Dossiers éffacés Fermé

Question

Bonjour,  

Je me présente, j'ai 15 ans et j'ai il y a peu de temps acheté un toshiba satellite P870, j'ai sauvegardé mon système d'exploitation sur CD-roms mais je n'ai pas encore fait de sauvegarde du DD, n'ayant pas eu le temps et l'envie de le faire. 
Sur cet ordinateur, j'ai Mc-Afee Total Protection, j'ai téléchargé CodeBlocks, un IDE pour retranscrir le langage C ou C+ en langage binaire pour l'ordinateur et Mumble, un outil similaire à TeamSpeak. 
J'ai également mis sur cet ordinateur World Of Warcraft, provenant d'un DD d'un copain que j'avais auparavant scanné. Je ne surfe pas trop avec, je privilégie les sites surs, ayant eu quelques problèmes de virus sur un ancien ordinateur, et je scan mon ordinateur chaque semaine. 

Alors voici mon problème : 

J'allume mon ordinateur, je me log en session utilisateur, en entrant dans ma session, je vois que mon fond d'écran a changé et s'est remis au fond d'écran par défaut de Toshiba, je regarde sur le bureau et je distingue tous mes fichiers sauf celui nommé CodeBlocks dans lequel sont sauvegardés tous mes programmes et également dans lequel le jeu World Of Warcraft est stocké. 
Je lance une recherche de mon fichier et je le trouve, il avait seulement disparu du bureau. 
Je décide de rallumer mon ordinateur et je me log en session admin pour voir si il y a un probleme dessus. N'ayant rien vu d'anormal je retourne en session utilisateur et mon fond d'ecran personalisé est revenu mais le dossier CodeBlocks n'est pas sur le bureau. Je lance une recherche et elle se révèle non concluante, plus de CodeBlocks, plus de programmes, plus de jeu. J'ai cherché pendant longtemps, activé la visualisation des fichiers cachés et recherché en mode Admin et dans la corbeille mais rien. 
J'ai lancé un scan de McAfee mais je l'ai stoppé à 50%, il n'avait encore rien detecté et mon père rentrait, sachant que je n'ai pas le droit à l'ordi en semaine. 
Je suis plutôt prudent et je ne pense pas avoir de virus car mon ordinateur est plutot neuf (3mois) et je ne telecharge rien sur des sites non conseillés ou en P2P, j'analyse tout ce qui entre dans mon ordinateur et je procède à des analyses système régulières. 

Je voudrais donc savoir si vous savez ce que j'ai comme problème, je suis assez embêté au niveau de mes programmes mais j'ai surtout peur d'avoir chopé quelque chose :/ 

Je vous remercie par avance, j'espère avoir été clair et précis, je suis la pour plus de précisions. 



Configuration: iPhone / Safari 6533.18.5

g3n-h@ckm@n · Accepted Answer

si tu suis bien les consignes , il devrait y avoir aucun souci :)

g3n-h@ckm@n · Answer

dzlut java et adobe sont à jour ?

Nugup · Answer

Oui java et adobe sont surrement à jour mais je vais vérifier et j'ai des Majs Windows Update a faire. (8 il me semble)

g3n-h@ckm@n · Answer

Attention !!! : cet outil peut etre détecté à tort comme virus
Attention !!! : cet outil est puissant suivre scrupuleusement les instructions ci-dessous

tous les processus "non vitaux de windows" vont être coupés , enregistre ton travail.

Désactive toutes tes protections si possible , antivirus , sandbox , pare-feux , etc....

telecharge et enregistre Pre_Scan sur ton bureau :

https://forums-fec.be/gen-hackman/Pre_Scan.exe

si le lien ne fonctionne pas :

http://general-changelog-team.fr/fr/downloads/viewdownload/41-outils-de-gen-hackman/52-pre-scan
http://www.archive-host.com

Avertissement :Il y aura une extinction du bureau pendant le scan --> pas de panique.

une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan_la_date_et_l'heure.txt" sur le bureau.

si l'outil est relancé plusieurs fois , il te proposera un menu et qu'aucune option n'est demandée, lance l'option "Kill"

si l'outil est bloqué par l'infection utilise cette version avec extension .pif :

https://forums-fec.be/gen-hackman/Pre_Scan.pif

si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"

Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler

Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra sur le bureau en fin de scan

Il est possible que l'outil fasse redemarrer ton pc , laisse-le faire

NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)

Heberge le rapport sur http://pjjoint.malekal.com puis donne le lien obtenu en echange sur le forum où tu te fais aider

Nugup · Answer

Je vais être franc, j'ai assez peur d'utiliser ce programme, c'est un bel ordi et j'ai pas envie de le détruire, c'est ton programme je sais mais j'aimerais en savoir un peu plus sur le problème que je pourrait éventuellement avoir et savoir si une solution moins radicale peut être prise en compte. 
Si il n'y a pas d'autres solutions, je m'y contraindrais peut-être... 


Merci quand même de prendre de ton temps, j'ai screen ton tuto au cas ou j'en ai besoin. 
J'aimerais bien avoir l'avis d'autres personnes ou que l'on m'explique en détails les causes hypothétiques du problème.

g3n-h@ckm@n · Answer

si tu ne veux pas faire ce qu on demande inutile de demander de l'aide

Nugup · Answer

Je n'ai pas dit que je ne voulais pas faire ce que l'on me demandait, je veut d'abord savoir ce que je peux avoir comme problème, j'ai pas envie d'être le cobaye pour un programme que l'on me donne sur internet sans aucun garantie de fonctionnement.

Je veut bien suivre tes instructions mais j'aimerais tout d'abord avoir un peu plus de précisions.

g3n-h@ckm@n · Answer

Pre_Scan est un outil qui répare les services, supprime les rogues et les FakeAV/FakeAlert
Il répare le mode sans echec , internet explorer , détruit les proxy nefastes
Il réattribue les fichiers, supprime divers malwares,et répare les demarrages attrophiés par les infections dans son possible 
 
historique de l'outil ici :

https://gen-hackman.kanak.fr/

puis la suite ici :

https://gen-hackman.kanak.fr/

Nugup · Answer

C'est ok, je suis convaincu, je vais faire ce que tu ma dit dès que j'en aurait le temps, j'espère que ca va marcher :)

Nugup · Answer

J'ai telechargé Pre_Scan, je l'ai lancé et la ca fait 5 mins que la souris clignote légèrement et que le rond du chargement tourne à coté, c'est normal ?


Edit : Cela fait maintenant 35 mins, le bureau s'est éteint comme tu avais prévenu, l'ordinateur ventile beaucoup.

Nugup · Answer

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | 2.0928 | g3n-h@ckm@n & Saachaa | ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤

~ Update on 28/09/2012 | 00.30 by g3n-h@ckm@n
~ Informations | Evolution : https://gen-hackman.kanak.fr/
~ Informations for the switches Pre_Script : https://gen-hackman.kanak.fr/
~ Feedback Pre_scan : https://gen-hackman.kanak.fr/#505
~ Thx to C_XX , Slyk for their help for the evolution of the tool

~ User : utilisateur (Administrateurs) | SID = S-1-5-21-1415005117-1820878988-2034386346-1001
~ Computer : PC-ANTOINE

~ System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1
~ InstallationType : Client
~ RegisteredOwner : utilisateur
~ RegisteredOrganization : 
~ ProcessorNameString : Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
~ Identifier : Intel64 Family 6 Model 42 Stepping 7

~ Mémory RAM = Total (KB) : 6206780 | Used (%) : 27 | Free (KB) : 4512960
~ Pagefile = Total (KB) : 12411700 | Free (KB) : 10666030
~ Virtual = Total (KB) : 4194180 | Free (KB) : 3981480

¤¤¤¤¤¤¤¤¤¤ | Boot's scripts

C:\windows\Setup\Scripts\B2C.txt
C:\windows\Setup\Scripts\labelc2rdrive.exe
C:\windows\Setup\Scripts\labelc2rdrive.exe.config
C:\windows\Setup\Scripts\SetupComplete.cmd

¤¤¤¤¤¤¤¤¤¤ | Drives

c:\ -> [Fixed] | [TI30888600B] | Total : 935120 Mo | Free : 887790 Mo -> NTFS

Scan : 14:55:01 | 28/09/2012

¤¤¤¤¤¤¤¤¤¤ | Windows Updates



~ C:\windows\system32\config\systemprofile
~ C:\Windows\ServiceProfiles\LocalService
~ C:\Windows\ServiceProfiles\NetworkService
~ C:\Users\UpdatusUser
~ C:\Users\utilisateur
~ C:\Users\Antoine.utilisateur-

