Victime d'un virus
Elisa
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
J'ai un pc portable ACER. J'ai fais une mise à jour du logiciel Malwarebytes.
Quand la mise à jour s'est terminé, une page est apparu "Votre pc est mort".
Depuis, je ne peux plus acceder à mes dossiers, à mes fichiers, je ne peux plus rien faire.
Comment je peux faire pour récupérer mon pc ? Je n'ai pas les moyens de changer de pc.
Merci de votre aide.
J'ai un pc portable ACER. J'ai fais une mise à jour du logiciel Malwarebytes.
Quand la mise à jour s'est terminé, une page est apparu "Votre pc est mort".
Depuis, je ne peux plus acceder à mes dossiers, à mes fichiers, je ne peux plus rien faire.
Comment je peux faire pour récupérer mon pc ? Je n'ai pas les moyens de changer de pc.
Merci de votre aide.
A voir également:
- Victime d'un virus
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
25 réponses
ma foi...
transfere via une clé usb :
Attention !!! : cet outil peut etre détecté à tort comme virus
Attention !!! : cet outil est puissant suivre scrupuleusement les instructions ci-dessous
tous les processus "non vitaux de windows" vont être coupés , enregistre ton travail.
Désactive toutes tes protections si possible , antivirus , sandbox , pare-feux , etc....
telecharge et enregistre Pre_Scan sur ton bureau :
https://forums-fec.be/gen-hackman/Pre_Scan.exe
si le lien ne fonctionne pas :
http://general-changelog-team.fr/fr/downloads/viewdownload/41-outils-de-gen-hackman/52-pre-scan
http://www.archive-host.com
Avertissement :Il y aura une extinction du bureau pendant le scan --> pas de panique.
une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan_la_date_et_l'heure.txt" sur le bureau.
si l'outil est relancé plusieurs fois , il te proposera un menu et qu'aucune option n'est demandée, lance l'option "Kill"
si l'outil est bloqué par l'infection utilise cette version avec extension .pif :
https://forums-fec.be/gen-hackman/Pre_Scan.pif
si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"
Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler
Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra sur le bureau en fin de scan
Il est possible que l'outil fasse redemarrer ton pc , laisse-le faire
NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)
Heberge le rapport sur http://pjjoint.malekal.com puis donne le lien obtenu en echange sur le forum où tu te fais aider
transfere via une clé usb :
Attention !!! : cet outil peut etre détecté à tort comme virus
Attention !!! : cet outil est puissant suivre scrupuleusement les instructions ci-dessous
tous les processus "non vitaux de windows" vont être coupés , enregistre ton travail.
Désactive toutes tes protections si possible , antivirus , sandbox , pare-feux , etc....
telecharge et enregistre Pre_Scan sur ton bureau :
https://forums-fec.be/gen-hackman/Pre_Scan.exe
si le lien ne fonctionne pas :
http://general-changelog-team.fr/fr/downloads/viewdownload/41-outils-de-gen-hackman/52-pre-scan
http://www.archive-host.com
Avertissement :Il y aura une extinction du bureau pendant le scan --> pas de panique.
une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan_la_date_et_l'heure.txt" sur le bureau.
si l'outil est relancé plusieurs fois , il te proposera un menu et qu'aucune option n'est demandée, lance l'option "Kill"
si l'outil est bloqué par l'infection utilise cette version avec extension .pif :
https://forums-fec.be/gen-hackman/Pre_Scan.pif
si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"
Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler
Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra sur le bureau en fin de scan
Il est possible que l'outil fasse redemarrer ton pc , laisse-le faire
NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)
Heberge le rapport sur http://pjjoint.malekal.com puis donne le lien obtenu en echange sur le forum où tu te fais aider
Elisa
Merci pour la marche à suivre, le soucis, c'est que je ne peux pas me connecter de mon pc portable. Comment je peux relancer mon pc sur une connexion internet ?
/!\ ATTENTION SUIVRE A LA LETTRE CES INDICATIONS/!\
__________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>[u]Ne pas utiliser en dehors de ce cas de figure : dangereux<<<<<<<<
=====================================================
Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur
Telecharge ici : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Combofix
Si tu utilises AVG, IL FAUT IMPERATIVEMENT LE DESINSTALLER avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système.
La simple désactivation du résident n'est pas suffisante.
Télécharge le désinstalleur d'AVG sur ce lien : https://www.avg.com/fr-fr/avg-remover
Choisis la version adéquate (32 ou 64 bits)/!\
_________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>>Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur combofix renommé
!!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!
n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
__________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>[u]Ne pas utiliser en dehors de ce cas de figure : dangereux<<<<<<<<
=====================================================
Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur
Telecharge ici : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Combofix
Si tu utilises AVG, IL FAUT IMPERATIVEMENT LE DESINSTALLER avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système.
La simple désactivation du résident n'est pas suffisante.
Télécharge le désinstalleur d'AVG sur ce lien : https://www.avg.com/fr-fr/avg-remover
Choisis la version adéquate (32 ou 64 bits)/!\
_________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>>Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur combofix renommé
!!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!
n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
Télécharge et enregistre ADWcleaner sur ton bureau :
ADWCleaner (Merci à Xplode)
Lance le,
(Pour vista et seven => clic droit "executer en tant qu'administrateur")
clique sur suppression et poste son rapport.
ADWCleaner (Merci à Xplode)
Lance le,
(Pour vista et seven => clic droit "executer en tant qu'administrateur")
clique sur suppression et poste son rapport.
# AdwCleaner v2.005 - Rapport créé le 14/10/2012 à 18:50:11
# Mis à jour le 14/10/2012 par Xplode
# Système d'exploitation : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Nom d'utilisateur : moi - PC-DE-MOI
# Mode de démarrage : Normal
# Exécuté depuis : F:\AdwCleaner.exe
# Option [Suppression]
***** [Services] *****
***** [Fichiers / Dossiers] *****
Dossier Supprimé : C:\Program Files\PCtuto
Dossier Supprimé : C:\Program Files\SweetIM
Dossier Supprimé : C:\ProgramData\SweetIM
Dossier Supprimé : C:\Users\moi\AppData\Local\Agence-Exclusive
Dossier Supprimé : C:\Users\moi\AppData\LocalLow\SweetIM
Dossier Supprimé : C:\Users\moi\AppData\Roaming\Agence-Exclusive
Dossier Supprimé : C:\Users\moi\AppData\Roaming\iWin
***** [Registre] *****
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Rechercher sur le Web
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Offerbox
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKCU\Software\Softonic
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Clé Supprimée : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Clé Supprimée : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Clé Supprimée : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Clé Supprimée : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Clé Supprimée : HKLM\SOFTWARE\Classes\sim-packages
Clé Supprimée : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Clé Supprimée : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Clé Supprimée : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Clé Supprimée : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Valeur Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer = hxxp=127.0.0.1:56847]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
***** [Navigateurs] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Le registre ne contient aucune entrée illégitime.
*************************
AdwCleaner[S1].txt - [4682 octets] - [14/10/2012 18:50:11]
########## EOF - C:\AdwCleaner[S1].txt - [4742 octets] ##########
# Mis à jour le 14/10/2012 par Xplode
# Système d'exploitation : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Nom d'utilisateur : moi - PC-DE-MOI
# Mode de démarrage : Normal
# Exécuté depuis : F:\AdwCleaner.exe
# Option [Suppression]
***** [Services] *****
***** [Fichiers / Dossiers] *****
Dossier Supprimé : C:\Program Files\PCtuto
Dossier Supprimé : C:\Program Files\SweetIM
Dossier Supprimé : C:\ProgramData\SweetIM
Dossier Supprimé : C:\Users\moi\AppData\Local\Agence-Exclusive
Dossier Supprimé : C:\Users\moi\AppData\LocalLow\SweetIM
Dossier Supprimé : C:\Users\moi\AppData\Roaming\Agence-Exclusive
Dossier Supprimé : C:\Users\moi\AppData\Roaming\iWin
***** [Registre] *****
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Rechercher sur le Web
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Offerbox
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKCU\Software\Softonic
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Clé Supprimée : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Clé Supprimée : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Clé Supprimée : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Clé Supprimée : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Clé Supprimée : HKLM\SOFTWARE\Classes\sim-packages
Clé Supprimée : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Clé Supprimée : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Clé Supprimée : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Clé Supprimée : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Valeur Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer = hxxp=127.0.0.1:56847]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
***** [Navigateurs] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Le registre ne contient aucune entrée illégitime.
*************************
AdwCleaner[S1].txt - [4682 octets] - [14/10/2012 18:50:11]
########## EOF - C:\AdwCleaner[S1].txt - [4742 octets] ##########
fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
▶ Télécharge ici :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
▶ Télécharge ici :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
coucou,
Voila le rapport
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Version de la base de données: v2012.09.29.05
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
moi :: PC-DE-MOI [administrateur]
20/10/2012 17:12:22
mbam-log-2012-10-20 (18-02-31).txt
Type d'examen: Examen complet (C:\|D:\|E:\|F:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 334601
Temps écoulé: 44 minute(s), 51 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 1
C:\Users\moi\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Aucune action effectuée.
(fin)
Voila le rapport
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Version de la base de données: v2012.09.29.05
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
moi :: PC-DE-MOI [administrateur]
20/10/2012 17:12:22
mbam-log-2012-10-20 (18-02-31).txt
Type d'examen: Examen complet (C:\|D:\|E:\|F:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 334601
Temps écoulé: 44 minute(s), 51 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 1
C:\Users\moi\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Aucune action effectuée.
