18 22:58 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-18 22:58 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-18 22:58 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-18 22:58 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-18 22:58 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-18 22:58 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-18 22:58 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 19:19 . 2012-06-18 22:57 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 19:15 . 2012-06-18 22:57 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-31 16:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-05-04 23:29 . 2012-06-10 13:40 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-05-04 23:29 . 2012-03-30 18:44 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-05-04 11:06 . 2012-06-13 17:53 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 10:03 . 2012-06-13 17:53 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03 . 2012-06-13 17:53 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40 . 2012-06-13 17:53 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-04-28 03:55 . 2012-06-13 17:53 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-04-26 05:41 . 2012-06-13 17:53 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-04-26 05:41 . 2012-06-13 17:53 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-04-26 05:34 . 2012-06-13 17:53 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-04-24 05:37 . 2012-06-13 17:53 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-04-24 05:37 . 2012-06-13 17:53 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-04-24 05:37 . 2012-06-13 17:53 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-04-24 04:36 . 2012-06-13 17:53 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36 . 2012-06-13 17:53 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-04-24 04:36 . 2012-06-13 17:53 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-06-20 12163848]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-18 318520]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux3"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
    @="FSFilter System Recovery"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-22 116648]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056]
    R3 dump_wmimmc;dump_wmimmc;c:\gpotato.eu\Dragonica\Release\GameGuard\dump_wmimmc.sys [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-22 116648]
    R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-14 1255736]
    R3 X6va006;X6va006;c:\users\Chantal\AppData\Local\Temp\006B300.tmp [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-03-04 78976]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-03-04 38528]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-08 270912]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-02 204288]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-02 365568]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
    S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-01 138400]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-01 76448]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]
    S2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe [2007-02-12 567216]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-02 9256960]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-02 300544]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-01 36000]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-01 298656]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-01 28832]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-01 201376]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-01 55456]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-01 154272]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-01 280224]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-05 436840]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2012-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 20:47]
    .
    2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-10 21:13]
    .
    2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-10 21:13]
    .
    2012-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2562924919-2598294202-125132033-1001Core.job
    - c:\users\Chantal\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-13 11:58]
    .
    2012-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2562924919-2598294202-125132033-1001UA.job
    - c:\users\Chantal\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-13 11:58]
    .
    2012-06-27 c:\windows\Tasks\HPCeeScheduleForCHANTAL-HP$.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    2012-07-18 c:\windows\Tasks\HPCeeScheduleForChantal.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2012-06-20 23:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2012-06-20 23:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2012-06-20 23:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2012-06-20 23:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.com/
    uLocal Page = c:\windows\System32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\Chantal\AppData\Roaming\Mozilla\Firefox\Profiles\g67vl39x.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.ca
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    URLSearchHooks-{f3902028-4a21-4793-8e05-793e183d51c2} - (no file)
    URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
    SafeBoot-dmboot.sys
    SafeBoot-dmio.sys
    SafeBoot-dmload.sys
    SafeBoot-dmadmin
    SafeBoot-dmserver
    SafeBoot-SRService
    WebBrowser-{F3902028-4A21-4793-8E05-793E183D51C2} - (no file)
    AddRemove-Fantasy Grounds - c:\users\Chantal\Desktop\D&D\FantasyGrounds\Uninstall.exe
    AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
    "ImagePath"="\??\c:\users\Chantal\AppData\Local\Temp\006B300.tmp"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\SysWOW64\ezSharedSvcHost.exe
    c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
    .
    **************************************************************************
    .
    Heure de fin: 2012-07-18 20:18:12 - La machine a redémarré
    ComboFix-quarantined-files.txt 2012-07-19 00:18
    .
    Avant-CF: 640 848 052 224 octets libres
    Après-CF: 640 515 567 616 octets libres
    .
    - - End Of File - - 707CAEAF7202226F9C8E2458C6664811
    0
  3. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    Télécharge ZHPDiag ( de Nicolas coolman ).
    https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html


    (outil de diagnostic)


    Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )

    Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin ( vista/Seven )

    Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.

    Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.

    Rend toi sur http://pjjoint.malekal.com/

    Clique sur "Parcourir "

    Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau

    Clique ensuite sur "Envoyer le fichier " et copie/colle le lien dans ton prochain message

    0
  4. Ariane
     
    http://pjjoint.malekal.com/files.php?id=ZHPDiag_20120719_n12k10m12h12u14
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    hello

    désolé pour l'absence

    Copie tout le texte présent en gras ci-dessous (tu le selectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )



    SysRestore
    EMPTYTEMP
    EMPTYFLASH
    O42 - Logiciel: Bejeweled 3 - (.WildTangent.) [HKLM] -- WT089498 => Infection PUP (Adware.PopCap)
    [HKLM\Software\WhiteSmokeTranslator] => Infection PUP (PUP.Whitesmoke)
    [HKLM\Software\WhiteSmoke] => Infection PUP (PUP.Whitesmoke)
    O44 - LFC:[MD5.A103FDF7348130EF3F3FEF56B1700A27] - 2012-07-13 - 12:45:49 ---A- . (...) -- C:\END [9]



    Puis Lance ZHPFix depuis le raccourci du bureau . (Clique droit -> Executer en tant qu'admin pour Vista ou Seven)

    * Une fois l'outil ZHPFix ouvert ,

    - Clique sur l'icone représentant la lettre H (« coller les lignes Helper »)
    - Les lignes se collent automatiquement dans ZHPFix, sinon colle les lignes
    - Clique sur le bouton « GO » pour lancer le nettoyage,
    - Copie/colle la totalité du rapport dans ta prochaine réponse

    le rapport se trouve dans le dossier de zhpdiag dans program files sous le nom de ZHPFixReport

    0