New restorepoint created


¤¤¤¤¤¤¤¤¤¤ | MD5 Control

[MD5.983085155BAED9261759F8C725E27119] - [28/09/2012 14:55:02] - [0.5 Ko] - C:\Pre_Scan\MBR.bin
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - [15/03/2012 14:20:29] - (.© Microsoft Corporation. - Explorateur Windows.) - [2804.5 Ko] - (6.1.7601.17567) - C:\windows\explorer.exe
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - [15/03/2012 14:20:29] - (.© Microsoft Corporation. - Explorateur Windows.) - [2555 Ko] - (6.1.7601.17567) - C:\windows\SysWOW64\explorer.exe
[MD5.AC4C51EB24AA95B77F705AB159189E24] - [21/11/2010 14:24:11] - (.© Microsoft Corporation. - Windows Explorer.) - [2805 Ko] - (6.1.7601.17514) - C:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - [15/03/2012 14:20:29] - (.© Microsoft Corporation. - Windows Explorer.) - [2804.5 Ko] - (6.1.7601.17567) - C:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[MD5.3B69712041F3D63605529BD66DC00C48] - [15/03/2012 14:20:29] - (.© Microsoft Corporation. - Windows Explorer.) - [2804.5 Ko] - (6.1.7601.21669) - C:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[MD5.40D777B7A95E00593EB1568C68514493] - [21/11/2010 14:24:25] - (.© Microsoft Corporation. - Windows Explorer.) - [2555 Ko] - (6.1.7601.17514) - C:\windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - [15/03/2012 14:20:29] - (.© Microsoft Corporation. - Windows Explorer.) - [2555 Ko] - (6.1.7601.17567) - C:\windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[MD5.0FB9C74046656D1579A64660AD67B746] - [15/03/2012 14:20:29] - (.© Microsoft Corporation. - Windows Explorer.) - [2555 Ko] - (6.1.7601.21669) - C:\windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [14/07/2009 10:19:49] - (.© Microsoft Corporation. - Processus d'exécution client-serveur.) - [7.5 Ko] - (6.1.7600.16385) - C:\windows\System32\csrss.exe
[MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [14/07/2009 10:19:49] - (.© Microsoft Corporation. - Client Server Runtime Process.) - [7.5 Ko] - (6.1.7600.16385) - C:\windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
[MD5.24ACB7E5BE595468E3B9AA488B9B4FCB] - [14/07/2009 10:19:46] - (.© Microsoft Corporation. - Applications Services et Contrôleur.) - [321 Ko] - (6.1.7600.16385) - C:\windows\System32\services.exe
[MD5.24ACB7E5BE595468E3B9AA488B9B4FCB] - [14/07/2009 10:19:46] - (.© Microsoft Corporation. - Services and Controller app.) - [321 Ko] - (6.1.7600.16385) - C:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[MD5.1911A3356FA3F77CCC825CCBAC038C2A] - [14/07/2009 10:19:50] - (.© Microsoft Corporation. - Gestionnaire de sessions Windows.) - [110 Ko] - (6.1.7600.16385) - C:\windows\System32\smss.exe
[MD5.1911A3356FA3F77CCC825CCBAC038C2A] - [14/07/2009 10:19:50] - (.© Microsoft Corporation. - Windows Session Manager.) - [110 Ko] - (6.1.7600.16385) - C:\windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
[MD5.BAFE84E637BF7388C96EF48D4D3FDD53] - [21/11/2010 14:24:28] - (.© Microsoft Corporation. - Application d'ouverture de session Userinit.) - [30 Ko] - (6.1.7601.17514) - C:\windows\System32\userinit.exe
[MD5.61AC3EFDFACFDD3F0F11DD4FD4044223] - [21/11/2010 14:23:55] - (.© Microsoft Corporation. - Application d'ouverture de session Userinit.) - [26 Ko] - (6.1.7601.17514) - C:\windows\SysWOW64\userinit.exe
[MD5.BAFE84E637BF7388C96EF48D4D3FDD53] - [21/11/2010 14:24:28] - (.© Microsoft Corporation. - Userinit Logon Application.) - [30 Ko] - (6.1.7601.17514) - C:\windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[MD5.61AC3EFDFACFDD3F0F11DD4FD4044223] - [21/11/2010 14:23:55] - (.© Microsoft Corporation. - Userinit Logon Application.) - [26 Ko] - (6.1.7601.17514) - C:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - [14/07/2009 10:52:37] - (.© Microsoft Corporation. - Application de démarrage de Windows.) - [126 Ko] - (6.1.7600.16385) - C:\windows\System32\wininit.exe
[MD5.B5C5DCAD3899512020D135600129D665] - [14/07/2009 10:36:49] - (.© Microsoft Corporation. - Application de démarrage de Windows.) - [94 Ko] - (6.1.7600.16385) - C:\windows\SysWOW64\wininit.exe
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - [14/07/2009 10:52:37] - (.© Microsoft Corporation. - Windows Start-Up Application.) - [126 Ko] - (6.1.7600.16385) - C:\windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[MD5.B5C5DCAD3899512020D135600129D665] - [14/07/2009 10:36:49] - (.© Microsoft Corporation. - Windows Start-Up Application.) - [94 Ko] - (6.1.7600.16385) - C:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - [21/11/2010 14:24:29] - (.© Microsoft Corporation. - Application d'ouverture de session Windows.) - [381.5 Ko] - (6.1.7601.17514) - C:\windows\System32\winlogon.exe
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - [21/11/2010 14:24:29] - (.© Microsoft Corporation. - Windows Logon Application.) - [381.5 Ko] - (6.1.7601.17514) - C:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - [18/08/2012 18:33:34] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [487 Ko] - (6.1.7601.17752) - C:\windows\System32\drivers\afd.sys
[MD5.D31DC7A16DEA4A9BAF179F3D6FBDB38C] - [21/11/2010 14:24:08] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [488 Ko] - (6.1.7601.17514) - C:\windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[MD5.D5B031C308A409A0A576BFF4CF083D30] - [15/03/2012 14:21:23] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [487.5 Ko] - (6.1.7601.17603) - C:\windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - [18/08/2012 18:33:34] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [487 Ko] - (6.1.7601.17752) - C:\windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[MD5.F4AD06143EAC303F55D0E86C40802976] - [15/03/2012 14:21:23] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [487.5 Ko] - (6.1.7601.21712) - C:\windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[MD5.36A14FD1A23F57046361733B792CA8DB] - [18/08/2012 18:33:34] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [486.5 Ko] - (6.1.7601.21887) - C:\windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - [14/07/2009 10:19:47] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [23.56 Ko] - (6.1.7600.16385) - C:\windows\System32\drivers\atapi.sys
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - [14/07/2009 10:19:47] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [23.56 Ko] - (6.1.7600.16385) - C:\windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[MD5.F036CE71586E93D94DAB220D7BDF4416] - [21/11/2010 14:23:47] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [144 Ko] - (6.1.7601.17514) - C:\windows\System32\drivers\cdrom.sys
[MD5.F036CE71586E93D94DAB220D7BDF4416] - [21/11/2010 14:23:47] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [144 Ko] - (6.1.7601.17514) - C:\windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys
[MD5.09594D1089C523423B32A4229263F068] - [21/11/2010 14:23:51] - (.© Microsoft Corporation. - MBT Transport driver.) - [255.5 Ko] - (6.1.7601.17514) - C:\windows\System32\drivers
etbt.sys
[MD5.09594D1089C523423B32A4229263F068] - [21/11/2010 14:23:51] - (.© Microsoft Corporation. - MBT Transport driver.) - [255.5 Ko] - (6.1.7601.17514) - C:\windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6
etbt.sys
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - [21/11/2010 14:24:32] - (.© Microsoft Corporation. - TDI Translation Driver.) - [116.5 Ko] - (6.1.7601.17514) - C:\windows\System32\drivers	dx.sys
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - [21/11/2010 14:24:32] - (.© Microsoft Corporation. - TDI Translation Driver.) - [116.5 Ko] - (6.1.7601.17514) - C:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8	dx.sys
[MD5.DF8126BD41180351A093A3AD2FC8903B] - [15/03/2012 14:11:02] - (.© Microsoft Corporation. - Pilote de cliché instantané du volume.) - [289.38 Ko] - (6.1.7601.17567) - C:\windows\System32\drivers\volsnap.sys
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - [21/11/2010 14:23:47] - (.© Microsoft Corporation. - Volume Shadow Copy Driver.) - [288.88 Ko] - (6.1.7601.17514) - C:\windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[MD5.DF8126BD41180351A093A3AD2FC8903B] - [15/03/2012 14:11:02] - (.© Microsoft Corporation. - Volume Shadow Copy Driver.) - [289.38 Ko] - (6.1.7601.17567) - C:\windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17567_none_73a9ae3212da5cc8\volsnap.sys
[MD5.879CE6AEA3FE874AD4C500B6B6198EB0] - [15/03/2012 14:11:02] - (.© Microsoft Corporation. - Volume Shadow Copy Driver.) - [289.38 Ko] - (6.1.7601.21668) - C:\windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.21668_none_74344b472bf715e9\volsnap.sys

14:56:15

¤¤¤¤¤¤¤¤¤¤ | Processes stopped

nvvsvc.exe (808) -> Process stopped !
wlanext.exe (1452) -> Process stopped !
spoolsv.exe (1656) -> Process stopped !
armsvc.exe (1904) -> Process stopped !
AppleMobileDeviceService.exe (1184) -> Process stopped !
mDNSResponder.exe (2152) -> Process stopped !
EvtEng.exe (2192) -> Process stopped !
HeciServer.exe (2244) -> Process stopped !
IntelMeFWService.exe (2316) -> Process stopped !
Jhi_service.exe (2344) -> Process stopped !
McSvHost.exe (2424) -> Process stopped !
RegSrvc.exe (2576) -> Process stopped !
c2c_service.exe (2648) -> Process stopped !
TeamViewer_Service.exe (2692) -> Process stopped !
TemproSvc.exe (2736) -> Process stopped !
ThpSrv.exe (2804) -> Process stopped !
TODDSrv.exe (2828) -> Process stopped !
TosCoSrv.exe (2860) -> Process stopped !
WLIDSVC.EXE (2988) -> Process stopped !
ZeroConfigService.exe (3040) -> Process stopped !
TecoService.exe (2308) -> Process stopped !
TrustedInstaller.exe (4176) -> Process stopped !
SearchIndexer.exe (5408) -> Process stopped !
iPodService.exe (5900) -> Process stopped !
wmpnetwk.exe (5384) -> Process stopped !
TMachInfo.exe (2004) -> Process stopped !
LMS.exe (5244) -> Process stopped !
MOBKbackup.exe (4900) -> Process stopped !
NASvc.exe (620) -> Process stopped !
TosSmartSrv.exe (5668) -> Process stopped !
daemonu.exe (5636) -> Process stopped !
VSSVC.exe (1856) -> Process stopped !
sppsvc.exe (5752) -> Process stopped !
UNS.exe (2920) -> Process stopped !
rundll32.exe (2568) -> Process stopped !
rundll32.exe (6380) -> Process stopped !
nvxdsync.exe (6984) -> Process stopped !
nvvsvc.exe (5764) -> Process stopped !
mcupdmgr.exe (6300) -> Process stopped !
taskhost.exe (6276) -> Process stopped !
explorer.exe (3108) -> Process stopped !
taskeng.exe (6160) -> Process stopped !
RAVCpl64.exe (4740) -> Process stopped !
TCrdMain.exe (4420) -> Process stopped !
Teco.exe (5000) -> Process stopped !
ThpSrv.exe (4576) -> Process stopped !
ismagent.exe (4848) -> Process stopped !
igfxtray.exe (2704) -> Process stopped !
hkcmd.exe (2596) -> Process stopped !
igfxpers.exe (3956) -> Process stopped !
TosSENotify.exe (1600) -> Process stopped !
SuperCopier2.exe (3204) -> Process stopped !
TOPI.exe (3268) -> Process stopped !
nvtray.exe (5896) -> Process stopped !
ToshibaServiceStation.exe (5320) -> Process stopped !
iTunesHelper.exe (6820) -> Process stopped !
mcagent.exe (2132) -> Process stopped !
taskeng.exe (4904) -> Process stopped !
widimon.exe (6344) -> Process stopped !
igfxext.exe (1152) -> Process stopped !
igfxsrvc.exe (3448) -> Process stopped !