(fin)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
d'accord salut
on peut donc faire le menage :
https://gen-hackman.kanak.fr/
on peut donc faire le menage :
https://gen-hackman.kanak.fr/
Voici le rapport defix
# DelFix v9.0 - Rapport créé le 21/10/2012 à 13:28:32
# Mis à jour le 23/09/12 par Xplode
# Système d'exploitation : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Nom d'utilisateur : moi - PC-DE-MOI (Administrateur)
# Exécuté depuis : C:\Users\moi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5CIPI991\delfix.exe
# Option [Suppression]
~~~~~~ Dossiers(s) ~~~~~~
Supprimé : C:\Qoobox
Supprimé : C:\pre_scan
Supprimé : C:\Program Files\ZHPDiag
~~~~~~ Fichier(s) ~~~~~~
Supprimé : C:\AdwCleaner[S1].txt
Supprimé : C:\ComboFix.txt
Supprimé : C:\Users\moi\Desktop\AdwCleaner.exe
Supprimé : C:\Users\moi\Desktop\MBRCheck.lnk
Supprimé : C:\Users\moi\Desktop\Pre_Diag_17_10_2012_18_45_09.txt
Supprimé : C:\Users\moi\Desktop\Pre_Scan_15_10_2012_21_45_31.txt
Supprimé : C:\Users\moi\Desktop\Pre_Scan_15_10_2012_22_27_55.txt
Supprimé : C:\Users\moi\Desktop\Pre_script.txt
Supprimé : C:\Users\moi\Desktop\ZHPDiag.lnk
Supprimé : C:\Users\moi\Desktop\ZHPFix.lnk
Supprimé : C:\Windows\grep.exe
Supprimé : C:\Windows\PEV.exe
Supprimé : C:\Windows\NIRCMD.exe
Supprimé : C:\Windows\MBR.exe
Supprimé : C:\Windows\SED.exe
Supprimé : C:\Windows\SWREG.exe
Supprimé : C:\Windows\SWSC.exe
Supprimé : C:\Windows\SWXCACLS.exe
Supprimé : C:\Windows\Zip.exe
~~~~~~ Registre ~~~~~~
Clé Supprimée : HKCU\Software\g3n-h@ckm@n
Clé Supprimée : HKLM\SOFTWARE\AdwCleaner
Clé Supprimée : HKLM\SOFTWARE\Swearware
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
~~~~~~ Autres ~~~~~~
-> Prefetch Vidé
*************************
DelFix[S1].txt - [1623 octets] - [21/10/2012 13:28:32]
########## EOF - C:\DelFix[S1].txt - [1747 octets] ##########
# DelFix v9.0 - Rapport créé le 21/10/2012 à 13:28:32
# Mis à jour le 23/09/12 par Xplode
# Système d'exploitation : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Nom d'utilisateur : moi - PC-DE-MOI (Administrateur)
# Exécuté depuis : C:\Users\moi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5CIPI991\delfix.exe
# Option [Suppression]
~~~~~~ Dossiers(s) ~~~~~~
Supprimé : C:\Qoobox
Supprimé : C:\pre_scan
Supprimé : C:\Program Files\ZHPDiag
~~~~~~ Fichier(s) ~~~~~~
Supprimé : C:\AdwCleaner[S1].txt
Supprimé : C:\ComboFix.txt
Supprimé : C:\Users\moi\Desktop\AdwCleaner.exe
Supprimé : C:\Users\moi\Desktop\MBRCheck.lnk
Supprimé : C:\Users\moi\Desktop\Pre_Diag_17_10_2012_18_45_09.txt
Supprimé : C:\Users\moi\Desktop\Pre_Scan_15_10_2012_21_45_31.txt
Supprimé : C:\Users\moi\Desktop\Pre_Scan_15_10_2012_22_27_55.txt
Supprimé : C:\Users\moi\Desktop\Pre_script.txt
Supprimé : C:\Users\moi\Desktop\ZHPDiag.lnk
Supprimé : C:\Users\moi\Desktop\ZHPFix.lnk
Supprimé : C:\Windows\grep.exe
Supprimé : C:\Windows\PEV.exe
Supprimé : C:\Windows\NIRCMD.exe
Supprimé : C:\Windows\MBR.exe
Supprimé : C:\Windows\SED.exe
Supprimé : C:\Windows\SWREG.exe
Supprimé : C:\Windows\SWSC.exe
Supprimé : C:\Windows\SWXCACLS.exe
Supprimé : C:\Windows\Zip.exe
~~~~~~ Registre ~~~~~~
Clé Supprimée : HKCU\Software\g3n-h@ckm@n
Clé Supprimée : HKLM\SOFTWARE\AdwCleaner
Clé Supprimée : HKLM\SOFTWARE\Swearware
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
~~~~~~ Autres ~~~~~~
-> Prefetch Vidé
*************************
DelFix[S1].txt - [1623 octets] - [21/10/2012 13:28:32]
########## EOF - C:\DelFix[S1].txt - [1747 octets] ##########
Salut, oui et depuis quand je l'utilise, il me met ce message d'erreur "Cette application n'a pas pu démarer car OLMAPI 32.dll est introuvable. La réinstallation de cette application peut corriger ce problème" et ceux message apparait quand je tente d'ouvrir n'importe quelle fichier, quand le pc démarre, il bloque avast avec ce message.
J'ai tenté une restauration, rien n'a changé, je suis passée en mode sans echec pour tenter de trouver le soucis mais rien.
Merci de ton aide
J'ai tenté une restauration, rien n'a changé, je suis passée en mode sans echec pour tenter de trouver le soucis mais rien.
Merci de ton aide
tu peux utiliser ccleaner mais tu n'as aucun accès ????
tu me prendrais pas pour une bille des fois ?
tu me prendrais pas pour une bille des fois ?
Bonjour,
Ecoute, j'ai besoin d'aide pour comprendre. Après je peux faire un nettoyage Ccleaner mais je ne peux pas ouvrir de page internet. Quand je lance une page internet, il me met " les propoetes de la connexion SFR à cessé de fonctionner.
Donc, c'est super gentil de m'aider, et non je ne te prends pas pour une bille.
Ecoute, j'ai besoin d'aide pour comprendre. Après je peux faire un nettoyage Ccleaner mais je ne peux pas ouvrir de page internet. Quand je lance une page internet, il me met " les propoetes de la connexion SFR à cessé de fonctionner.
Donc, c'est super gentil de m'aider, et non je ne te prends pas pour une bille.
Bonjour,
Merci, j'ai fais ce que tu m'a demandé, pour l'heure, il tente de crée un point de restauration, je vais donc le laisser tourner.
En tout cas, le combo fix s'est lancé c'est déjà une bonne chose. Merci beaucoup. Je t'enverrai le rapport s'il va au bout des choses.
Merci, j'ai fais ce que tu m'a demandé, pour l'heure, il tente de crée un point de restauration, je vais donc le laisser tourner.
En tout cas, le combo fix s'est lancé c'est déjà une bonne chose. Merci beaucoup. Je t'enverrai le rapport s'il va au bout des choses.
Voici le rapport :
ComboFix 12-10-14.03 - moi 14/10/2012 13:48:09.1.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3062.2079 [GMT 2:00]
Lancé depuis: F:\Elisa.exe
AV: avast! antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\OfferBox
c:\program files\OfferBox\language.xml
c:\program files\OfferBox\OfferBox.exe
c:\program files\OfferBox\OfferBoxHTTPProxy.exe
c:\program files\OfferBox\uninstaller.exe
c:\programdata\Roaming
c:\users\moi\AppData\Roaming\.#
c:\users\moi\AppData\Roaming\.#\MBX@12CC@2A2990.###
c:\users\moi\AppData\Roaming\.#\MBX@12CC@2A29C0.###
c:\users\moi\AppData\Roaming\.#\MBX@12CC@2A29F0.###
c:\users\moi\AppData\Roaming\OfferBox
c:\users\moi\AppData\Roaming\OfferBox\config.dat
c:\users\moi\AppData\Roaming\OfferBox\config.xml
c:\users\moi\AppData\Roaming\OfferBox\run.log
c:\users\moi\AppData\Roaming\OfferBox\sdch\1348183020
c:\users\moi\AppData\Roaming\OfferBox\temp.ico
c:\windows\system32\asw4FB5.tmp
.
Une copie infectée de c:\windows\system32\wininet.dll a été trouvée et désinfectée
Copie restaurée à partir de - c:\elisa\HarddiskVolumeShadowCopy5_!Windows!System32!wininet.dll
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-09-14 au 2012-10-14 ))))))))))))))))))))))))))))))))))))
.
.
2012-10-14 12:00 . 2012-10-14 12:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-13 20:37 . 2012-10-13 21:56 -------- d-----w- c:\program files\Dll-Files.com Fixer
2012-09-20 23:25 . 2012-08-27 23:50 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF0BE474-63BA-45E8-B26B-DF7E1F88984F}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 04:04 . 2012-06-26 23:44 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 04:04 . 2012-06-26 23:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
2009-10-15 08:53 165184 ----a-w- c:\program files\SFR\Kit\SFRNavErrorHelper.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-12-07 15:55 1312560 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-12-07 1312560]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-12-07 1312560]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Connexion SFR 9props.exe"="c:\program files\SFR\Kit\9props.exe" [2009-10-15 959808]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-09-24 1685816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
2007-07-05 10:35 94208 ----a-w- c:\windows\PLFSetL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'
.
2012-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 04:04]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://yahoo.fr/
mStart Page = hxxp://fr.fr.acer.yahoo.com
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:56847
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Rechercher sur le Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files\PokerStars.FR\PokerStarsUpdate.exe
TCP: DhcpNameServer = 212.27.40.241 212.27.40.240
.
- - - - ORPHELINS SUPPRIMES - - - -
.
AddRemove-OfferBox - c:\program files\OfferBox\uninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-14 14:02
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(1968)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe
c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\iashost.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\PresentationSettings.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2012-10-14 14:06:43 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-10-14 12:06
.
Avant-CF: 12 340 547 584 octets libres
Après-CF: 12 147 806 208 octets libres
.
- - End Of File - - B2D96C2A9DEE90A7C592D479BC10A205
ComboFix 12-10-14.03 - moi 14/10/2012 13:48:09.1.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3062.2079 [GMT 2:00]
Lancé depuis: F:\Elisa.exe
AV: avast! antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\OfferBox
c:\program files\OfferBox\language.xml
c:\program files\OfferBox\OfferBox.exe
c:\program files\OfferBox\OfferBoxHTTPProxy.exe
c:\program files\OfferBox\uninstaller.exe
c:\programdata\Roaming
c:\users\moi\AppData\Roaming\.#
c:\users\moi\AppData\Roaming\.#\MBX@12CC@2A2990.###
c:\users\moi\AppData\Roaming\.#\MBX@12CC@2A29C0.###
c:\users\moi\AppData\Roaming\.#\MBX@12CC@2A29F0.###
c:\users\moi\AppData\Roaming\OfferBox
c:\users\moi\AppData\Roaming\OfferBox\config.dat
c:\users\moi\AppData\Roaming\OfferBox\config.xml
c:\users\moi\AppData\Roaming\OfferBox\run.log
c:\users\moi\AppData\Roaming\OfferBox\sdch\1348183020
c:\users\moi\AppData\Roaming\OfferBox\temp.ico
c:\windows\system32\asw4FB5.tmp
.
Une copie infectée de c:\windows\system32\wininet.dll a été trouvée et désinfectée
Copie restaurée à partir de - c:\elisa\HarddiskVolumeShadowCopy5_!Windows!System32!wininet.dll
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-09-14 au 2012-10-14 ))))))))))))))))))))))))))))))))))))
.
.
2012-10-14 12:00 . 2012-10-14 12:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-13 20:37 . 2012-10-13 21:56 -------- d-----w- c:\program files\Dll-Files.com Fixer
2012-09-20 23:25 . 2012-08-27 23:50 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF0BE474-63BA-45E8-B26B-DF7E1F88984F}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 04:04 . 2012-06-26 23:44 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 04:04 . 2012-06-26 23:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
2009-10-15 08:53 165184 ----a-w- c:\program files\SFR\Kit\SFRNavErrorHelper.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-12-07 15:55 1312560 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-12-07 1312560]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-12-07 1312560]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Connexion SFR 9props.exe"="c:\program files\SFR\Kit\9props.exe" [2009-10-15 959808]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-09-24 1685816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
2007-07-05 10:35 94208 ----a-w- c:\windows\PLFSetL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'
.
2012-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 04:04]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://yahoo.fr/
mStart Page = hxxp://fr.fr.acer.yahoo.com
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:56847
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Rechercher sur le Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files\PokerStars.FR\PokerStarsUpdate.exe
TCP: DhcpNameServer = 212.27.40.241 212.27.40.240
.
- - - - ORPHELINS SUPPRIMES - - - -
.
AddRemove-OfferBox - c:\program files\OfferBox\uninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-14 14:02
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(1968)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe
c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\iashost.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\PresentationSettings.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2012-10-14 14:06:43 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-10-14 12:06
.
Avant-CF: 12 340 547 584 octets libres
Après-CF: 12 147 806 208 octets libres
.
- - End Of File - - B2D96C2A9DEE90A7C592D479BC10A205
Salut voici le rapport
C:\Users\moi\Desktop\Pre_Scan_15_10_2012_21_45_31.txt
MErci
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | 2.1014 | g3n-h@ckm@n & Saachaa | ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤
~ Update on 14/10/2012 | 13.50 by g3n-h@ckm@n
~ Informations | Evolution : http://gen-hackman.forum-pro.fr/t64-historique-de-l-outil
~ Informations for the switches Pre_Script : http://gen-hackman.forum-pro.fr/t89-les-switchs
~ Feedback Pre_scan : http://gen-hackman.forum-pro.fr/t93-feedback-pre_scan#505
~ Thx to C_XX , Slyk for their help for the evolution of the tool
~ User : moi (Administrateurs) | SID = S-1-5-21-3246961087-3216457336-508488238-1000
~ Computer : PC-DE-MOI
~ System : Windows Vista (TM) Home Premium (32 bits) HomePremium Service Pack 2
~ RegisteredOwner : moi
~ RegisteredOrganization :
~ ProcessorNameString : Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz
~ Identifier : x86 Family 6 Model 15 Stepping 13
~ Mémory RAM = Total (KB) : 3135160 | Used (%) : 34 | Free (KB) : 2055900
~ Pagefile = Total (KB) : 6477440 | Free (KB) : 5558430
~ Virtual = Total (KB) : 2097020 | Free (KB) : 1931680
¤¤¤¤¤¤¤¤¤¤ | Boot's scripts
¤¤¤¤¤¤¤¤¤¤ | Drives
c:\ -> [Fixed] | [ACER] | Total : 147630 Mo | Free : 11440 Mo -> NTFS
d:\ -> [Fixed] | [DATA] | Total : 147610 Mo | Free : 146700 Mo -> NTFS
f:\ -> [Removable] | [KINGSTON] | Total : 7630 Mo | Free : 7630 Mo -> FAT32
Scan : 21:45:31 | 15/10/2012
¤¤¤¤¤¤¤¤¤¤ | Windows Updates
Last(s) détection(s) : 2012-09-07 23:10:18
Last(s) download(s) : 2012-09-07 23:32:51
Last(s) installation(s) : 2012-09-05 22:11:39
Next search : 2012-10-15 19:45:05
¤¤¤¤¤¤¤¤¤¤ | Sessions
~ C:\Windows\system32\config\systemprofile
~ C:\Windows\ServiceProfiles\LocalService
~ C:\Windows\ServiceProfiles\NetworkService
~ C:\Users\moi
New restorepoint created
¤¤¤¤¤¤¤¤¤¤ | MD5 Control
[MD5.9157E35A576ABEF53075789F28C44230] - [15/10/2012 21:45:32] - [0.5 Ko] - C:\Pre_Scan\MBR.bin
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - [24/05/2010 17:35:50] - (.© Microsoft Corporation. - Explorateur Windows.) - [2858 Ko] - (6.0.6002.18005) - C:\Windows\explorer.exe
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - [14/10/2012 14:05:24] - (.© Microsoft Corporation. - Explorateur Windows.) - [2858 Ko] - (6.0.6002.18005) - C:\Windows\erdnt\cache\explorer.exe
[MD5.37440D09DEAE0B672A04DCCF7ABF06BE] - [31/01/2009 18:24:48] - (.© Microsoft Corporation. - Explorateur Windows.) - [2855 Ko] - (6.0.6000.16771) - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[MD5.E7156B0B74762D9DE0E66BDCDE06E5FB] - [31/01/2009 18:24:47] - (.© Microsoft Corporation. - Explorateur Windows.) - [2855 Ko] - (6.0.6000.20947) - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[MD5.FFA764631CB70A30065C12EF8E174F9F] - [21/01/2008 04:24:24] - (.© Microsoft Corporation. - Explorateur Windows.) - [2858.5 Ko] - (6.0.6001.18000) - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[MD5.4F554999D7D5F05DAAEBBA7B5BA1089D] - [31/01/2009 18:24:47] - (.© Microsoft Corporation. - Explorateur Windows.) - [2858.5 Ko] - (6.0.6001.18164) - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[MD5.50BA5850147410CDE89C523AD3BC606E] - [31/01/2009 18:24:47] - (.© Microsoft Corporation. - Explorateur Windows.) - [2859 Ko] - (6.0.6001.22298) - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - [24/05/2010 17:35:50] - (.© Microsoft Corporation. - Explorateur Windows.) - [2858 Ko] - (6.0.6002.18005) - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[MD5.ABCA209EBA02CB59233614DB83B4F50D] - [21/01/2008 04:24:54] - (.© Microsoft Corporation. - Processus d'exécuttion client-serveur.) - [6 Ko] - (6.0.6001.18000) - C:\Windows\System32\csrss.exe
[MD5.ABCA209EBA02CB59233614DB83B4F50D] - [21/01/2008 04:24:54] - (.© Microsoft Corporation. - Client Server Runtime Process.) - [6 Ko] - (6.0.6001.18000) - C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe
[MD5.D4E6D91C1349B7BFB3599A6ADA56851B] - [14/10/2012 14:05:23] - (.© Microsoft Corporation. - Applications Services et Contrôleur.) - [273 Ko] - (6.0.6002.18005) - C:\Windows\erdnt\cache\services.exe
[MD5.D4E6D91C1349B7BFB3599A6ADA56851B] - [24/05/2010 17:35:03] - (.© Microsoft Corporation. - Applications Services et Contrôleur.) - [273 Ko] - (6.0.6002.18005) - C:\Windows\System32\services.exe
[MD5.2B336AB6286D6C81FA02CBAB914E3C6C] - [21/01/2008 04:24:48] - (.© Microsoft Corporation. - Applications Services et Contrôleur.) - [272.5 Ko] - (6.0.6001.18000) - C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[MD5.D4E6D91C1349B7BFB3599A6ADA56851B] - [24/05/2010 17:35:03] - (.© Microsoft Corporation. - Applications Services et Contrôleur.) - [273 Ko] - (6.0.6002.18005) - C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[MD5.98AF15A94CD6AC37248E72E5FE789B35] - [24/05/2010 17:32:46] - (.© Microsoft Corporation. - Windows Session Manager.) - [62.5 Ko] - (6.0.6002.18005) - C:\Windows\System32\smss.exe
[MD5.6701DDAF68BEDE6BBEEA9D514D73A35B] - [21/01/2008 04:23:50] - (.© Microsoft Corporation. - Windows Session Manager.) - [62.5 Ko] - (6.0.6001.18000) - C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_ac3aa7fd19319fba\smss.exe
[MD5.98AF15A94CD6AC37248E72E5FE789B35] - [24/05/2010 17:32:46] - (.© Microsoft Corporation. - Windows Session Manager.) - [62.5 Ko] - (6.0.6002.18005) - C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.18005_none_ae26210916536b06\smss.exe
[MD5.0E135526E9785D085BCD9AEDE6FBCBF9] - [14/10/2012 14:05:24] - (.© Microsoft Corporation. - Application d'ouverture de session Userinit.) - [24.5 Ko] - (6.0.6001.18000) - C:\Windows\erdnt\cache\userinit.exe
[MD5.0E135526E9785D085BCD9AEDE6FBCBF9] - [21/01/2008 04:24:49] - (.© Microsoft Corporation. - Application d'ouverture de session Userinit.) - [24.5 Ko] - (6.0.6001.18000) - C:\Windows\System32\userinit.exe
[MD5.0E135526E9785D085BCD9AEDE6FBCBF9] - [21/01/2008 04:24:49] - (.© Microsoft Corporation. - Application d'ouverture de session Userinit.) - [24.5 Ko] - (6.0.6001.18000) - C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - [14/10/2012 14:05:24] - (.© Microsoft Corporation. - Application de démarrage de Windows.) - [94.5 Ko] - (6.0.6001.18000) - C:\Windows\erdnt\cache\wininit.exe
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - [21/01/2008 04:23:42] - (.© Microsoft Corporation. - Application de démarrage de Windows.) - [94.5 Ko] - (6.0.6001.18000) - C:\Windows\System32\wininit.exe
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - [21/01/2008 04:23:42] - (.© Microsoft Corporation. - Application de démarrage de Windows.) - [94.5 Ko] - (6.0.6001.18000) - C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[MD5.898E7C06A350D4A1A64A9EA264D55452] - [14/10/2012 14:05:23] - (.© Microsoft Corporation. - Application d'ouverture de session Windows.) - [307 Ko] - (6.0.6002.18005) - C:\Windows\erdnt\cache\winlogon.exe
[MD5.898E7C06A350D4A1A64A9EA264D55452] - [24/05/2010 17:34:39] - (.© Microsoft Corporation. - Application d'ouverture de session Windows.) - [307 Ko] - (6.0.6002.18005) - C:\Windows\System32\winlogon.exe
[MD5.C2610B6BDBEFC053BBDAB4F1B965CB24] - [21/01/2008 04:24:49] - (.© Microsoft Corporation. - Application d'ouverture de session Windows.) - [307.5 Ko] - (6.0.6001.18000) - C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[MD5.898E7C06A350D4A1A64A9EA264D55452] - [24/05/2010 17:34:39] - (.© Microsoft Corporation. - Application d'ouverture de session Windows.) - [307 Ko] - (6.0.6002.18005) - C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[MD5.3911B972B55FEA0478476B2E777B29FA] - [21/06/2011 01:38:07] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [267 Ko] - (6.0.6002.18457) - C:\Windows\System32\drivers\afd.sys
[MD5.763E172A55177E478CB419F88FD0BA03] - [21/01/2008 04:24:17] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [267.5 Ko] - (6.0.6001.18000) - C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[MD5.48EB99503533C27AC6135648E5474457] - [21/06/2011 01:38:07] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [267 Ko] - (6.0.6001.18639) - C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[MD5.C8AF25017CECB75906A571AC70D2D306] - [21/06/2011 01:38:08] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [267.5 Ko] - (6.0.6001.22905) - C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys
[MD5.A201207363AA900ABF1A388468688570] - [24/05/2010 17:32:58] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [267.5 Ko] - (6.0.6002.18005) - C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[MD5.3911B972B55FEA0478476B2E777B29FA] - [21/06/2011 01:38:07] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [267 Ko] - (6.0.6002.18457) - C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[MD5.70EE0FC7A0F384DBD929A01384AEEB4B] - [21/06/2011 01:38:08] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [267.5 Ko] - (6.0.6002.22629) - C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - [14/10/2012 14:05:23] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [19.48 Ko] - (6.0.6002.18005) - C:\Windows\erdnt\cache\atapi.sys
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - [24/05/2010 17:34:12] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [19.48 Ko] - (6.0.6002.18005) - C:\Windows\System32\drivers\atapi.sys
[MD5.2D9C903DC76A66813D350A562DE40ED9] - [21/01/2008 04:23:00] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [21.05 Ko] - (6.0.6001.18000) - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - [24/05/2010 17:34:12] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [19.48 Ko] - (6.0.6002.18005) - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[MD5.6B4BFFB9BECD728097024276430DB314] - [24/05/2010 17:32:15] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [65.5 Ko] - (6.0.6002.18005) - C:\Windows\System32\drivers\cdrom.sys
[MD5.1EC25CEA0DE6AC4718BF89F9E1778B57] - [21/01/2008 04:23:02] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [65.5 Ko] - (6.0.6001.18000) - C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[MD5.6B4BFFB9BECD728097024276430DB314] - [24/05/2010 17:32:15] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [65.5 Ko] - (6.0.6002.18005) - C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - [24/05/2010 17:34:12] - (.© Microsoft Corporation. - MBT Transport driver.) - [181.5 Ko] - (6.0.6002.18005) - C:\Windows\System32\drivers\netbt.sys
[MD5.7C5FEE5B1C5728507CD96FB4A13E7A02] - [21/01/2008 04:24:59] - (.© Microsoft Corporation. - MBT Transport driver.) - [180 Ko] - (6.0.6001.18000) - C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - [24/05/2010 17:34:12] - (.© Microsoft Corporation. - MBT Transport driver.) - [181.5 Ko] - (6.0.6002.18005) - C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys
[MD5.76B06EB8A01FC8624D699E7045303E54] - [14/10/2012 14:05:23] - (.© Microsoft Corporation. - TDI Translation Driver.) - [70.5 Ko] - (6.0.6002.18005) - C:\Windows\erdnt\cache\tdx.sys
[MD5.76B06EB8A01FC8624D699E7045303E54] - [24/05/2010 17:32:52] - (.© Microsoft Corporation. - TDI Translation Driver.) - [70.5 Ko] - (6.0.6002.18005) - C:\Windows\System32\drivers\tdx.sys
[MD5.D09276B1FAB033CE1D40DCBDF303D10F] - [21/01/2008 04:24:53] - (.© Microsoft Corporation. - TDI Translation Driver.) - [70 Ko] - (6.0.6001.18000) - C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys
[MD5.76B06EB8A01FC8624D699E7045303E54] - [24/05/2010 17:32:52] - (.© Microsoft Corporation. - TDI Translation Driver.) - [70.5 Ko] - (6.0.6002.18005) - C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys
[MD5.147281C01FCB1DF9252DE2A10D5E7093] - [24/05/2010 17:34:18] - (.© Microsoft Corporation. - Pilote de cliché instantané du volume.) - [220.98 Ko] - (6.0.6002.18005) - C:\Windows\System32\drivers\volsnap.sys
[MD5.D8B4A53DD2769F226B3EB374374987C9] - [21/01/2008 04:23:21] - (.© Microsoft Corporation. - Volume Shadow Copy Driver.) - [222.55 Ko] - (6.0.6001.18000) - C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys
[MD5.147281C01FCB1DF9252DE2A10D5E7093] - [24/05/2010 17:34:18] - (.© Microsoft Corporation. - Volume Shadow Copy Driver.) - [220.98 Ko] - (6.0.6002.18005) - C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
21:47:42
¤¤¤¤¤¤¤¤¤¤ | Processes stopped
SLsvc.exe (1252) -> Process stopped !