¤¤¤¤¤¤¤¤¤¤ | Running processes

Boot : Normal  

[MD5.1911A3356FA3F77CCC825CCBAC038C2A] - [14/07/2009 10:19:50] - 444 | C:\windows\System32\smss.exe (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7600.16385) -> \SystemRoot\System32\smss.exe   [112640 Ko]
[MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [14/07/2009 10:19:49] - 776 | C:\windows\system32\csrss.exe (.Microsoft Corporation - Processus d'exécution client-serveur.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16   [7680 Ko]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - [14/07/2009 10:52:37] - 880 | C:\windows\system32\wininit.exe (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) -> wininit.exe   [129024 Ko]
[MD5.3EE6C4A17173C0B6822585296E9AB209] - [14/07/2009 10:19:46] - 944 | C:\windows\system32\services.exe (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.1.7600.16385) -> C:\windows\system32\services.exe   [328704 Ko]
[MD5.C118A82CD78818C29AB228366EBF81C3] - [15/03/2012 14:28:46] - 960 | C:\windows\system32\lsass.exe (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.17725) -> C:\windows\system32\lsass.exe   [31232 Ko]
[MD5.F2BF82316E93E590FF081B95F68443B7] - [21/11/2010 14:23:53] - 968 | C:\windows\system32\lsm.exe (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7601.17514) -> C:\windows\system32\lsm.exe   [343040 Ko]
[MD5.6F68F63794097E54F36474ED4384B759] - [15/03/2012 14:10:54] - 420 | C:\windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7601.17568) -> C:\windows\system32\svchost.exe -k DcomLaunch   [27648 Ko]
[MD5.6F68F63794097E54F36474ED4384B759] - [15/03/2012 14:10:54] - 936 | C:\windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7601.17568) -> C:\windows\system32\svchost.exe -k RPCSS   [27648 Ko]
[MD5.6F68F63794097E54F36474ED4384B759] - [15/03/2012 14:10:54] - 1040 | C:\windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7601.17568) -> C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted   [27648 Ko]
[MD5.6F68F63794097E54F36474ED4384B759] - [15/03/2012 14:10:54] - 1088 | C:\windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7601.17568) -> C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted   [27648 Ko]
[MD5.6F68F63794097E54F36474ED4384B759] - [15/03/2012 14:10:54] - 1128 | C:\windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7601.17568) -> C:\windows\system32\svchost.exe -k netsvcs   [27648 Ko]
[MD5.6F68F63794097E54F36474ED4384B759] - [15/03/2012 14:10:54] - 1260 | C:\windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7601.17568) -> C:\windows\system32\svchost.exe -k LocalService   [27648 Ko]
[MD5.6F68F63794097E54F36474ED4384B759] - [15/03/2012 14:10:54] - 1364 | C:\windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7601.17568) -> C:\windows\system32\svchost.exe -k NetworkService   [27648 Ko]
[MD5.6F68F63794097E54F36474ED4384B759] - [15/03/2012 14:10:54] - 1692 | C:\windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7601.17568) -> C:\windows\system32\svchost.exe -k LocalServiceNoNetwork   [27648 Ko]
[MD5.6B07F63FDFB99DDDD9A9B0EF41AA36CE] - [20/08/2012 08:53:20] - 2480 | C:\windows\system32\mfevtps.exe (.McAfee, Inc. - McAfee Process Validation Service.) - (15.1.0.518) -> "C:\windows\system32\mfevtps.exe"   [177144 Ko]
[MD5.BEBF11C735F5E09B18A9C6F5E7BC3A6D] - [20/08/2012 09:01:42] - 2184 | C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (.McAfee, Inc. - McAfee On-Access Scanner service.) - (15.1.0.461) -> "C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe"   [237920 Ko]
[MD5.A85432F3960504F4A923A7385F2A0C12] - [20/08/2012 09:01:46] - 1736 | C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (.McAfee, Inc. - McAfee Core Firewall Service.) - (15.1.0.518) -> "C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe"   [218320 Ko]
[MD5.521202AA6F2B74FCCC6BC7E162109D71] - [14/07/2009 10:47:12] - 3452 | C:\windows\system32\wbem\unsecapp.exe (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.1.7600.16385) -> C:\windows\system32\wbem\unsecapp.exe -Embedding   [47104 Ko]
[MD5.34D4C852C7EAAD794C5932D7B894CBA8] - [21/11/2010 14:24:15] - 3496 | C:\windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) -> C:\windows\system32\wbem\wmiprvse.exe   [372736 Ko]
[MD5.6F68F63794097E54F36474ED4384B759] - [15/03/2012 14:10:54] - 4260 | C:\windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7601.17568) -> C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation   [27648 Ko]
[MD5.6F68F63794097E54F36474ED4384B759] - [15/03/2012 14:10:54] - 4440 | C:\windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7601.17568) -> C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted   [27648 Ko]
[MD5.34D4C852C7EAAD794C5932D7B894CBA8] - [21/11/2010 14:24:15] - 3564 | C:\windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) -> C:\windows\system32\wbem\wmiprvse.exe   [372736 Ko]
[MD5.6F68F63794097E54F36474ED4384B759] - [15/03/2012 14:10:54] - 6632 | C:\windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7601.17568) -> C:\windows\System32\svchost.exe -k LocalServicePeerNet   [27648 Ko]
[MD5.A8EDB86FC2A4D6D1285E4C70384AC35A] - [14/07/2009 10:59:17] - 6428 | C:\windows\system32\DllHost.exe (.Microsoft Corporation - COM Surrogate.) - (6.1.7600.16385) -> C:\windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}   [9728 Ko]
[MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [14/07/2009 10:19:49] - 5556 | C:\windows\system32\csrss.exe (.Microsoft Corporation - Processus d'exécution client-serveur.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16   [7680 Ko]
[MD5.8ACDF26E44D108653FE638ABDF5BB043] - [21/11/2010 14:24:29] - 5468 | C:\windows\system32\winlogon.exe (.Microsoft Corporation - Application d'ouverture de session Windows.) - (6.1.7601.17514) -> winlogon.exe   [390656 Ko]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - [14/07/2009 10:41:43] - 6556 | C:\windows\SysWOW64undll32.exe (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (6.1.7600.16385) -> "C:\windows\system32undll32.exe" "c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll", saHooker_Initialize_and_Wait   [44544 Ko]
[MD5.F162D5F5E845B9DC352DD1BAD8CEF1BC] - [14/07/2009 10:37:38] - 6264 | C:\windows\system32\Dwm.exe (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.1.7600.16385) -> "C:\windows\system32\Dwm.exe"   [120320 Ko]
[MD5.0D6BB8B1F81231F9264F6B4979BD900F] - [14/02/2012 11:23:08] - 4420 | C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (.TOSHIBA Corporation - TOSHIBA Flash Cards Main Module.) - (1.0.16.64) -> "C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"    [989056 Ko]
[MD5.22080A583FC60ECB1DB1B0B46B32225A] - [28/09/2012 13:02:34] - 1960 | C:\Users\utilisateur\Desktop\winlogon.exe (. - g3n-h@ckm@n.) - (2.0.9.28) -> "C:\Users\utilisateur\Desktop\winlogon.exe"    [1769339 Ko]
[MD5.5334C75D014A4DDD257019EDCEA9985F] - [03/02/2012 16:29:52] - 5780 | C:\Program Files\Intel\iCLS Client\HeciServer.exe (.Intel(R) Corporation - Intel(R) Capability Licensing Service Interface.) - (1.23.605.1) -> "C:\Program Files\Intel\iCLS Client\HeciServer.exe"   [628448 Ko]
[MD5.A5BA8710E3C5A7563C359F364974F2ED] - [31/07/2012 04:05:59] - 1460 | C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (.TeamViewer GmbH - TeamViewer Remote Control Application.) - (7.0.12313.0) -> "C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe"   [2984832 Ko]
[MD5.5D63FBE874CEE3C61C68536A1CD7282B] - [29/03/2011 15:11:06] - 2164 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4232.0) -> "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"   [2292096 Ko]
[MD5.2E74E62AC54210033BAE40AFEB98380A] - [08/05/2012 17:24:40] - 2868 | C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (.Intel Corporation - Local Manageability Service.) - (8.0.3.1427) -> "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"   [277784 Ko]
[MD5.DA564DA7ED156AD4B3FC76853A6D2978] - [29/03/2011 15:11:06] - 3860 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) - (7.250.4232.0) -> WLIDSvcM.exe 2164   [223104 Ko]
[MD5.E72CC771FFB4DA5995D422DAB718AAC6] - [21/11/2010 14:25:05] - 5252 | C:\Program Files\Windows Media Player\wmpnetwk.exe (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.7601.17514) -> "C:\Program Files\Windows Media Player\wmpnetwk.exe"   [1525248 Ko]
[MD5.EB26CE28CA682D39D0CBFEA6FE28E12D] - [15/03/2012 14:23:10] - 2300 | C:\windows\system32\SearchIndexer.exe (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.17610) -> C:\windows\system32\SearchIndexer.exe /Embedding   [591872 Ko]
[MD5.81FC8AC5503F4150BE8F7DD7176E39D0] - [15/03/2012 14:23:10] - 2728 | C:\windows\system32\SearchProtocolHost.exe (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7601.17610) -> "C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"    [249856 Ko]
[MD5.49A3AD5CE578CD77F445F3D244AEAB2D] - [15/03/2012 14:23:10] - 2800 | C:\windows\system32\SearchFilterHost.exe (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.7601.17610) -> "C:\windows\system32\SearchFilterHost.exe" 0 536 540 548 65536 544    [113664 Ko]
[MD5.3FE7C2DA248A3F03604D2A6570C479A4] - [20/08/2012 07:43:30] - 2992 | C:\windows\System32\spoolsv.exe (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17777) -> C:\windows\System32\spoolsv.exe   [559104 Ko]
[MD5.F401929EE0CC92BFE7F15161CA535383] - [24/05/2012 13:28:56] - 5016 | C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (.Apple Inc. - MobileDeviceService.) - (17.89.0.42) -> "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"   [55184 Ko]
[MD5.01409727EBD44EFF7ADDB3B68A0F2958] - [20/08/2012 09:01:34] - 3248 | C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (.McAfee, Inc. - McAfee Service Host.) - (2.6.195.0) -> "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc   [200728 Ko]
[MD5.3103F4837CA74D8E4C7BC429CD074002] - [20/08/2012 09:01:53] - 7112 | c:\PROGRA~1\mcafee.com\agent\mcagent.exe (.McAfee, Inc. - McAfee Security Center.) - (11.6.385.0) -> "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" -Embedding   [1527896 Ko]

¤¤¤¤¤¤¤¤¤¤ | Winlogon


¤

[HKLM | Winlogon]|[Shell] : explorer.exe
[HKLM64 | Winlogon]|[Shell] : explorer.exe
[HKLM | Winlogon]|[AutoRestartShell] :  -> 0
[HKLM64 | Winlogon]|[AutoRestartShell] : 1 -> 0
[HKLM | Winlogon]|[userinit] : userinit.exe -> C:\windows\SysWOW64\userinit.exe,
[HKLM64 | Winlogon]|[userinit] : C:\Windows\system32\userinit.exe,
[HKLM | Winlogon]|[PowerDownAfterShutdown] :  -> 1
[HKLM64 | Winlogon]|[PowerDownAfterShutdown] : 0 -> 1
[HKLM | Winlogon]|[System] : 
[HKLM64 | Winlogon]|[System] : 

¤¤¤¤¤¤¤¤¤¤ | Associations

[.exe] : exefile
[exefile | command] : "%1" %*
[.com] : comfile
[comfile | command] : "%1" %*
[.reg] : regfile
[regfile | command] : regedit.exe "%1"
[.scr] : scrfile
[scrfile | command] : "%1" /S
[.bat] : batfile
[batfile | command] : "%1" %*
[.cmd] : cmdfile
[cmdfile | command] : "%1" %*
[.pif] : piffile
[piffile | command] : "%1" %*
[.url] : InternetShortcut
[InternetShortcut | command] : "C:\Windows\System32undll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l
[Application.Manifest | command] : rundll32.exe dfshim.dll,ShOpenVerbApplication %1
[Application.Reference | command] : rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2
[Folder | command] : %SystemRoot%\Explorer.exe -> C:\windows\explorer.exe

¤

[IE | Command] | @ : C:\Program Files (x86)\Internet Explorer\iexplore.exe -> "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
[IE64 | Command] | @ : "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
[Applications | IE | Command] | @ : "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
[Chrome | Command] | @ : "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -> "C:\Users\utilisateur\AppData\Local\Google\Chrome\Application\Chrome.exe"
[Chrome64 | Command] | @ : "C:\Users\utilisateur\AppData\Local\Google\Chrome\Application\Chrome.exe"
[Assoc | Applications] | @ : http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s
[Assoc64 | Applications] | @ : http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s

¤¤¤¤¤¤¤¤¤¤ | Corrections diverses

[HKLM | Advanced\Folder\Hidden\SHOWALL]|[CheckedValue] : 1
[HKLM64 | Advanced\Folder\Hidden\SHOWALL]|[CheckedValue] : 1
[HKLM | CurrentVersion\Explorer]|[AlwaysUnloadDll] :  -> 1
[HKLM64 | CurrentVersion\Explorer]|[AlwaysUnloadDll] :  -> 1
[HKU\S-1-5-21-1415005117-1820878988-2034386346-1001 | Desktop]|[Wallpaper] : C:\Users\utilisateur\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
[HKU\S-1-5-18 | Desktop]|[Wallpaper] : C:\Windows\System32\oobe\info\backgrounds\BackgroundDefault.jpg
[HKU64\S-1-5-21-1415005117-1820878988-2034386346-1001 | Desktop]|[Wallpaper] : C:\Users\utilisateur\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
[HKU64\S-1-5-18 | Desktop]|[Wallpaper] : C:\Windows\System32\oobe\info\backgrounds\BackgroundDefault.jpg
[HKU\S-1-5-19 | Explorer\Advanced]|[Hidden] :  -> 0
[HKU\S-1-5-20 | Explorer\Advanced]|[Hidden] :  -> 0
[HKU\S-1-5-21-1415005117-1820878988-2034386346-1001 | Explorer\Advanced]|[Hidden] : 1 -> 0
[HKU\S-1-5-21-1415005117-1820878988-2034386346-1001_Classes | Explorer\Advanced]|[Hidden] :  -> 0
[HKU\S-1-5-18 | Explorer\Advanced]|[Hidden] :  -> 0
[HKU64\S-1-5-19 | Explorer\Advanced]|[Hidden] : 0
[HKU64\S-1-5-20 | Explorer\Advanced]|[Hidden] : 0
[HKU64\S-1-5-21-1415005117-1820878988-2034386346-1001 | Explorer\Advanced]|[Hidden] : 0
[HKU64\S-1-5-21-1415005117-1820878988-2034386346-1001_Classes | Explorer\Advanced]|[Hidden] : 0
[HKU64\S-1-5-18 | Explorer\Advanced]|[Hidden] : 0
[HKU\S-1-5-21-1415005117-1820878988-2034386346-1001 | Policies\Explorer]|[NoDriveTypeAutoRun] : 145
[HKU64\S-1-5-21-1415005117-1820878988-2034386346-1001 | Policies\Explorer]|[NoDriveTypeAutoRun] : 145
[HKLM | Control\SafeBoot]|[AlternateShell] : cmd.exe
[HKU\S-1-5-21-1415005117-1820878988-2034386346-1001 | Policies\System]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 0
[HKU64\S-1-5-21-1415005117-1820878988-2034386346-1001 | Policies\System]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 0
[HKU\S-1-5-21-1415005117-1820878988-2034386346-1001 | Policies\System]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 0
[HKU64\S-1-5-21-1415005117-1820878988-2034386346-1001 | Policies\System]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 0
[HKLM | HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0
[HKLM64 | HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0
[HKLM64 | HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0
[HKLM64 | HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0
[HKLM64 | HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0
[HKLM64 | HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0
[HKLM64 | HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0
[HKLM64 | HideDesktopIcons\NewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0
[HKLM | Policies\Explorer]|[NoActiveDesktop] : 1 -> 0
[HKLM64 | Policies\Explorer]|[NoActiveDesktop] : 0
[HKLM | Policies\Explorer]|[NoActiveDesktopChanges] : 1 -> 0
[HKLM64 | Policies\Explorer]|[NoActiveDesktopChanges] : 0

14:56:22

¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair

[HKLM | Safeboot] -> OK
[HKLM | Safeboot\Minimal] -> OK
[HKLM | Safeboot\Network] -> OK

¤

[HKLM | Minimal\Base] : Driver Group -> OK
[HKLM | Minimal\Boot Bus Extender] : Driver Group -> OK
[HKLM | Minimal\Boot file system] : Driver Group -> OK
[HKLM | Minimal\File system] : Driver Group -> OK
[HKLM | Minimal\Filter] : Driver Group -> OK
[HKLM | Minimal\PCI Configuration] : Driver Group -> OK
[HKLM | Minimal\PNP Filter] : Driver Group -> OK
[HKLM | Minimal\Primary disk] : Driver Group -> OK
[HKLM | Minimal\SCSI Class] : Driver Group -> OK
[HKLM | Minimal\System Bus Extender] : Driver Group -> OK
[HKLM | Minimal\AppMgmt] : Service -> OK
[HKLM | Minimal\CryptSvc] : Service -> OK
[HKLM | Minimal\DcomLaunch] : Service -> OK
[HKLM | Minimal\dmadmin] :  -> Service
[HKLM | Minimal\dmserver] :  -> Service
[HKLM | Minimal\EventLog] : Service -> OK
[HKLM | Minimal\HelpSvc] : Service -> OK
[HKLM | Minimal\Netlogon] : Service -> OK
[HKLM | Minimal\PlugPlay] : Service -> OK
[HKLM | Minimal\RpcSs] : Service -> OK
[HKLM | Minimal\SRService] :  -> Service
[HKLM | Minimal\vds] : Service -> OK
[HKLM | Minimal\WinMgmt] : Service -> OK
[HKLM | Minimal\dmboot.sys] :  -> Driver
[HKLM | Minimal\dmio.sys] :  -> Driver
[HKLM | Minimal\dmload.sys] :  -> Driver
[HKLM | Minimal\sermouse.sys] : Driver -> OK
[HKLM | Minimal\vga.sys] : Driver -> OK
[HKLM | Minimal\vgasave.sys] : Driver -> OK
[HKLM | Minimal\sr.sys] :  -> FSFilter System Recovery
[HKLM | Minimal\{36FC9E60-C465-11CF-8056-444553540000}] : Universal Serial Bus controllers -> OK
[HKLM | Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] : CD-ROM Drive -> OK
[HKLM | Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] : DiskDrive -> OK
[HKLM | Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] : Standard floppy disk controller -> OK
[HKLM | Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] : Hdc -> OK
[HKLM | Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] : Keyboard -> OK
[HKLM | Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] : Mouse -> OK
[HKLM | Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] : PCMCIA Adapters -> OK
[HKLM | Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] : SCSIAdapter -> OK
[HKLM | Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] : System -> OK
[HKLM | Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] : Floppy disk drive -> OK
[HKLM | Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] : Volume shadow copy -> OK
[HKLM | Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] : Volume -> OK
[HKLM | Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] : Human Interface Devices -> OK

¤

[HKLM | Network\Base] : Driver Group -> OK
[HKLM | Network\Boot Bus Extender] : Driver Group -> OK
[HKLM | Network\Boot file system] : Driver Group -> OK
[HKLM | Network\File system] : Driver Group -> OK
[HKLM | Network\Filter] : Driver Group -> OK
[HKLM | Network\NDIS] : Driver Group -> OK
[HKLM | Network\NDIS Wrapper] : Driver Group -> OK
[HKLM | Network\NetBIOSGroup] : Driver Group -> OK
[HKLM | Network\NetDDEGroup] : Driver Group -> OK
[HKLM | Network\Network] : Driver Group -> OK
[HKLM | Network\NetworkProvider] : Driver Group -> OK
[HKLM | Network\PCI Configuration] : Driver Group -> OK
[HKLM | Network\PNP Filter] : Driver Group -> OK
[HKLM | Network\PNP_TDI] : Driver Group -> OK
[HKLM | Network\Primary disk] : Driver Group -> OK
[HKLM | Network\SCSI Class] : Driver Group -> OK
[HKLM | Network\Streams Drivers] : Driver Group -> OK
[HKLM | Network\System Bus Extender] : Driver Group -> OK
[HKLM | Network\TDI] : Driver Group -> OK
[HKLM | Network\AFD] : Service -> OK
[HKLM | Network\AppMgmt] : Service -> OK
[HKLM | Network\Browser] : Service -> OK
[HKLM | Network\CryptSvc] : Service -> OK
[HKLM | Network\DcomLaunch] : Service -> OK
[HKLM | Network\Dhcp] : Service -> OK
[HKLM | Network\dmadmin] :  -> Service
[HKLM | Network\dmserver] :  -> Service
[HKLM | Network\DnsCache] : Service -> OK
[HKLM | Network\EventLog] : Service -> OK
[HKLM | Network\HelpSvc] : Service -> OK
[HKLM | Network\LanmanServer] : Service -> OK
[HKLM | Network\LanmanWorkstation] : Service -> OK
[HKLM | Network\LmHosts] : Service -> OK
[HKLM | Network\Messenger] : Service -> OK
[HKLM | Network\Ndisuio] : Service -> OK
[HKLM | Network\NetBIOS] : Service -> OK
[HKLM | Network\NetBT] : Service -> OK
[HKLM | Network\Netlogon] : Service -> OK
[HKLM | Network\NetMan] : Service -> OK
[HKLM | Network\NtLmSsp] :  -> Service
[HKLM | Network\PlugPlay] : Service -> OK
[HKLM | Networkdsessmgr] : Service -> OK
[HKLM | Network\RpcSs] : Service -> OK
[HKLM | Network\sharedaccess] : Service -> OK
[HKLM | Network\SRService] :  -> Service
[HKLM | Network\Tcpip] : Service -> OK
[HKLM | Network	ermservice] :  -> Service
[HKLM | Network\vds] : Service -> OK
[HKLM | Network\WinMgmt] : Service -> OK
[HKLM | Network\Wlansvc] : Service -> OK
[HKLM | Network\dmboot.sys] :  -> Driver
[HKLM | Network\dmio.sys] :  -> Driver
[HKLM | Network\dmload.sys] :  -> Driver
[HKLM | Network\ipnat.sys] : Driver -> OK
[HKLM | Network\ip6fw.sys] :  -> Driver
[HKLM | Networkdpcdd.sys] :  -> Driver
[HKLM | Network\sr.sys] :  -> FSFilter System Recovery
[HKLM | Network\{36FC9E60-C465-11CF-8056-444553540000}] : Universal Serial Bus controllers -> OK
[HKLM | Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] : CD-ROM Drive -> OK
[HKLM | Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] : DiskDrive -> OK
[HKLM | Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] : Standard floppy disk controller -> OK
[HKLM | Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] : Hdc -> OK
[HKLM | Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] : Keyboard -> OK
[HKLM | Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] : Mouse -> OK
[HKLM | Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] : Net -> OK
[HKLM | Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] : NetClient -> OK
[HKLM | Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] : NetService -> OK
[HKLM | Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] : NetTrans -> OK
[HKLM | Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] : PCMCIA Adapters -> OK
[HKLM | Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] : SCSIAdapter -> OK
[HKLM | Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] : System -> OK
[HKLM | Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] : Floppy disk drive -> OK
[HKLM | Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] : Volume -> OK
[HKLM | Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] : Human Interface Devices -> OK

¤¤¤¤¤¤¤¤¤¤ | IFEO


¤¤¤¤¤¤¤¤¤¤ | Mountpoints2



¤¤¤¤¤¤¤¤¤¤ | Windows

[HKLM | Session Manager\SubSystems]|[Windows] : winsrv : %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : C:\windows\SysWOW64
vinit.dll
[HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : C:\windows\system32
vinitx.dll
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1
[HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1

¤¤¤¤¤¤¤¤¤¤ | Security Center

[HKLM64 | Security Center\svc]|[AntispywareOverride] : 0
[HKLM64 | Security Center\svc]|[AntiVirusOverride] : 0
[HKLM64 | Security Center\svc]|[FirewallOverride] : 0


[HKLM | FirewallPolicy\DomainProfile]|[DisableNotifications] : 0
[HKLM | FirewallPolicy\StandardProfile]|[DisableNotifications] : 0

¤¤¤¤¤¤¤¤¤¤ | Services Corrections

[Compbatt] : 0 : Actif
[RPCSS] : 2 : Actif
[Power] : 2 : Actif
[Profsvc] : 2 : Actif
[PlugPlay] : 2 : Actif
[PEAUTH] : 2 : Actif
[NVSvc] : 2 : Inactif
[nsi] : 2 : Actif
[NLASvc] : 2 : Actif
[MPSsvc] : 2 : Actif
[MMCSS] : 2 : Actif
[luafv] : 2 : Actif
[lltdio] : 2 : Actif
[Iphlpsvc] : 2 : Actif
[IKEEXT] : 2 : Actif
[gpsvc] : 2 : Actif
[lmhosts] : 2 : Actif
[LanmanWorkstation] : 2 : Actif
[LanmanServer] : 2 : Actif
[agp440] : 3 -> 2 : Inactif
[AudioEndpointBuilder] : 2 : Actif
[Audiosrv] : 2 : Actif
[BFE] : 2 : Actif
[Bits] : 2 : Actif
[CryptSvc] : 2 : Actif
[EapHost] : 3 -> 2 : Actif
[Wlansvc] : 2 : Actif
[SppSvc] : 2 : Actif
[SharedAccess] : 3 -> 2 : Inactif
[windefend] : 3 -> 2 : Inactif
[winmgmt] : 2 : Actif
[wuauserv] : 2 : Actif
[wudfsvc] : 2 : Actif
[WerSvc] : 3 -> 2 : Inactif
[wscsvc] : 2 : Actif
[Cmbatt] : 3 : Actif
[Ndisuio] : 3 : Actif
[Wwansvc] : 3 : Inactif