explorer.exe (1756) -> Process stopped !
wlanext.exe (1780) -> Process stopped !
taskeng.exe (1984) -> Process stopped !
agrsmsvc.exe (620) -> Process stopped !
AppleMobileDeviceService.exe (928) -> Process stopped !
mDNSResponder.exe (1116) -> Process stopped !
eDSService.exe (1440) -> Process stopped !
eLockServ.exe (2084) -> Process stopped !
9props.exe (2156) -> Process stopped !
eNet Service.exe (2244) -> Process stopped !
EvtEng.exe (2284) -> Process stopped !
IAANTmon.exe (2368) -> Process stopped !
PresentationSettings.exe (2380) -> Process stopped !
LSSrvc.exe (2400) -> Process stopped !
MobilityService.exe (2532) -> Process stopped !
igfxsrvc.exe (2560) -> Process stopped !
RegSrvc.exe (2724) -> Process stopped !
RichVideo.exe (2776) -> Process stopped !
vsedsps.exe (2892) -> Process stopped !
WLIDSVC.EXE (2976) -> Process stopped !
ePowerSvc.exe (3024) -> Process stopped !
SearchIndexer.exe (3068) -> Process stopped !
eRecoveryService.exe (3256) -> Process stopped !
capuserv.exe (3384) -> Process stopped !
vseamps.exe (3632) -> Process stopped !
vseqrts.exe (3684) -> Process stopped !
iashost.exe (3872) -> Process stopped !
taskeng.exe (1144) -> Process stopped !
WUDFHost.exe (3620) -> Process stopped !
SearchProtocolHost.exe (1336) -> Process stopped !
SearchFilterHost.exe (2688) -> Process stopped !
¤¤¤¤¤¤¤¤¤¤ | Running processes
Boot : Normal
[MD5.98AF15A94CD6AC37248E72E5FE789B35] - [24/05/2010 17:32:46] - 440 | C:\Windows\System32\smss.exe (.Microsoft Corporation - Windows Session Manager.) - (6.0.6002.18005) -> \SystemRoot\System32\smss.exe [64000 Ko]
[MD5.ABCA209EBA02CB59233614DB83B4F50D] - [21/01/2008 04:24:54] - 580 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Processus d'exécuttion client-serveur.) - (6.0.6001.18000) -> C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 [6144 Ko]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - [21/01/2008 04:23:42] - 624 | C:\Windows\system32\wininit.exe (.Microsoft Corporation - Application de démarrage de Windows.) - (6.0.6001.18000) -> wininit.exe [96768 Ko]
[MD5.ABCA209EBA02CB59233614DB83B4F50D] - [21/01/2008 04:24:54] - 636 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Processus d'exécuttion client-serveur.) - (6.0.6001.18000) -> C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 [6144 Ko]
[MD5.17FFE3A6642B5DE7E93DBC21E124FA19] - [24/05/2010 17:35:03] - 672 | C:\Windows\system32\services.exe (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.0.6002.18005) -> C:\Windows\system32\services.exe [279552 Ko]
[MD5.A3E186B4B935905B829219502557314E] - [18/01/2012 23:48:24] - 688 | C:\Windows\system32\lsass.exe (.Microsoft Corporation - Processus de l'autorité de sécurité locale.) - (6.0.6002.18541) -> C:\Windows\system32\lsass.exe [9728 Ko]
[MD5.7564348D8F099A4441C1A71875E104B5] - [21/01/2008 04:23:44] - 700 | C:\Windows\system32\lsm.exe (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.0.6001.18000) -> C:\Windows\system32\lsm.exe [229888 Ko]
[MD5.7A556AB2E204BF52993C0C56B61064C5] - [24/05/2010 17:34:39] - 764 | C:\Windows\system32\winlogon.exe (.Microsoft Corporation - Application d'ouverture de session Windows.) - (6.0.6002.18005) -> winlogon.exe [314368 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 864 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k DcomLaunch [21504 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 944 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k rpcss [21504 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 1020 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 1076 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21504 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 1096 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k netsvcs [21504 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 1232 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k GPSvcGroup [21504 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 1280 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k LocalService [21504 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 1504 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k NetworkService [21504 Ko]
[MD5.01DD1004181FD46ECDC3628228EB269D] - [24/05/2010 17:34:20] - 1732 | C:\Windows\system32\Dwm.exe (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.0.6002.18005) -> "C:\Windows\system32\Dwm.exe" [81920 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 1960 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork [21504 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 1244 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k bthsvcs [21504 Ko]
[MD5.39941F88BE0BB63F82651BB84D66A115] - [02/04/2011 13:58:14] - 2120 | C:\Program Files\AVAST Software\Avast\AvastUI.exe (.AVAST Software - avast! Antivirus.) - (7.0.1456.418) -> "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui [4273976 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 2328 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k hpdevmgmt [21504 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 2596 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\System32\svchost.exe -k HPZ12 [21504 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 2636 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\System32\svchost.exe -k HPZ12 [21504 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 2668 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted [21504 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 2840 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k imgsvc [21504 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 2924 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\System32\svchost.exe -k WerSvcGroup [21504 Ko]
[MD5.9E69F26034694A7FD5F1596A71F60DD1] - [24/05/2010 17:35:20] - 3456 | C:\Windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.0.6002.18005) -> C:\Windows\system32\wbem\wmiprvse.exe [247296 Ko]
[MD5.8274C87726D4561EE8750D883764ACC1] - [24/05/2010 17:32:31] - 3820 | C:\Windows\system32\wbem\unsecapp.exe (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.0.6002.18005) -> C:\Windows\system32\wbem\unsecapp.exe -Embedding [37888 Ko]
[MD5.9E69F26034694A7FD5F1596A71F60DD1] - [24/05/2010 17:35:20] - 4072 | C:\Windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.0.6002.18005) -> C:\Windows\system32\wbem\wmiprvse.exe [247296 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 3168 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21504 Ko]
[MD5.FD7305B4BB3C885B89D452280AC84C1E] - [15/10/2012 21:44:36] - 2692 | C:\Users\moi\Desktop\winlogon.exe (. - g3n-h@ckm@n.) - (2.1.0.13) -> "C:\Users\moi\Desktop\winlogon.exe" [2184043 Ko]
[MD5.BD8235468636C0336809E02870F6A9F4] - [21/01/2008 04:24:59] - 2700 | C:\Windows\system32\WUDFHost.exe (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l'infrastructure de pilotes en mode utilisateur.) - (6.0.6001.18000) -> "C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-039de068-6e2d-4c3e-8d29-031ed8653dba -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-e1732033-7f7d-4233-b05d-0b4041a23bf6 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-659b9263-b42f-4434-8a2a-cb5fee5fec5b -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:3b135247-8199-40b8-96b0-273e24ac1ef5 [142336 Ko]
[MD5.722E084E343D931816A2D2460A90322A] - [18/08/2009 11:29:22] - 3472 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (.Microsoft Corporation - Microsoft® Windows Live ID Service.) - (6.500.3165.0) -> "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [1529728 Ko]
[MD5.84BFEFB961F08FD31D0CC201A7EE2295] - [18/08/2009 11:29:22] - 3552 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (.Microsoft Corporation - Microsoft® Windows Live ID Service Monitor.) - (6.500.3165.0) -> WLIDSvcM.exe 3472 [183152 Ko]
[MD5.701AAD2C6A028D1A53F15B904E78218A] - [24/05/2010 17:37:00] - 1808 | C:\Windows\system32\SearchIndexer.exe (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.6002.18005) -> C:\Windows\system32\SearchIndexer.exe /Embedding [441344 Ko]
[MD5.AC0429539F33CEE12CD626CDCB5C9301] - [26/01/2011 21:41:43] - 620 | C:\Windows\system32\taskeng.exe (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.0.6002.18342) -> taskeng.exe {AAA4804B-9263-4C2F-AC4C-87E98871EA11} [171520 Ko]
[MD5.B760E2B743302B9C9C501836E7F80076] - [28/08/2009 19:42:54] - 316 | C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (.Apple Inc. - Apple Mobile Device Service.) - (2.50.39.0) -> "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [144672 Ko]
[MD5.E28516FED46251119ADDAF4CF33BA401] - [25/05/2008 17:50:12] - 1492 | C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (.Acer Inc. - Acer eLock Management.) - (2.5.4011.0) -> "C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe" [24576 Ko]
[MD5.44E8E86CEEB0D9F0F934B5EDC21E0444] - [25/05/2008 17:48:10] - 2088 | C:\Acer\Empowering Technology\eNet\eNet Service.exe (.Acer Inc. - acer eNet Management Service.) - (2.6.4.303) -> "C:\Acer\Empowering Technology\eNet\eNet Service.exe" [131072 Ko]
[MD5.25D7326440FDF48AA98DF39BEAF87A0E] - [25/05/2008 17:46:49] - 2308 | C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (.acer - WMIServi Application.) - (2.5.4301.0) -> "C:\Acer\Empowering Technology\ePower\ePowerSvc.exe" [167936 Ko]
[MD5.A9745687A57CDD71237915859ABA8DAC] - [25/05/2008 17:52:02] - 2420 | C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe (. - Service.) - (2.5.4302.0) -> "C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe" [24576 Ko]
[MD5.AC0429539F33CEE12CD626CDCB5C9301] - [26/01/2011 21:41:43] - 3204 | C:\Windows\system32\taskeng.exe (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.0.6002.18342) -> taskeng.exe {B65D0CAA-D98E-4E00-B32F-206892F33E90} [171520 Ko]
[MD5.97D9D6A04E3AD9B6C626B9931DB78DBA] - [24/05/2010 17:32:16] - 2660 | C:\Windows\servicing\TrustedInstaller.exe (.Microsoft Corporation - Programme d'installation de modules Windows.) - (6.0.6002.18005) -> C:\Windows\servicing\TrustedInstaller.exe [39424 Ko]
[MD5.DD37E9B19A76AB31C184EFA13A7540ED] - [24/05/2010 17:37:51] - 3024 | C:\Windows\system32\SLsvc.exe (.Microsoft Corporation - Service de gestion des licences Microsoft.) - (6.0.6002.18005) -> C:\Windows\system32\SLsvc.exe [3408896 Ko]
¤¤¤¤¤¤¤¤¤¤ | Winlogon
¤
[HKLM | Winlogon]|[Shell] : Explorer.exe
[HKLM | Winlogon]|[AutoRestartShell] : 1 -> 0
[HKLM | Winlogon]|[userinit] : C:\Windows\system32\userinit.exe,
[HKLM | Winlogon]|[PowerDownAfterShutdown] : 0 -> 1
[HKLM | Winlogon]|[System] :