14:56:25

¤¤¤¤¤¤¤¤¤¤ | Internet Explorer

[HKU\S-1-5-21-1415005117-1820878988-2034386346-1001 | Main]|[Start Page] : https://www.google.com/webhp?gws_rd=ssl -> https://www.google.com/?gws_rd=ssl
[HKU64\S-1-5-21-1415005117-1820878988-2034386346-1001 | Main]|[Start Page] : https://www.google.com/?gws_rd=ssl
[HKU\S-1-5-21-1415005117-1820878988-2034386346-1001 | Main]|[Local Page] : C:\windows\system32\blank.htm
[HKU64\S-1-5-21-1415005117-1820878988-2034386346-1001 | Main]|[Local Page] : C:\windows\system32\blank.htm
[HKU\S-1-5-21-1415005117-1820878988-2034386346-1001 | Main]|[Search Page] : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKU64\S-1-5-21-1415005117-1820878988-2034386346-1001 | Main]|[Search Page] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKLM | Search]|[SearchAssistant] :  -> http://www.google.com/toolbar/ie8/sidebar.html
[HKLM | Main]|[Start Page] : https://www.msn.com/fr-fr/?ocid=iehp
[HKLM64 | Main]|[Start Page] : https://www.msn.com/fr-fr/?ocid=iehp
[HKLM | Main]|[Local Page] : C:\Windows\SysWOW64\blank.htm
[HKLM64 | Main]|[Local Page] : C:\Windows\System32\blank.htm -> C:\windows\System32\blank.htm
[HKLM | Main]|[Default_Search_URL] : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKLM64 | Main]|[Default_Search_URL] : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKLM | Main]|[Default_Page_URL] : https://www.msn.com/fr-fr/?ocid=iehp
[HKLM64 | Main]|[Default_Page_URL] : https://www.msn.com/fr-fr/?ocid=iehp
[HKLM | Main]|[Search Page] : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKLM64 | Main]|[Search Page] : https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKLM | AboutURLs]|[Tabs] :  -> res://ieframe.dll/tabswelcome.htm

¤

[HKU\S-1-5-21-1415005117-1820878988-2034386346-1001 | Internet settings]|[ProxyOverride] : *.local
[HKU64\S-1-5-21-1415005117-1820878988-2034386346-1001 | Internet settings]|[ProxyOverride] : *.local
[HKU\S-1-5-19 | Internet settings]|[EnableHttp1_1] : 1
[HKU\S-1-5-20 | Internet settings]|[EnableHttp1_1] : 1
[HKU\S-1-5-21-1415005117-1820878988-2034386346-1001 | Internet settings]|[EnableHttp1_1] : 1
[HKU64\S-1-5-19 | Internet settings]|[EnableHttp1_1] : 1
[HKU64\S-1-5-20 | Internet settings]|[EnableHttp1_1] : 1
[HKU64\S-1-5-21-1415005117-1820878988-2034386346-1001 | Internet settings]|[EnableHttp1_1] : 1
[HKU\S-1-5-21-1415005117-1820878988-2034386346-1001 | Internet settings]|[MigrateProxy] : 1
[HKU64\S-1-5-21-1415005117-1820878988-2034386346-1001 | Internet settings]|[MigrateProxy] : 1
[HKU\S-1-5-19 | Internet settings]|[AutoConfigProxy] : wininet.dll
[HKU\S-1-5-20 | Internet settings]|[AutoConfigProxy] : wininet.dll
[HKU\S-1-5-21-1415005117-1820878988-2034386346-1001 | Internet settings]|[AutoConfigProxy] : wininet.dll
[HKU64\S-1-5-19 | Internet settings]|[AutoConfigProxy] : wininet.dll
[HKU64\S-1-5-20 | Internet settings]|[AutoConfigProxy] : wininet.dll
[HKU64\S-1-5-21-1415005117-1820878988-2034386346-1001 | Internet settings]|[AutoConfigProxy] : wininet.dll



¤¤¤¤¤¤¤¤¤¤ | DNS

[HKLM\SYSTEM\CCS | Tcpip\Parameters]|[DhcpNameServer] : 192.168.2.1
[HKLM\SYSTEM\ControlSet001 | Interfaces\{A01CDB5D-7B89-4F91-AB71-8F0B692F5DA5}]|[DhcpNameServer] : 192.168.2.1
[HKLM\SYSTEM\ControlSet002 | Interfaces\{A01CDB5D-7B89-4F91-AB71-8F0B692F5DA5}]|[DhcpNameServer] : 192.168.2.1
[HKLM\SYSTEM\CurrentControlSet | Interfaces\{A01CDB5D-7B89-4F91-AB71-8F0B692F5DA5}]|[DhcpNameServer] : 192.168.2.1

¤¤¤¤¤¤¤¤¤¤ | Hosts

C:\windows\System32\Drivers\etc\hosts : Cleaned :) 

¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry

Deleted : [HKLM64\Software\SOFTWARE]

Quarantined and deleted Successfully :  C:\Users\UTILIS~1\AppData\Local\Temp\08182030-00000e9c-tlnne2e95v	mpC074.tmp
Quarantined and deleted Successfully :  C:\Users\UTILIS~1\AppData\Local\Temp\AdobeARM.log
Quarantined and deleted Successfully :  C:\Users\UTILIS~1\AppData\Local\Temp\MCCLEANUP.5.0.285.4_DMPackage_en-US_Release\mccleanup.exe
Quarantined and deleted Successfully :  C:\Users\UTILIS~1\AppData\Local\Temp\MCCLEANUP.5.0.285.4_DMPackage_en-US_Release\McClnUI.exe
Impossible to move :  C:\Users\UTILIS~1\AppData\Local\Temp\~DFC3414DA01416FBD3.TMP
Quarantined and deleted Successfully :  C:\windows\Temp\chrome_installer.log
Quarantined and deleted Successfully :  C:\windows\Temp\CR_AF2E0.tmp
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120818-155657-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120818-200347-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120818-203352-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120818-222425-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120818-230146-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120819-001413-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120819-092311-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120819-135756-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120819-152511-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120819-165759-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120819-172611-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120819-181244-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120819-190023-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120820-073131-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120820-082043-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120820-083847-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120820-084727-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120820-145423-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120820-170332-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120820-193859-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120821-172002-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120821-193720-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120821-195401-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120822-135353-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120822-183048-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120823-171859-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120824-122002-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120824-134929-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120824-144136-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120824-181041-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120824-211900-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120825-073533-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120826-180559-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120827-181146-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120827-193911-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120828-072253-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120828-150027-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120828-185840-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120829-130553-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120829-153927-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120830-171300-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120831-181534-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120901-051430-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120901-101119-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120901-102122-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120902-181312-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120902-202329-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120903-163936-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120903-200410-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120904-073830-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120904-093545-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120904-165658-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120904-201347-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120905-072516-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120905-173106-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120905-200555-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120905-210522-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120906-074233-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120906-151155-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120906-161212-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120906-194004-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120906-202527-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120907-075105-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120907-114008-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120907-132623-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120907-171446-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120907-190226-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120907-201941-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120907-203820-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120908-133440-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120908-142032-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120908-193047-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120908-215150-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120909-150016-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120909-200126-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120910-073331-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120910-134126-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120910-164543-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120910-191832-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120910-203827-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120911-075419-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120911-114158-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120911-175433-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120911-231054-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120914-165544-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120914-202846-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120915-132647-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120915-164814-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120915-205252-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120916-125908-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120916-164801-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120918-130108-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120918-174947-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120919-134256-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120920-171750-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120921-205215-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120922-123614-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120922-204152-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120923-152711-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120923-200324-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120924-073852-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120925-172016-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120925-173046-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120925-173646-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120925-181646-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120925-182008-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120925-183942-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120925-185924-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120926-135135-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120926-143640-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120926-152341-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120928-125417-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120928-135120-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\lpksetup-20120928-144811-0.log
Quarantined and deleted Successfully :  C:\windows\Temp\mcertfix.log
Quarantined and deleted Successfully :  C:\windows\Temp\MpCmdRun.log
Quarantined and deleted Successfully :  C:\windows\Temp\Silverlight0.log
Quarantined and deleted Successfully :  C:\windows\Temp\SilverlightMSI.log
Quarantined and deleted Successfully :  C:\windows\Temp\TS_83FE.tmp
Quarantined and deleted Successfully :  C:\windows\Temp\WER1A93.tmp.appcompat.txt
Quarantined and deleted Successfully :  C:\windows\Temp\WER22CE.tmp.WERInternalMetadata.xml
Quarantined and deleted Successfully :  C:\windows\Temp\WER22CF.tmp.hdmp
Quarantined and deleted Successfully :  C:\windows\Temp\WERADDC.tmp.appcompat.txt
Quarantined and deleted Successfully :  C:\windows\Temp\wrapper-3804-20120820-084742.log
Quarantined and deleted Successfully :  C:\windows\Temp\wrapper-4588-20120818-230216.log
Quarantined and deleted Successfully :  C:\Users\utilisateur\agent.log
Quarantined and deleted Successfully :  C:\Users\utilisateur\Downloads\McAfeeSetup.exe
Deleted : [HKLM | Run]|[mcui_exe] : "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
Impossible to move : C:\Program Files\McAfee.com

15:13:30

Quarantined and deleted Successfully :  C:\Users\Public\Desktop\McAfee Total Protection.lnk
Deleted :  C:\windows\Temp\CR_AF2E0.tmp
Quarantined and deleted Successfully : C:\Users\utilisateur\AppData\Local	emporary internet files\Content.IE5\KAVGTCPV\iTunes64Setup[1].exe
Quarantined and deleted successfully :  C:\windows\Prefetch\ADOBEARM.EXE-7105D3A2.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\APPLEMOBILEDEVICEHELPER.EXE-EDD411E2.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\APSDAEMON.EXE-4484BAA6.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\AS.EXE-73041DA0.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\ATBROKER.EXE-2E15A492.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\AUDIODG.EXE-BDFD3029.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\BOOTSTRAP.EXE-6590A3BC.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\CALCULETTE.EXE-620F3A44.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\CB_CONSOLE_RUNNER.EXE-D82B1D66.pf

Nugup · Answer

Quarantined and deleted successfully :  C:\windows\Prefetch\CB_CONSOLE_RUNNER.EXE-D82B1D66.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\CC1.EXE-12C74598.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\CODEBLOCKS.EXE-50D0A09B.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\COLLECT2.EXE-6698B01D.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\COMUPDATUS.EXE-8D36D2F0.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\CRASHREPORTSENDER.EXE-5961FD94.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\CSC.EXE-BE9AC2DF.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\CVTRES.EXE-2B9D810D.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\DAEMONU.EXE-79EAD54C.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\DEFRAG.EXE-588F90AD.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\DISTNOTED.EXE-9671246C.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\DLLHOST.EXE-0C6AD872.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\DLLHOST.EXE-7D7EBC64.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\DLLHOST.EXE-CC4B96AE.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\DLLHOST.EXE-D6E483ED.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\DLLHOST.EXE-F44E39AD.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\FLASHPLAYERUPDATESERVICE.EXE-216D9C35.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\GOOGLEUPDATE.EXE-B95715F5.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\HKCMD.EXE-AE1DFF3B.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\HWUPDCHK.EXE-17789F96.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\IGFXEXT.EXE-D5F523DB.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\IGFXSRVC.EXE-96A493A4.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\IGFXTRAY.EXE-C444237E.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\IPODSERVICE.EXE-37C43D64.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\ISMAGENT.EXE-A1F32AF6.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\ITUNES.EXE-6E101229.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\ITUNESHELPER.EXE-010C3851.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\LD.EXE-ACE90D74.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\LMS.EXE-8C70F87D.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\LOGONUI.EXE-09140401.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\LPKSETUP.EXE-90F505D8.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\MCAGENT.EXE-414BDE46.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\MCHOST.EXE-7C07A572.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\MCINFO.EXE-73BBFA2D.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\MCINSTRU.EXE-5D74CB87.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\MCINSUPD.EXE-28DD6734.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\MCOCROLLBACK.EXE-C2E56CCF.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\MCODS.EXE-8D46D95B.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\MCSMTFWK.EXE-047F7B2C.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\MCSVRCNT.EXE-9D546F81.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\MCSYNC.EXE-94E92097.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\MCSYNC.EXE-A4B62562.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\MCUICNT.EXE-DF90E34C.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\MCUICNT.EXE-E0ABB155.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\MCUIHOST.EXE-35D01185.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\MCUPDATE.EXE-3BDA89ED.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\MCUPDATE.EXE-55CCA9E2.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\MCUPDMGR.EXE-D515E3C4.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\MCVSMAP.EXE-AC93DF0C.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\MFEFIRE.EXE-70CF7703.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\MINGW32-G++.EXE-4B1FD1CA.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\MINGW32-GCC.EXE-9DE3EBFA.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\MOBKBACKUP.EXE-233418B0.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\MSCORSVW.EXE-57D17DAF.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\MSCORSVW.EXE-C3C515BD.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\MUMBLE.EXE-5D7B72ED.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\NASVC.EXE-B158719F.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\NVTRAY.EXE-DB83881B.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\ONENOTEM.EXE-DC53F865.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\QCSHM.EXE-12ED2E03.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\QCSHM.EXE-A644EB40.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\RAVCPL64.EXE-D6B4B613.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\READER_SL.EXE-B1C62096.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\RUNDLL32.EXE-0A411499.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\RUNDLL32.EXE-0E6BEA3F.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\RUNDLL32.EXE-17A8777D.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\RUNDLL32.EXE-2EE46A2D.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\RUNDLL32.EXE-5B3E6BB2.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\RUNDLL32.EXE-C6F34559.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\RUNDLL32.EXE-C775D18D.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\RUNONCE.EXE-0E293DD6.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\SAUPD.EXE-1E90320D.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\SAUPD.EXE-5AED0364.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\SC.EXE-945D79AE.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\SDCLT.EXE-E10B972A.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\SEARCHINDEXER.EXE-4A6353B9.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\SIDEBAR.EXE-FA75EA61.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\SKYPE.EXE-E71BF59F.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\SPLWOW64.EXE-297C4568.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\SPPSVC.EXE-B0F8131B.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\SVCHOST.EXE-1C37F0CA.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\SVCHOST.EXE-2DE8DAF4.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\SVCHOST.EXE-8049FA24.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\SVCHOST.EXE-DE976B47.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\SVCHOST.EXE-F80479F5.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\TASKENG.EXE-48D4E289.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\TASKHOST.EXE-7238F31D.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\TCRDKBB.EXE-BD533577.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\TCRDMAIN.EXE-3DBFB9C5.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\TECO.EXE-D194ABE2.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\TECOSERVICE.EXE-C4744937.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\THPSRV.EXE-C147AF7B.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\TMACHINFO.EXE-2FCB5A05.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\TOPI.EXE-139542E9.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\TOSHIBASERVICESTATION.EXE-92A6EAE9.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\TOSSENOTIFY.EXE-BC36C1CB.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\TOSSMARTSRV.EXE-BCFE7888.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\TOSWAITSRV.EXE-4901C686.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\UNS.EXE-E6E49771.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\UNSECAPP.EXE-A02905A6.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\VSSVC.EXE-B8AFC319.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\WERMGR.EXE-0F2AC88C.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\WINDOWSLIVEPHOTOVIEWER.EXE-F21874F1.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\WLCOMM.EXE-324C9362.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\WLIDSVCM.EXE-A6EF5B2F.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\WLMAIL.EXE-303CEB39.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\WLMERGER.EXE-C117DFA3.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\WLMERGER.EXE-FCCE27E8.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\WLXPHOTOGALLERY.EXE-F184FD87.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\WMIPRVSE.EXE-1628051C.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\WMPNETWK.EXE-D9F2A96F.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\WMPNSCFG.EXE-FC0D39BF.pf
Quarantined and deleted successfully :  C:\windows\Prefetch\WOW.EXE-CD73523A.pf

¤¤¤¤¤¤¤¤¤¤ | quarantined at reboot

Quarantined and deleted Successfully at Reboot : C:\Users\UTILIS~1\AppData\Local\Temp\~DFC3414DA01416FBD3.TMP
Not quarantined at Reboot : C:\Program Files\McAfee.com

¤¤¤¤¤

15:17:03

¤¤¤¤¤¤¤¤¤¤ | Listing Partition(s)

 Disk: 0   Size=954G
 Pos MBRndx Type/Name  Size Active Hide Start Sector   Sectors
 --- ------ ---------- ---- ------ ---- ------------ ------------
  0    0    27-UNKNWN  1.5G   Yes   No         2,048    3,072,000
  1    1    07-NTFS    935G   No    No     3,074,048  915,119,616
  2    2    17-NTFS     17G   No    Yes  918,193,664   35,330,048

¤¤¤¤¤¤¤¤¤¤ | MBR Control


64 bits Not supported by MBR.exe , Dump : C:\Pre_Scan\MBR.Bin

15:17:03

[HKLM | Winlogon] | AutoRestartShell : 0 -> 1
[HKLM64 | Winlogon] | AutoRestartShell : 0 -> 1

¤¤¤¤¤¤¤¤¤¤ | Hidden files

~ [Disque C:] Folders : 1 | Files : 0 ¤¤¤¤¤ Unhide ¤¤¤¤¤ Folders : 1 | Files : 0
~ [ProgramFiles] Folders : 1 | Files : 9 ¤¤¤¤¤ Unhide ¤¤¤¤¤ Folders : 1 | Files : 9
~ [Utilisateurs] Folders : 2 | Files : 0 ¤¤¤¤¤ Unhide ¤¤¤¤¤ Folders : 2 | Files : 0
~ [Music] Folders : 0 | Files : 2 ¤¤¤¤¤ Unhide ¤¤¤¤¤ Folders : 0 | Files : 2
~ [Pictures] Folders : 0 | Files : 0
~ [Videos] Folders : 0 | Files : 0
~ [Downloads] Folders : 0 | Files : 0
~ [Desktop] Folders : 0 | Files : 0
~ [Links] Folders : 0 | Files : 0
~ [Searches] Folders : 0 | Files : 2 ¤¤¤¤¤ Unhide ¤¤¤¤¤ Folders : 0 | Files : 2
~ [Contacts] Folders : 0 | Files : 0
~ [Saved_Games] Folders : 0 | Files : 0
~ [Favorites] Folders : 0 | Files : 0
~ [Documents] Folders : 3 | Files : 0 ¤¤¤¤¤ Unhide ¤¤¤¤¤ Folders : 3 | Files : 0
~ [Windows] Folders : 31 | Files : 200 ¤¤¤¤¤ Unhide ¤¤¤¤¤ Folders : 31 | Files : 195
~ [Start_Menu] Folders : 1 | Files : 0 ¤¤¤¤¤ Unhide ¤¤¤¤¤ Folders : 1 | Files : 0
~ [Libraries] Folders : 0 | Files : 0
~ [quick launch] Folders : 1 | Files : 0 ¤¤¤¤¤ Unhide ¤¤¤¤¤ Folders : 1 | Files : 0
~ [AppData] Folders : 7 | Files : 6 ¤¤¤¤¤ Unhide ¤¤¤¤¤ Folders : 7 | Files : 6

Fin : 15:20:55


¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤

g3n-h@ckm@n · Answer

heberge-le ici stp :

https://www.cjoint.com/

Nugup · Answer

Voila le lien :)

http://cjoint.com/data/0ICkJhWlRy6.htm

g3n-h@ckm@n · Answer

c'etait un faux positif que j'ai retiré ce matin.

 en attendant je te conseille de desinstallerMcAfee qui detecte pas un éléphant dans un couloir et d'installer plutot Avast gratuit.... 

mais avant ca , relance l'outil , clique sur Diag et poste le lien 
  
¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤

Nugup · Answer

Voici le lien du Diag : 

https://www.cjoint.com/?0IEiqmjLaa7

g3n-h@ckm@n · Answer

je le mets à jour 5/15 fois par jour, donc fais ce que je demande....

Nugup · Answer

Le lien du Diag après retéléchargement de Pre_Scan pour avoir les mises à jour :) 

http://cjoint.com/data/0JbhxFFqZQ8.htm

g3n-h@ckm@n · Answer

Attention !!! pense à re-désactiver tes protections

Clique sur ce lien : https://www.cjoint.com/?BJbjeuytwC4

Selectionne tout le texte qui s'y trouve CTRL+A puis CTRL+C ou clic droit/copier

Relance Pre_scan puis choisis l'option "Script"

une page va s'ouvrir

logiquement le texte que tu as sélectionné s'y trouve déjà , donc tu fermes et le programme va travailler.

sinon colle-le (clic droit/coller ou ctrl+V) dans la page vierge.

puis onglet fichier => enregistrer (pas enregistrer sous...) , puis ferme le texte

des fenetres noires risquent de clignoter , c'est normal , c'est le programme qui travaille 

poste Pre_Script.txt qui apparaitra sur le bureau en fin de travail

g3n-h@ckm@n · Answer

fais avec on avisera

Nugup · Answer

Voici le Pre_Script.txt : 

http://cjoint.com/data/0JciyrQzbHn.htm

g3n-h@ckm@n · Answer

je peux savoir pourquoi tu l'as fait plusieurs fois ?

Nugup · Answer

Pas de réponse depuis plusieurs jours :'(

g3n-h@ckm@n · Answer

re

 
fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.


&#9654 Télécharge ici :

Malwarebytes  

&#9654 Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

&#9654 Lance Malwarebyte's .

Fais un examen dit "Complet" .

&#9654 Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
&#9654 à la fin tu cliques sur "résultat" .
&#9654 Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

&#9654 Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


&#9654 Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

Nugup · Answer

Voila le rapport de malwarebytes, il a mis en quarantaine et supprimé Pre_Scan (Winlogon), probablement à tort mais j'ai quand même suivi ce que tu m'as dit, quitte à le réinstaller :

Malwarebytes Anti-Malware (Essai) 1.65.0.1400
www.malwarebytes.org

Version de la base de données: v2012.10.04.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
utilisateur :: PC-ANTOINE [administrateur]

Protection: Activé

05/10/2012 13:36:50
mbam-log-2012-10-05 (13-36-50).txt

Type d'examen: Examen complet (C:\|D:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 385355
Temps écoulé: 1 heure(s), 30 minute(s), 

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 1
C:\Users\utilisateur\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Mis en quarantaine et supprimé avec succès.

(fin)

juju666 · Answer

salut oui malwarebytes fais ça à chaque fois

créé un fichier "winlogon.exe" sur ton bureau de 0 octets et mbam va le virer ^^

g3n-h@ckm@n · Answer

re

au fait code blocks et WOW tu les as installés sous quelle session ?

Nugup · Answer

Wow n'est pas installé, il viens d'un DD externe, je l'ai transféré directement sur ma session Antoine (Utilisateur). 
CodeBlocks a été téléchargé depuis ma session Antoine, je ne me souviens plus si une installation a eu lieu mais si oui je l'ai forcément installé depuis ma session utilisateur (!Administrateur!). Concernant mes programmes ils étaient dans mon dossier CodeBlocks sur la session Antoine.
J'ai fais le scan de Malwarebytes depuis ma session avec droits d'administrateur (celle ou il n'y a pas WoW) car le logiciel a au moins pu acceder a tous les fichiers étant donné que j'ai les droits. 
Par contre je ne sais pas si il a pu acceder a WoW alors je vais faire un autre scan avec Malwarebytes depuis ma session Antoine (utilisateur).