¤¤¤¤¤¤¤¤¤¤ | Associations
[.exe] : exefile
[exefile | command] : "%1" %*
[.com] : ComFile
[comfile | command] : "%1" %*
[.reg] : regfile
[regfile | command] : regedit.exe "%1"
[.scr] : scrfile
[scrfile | command] : "%1" /S
[.bat] : batfile
[batfile | command] : "%1" %*
[.cmd] : cmdfile
[cmdfile | command] : "%1" %*
[.pif] : piffile
[piffile | command] : "%1" %*
[.url] : InternetShortcut
[InternetShortcut | command] : "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l
[Application.Manifest | command] : rundll32.exe dfshim.dll,ShOpenVerbApplication %1
[Application.Reference | command] : rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2
[Folder | command] : %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L -> C:\Windows\explorer.exe
¤
[IE | Command] | @ : "C:\Program Files\Internet Explorer\iexplore.exe"
[Applications | IE | Command] | @ : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[Assoc | Applications] | @ : http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s
¤¤¤¤¤¤¤¤¤¤ | Corrections diverses
[HKLM | Advanced\Folder\Hidden\SHOWALL]|[CheckedValue] : 1
[HKLM | CurrentVersion\Explorer]|[AlwaysUnloadDll] : -> 1
[HKU\S-1-5-19 | Desktop]|[Wallpaper] : C:\windows\Web\Wallpaper\img24.jpg
[HKU\S-1-5-20 | Desktop]|[Wallpaper] : C:\windows\Web\Wallpaper\img24.jpg
[HKU\S-1-5-21-3246961087-3216457336-508488238-1000 | Desktop]|[Wallpaper] : C:\Users\moi\Pictures\wallpaper-planetes-et-espace.jpg
[HKU\S-1-5-18 | Desktop]|[Wallpaper] : (None)
[HKU\S-1-5-19 | Explorer\Advanced]|[Hidden] : -> 0
[HKU\S-1-5-20 | Explorer\Advanced]|[Hidden] : -> 0
[HKU\S-1-5-21-3246961087-3216457336-508488238-1000 | Explorer\Advanced]|[Hidden] : 2 -> 0
[HKU\S-1-5-21-3246961087-3216457336-508488238-1000_Classes | Explorer\Advanced]|[Hidden] : -> 0
[HKU\S-1-5-18 | Explorer\Advanced]|[Hidden] : -> 0
[HKLM | Policies\System]|[DisableRegistryTools] : 0
[HKLM | Control\SafeBoot]|[AlternateShell] : cmd.exe
[HKU\S-1-5-21-3246961087-3216457336-508488238-1000 | HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0
[HKU\S-1-5-21-3246961087-3216457336-508488238-1000 | HideDesktopIcons\ClassicStartMenu]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0
[HKU\S-1-5-21-3246961087-3216457336-508488238-1000 | Explorer\Advanced]|[Start_ShowUser] : 1
[HKU\S-1-5-21-3246961087-3216457336-508488238-1000 | Explorer\Advanced]|[Start_EnableDragDrop] : 1
21:48:02
¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair
[HKLM | Safeboot] -> OK
[HKLM | Safeboot\Minimal] -> OK
[HKLM | Safeboot\Network] -> OK
¤
[HKLM | Minimal\Base] : Driver Group -> OK
[HKLM | Minimal\Boot Bus Extender] : Driver Group -> OK
[HKLM | Minimal\Boot file system] : Driver Group -> OK
[HKLM | Minimal\File system] : Driver Group -> OK
[HKLM | Minimal\Filter] : Driver Group -> OK
[HKLM | Minimal\PCI Configuration] : Driver Group -> OK
[HKLM | Minimal\PNP Filter] : Driver Group -> OK
[HKLM | Minimal\Primary disk] : Driver Group -> OK
[HKLM | Minimal\SCSI Class] : Driver Group -> OK
[HKLM | Minimal\System Bus Extender] : Driver Group -> OK
[HKLM | Minimal\AppMgmt] : Service -> OK
[HKLM | Minimal\CryptSvc] : Service -> OK
[HKLM | Minimal\DcomLaunch] : Service -> OK
[HKLM | Minimal\dmadmin] : -> Service
[HKLM | Minimal\dmserver] : -> Service
[HKLM | Minimal\EventLog] : Service -> OK
[HKLM | Minimal\HelpSvc] : Service -> OK
[HKLM | Minimal\Netlogon] : Service -> OK
[HKLM | Minimal\PlugPlay] : Service -> OK
[HKLM | Minimal\RpcSs] : Service -> OK
[HKLM | Minimal\SRService] : -> Service
[HKLM | Minimal\vds] : Service -> OK
[HKLM | Minimal\WinMgmt] : Service -> OK
[HKLM | Minimal\dmboot.sys] : -> Driver
[HKLM | Minimal\dmio.sys] : -> Driver
[HKLM | Minimal\dmload.sys] : -> Driver
[HKLM | Minimal\sermouse.sys] : Driver -> OK
[HKLM | Minimal\vga.sys] : Driver -> OK
[HKLM | Minimal\vgasave.sys] : Driver -> OK
[HKLM | Minimal\sr.sys] : -> FSFilter System Recovery
[HKLM | Minimal\{36FC9E60-C465-11CF-8056-444553540000}] : Universal Serial Bus controllers -> OK
[HKLM | Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] : CD-ROM Drive -> OK
[HKLM | Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] : DiskDrive -> OK
[HKLM | Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] : Standard floppy disk controller -> OK
[HKLM | Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] : Hdc -> OK
[HKLM | Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] : Keyboard -> OK
[HKLM | Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] : Mouse -> OK
[HKLM | Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] : PCMCIA Adapters -> OK
[HKLM | Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] : SCSIAdapter -> OK
[HKLM | Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] : System -> OK
[HKLM | Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] : Floppy disk drive -> OK
[HKLM | Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] : Volume shadow copy -> OK
[HKLM | Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] : Volume -> OK
[HKLM | Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] : Human Interface Devices -> OK
¤
[HKLM | Network\Base] : Driver Group -> OK
[HKLM | Network\Boot Bus Extender] : Driver Group -> OK
[HKLM | Network\Boot file system] : Driver Group -> OK
[HKLM | Network\File system] : Driver Group -> OK
[HKLM | Network\Filter] : Driver Group -> OK
[HKLM | Network\NDIS] : Driver Group -> OK
[HKLM | Network\NDIS Wrapper] : Driver Group -> OK
[HKLM | Network\NetBIOSGroup] : Driver Group -> OK
[HKLM | Network\NetDDEGroup] : Driver Group -> OK
[HKLM | Network\Network] : Driver Group -> OK
[HKLM | Network\NetworkProvider] : Driver Group -> OK
[HKLM | Network\PCI Configuration] : Driver Group -> OK
[HKLM | Network\PNP Filter] : Driver Group -> OK
[HKLM | Network\PNP_TDI] : Driver Group -> OK
[HKLM | Network\Primary disk] : Driver Group -> OK
[HKLM | Network\SCSI Class] : Driver Group -> OK
[HKLM | Network\Streams Drivers] : Driver Group -> OK
[HKLM | Network\System Bus Extender] : Driver Group -> OK
[HKLM | Network\TDI] : Driver Group -> OK
[HKLM | Network\AFD] : Service -> OK
[HKLM | Network\AppMgmt] : Service -> OK
[HKLM | Network\Browser] : Service -> OK
[HKLM | Network\CryptSvc] : Service -> OK
[HKLM | Network\DcomLaunch] : Service -> OK
[HKLM | Network\Dhcp] : Service -> OK
[HKLM | Network\dmadmin] : -> Service
[HKLM | Network\dmserver] : -> Service
[HKLM | Network\DnsCache] : Service -> OK
[HKLM | Network\EventLog] : Service -> OK
[HKLM | Network\HelpSvc] : Service -> OK
[HKLM | Network\LanmanServer] : Service -> OK
[HKLM | Network\LanmanWorkstation] : Service -> OK
[HKLM | Network\LmHosts] : Service -> OK
[HKLM | Network\Messenger] : Service -> OK
[HKLM | Network\Ndisuio] : Service -> OK
[HKLM | Network\NetBIOS] : Service -> OK
[HKLM | Network\NetBT] : Service -> OK
[HKLM | Network\Netlogon] : Service -> OK
[HKLM | Network\NetMan] : Service -> OK
[HKLM | Network\NtLmSsp] : -> Service
[HKLM | Network\PlugPlay] : Service -> OK
[HKLM | Network\rdsessmgr] : Service -> OK
[HKLM | Network\RpcSs] : Service -> OK
[HKLM | Network\sharedaccess] : Service -> OK
[HKLM | Network\SRService] : -> Service
[HKLM | Network\Tcpip] : Service -> OK
[HKLM | Network\termservice] : -> Service
[HKLM | Network\vds] : Service -> OK
[HKLM | Network\WinMgmt] : Service -> OK
[HKLM | Network\Wlansvc] : Service -> OK
[HKLM | Network\dmboot.sys] : -> Driver
[HKLM | Network\dmio.sys] : -> Driver
[HKLM | Network\dmload.sys] : -> Driver
[HKLM | Network\ipnat.sys] : Driver -> OK
[HKLM | Network\ip6fw.sys] : -> Driver
[HKLM | Network\rdpcdd.sys] : -> Driver
[HKLM | Network\sr.sys] : -> FSFilter System Recovery
[HKLM | Network\{36FC9E60-C465-11CF-8056-444553540000}] : Universal Serial Bus controllers -> OK
[HKLM | Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] : CD-ROM Drive -> OK
[HKLM | Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] : DiskDrive -> OK
[HKLM | Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] : Standard floppy disk controller -> OK
[HKLM | Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] : Hdc -> OK
[HKLM | Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] : Keyboard -> OK
[HKLM | Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] : Mouse -> OK
[HKLM | Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] : Net -> OK
[HKLM | Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] : NetClient -> OK
[HKLM | Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] : NetService -> OK
[HKLM | Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] : NetTrans -> OK
[HKLM | Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] : PCMCIA Adapters -> OK
[HKLM | Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] : SCSIAdapter -> OK
[HKLM | Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] : System -> OK
[HKLM | Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] : Floppy disk drive -> OK
[HKLM | Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] : Volume -> OK
[HKLM | Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] : Human Interface Devices -> OK
¤¤¤¤¤¤¤¤¤¤ | IFEO
¤¤¤¤¤¤¤¤¤¤ | Mountpoints2
¤¤¤¤¤¤¤¤¤¤ | Windows
[HKLM | Session Manager\SubSystems]|[Windows] : winsrv : %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[Programs] : com exe bat pif cmd
¤¤¤¤¤¤¤¤¤¤ | Security Center
[HKLM | Security Center]|[AntiVirusDisableNotify] : 0
[HKLM | Security Center]|[FirewallDisableNotify] : 0
[HKLM | Security Center]|[UpdatesDisableNotify] : 0
[HKLM | Security Center\svc]|[AntispywareOverride] : 0
[HKLM | Security Center\svc]|[AntiVirusOverride] : 0
[HKLM | Security Center\svc]|[FirewallOverride] : 0
[HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
[HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]|[DisableMonitoring] : 1
[HKLM | FirewallPolicy\DomainProfile]|[DisableNotifications] : 0
[HKLM | FirewallPolicy\StandardProfile]|[DisableNotifications] : 0
¤¤¤¤¤¤¤¤¤¤ | Services Corrections
[Compbatt] : 0 : Actif
[RPCSS] : 2 : Actif
[Profsvc] : 2 : Actif
[PlugPlay] : 2 : Actif
[PEAUTH] : 2 : Actif
[Parvdm] : 2 : Inactif
[nsi] : 2 : Actif
[NLASvc] : 2 : Actif
[MPSsvc] : 2 : Actif
[MMCSS] : 2 : Actif
[luafv] : 2 : Actif
[lltdio] : 2 : Actif
[Iphlpsvc] : 2 : Actif
[IKEEXT] : 2 : Actif
[gpsvc] : 2 : Actif
[lmhosts] : 2 : Actif
[LanmanWorkstation] : 2 : Actif
[LanmanServer] : 2 : Actif
[agp440] : 3 -> 2 : Inactif
[AudioEndpointBuilder] : 2 : Actif
[Audiosrv] : 2 : Actif
[BFE] : 2 : Actif
[Bits] : 3 -> 2 : Actif
[CryptSvc] : 2 : Actif
[EapHost] : 3 -> 2 : Actif
[Wlansvc] : 2 : Actif
[SharedAccess] : 2 : Inactif
[windefend] : 3 -> 2 : Inactif
[winmgmt] : 2 : Actif
[wuauserv] : 2 : Actif
[wudfsvc] : 2 : Actif
[WerSvc] : 2 : Actif
[wscsvc] : 2 : Actif
[Cmbatt] : 3 : Actif
[Ndisuio] : 3 : Actif
21:48:02
¤¤¤¤¤¤¤¤¤¤ | Internet Explorer
[HKU\S-1-5-21-3246961087-3216457336-508488238-1000 | Main]|[Start Page] : http://yahoo.fr/ -> http://www.google.com/
[HKU\S-1-5-18 | Main]|[Start Page] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> http://www.google.com/
[HKU\S-1-5-21-3246961087-3216457336-508488238-1000 | Main]|[Local Page] : C:\Windows\system32\blank.htm
[HKU\S-1-5-21-3246961087-3216457336-508488238-1000 | Main]|[Search Page] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKU\S-1-5-18 | Main]|[Search Page] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKLM | Search]|[SearchAssistant] : http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> http://www.google.com/ie
[HKLM | Main]|[Start Page] : http://fr.fr.acer.yahoo.com -> http://go.microsoft.com/fwlink/?LinkId=69157
[HKLM | Main]|[Local Page] : C:\Windows\System32\blank.htm
[HKLM | Main]|[Default_Search_URL] : http://go.microsoft.com/fwlink/?LinkId=54896
[HKLM | Main]|[Default_Page_URL] : http://go.microsoft.com/fwlink/?LinkId=69157
[HKLM | Main]|[Search Page] : http://go.microsoft.com/fwlink/?LinkId=54896
[HKLM | AboutURLs]|[Tabs] : -> res://ieframe.dll/tabswelcome.htm
¤
[HKU\S-1-5-21-3246961087-3216457336-508488238-1000 | PhishingFilter]|[Enabled] : 2
[HKU\S-1-5-21-3246961087-3216457336-508488238-1000 | PhishingFilter]|[EnabledV8] : 1
[HKU\S-1-5-21-3246961087-3216457336-508488238-1000 | Internet settings]|[ProxyOverride] : <local> -> *.local
[HKU\S-1-5-19 | Internet settings]|[EnableHttp1_1] : 1
[HKU\S-1-5-20 | Internet settings]|[EnableHttp1_1] : 1
[HKU\S-1-5-21-3246961087-3216457336-508488238-1000 | Internet settings]|[EnableHttp1_1] : 1
[HKU\S-1-5-21-3246961087-3216457336-508488238-1000 | Internet settings]|[MigrateProxy] : 1
[HKU\S-1-5-19 | Internet settings]|[AutoConfigProxy] : wininet.dll
[HKU\S-1-5-20 | Internet settings]|[AutoConfigProxy] : wininet.dll
[HKU\S-1-5-21-3246961087-3216457336-508488238-1000 | Internet settings]|[AutoConfigProxy] : wininet.dll
[HKU\S-1-5-18 | Internet settings]|[AutoConfigProxy] : wininet.dll
¤¤¤¤¤¤¤¤¤¤ | Hosts
C:\Windows\System32\Drivers\etc\hosts : Cleaned :)
¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry
Quarantined and deleted Successfully : C:\Users\moi\AppData\Local\Temp\~DF42FD.tmp
Impossible to move : C:\Users\moi\AppData\Local\Temp\~DFB1D6.tmp
Quarantined and deleted Successfully : C:\Windows\Temp\hpqddsvc.log
Quarantined and deleted Successfully : C:\Users\moi\AppData\Roaming\Microsoft\CLView\Toolbars.dat
Quarantined and deleted Successfully : C:\Users\moi\AppData\Local\microsoft\windows\WindowsUpdate.log
Quarantined and deleted Successfully : C:\ProgramData\hpzinstall.log
Quarantined and deleted Successfully : C:\ProgramData\ma-config.com\mcbase.db
Impossible to move : C:\ProgramData\ma-config.com
Quarantined and deleted Successfully : C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\instance.dat
Quarantined and deleted Successfully : C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\mia.dll
Quarantined and deleted Successfully : C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.dat
Quarantined and deleted Successfully : C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe
22:14:16
Impossible to move : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
Quarantined and deleted Successfully : C:\ProgramData\Microsoft\Windows\Start Menu\Installation du Contrôle Parental.lnk
Quarantined and deleted Successfully : C:\ProgramData\Microsoft\Windows\Start Menu\Program Updates.lnk
Quarantined and deleted Successfully : C:\Users\moi\Desktop\ZHP_uninstall.exe
Quarantined and deleted Successfully : C:\Users\moi\AppData\Local\d3d9caps.dat
Quarantined and deleted Successfully : |D| - C:\Users\moi\AppData\Roaming\InstallShield
Quarantined and deleted Successfully : C:\junction.exe
Quarantined and deleted Successfully : C:\Users\moi\AppData\Local\temporary internet files\Content.IE5\B7GGK2ME\desktop.ini
Quarantined and deleted Successfully : C:\Users\moi\AppData\Local\temporary internet files\Content.IE5\EVBQ2LTV\desktop.ini
Quarantined and deleted Successfully : C:\Users\moi\AppData\Local\temporary internet files\Content.IE5\EVBQ2LTV\NavAbonnes[1]..fr_extranet_servlet_NavAbonnes_tache=public&action=inscription
Quarantined and deleted Successfully : C:\Users\moi\AppData\Local\temporary internet files\Content.IE5\VC6P5I0V\desktop.ini
Quarantined and deleted Successfully : C:\Users\moi\AppData\Local\temporary internet files\Content.IE5\W4C2A06X\desktop.ini
Quarantined and deleted Successfully : C:\Users\moi\AppData\Local\temporary internet files\Low\Content.IE5\IGXIN12A\desktop.ini
Quarantined and deleted Successfully : C:\Users\moi\AppData\Local\temporary internet files\Low\Content.IE5\QO667WKW\desktop.ini
Quarantined and deleted Successfully : C:\Users\moi\AppData\Local\temporary internet files\Low\Content.IE5\SFFOP3U3\desktop.ini
Quarantined and deleted Successfully : C:\Users\moi\AppData\Local\temporary internet files\Low\Content.IE5\WX3SV3QZ\desktop.ini
Quarantined and deleted Successfully : |D| - C:\Users\moi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0
Quarantined and deleted successfully : C:\Windows\Prefetch\9LAUNCH.EXE-DC466C0D.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\ADWCLEANER.EXE-25D785B7.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\ATTRIB.EXE-A990CB86.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\AVASTEMUPDATE.EXE-6EF4B603.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\CAPUSERV.EXE-363A5C63.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\CCLEANER.EXE-D4D76A60.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\CMD.EXE-4A81B364.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\COMPILEMOF.EXE-BD9CCB90.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\CONIME.EXE-9781FD5F.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\CONSENT.EXE-531BD9EA.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\CSCRIPT.EXE-D1EF4768.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\DEFRAG.EXE-588F90AD.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\DFRGNTFS.EXE-7E4077FE.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\DLLHOST.EXE-766398D2.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\DLLHOST.EXE-B2EB1806.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\DRVINST.EXE-4CB4314A.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\DWM.EXE-6FFD3DA8.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\ELISA.EXE-9E01C1CF.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\EPOWERSVC.EXE-959CFF97.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\FINDSTR.EXE-2E9C6FE2.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\ICACLS.EXE-E79D2D93.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\IEXPLORE.EXE-0CECD92D.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\IEXPLORE.EXE-812AD5F1.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\IEXPLORE.EXE-8F1B6CBC.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\IGFXSRVC.EXE-96A493A4.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\INFOCARD.EXE-ECED8D38.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\IPCONFIG.EXE-912F3D5B.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\MBRWRWIN.EXE-2144233B.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\MFPMP.EXE-26F35380.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\MMC.EXE-D557C836.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\MOBSYNC.EXE-C5E2284F.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\MSCORSVW.EXE-C3C515BD.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\MSOHTMED.EXE-675EE324.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\NIRCMD.EXE-3196DFA3.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\NIRCMDB.EXE-90BE1A8C.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\PEV.EXE-1365ECE9.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\PEV.EXE-27C730E0.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\PING.EXE-7E94E73E.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\REGEDIT.EXE-90FEEA06.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\REGSVR32.EXE-8461DBEE.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\ROUTE.EXE-5E3D06CB.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\RSTRUI.EXE-2D50C58D.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\RUNDLL32.EXE-1304AE86.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\RUNDLL32.EXE-6D2968F1.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SDCLT.EXE-E10B972A.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SED.EXE-3A5D7D2E.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SF.EXE-08EC603E.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SORT.EXE-99A4F778.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SPOOLSV.EXE-D1F6B8B6.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SSVAGENT.EXE-42E515EF.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SVCHOST.EXE-007FEA55.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SVCHOST.EXE-E2C2633A.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SWREG.EXE-3B27F432.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SWSC.EXE-0A6BEB9A.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\TASKMGR.EXE-5F5F473D.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\UNSECAPP.EXE-A02905A6.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\USERINIT.EXE-2257A3E7.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\VERCLSID.EXE-7C52E31C.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\WERCON.EXE-E36BD04E.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\WERFAULT.EXE-E69F695A.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\WMPLAYER.EXE-BAD6BD53.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\WSQMCONS.EXE-118B52B7.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\WUAUCLT.EXE-70318591.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\XCOPY.EXE-41E6513F.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\PRE_SCAN.PIF-D1C70390.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\PRE_SCAN.PIF-F297CC81.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\CHCP.COM-61043047.pf
¤¤¤¤¤¤¤¤¤¤ | quarantined at reboot
Quarantined and deleted Successfully at Reboot : C:\Users\moi\AppData\Local\Temp\~DFB1D6.tmp
Quarantined and deleted Successfully at Reboot : C:\ProgramData\ma-config.com