Nugup · Answer

Malwarebytes Anti-Malware (Essai) 1.65.0.1400
www.malwarebytes.org

Version de la base de données: v2012.10.05.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Antoine :: PC-ANTOINE [limité]

Protection: Activé

06/10/2012 19:04:27
mbam-log-2012-10-06 (19-04-27).txt

Type d'examen: Examen complet (C:\|D:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 315604
Temps écoulé: 1 heure(s), 23 minute(s), 11 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)

g3n-h@ckm@n · Answer

mais tu sais qu'une chose que tu installes sous une session , n'apparait pas forcement dans l'autre au fait ?

g3n-h@ckm@n · Answer

ben faut l installer dans la session Antoine(pas admin)
¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤

g3n-h@ckm@n · Answer

non je perle de code block et ce que tu veux d'autre.....

il suffit de cliqquer droit sur l'executable et de selectionner " executer en tant qu'administrateur"

g3n-h@ckm@n · Answer

tu n'y auras accès que à partir de ta session administrateur

g3n-h@ckm@n · Answer

alors je vois pas...y'a que toi qui te sers du pc ?

g3n-h@ckm@n · Answer

re

tu as dit :

 je fais comment pour retrouver mes dossiers (programmes et WoW) 

tu veux dire que tu ne vois pas le dossier Program Files (x86) dans C:\ ?

Nugup · Answer

Non mes programmes en langage C que j'ai programmés (programme console) sur CodeBlocks et enregistré dans un fichier Codeblocks. 
J'ai perdu mon fichier Codeblocks dans lequel étaient mes programmes (programmation) et dans lequel j'avais aussi mis WoW. 

Niveau place, les programmes étaient en Ko donc pas grand chose mais wow près de 20 Go.

Le problème n'étant pas vraiment la perte des dossiers mais plutôt la peur d'une infection ou d'un problème.

g3n-h@ckm@n · Answer

tu te souviens du nom du fichier code blocks exact ?

Nugup · Answer

Le dossier s'appellait "CodeBlocs", dedans il y avait des programmes nommés "Test1", "calculette", les autres je me souviens plus trop et il y avait "WOW" avec des fichiers a l'interieur, comme "WoW.exe", "FrFr", "Data" etc ...

J'ai essayé de rechercher tous ces fichiers mais pas de résultats, sauf quelque chose de très bizarre: lorsque j'écris WoW par exemple ils me sortent une seule chose : le Pre_Scan.txt, peut etre est-il dans le rapport écrit quelque part.

g3n-h@ckm@n · Answer

Télécharge SEAF.exe de C_XX 


*Double clique sur SF.exe (Exécuter en tant qu'administrateur pour Vista/7) . 

*Une fenêtre va s'ouvrir . 

*Tape Test1 

 dans cette fenêtre  

confirme la recherche dans le registre et [Entrée]. 

*Patiente pendant la recherche. 

*Une fenêtre avec un log.txt va s'afficher. 

*Copie/colle ce rapport dans ta prochaine réponse. 

edit::

codeblocks :

C:\Users\utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks
C:\Users\utilisateur\AppData\Roaming\codeblocks
C:\Users\Antoine.utilisateur-\AppData\Roaming\codeblocks
C:\Program Files (x86)\CodeBlocks

y a meme les clés de desinstallation :

[HKCU\Software\Microsoft\windows\CurrentVersion\Uninstall\CodeBlocks] -> CodeBlocks (The Code::Blocks Team) -> C:\Program Files (x86)\CodeBlocks\uninstall.exe
[HKCU64\Software\Microsoft\windows\CurrentVersion\Uninstall\CodeBlocks] -> CodeBlocks (The Code::Blocks Team) -> C:\Program Files (x86)\CodeBlocks\uninstall.exe


  
¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤

g3n-h@ckm@n · Answer

hello tu as dit :

Le dossier s'appellait "CodeBlocs", dedans il y avait des programmes nommés "Test1" 

donc s'il trouve test1 , il trouvera forcement le dossier dans lequel il est ^^

Nugup · Answer

Re, 

J'ai donc effectué plusieurs recherches avec SEAF, une recherche "Test 1" (je pense que tu t'est trompé dans ta formulation de phrase), une "CodeBlocks" et une "wow.exe" qui était le launcher de World Of Warcraft.

J'ai recherché wow.exe et non WOW tout court car j'avais déja vu qu'un des fichiers de windows ou je ne sais plus exactement quoi était nommé WOW, pour ne pas créer de confusions donc.

Résultat de Test 1 : Aucun résultat, rien trouvé ...

Résultat de CodeBlocks :

1. ========================= SEAF 1.0.1.0 - C_XX
2. 
3. Commencé à: 17:36:29 le 09/10/2012
4. 
5. Valeur(s) recherchée(s):
6. CodeBlocks
7. 
8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
9. 
10. (!) --- Recherche registre
11. 
12. ====== Fichier(s) ======
13. 
14. 
15. "C:\Program Files (x86)\CodeBlocks\codeblocks.dll" [ ARCHIVE | 3710 Ko ]
16. TC: 28/05/2010,04:57:58 | TM: 28/05/2010,04:57:58 | DA: 19/08/2012,09:52:02
17. 
18. 
19. =========================
20. 
21. 
22. "C:\Program Files (x86)\CodeBlocks\codeblocks.exe" [ ARCHIVE | 944 Ko ]
23. TC: 28/05/2010,04:57:58 | TM: 28/05/2010,04:57:58 | DA: 19/08/2012,09:52:02
24. 
25. 
26. =========================
27. 
28. 
29. "C:\Program Files (x86)\CodeBlocks\share\CodeBlocks\docs\codeblocks.chm" [ ARCHIVE | 7519 Ko ]
30. TC: 27/05/2010,06:09:58 | TM: 27/05/2010,06:09:58 | DA: 19/08/2012,09:52:02
31. 
32. 
33. =========================
34. 
35. 
36. "C:\Program Files (x86)\CodeBlocks\share\CodeBlocks\docs\codeblocks.pdf" [ ARCHIVE | 1307 Ko ]
37. TC: 27/05/2010,06:09:56 | TM: 27/05/2010,06:09:56 | DA: 19/08/2012,09:52:02
38. 
39. 
40. =========================
41. 
42. 
43. "C:\Program Files (x86)\CodeBlocks\share\CodeBlocks\images\codeblocks.png" [ ARCHIVE | 330 o ]
44. TC: 16/09/2007,02:03:14 | TM: 16/09/2007,02:03:14 | DA: 19/08/2012,09:52:03
45. 
46. 
47. =========================
48. 
49. 
50. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks\CodeBlocks.lnk" [ ARCHIVE | 1 Ko ]
51. TC: 19/08/2012,09:52:05 | TM: 19/08/2012,09:52:05 | DA: 19/08/2012,09:52:05
52. 
53. 
54. =========================
55. 
56. 
57. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks\Uninstall CodeBlocks.lnk" [ ARCHIVE | 1 Ko ]
58. TC: 19/08/2012,09:52:34 | TM: 19/08/2012,09:52:34 | DA: 19/08/2012,09:52:34
59. 
60. 
61. =========================
62. 
63. 
64. "C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\CodeBlocks\CodeBlocks.lnk" [ ARCHIVE | 1 Ko ]
65. TC: 19/08/2012,09:52:05 | TM: 19/08/2012,09:52:05 | DA: 19/08/2012,09:52:05
66. 
67. 
68. =========================
69. 
70. 
71. "C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\CodeBlocks\Uninstall CodeBlocks.lnk" [ ARCHIVE | 1 Ko ]
72. TC: 19/08/2012,09:52:34 | TM: 19/08/2012,09:52:34 | DA: 19/08/2012,09:52:34
73. 
74. 
75. =========================
76. 
77. 
78. "C:\Users\Antoine.utilisateur-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\44LDSYD8\downloading.php;psrch=0;logged_in=0;tpc=codeblocks[1].js" [ NOT_CONTENT_INDEXED|ARCHIVE | 864 o ]
79. TC: 19/08/2012,09:29:26 | TM: 19/08/2012,09:29:26 | DA: 19/08/2012,09:29:26
80. 
81. 
82. =========================
83. 
84. 
85. "C:\Users\Antoine.utilisateur-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0DNWLV2\codeblocks-10.05mingw-setup[1].htm" [ NOT_CONTENT_INDEXED|ARCHIVE | 8 Ko ]
86. TC: 19/08/2012,09:29:14 | TM: 19/08/2012,09:29:14 | DA: 19/08/2012,09:29:14
87. 
88. 
89. =========================
90. 
91. 
92. "C:\Users\Antoine.utilisateur-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0DNWLV2\codeblocks-48x48[1].png" [ NOT_CONTENT_INDEXED|ARCHIVE | 4 Ko ]
93. TC: 19/08/2012,09:29:22 | TM: 19/08/2012,09:29:22 | DA: 19/08/2012,09:29:22
94. 
95. 
96. =========================
97. 
98. 
99. "C:\Users\Antoine.utilisateur-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0DNWLV2\downloading.php;psrch=0;logged_in=0;tpc=codeblocks[1].js" [ NOT_CONTENT_INDEXED|ARCHIVE | 864 o ]
100. TC: 19/08/2012,09:29:27 | TM: 19/08/2012,09:29:27 | DA: 19/08/2012,09:29:27
101. 
102. 
103. =========================
104. 
105. 
106. "C:\Users\Antoine.utilisateur-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0N37LEI\downloading.php;psrch=0;logged_in=0;tpc=codeblocks[1].js" [ NOT_CONTENT_INDEXED|ARCHIVE | 867 o ]
107. TC: 19/08/2012,09:29:24 | TM: 19/08/2012,09:29:24 | DA: 19/08/2012,09:29:24
108. 
109. 
110. =========================
111. 
112. 
113. "C:\Users\Antoine.utilisateur-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FJGFVGWV\codeblocks_org[1].htm" [ NOT_CONTENT_INDEXED|ARCHIVE | 17 Ko ]
114. TC: 19/08/2012,09:29:00 | TM: 19/08/2012,09:29:01 | DA: 19/08/2012,09:29:00
115. 
116. 
117. =========================
118. 
119. 
120. "C:\Users\Antoine.utilisateur-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FJGFVGWV\downloading.php;psrch=0;logged_in=0;tpc=codeblocks[1].js" [ NOT_CONTENT_INDEXED|ARCHIVE | 431 o ]
121. TC: 19/08/2012,09:29:24 | TM: 19/08/2012,09:29:24 | DA: 19/08/2012,09:29:24
122. 
123. 
124. =========================
125. 
126. 
127. "C:\Users\Antoine.utilisateur-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FJGFVGWV\downloading.php;psrch=0;logged_in=0;tpc=codeblocks[2].js" [ NOT_CONTENT_INDEXED|ARCHIVE | 1 Ko ]
128. TC: 19/08/2012,09:29:25 | TM: 19/08/2012,09:29:25 | DA: 19/08/2012,09:29:25
129. 
130. 
131. =========================
132. 
133. 
134. "C:\Users\Antoine.utilisateur-\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CodeBlocks.lnk" [ ARCHIVE | 1 Ko ]
135. TC: 19/08/2012,10:40:30 | TM: 19/08/2012,09:52:05 | DA: 19/08/2012,10:40:30
136. 
137. 
138. =========================
139. 
140. 
141. 
142. ====== Entrée(s) du registre ======
143. 
144. 
145. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1000\Software\CodeBlocks]
146. DA: 09/10/2012 17:15:41
147. 
148. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1000\Software\Classes\.c]
149. ""="CodeBlocks.c" (REG_SZ)
150. 
151. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1000\Software\Classes\.h]
152. ""="CodeBlocks.h" (REG_SZ)
153. 
154. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1000\Software\Classes\.inl]
155. ""="CodeBlocks.inl" (REG_SZ)
156. 
157. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1000\Software\Classes\.java]
158. ""="CodeBlocks.java" (REG_SZ)
159. 
160. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1000\Software\Classes\.workspace]
161. ""="CodeBlocks.workspace" (REG_SZ)
162. 
163. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1000\Software\Classes\CodeBlocks.c]
164. DA: 19/08/2012 10:28:28
165. 
166. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1000\Software\Classes\CodeBlocks.h]
167. DA: 19/08/2012 10:28:28
168. 
169. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1000\Software\Classes\CodeBlocks.inl]
170. DA: 19/08/2012 10:28:28
171. 
172. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1000\Software\Classes\CodeBlocks.java]
173. DA: 19/08/2012 10:28:28
174. 
175. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1000\Software\Classes\CodeBlocks.workspace]
176. DA: 19/08/2012 10:28:28
177. 
178. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1000_Classes\.c]
179. ""="CodeBlocks.c" (REG_SZ)
180. 
181. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1000_Classes\.h]
182. ""="CodeBlocks.h" (REG_SZ)
183. 
184. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1000_Classes\.inl]
185. ""="CodeBlocks.inl" (REG_SZ)
186. 
187. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1000_Classes\.java]
188. ""="CodeBlocks.java" (REG_SZ)
189. 
190. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1000_Classes\.workspace]
191. ""="CodeBlocks.workspace" (REG_SZ)
192. 
193. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1000_Classes\CodeBlocks.c]
194. DA: 19/08/2012 10:28:28
195. 
196. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1000_Classes\CodeBlocks.h]
197. DA: 19/08/2012 10:28:28
198. 
199. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1000_Classes\CodeBlocks.inl]
200. DA: 19/08/2012 10:28:28
201. 
202. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1000_Classes\CodeBlocks.java]
203. DA: 19/08/2012 10:28:28
204. 
205. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1000_Classes\CodeBlocks.workspace]
206. DA: 19/08/2012 10:28:28
207. 
208. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\CodeBlocks]
209. DA: 09/10/2012 17:26:57
210. 
211. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.c\OpenWithList]
212. "a"="codeblocks.exe" (REG_SZ)
213. 
214. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.c\OpenWithProgids]
215. "CodeBlocks.c"="" ()
216. 
217. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cbp\OpenWithList]
218. "a"="codeblocks.exe" (REG_SZ)
219. 
220. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cbp\OpenWithProgids]
221. "CodeBlocks.cbp"="" ()
222. 
223. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cpp\OpenWithProgids]
224. "CodeBlocks.cpp"="" ()
225. 
226. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cxx\OpenWithProgids]
227. "CodeBlocks.cxx"="" ()
228. 
229. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.h\OpenWithProgids]
230. "CodeBlocks.h"="" ()
231. 
232. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hpp\OpenWithProgids]
233. "CodeBlocks.hpp"="" ()
234. 
235. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hxx\OpenWithProgids]
236. "CodeBlocks.hxx"="" ()
237. 
238. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.java\OpenWithProgids]
239. "CodeBlocks.java"="" ()
240. 
241. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\CODEBLOCKS]
242. DA: 19/08/2012 10:29:11
243. 
244. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\CodeBlocks]
245. DA: 06/10/2012 13:29:17
246. 
247. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Classes\.c]
248. ""="CodeBlocks.c" (REG_SZ)
249. 
250. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Classes\.cbp]
251. ""="CodeBlocks.cbp" (REG_SZ)
252. 
253. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Classes\.cc]
254. ""="CodeBlocks.cc" (REG_SZ)
255. 
256. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Classes\.cg]
257. ""="CodeBlocks.cg" (REG_SZ)
258. 
259. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Classes\.cpp]
260. ""="CodeBlocks.cpp" (REG_SZ)
261. 
262. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Classes\.cxx]
263. ""="CodeBlocks.cxx" (REG_SZ)
264. 
265. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Classes\.h]
266. ""="CodeBlocks.h" (REG_SZ)
267. 
268. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Classes\.hh]
269. ""="CodeBlocks.hh" (REG_SZ)
270. 
271. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Classes\.hpp]
272. ""="CodeBlocks.hpp" (REG_SZ)
273. 
274. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Classes\.hxx]
275. ""="CodeBlocks.hxx" (REG_SZ)
276. 
277. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Classes\.inl]
278. ""="CodeBlocks.inl" (REG_SZ)
279. 
280. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Classes\.java]
281. ""="CodeBlocks.java" (REG_SZ)
282. 
283. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Classes\.workspace]
284. ""="CodeBlocks.workspace" (REG_SZ)
285. 
286. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Classes\CodeBlocks.c]
287. DA: 28/09/2012 14:55:00
288. 
289. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Classes\CodeBlocks.cbp]
290. DA: 28/09/2012 14:55:00
291. 
292. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Classes\CodeBlocks.cc]
293. DA: 28/09/2012 14:55:00
294. 
295. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Classes\CodeBlocks.cg]
296. DA: 28/09/2012 14:55:00
297. 
298. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Classes\CodeBlocks.cpp]
299. DA: 28/09/2012 14:55:00
300. 
301. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Classes\CodeBlocks.cxx]
302. DA: 28/09/2012 14:55:00
303. 
304. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Classes\CodeBlocks.h]
305. DA: 28/09/2012 14:55:00
306. 
307. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Classes\CodeBlocks.hh]
308. DA: 28/09/2012 14:55:00
309. 
310. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Classes\CodeBlocks.hpp]
311. DA: 28/09/2012 14:55:00
312. 
313. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Classes\CodeBlocks.hxx]
314. DA: 28/09/2012 14:55:00
315. 
316. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Classes\CodeBlocks.inl]
317. DA: 28/09/2012 14:55:00
318. 
319. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Classes\CodeBlocks.java]
320. DA: 28/09/2012 14:55:00
321. 
322. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001\Software\Classes\CodeBlocks.workspace]
323. DA: 28/09/2012 14:55:00
324. 
325. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001_Classes\.c]
326. ""="CodeBlocks.c" (REG_SZ)
327. 
328. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001_Classes\.cbp]
329. ""="CodeBlocks.cbp" (REG_SZ)
330. 
331. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001_Classes\.cc]
332. ""="CodeBlocks.cc" (REG_SZ)
333. 
334. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001_Classes\.cg]
335. ""="CodeBlocks.cg" (REG_SZ)
336. 
337. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001_Classes\.cpp]
338. ""="CodeBlocks.cpp" (REG_SZ)
339. 
340. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001_Classes\.cxx]
341. ""="CodeBlocks.cxx" (REG_SZ)
342. 
343. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001_Classes\.h]
344. ""="CodeBlocks.h" (REG_SZ)
345. 
346. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001_Classes\.hh]
347. ""="CodeBlocks.hh" (REG_SZ)
348. 
349. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001_Classes\.hpp]
350. ""="CodeBlocks.hpp" (REG_SZ)
351. 
352. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001_Classes\.hxx]
353. ""="CodeBlocks.hxx" (REG_SZ)
354. 
355. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001_Classes\.inl]
356. ""="CodeBlocks.inl" (REG_SZ)
357. 
358. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001_Classes\.java]
359. ""="CodeBlocks.java" (REG_SZ)
360. 
361. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001_Classes\.workspace]
362. ""="CodeBlocks.workspace" (REG_SZ)
363. 
364. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001_Classes\CodeBlocks.c]
365. DA: 28/09/2012 14:55:00
366. 
367. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001_Classes\CodeBlocks.cbp]
368. DA: 28/09/2012 14:55:00
369. 
370. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001_Classes\CodeBlocks.cc]
371. DA: 28/09/2012 14:55:00
372. 
373. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001_Classes\CodeBlocks.cg]
374. DA: 28/09/2012 14:55:00
375. 
376. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001_Classes\CodeBlocks.cpp]
377. DA: 28/09/2012 14:55:00
378. 
379. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001_Classes\CodeBlocks.cxx]
380. DA: 28/09/2012 14:55:00
381. 
382. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001_Classes\CodeBlocks.h]
383. DA: 28/09/2012 14:55:00
384. 
385. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001_Classes\CodeBlocks.hh]
386. DA: 28/09/2012 14:55:00
387. 
388. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001_Classes\CodeBlocks.hpp]
389. DA: 28/09/2012 14:55:00
390. 
391. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001_Classes\CodeBlocks.hxx]
392. DA: 28/09/2012 14:55:00
393. 
394. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001_Classes\CodeBlocks.inl]
395. DA: 28/09/2012 14:55:00
396. 
397. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001_Classes\CodeBlocks.java]
398. DA: 28/09/2012 14:55:00
399. 
400. [HKU\S-1-5-21-1415005117-1820878988-2034386346-1001_Classes\CodeBlocks.workspace]
401. DA: 28/09/2012 14:55:00
402. 
403. =========================
404. 
405. Fin à: 17:40:33 le 09/10/2012
406. 375385 Éléments analysés
407. 
408. =========================
409. E.O.F

juju666 · Answer

salut ben t'as effacé Test1 ...

g3n-h@ckm@n · Answer

oué t'as du faire une fausse manip en codant codeblocks ^^

j'y connais rien à ce langage ^^

Nugup · Answer

Ben je pense pas car c'est totalement indépendant de Windows, c'est juste des petits programmes en console.

 Résultat d'une recherhe "test1" sans espace :

1. ========================= SEAF 1.0.1.0 - C_XX
2. 
3. Commencé à: 18:06:28 le 09/10/2012
4. 
5. Valeur(s) recherchée(s):
6. test1
7. 
8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
9. 
10. (!) --- Recherche registre
11. 
12. ====== Fichier(s) ======
13. 
14. Aucun fichier trouvé
15. 
16. 
17. ====== Entrée(s) du registre ======
18. 
19. 
20. [HKLM\Software\Classes\Interface\{51A183DB-67E0-4472-8602-3DBC730B7EF5}]
21. ""="IBitsTest1" (REG_SZ)
22. 
23. [HKLM\Software\Classes\Wow6432Node\Interface\{51A183DB-67E0-4472-8602-3DBC730B7EF5}]
24. ""="IBitsTest1" (REG_SZ)
25. 
26. =========================
27. 
28. Fin à: 18:11:18 le 09/10/2012
29. 375768 Éléments analysés
30. 
31. =========================
32. E.O.F

Résulltat de "World of Warcraft" :

1. ========================= SEAF 1.0.1.0 - C_XX
2. 
3. Commencé à: 18:18:19 le 09/10/2012
4. 
5. Valeur(s) recherchée(s):
6. World of Warcraft
7. 
8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
9. 
10. (!) --- Recherche registre
11. 
12. ====== Fichier(s) ======
13. 
14. Aucun fichier trouvé
15. 
16. 
17. ====== Entrée(s) du registre ======
18. 
19. Aucun élément dans le registre trouvé
20. 
21. =========================
22. 
23. Fin à: 18:23:07 le 09/10/2012
24. 375891 Éléments analysés
25. 
26. =========================
27. E.O.F

g3n-h@ckm@n · Answer

tu lances bien Seaf avec le clic droit "executer en tant qu'administrauteur" ?

Nugup · Answer

Bon je pense qu'il n'y a plus grand chose à faire, ca reste un mystère pour moi, merci beaucoup d'avoir pri de votre temps pour me répondre :)

g3n-h@ckm@n · Answer

ok fais le menage quand meme c'est utile et pleins d'infos

https://gen-hackman.kanak.fr/

Dossiers éffacés

47 réponses

Discussions similaires