Quarantined and deleted Successfully at Reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
¤¤¤¤¤
22:19:57
¤¤¤¤¤¤¤¤¤¤ | Listing Partition(s)
Disk: 0 Size=305G
Pos MBRndx Type/Name Size Active Hide Start Sector Sectors
--- ------ ---------- ---- ------ ---- ------------ ------------
0 0 27-UNKNWN 10.0G No No 2,048 20,480,000
1 1 07-NTFS 148G Yes No 20,482,048 302,346,240
2 2 07-NTFS 148G No No 322,828,288 302,311,424
¤¤¤¤¤¤¤¤¤¤ | MBR Control
MBR code signature : 11 75 CF CE
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD3200BEVT-22ZCT0 rev.11.01A11 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
1 ntkrnlpa!IofCallDriver[82C5F936] -> \Device\Harddisk0\DR0[8684C210]
3 CLASSPNP[8B3A38B3] -> ntkrnlpa!IofCallDriver[82C5F936] -> [861385D8]
5 acpi[8069F6BC] -> ntkrnlpa!IofCallDriver[82C5F936] -> \Device\Ide\IdeDeviceP2T0L0-2[860FE5A8]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 7c1b; MOV DI, 61b; PUSH AX; PUSH DI; MOV CX, 1e5; REP MOVSB ; RETF ; MOV DI, 5; XOR AX, AX; MOV DL, 80; INT 13; JAE 2d; DEC DI; }
user & kernel MBR OK
22:20:06
[HKLM | Winlogon] | AutoRestartShell : 0 -> 1
¤¤¤¤¤¤¤¤¤¤ | Hidden files
~ [Disque d:] Folders : 0 | Files : 0
~ [Disque f:] Folders : 0 | Files : 0
~ [Disque C:] Folders : 0 | Files : 0
~ [ProgramFiles] Folders : 1 | Files : 0 ¤¤¤¤¤ Unhide ¤¤¤¤¤ Folders : 1 | Files : 0
~ [Utilisateurs] Folders : 1 | Files : 0 ¤¤¤¤¤ Unhide ¤¤¤¤¤ Folders : 1 | Files : 0
~ [Music] Folders : 0 | Files : 0
~ [Pictures] Folders : 0 | Files : 0
~ [Videos] Folders : 0 | Files : 0
~ [Downloads] Folders : 0 | Files : 0
~ [Desktop] Folders : 0 | Files : 0
~ [Links] Folders : 0 | Files : 0
~ [Searches] Folders : 0 | Files : 0
~ [Contacts] Folders : 0 | Files : 0
~ [Saved_Games] Folders : 0 | Files : 0
~ [Favorites] Folders : 0 | Files : 0
~ [Documents] Folders : 3 | Files : 0 ¤¤¤¤¤ Unhide ¤¤¤¤¤ Folders : 3 | Files : 0
~ [Windows] Folders : 6 | Files : 85 ¤¤¤¤¤ Unhide ¤¤¤¤¤ Folders : 6 | Files : 85
~ [Start_Menu] Folders : 1 | Files : 0 ¤¤¤¤¤ Unhide ¤¤¤¤¤ Folders : 1 | Files : 0
~ [Libraries] Folders : 0 | Files : 0
~ [quick launch] Folders : 0 | Files : 0
~ [AppData] Folders : 0 | Files : 1 ¤¤¤¤¤ Unhide ¤¤¤¤¤ Folders : 0 | Files : 1
Fin : 22:25:15
¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤
C:\Users\moi\Desktop\Pre_Scan_15_10_2012_21_45_31.txt
MErci
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | 2.1014 | g3n-h@ckm@n & Saachaa | ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤
~ Update on 14/10/2012 | 13.50 by g3n-h@ckm@n
~ Informations | Evolution : http://gen-hackman.forum-pro.fr/t64-historique-de-l-outil
~ Informations for the switches Pre_Script : http://gen-hackman.forum-pro.fr/t89-les-switchs
~ Feedback Pre_scan : http://gen-hackman.forum-pro.fr/t93-feedback-pre_scan#505
~ Thx to C_XX , Slyk for their help for the evolution of the tool
~ User : moi (Administrateurs) | SID = S-1-5-21-3246961087-3216457336-508488238-1000
~ Computer : PC-DE-MOI
~ System : Windows Vista (TM) Home Premium (32 bits) HomePremium Service Pack 2
~ RegisteredOwner : moi
~ RegisteredOrganization :
~ ProcessorNameString : Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz
~ Identifier : x86 Family 6 Model 15 Stepping 13
~ Mémory RAM = Total (KB) : 3135160 | Used (%) : 34 | Free (KB) : 2055900
~ Pagefile = Total (KB) : 6477440 | Free (KB) : 5558430
~ Virtual = Total (KB) : 2097020 | Free (KB) : 1931680
¤¤¤¤¤¤¤¤¤¤ | Boot's scripts
¤¤¤¤¤¤¤¤¤¤ | Drives
c:\ -> [Fixed] | [ACER] | Total : 147630 Mo | Free : 11440 Mo -> NTFS
d:\ -> [Fixed] | [DATA] | Total : 147610 Mo | Free : 146700 Mo -> NTFS
f:\ -> [Removable] | [KINGSTON] | Total : 7630 Mo | Free : 7630 Mo -> FAT32
Scan : 21:45:31 | 15/10/2012
¤¤¤¤¤¤¤¤¤¤ | Windows Updates
Last(s) détection(s) : 2012-09-07 23:10:18
Last(s) download(s) : 2012-09-07 23:32:51
Last(s) installation(s) : 2012-09-05 22:11:39
Next search : 2012-10-15 19:45:05
¤¤¤¤¤¤¤¤¤¤ | Sessions
~ C:\Windows\system32\config\systemprofile
~ C:\Windows\ServiceProfiles\LocalService
~ C:\Windows\ServiceProfiles\NetworkService
~ C:\Users\moi
New restorepoint created
¤¤¤¤¤¤¤¤¤¤ | MD5 Control
[MD5.9157E35A576ABEF53075789F28C44230] - [15/10/2012 21:45:32] - [0.5 Ko] - C:\Pre_Scan\MBR.bin
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - [24/05/2010 17:35:50] - (.© Microsoft Corporation. - Explorateur Windows.) - [2858 Ko] - (6.0.6002.18005) - C:\Windows\explorer.exe
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - [14/10/2012 14:05:24] - (.© Microsoft Corporation. - Explorateur Windows.) - [2858 Ko] - (6.0.6002.18005) - C:\Windows\erdnt\cache\explorer.exe
[MD5.37440D09DEAE0B672A04DCCF7ABF06BE] - [31/01/2009 18:24:48] - (.© Microsoft Corporation. - Explorateur Windows.) - [2855 Ko] - (6.0.6000.16771) - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[MD5.E7156B0B74762D9DE0E66BDCDE06E5FB] - [31/01/2009 18:24:47] - (.© Microsoft Corporation. - Explorateur Windows.) - [2855 Ko] - (6.0.6000.20947) - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[MD5.FFA764631CB70A30065C12EF8E174F9F] - [21/01/2008 04:24:24] - (.© Microsoft Corporation. - Explorateur Windows.) - [2858.5 Ko] - (6.0.6001.18000) - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[MD5.4F554999D7D5F05DAAEBBA7B5BA1089D] - [31/01/2009 18:24:47] - (.© Microsoft Corporation. - Explorateur Windows.) - [2858.5 Ko] - (6.0.6001.18164) - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[MD5.50BA5850147410CDE89C523AD3BC606E] - [31/01/2009 18:24:47] - (.© Microsoft Corporation. - Explorateur Windows.) - [2859 Ko] - (6.0.6001.22298) - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - [24/05/2010 17:35:50] - (.© Microsoft Corporation. - Explorateur Windows.) - [2858 Ko] - (6.0.6002.18005) - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[MD5.ABCA209EBA02CB59233614DB83B4F50D] - [21/01/2008 04:24:54] - (.© Microsoft Corporation. - Processus d'exécuttion client-serveur.) - [6 Ko] - (6.0.6001.18000) - C:\Windows\System32\csrss.exe
[MD5.ABCA209EBA02CB59233614DB83B4F50D] - [21/01/2008 04:24:54] - (.© Microsoft Corporation. - Client Server Runtime Process.) - [6 Ko] - (6.0.6001.18000) - C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe
[MD5.D4E6D91C1349B7BFB3599A6ADA56851B] - [14/10/2012 14:05:23] - (.© Microsoft Corporation. - Applications Services et Contrôleur.) - [273 Ko] - (6.0.6002.18005) - C:\Windows\erdnt\cache\services.exe
[MD5.D4E6D91C1349B7BFB3599A6ADA56851B] - [24/05/2010 17:35:03] - (.© Microsoft Corporation. - Applications Services et Contrôleur.) - [273 Ko] - (6.0.6002.18005) - C:\Windows\System32\services.exe
[MD5.2B336AB6286D6C81FA02CBAB914E3C6C] - [21/01/2008 04:24:48] - (.© Microsoft Corporation. - Applications Services et Contrôleur.) - [272.5 Ko] - (6.0.6001.18000) - C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[MD5.D4E6D91C1349B7BFB3599A6ADA56851B] - [24/05/2010 17:35:03] - (.© Microsoft Corporation. - Applications Services et Contrôleur.) - [273 Ko] - (6.0.6002.18005) - C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[MD5.98AF15A94CD6AC37248E72E5FE789B35] - [24/05/2010 17:32:46] - (.© Microsoft Corporation. - Windows Session Manager.) - [62.5 Ko] - (6.0.6002.18005) - C:\Windows\System32\smss.exe
[MD5.6701DDAF68BEDE6BBEEA9D514D73A35B] - [21/01/2008 04:23:50] - (.© Microsoft Corporation. - Windows Session Manager.) - [62.5 Ko] - (6.0.6001.18000) - C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_ac3aa7fd19319fba\smss.exe
[MD5.98AF15A94CD6AC37248E72E5FE789B35] - [24/05/2010 17:32:46] - (.© Microsoft Corporation. - Windows Session Manager.) - [62.5 Ko] - (6.0.6002.18005) - C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.18005_none_ae26210916536b06\smss.exe
[MD5.0E135526E9785D085BCD9AEDE6FBCBF9] - [14/10/2012 14:05:24] - (.© Microsoft Corporation. - Application d'ouverture de session Userinit.) - [24.5 Ko] - (6.0.6001.18000) - C:\Windows\erdnt\cache\userinit.exe
[MD5.0E135526E9785D085BCD9AEDE6FBCBF9] - [21/01/2008 04:24:49] - (.© Microsoft Corporation. - Application d'ouverture de session Userinit.) - [24.5 Ko] - (6.0.6001.18000) - C:\Windows\System32\userinit.exe
[MD5.0E135526E9785D085BCD9AEDE6FBCBF9] - [21/01/2008 04:24:49] - (.© Microsoft Corporation. - Application d'ouverture de session Userinit.) - [24.5 Ko] - (6.0.6001.18000) - C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - [14/10/2012 14:05:24] - (.© Microsoft Corporation. - Application de démarrage de Windows.) - [94.5 Ko] - (6.0.6001.18000) - C:\Windows\erdnt\cache\wininit.exe
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - [21/01/2008 04:23:42] - (.© Microsoft Corporation. - Application de démarrage de Windows.) - [94.5 Ko] - (6.0.6001.18000) - C:\Windows\System32\wininit.exe
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - [21/01/2008 04:23:42] - (.© Microsoft Corporation. - Application de démarrage de Windows.) - [94.5 Ko] - (6.0.6001.18000) - C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[MD5.898E7C06A350D4A1A64A9EA264D55452] - [14/10/2012 14:05:23] - (.© Microsoft Corporation. - Application d'ouverture de session Windows.) - [307 Ko] - (6.0.6002.18005) - C:\Windows\erdnt\cache\winlogon.exe
[MD5.898E7C06A350D4A1A64A9EA264D55452] - [24/05/2010 17:34:39] - (.© Microsoft Corporation. - Application d'ouverture de session Windows.) - [307 Ko] - (6.0.6002.18005) - C:\Windows\System32\winlogon.exe
[MD5.C2610B6BDBEFC053BBDAB4F1B965CB24] - [21/01/2008 04:24:49] - (.© Microsoft Corporation. - Application d'ouverture de session Windows.) - [307.5 Ko] - (6.0.6001.18000) - C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[MD5.898E7C06A350D4A1A64A9EA264D55452] - [24/05/2010 17:34:39] - (.© Microsoft Corporation. - Application d'ouverture de session Windows.) - [307 Ko] - (6.0.6002.18005) - C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[MD5.3911B972B55FEA0478476B2E777B29FA] - [21/06/2011 01:38:07] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [267 Ko] - (6.0.6002.18457) - C:\Windows\System32\drivers\afd.sys
[MD5.763E172A55177E478CB419F88FD0BA03] - [21/01/2008 04:24:17] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [267.5 Ko] - (6.0.6001.18000) - C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[MD5.48EB99503533C27AC6135648E5474457] - [21/06/2011 01:38:07] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [267 Ko] - (6.0.6001.18639) - C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[MD5.C8AF25017CECB75906A571AC70D2D306] - [21/06/2011 01:38:08] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [267.5 Ko] - (6.0.6001.22905) - C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys
[MD5.A201207363AA900ABF1A388468688570] - [24/05/2010 17:32:58] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [267.5 Ko] - (6.0.6002.18005) - C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[MD5.3911B972B55FEA0478476B2E777B29FA] - [21/06/2011 01:38:07] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [267 Ko] - (6.0.6002.18457) - C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[MD5.70EE0FC7A0F384DBD929A01384AEEB4B] - [21/06/2011 01:38:08] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [267.5 Ko] - (6.0.6002.22629) - C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - [14/10/2012 14:05:23] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [19.48 Ko] - (6.0.6002.18005) - C:\Windows\erdnt\cache\atapi.sys
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - [24/05/2010 17:34:12] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [19.48 Ko] - (6.0.6002.18005) - C:\Windows\System32\drivers\atapi.sys
[MD5.2D9C903DC76A66813D350A562DE40ED9] - [21/01/2008 04:23:00] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [21.05 Ko] - (6.0.6001.18000) - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - [24/05/2010 17:34:12] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [19.48 Ko] - (6.0.6002.18005) - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[MD5.6B4BFFB9BECD728097024276430DB314] - [24/05/2010 17:32:15] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [65.5 Ko] - (6.0.6002.18005) - C:\Windows\System32\drivers\cdrom.sys
[MD5.1EC25CEA0DE6AC4718BF89F9E1778B57] - [21/01/2008 04:23:02] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [65.5 Ko] - (6.0.6001.18000) - C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[MD5.6B4BFFB9BECD728097024276430DB314] - [24/05/2010 17:32:15] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [65.5 Ko] - (6.0.6002.18005) - C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - [24/05/2010 17:34:12] - (.© Microsoft Corporation. - MBT Transport driver.) - [181.5 Ko] - (6.0.6002.18005) - C:\Windows\System32\drivers\netbt.sys
[MD5.7C5FEE5B1C5728507CD96FB4A13E7A02] - [21/01/2008 04:24:59] - (.© Microsoft Corporation. - MBT Transport driver.) - [180 Ko] - (6.0.6001.18000) - C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - [24/05/2010 17:34:12] - (.© Microsoft Corporation. - MBT Transport driver.) - [181.5 Ko] - (6.0.6002.18005) - C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys
[MD5.76B06EB8A01FC8624D699E7045303E54] - [14/10/2012 14:05:23] - (.© Microsoft Corporation. - TDI Translation Driver.) - [70.5 Ko] - (6.0.6002.18005) - C:\Windows\erdnt\cache\tdx.sys
[MD5.76B06EB8A01FC8624D699E7045303E54] - [24/05/2010 17:32:52] - (.© Microsoft Corporation. - TDI Translation Driver.) - [70.5 Ko] - (6.0.6002.18005) - C:\Windows\System32\drivers\tdx.sys
[MD5.D09276B1FAB033CE1D40DCBDF303D10F] - [21/01/2008 04:24:53] - (.© Microsoft Corporation. - TDI Translation Driver.) - [70 Ko] - (6.0.6001.18000) - C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys
[MD5.76B06EB8A01FC8624D699E7045303E54] - [24/05/2010 17:32:52] - (.© Microsoft Corporation. - TDI Translation Driver.) - [70.5 Ko] - (6.0.6002.18005) - C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys
[MD5.147281C01FCB1DF9252DE2A10D5E7093] - [24/05/2010 17:34:18] - (.© Microsoft Corporation. - Pilote de cliché instantané du volume.) - [220.98 Ko] - (6.0.6002.18005) - C:\Windows\System32\drivers\volsnap.sys
[MD5.D8B4A53DD2769F226B3EB374374987C9] - [21/01/2008 04:23:21] - (.© Microsoft Corporation. - Volume Shadow Copy Driver.) - [222.55 Ko] - (6.0.6001.18000) - C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys
[MD5.147281C01FCB1DF9252DE2A10D5E7093] - [24/05/2010 17:34:18] - (.© Microsoft Corporation. - Volume Shadow Copy Driver.) - [220.98 Ko] - (6.0.6002.18005) - C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
21:47:42
¤¤¤¤¤¤¤¤¤¤ | Processes stopped
SLsvc.exe (1252) -> Process stopped !
explorer.exe (1756) -> Process stopped !
wlanext.exe (1780) -> Process stopped !
taskeng.exe (1984) -> Process stopped !
agrsmsvc.exe (620) -> Process stopped !
AppleMobileDeviceService.exe (928) -> Process stopped !
mDNSResponder.exe (1116) -> Process stopped !
eDSService.exe (1440) -> Process stopped !
eLockServ.exe (2084) -> Process stopped !
9props.exe (2156) -> Process stopped !
eNet Service.exe (2244) -> Process stopped !
EvtEng.exe (2284) -> Process stopped !
IAANTmon.exe (2368) -> Process stopped !
PresentationSettings.exe (2380) -> Process stopped !
LSSrvc.exe (2400) -> Process stopped !
MobilityService.exe (2532) -> Process stopped !
igfxsrvc.exe (2560) -> Process stopped !
RegSrvc.exe (2724) -> Process stopped !
RichVideo.exe (2776) -> Process stopped !
vsedsps.exe (2892) -> Process stopped !
WLIDSVC.EXE (2976) -> Process stopped !
ePowerSvc.exe (3024) -> Process stopped !
SearchIndexer.exe (3068) -> Process stopped !
eRecoveryService.exe (3256) -> Process stopped !
capuserv.exe (3384) -> Process stopped !
vseamps.exe (3632) -> Process stopped !
vseqrts.exe (3684) -> Process stopped !
iashost.exe (3872) -> Process stopped !
taskeng.exe (1144) -> Process stopped !
WUDFHost.exe (3620) -> Process stopped !
SearchProtocolHost.exe (1336) -> Process stopped !
SearchFilterHost.exe (2688) -> Process stopped !
¤¤¤¤¤¤¤¤¤¤ | Running processes
Boot : Normal
[MD5.98AF15A94CD6AC37248E72E5FE789B35] - [24/05/2010 17:32:46] - 440 | C:\Windows\System32\smss.exe (.Microsoft Corporation - Windows Session Manager.) - (6.0.6002.18005) -> \SystemRoot\System32\smss.exe [64000 Ko]
[MD5.ABCA209EBA02CB59233614DB83B4F50D] - [21/01/2008 04:24:54] - 580 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Processus d'exécuttion client-serveur.) - (6.0.6001.18000) -> C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 [6144 Ko]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - [21/01/2008 04:23:42] - 624 | C:\Windows\system32\wininit.exe (.Microsoft Corporation - Application de démarrage de Windows.) - (6.0.6001.18000) -> wininit.exe [96768 Ko]
[MD5.ABCA209EBA02CB59233614DB83B4F50D] - [21/01/2008 04:24:54] - 636 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Processus d'exécuttion client-serveur.) - (6.0.6001.18000) -> C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 [6144 Ko]
[MD5.17FFE3A6642B5DE7E93DBC21E124FA19] - [24/05/2010 17:35:03] - 672 | C:\Windows\system32\services.exe (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.0.6002.18005) -> C:\Windows\system32\services.exe [279552 Ko]
[MD5.A3E186B4B935905B829219502557314E] - [18/01/2012 23:48:24] - 688 | C:\Windows\system32\lsass.exe (.Microsoft Corporation - Processus de l'autorité de sécurité locale.) - (6.0.6002.18541) -> C:\Windows\system32\lsass.exe [9728 Ko]
[MD5.7564348D8F099A4441C1A71875E104B5] - [21/01/2008 04:23:44] - 700 | C:\Windows\system32\lsm.exe (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.0.6001.18000) -> C:\Windows\system32\lsm.exe [229888 Ko]
[MD5.7A556AB2E204BF52993C0C56B61064C5] - [24/05/2010 17:34:39] - 764 | C:\Windows\system32\winlogon.exe (.Microsoft Corporation - Application d'ouverture de session Windows.) - (6.0.6002.18005) -> winlogon.exe [314368 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 864 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k DcomLaunch [21504 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 944 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k rpcss [21504 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 1020 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 1076 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21504 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 1096 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k netsvcs [21504 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 1232 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k GPSvcGroup [21504 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 1280 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k LocalService [21504 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 1504 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k NetworkService [21504 Ko]
[MD5.01DD1004181FD46ECDC3628228EB269D] - [24/05/2010 17:34:20] - 1732 | C:\Windows\system32\Dwm.exe (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.0.6002.18005) -> "C:\Windows\system32\Dwm.exe" [81920 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 1960 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork [21504 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 1244 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k bthsvcs [21504 Ko]
[MD5.39941F88BE0BB63F82651BB84D66A115] - [02/04/2011 13:58:14] - 2120 | C:\Program Files\AVAST Software\Avast\AvastUI.exe (.AVAST Software - avast! Antivirus.) - (7.0.1456.418) -> "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui [4273976 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 2328 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k hpdevmgmt [21504 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 2596 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\System32\svchost.exe -k HPZ12 [21504 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 2636 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\System32\svchost.exe -k HPZ12 [21504 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 2668 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted [21504 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 2840 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k imgsvc [21504 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 2924 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\System32\svchost.exe -k WerSvcGroup [21504 Ko]
[MD5.9E69F26034694A7FD5F1596A71F60DD1] - [24/05/2010 17:35:20] - 3456 | C:\Windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.0.6002.18005) -> C:\Windows\system32\wbem\wmiprvse.exe [247296 Ko]
[MD5.8274C87726D4561EE8750D883764ACC1] - [24/05/2010 17:32:31] - 3820 | C:\Windows\system32\wbem\unsecapp.exe (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.0.6002.18005) -> C:\Windows\system32\wbem\unsecapp.exe -Embedding [37888 Ko]
[MD5.9E69F26034694A7FD5F1596A71F60DD1] - [24/05/2010 17:35:20] - 4072 | C:\Windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.0.6002.18005) -> C:\Windows\system32\wbem\wmiprvse.exe [247296 Ko]
[MD5.3794B461C45882E06856F282EEF025AF] - [21/01/2008 04:23:43] - 3168 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21504 Ko]
[MD5.FD7305B4BB3C885B89D452280AC84C1E] - [15/10/2012 21:44:36] - 2692 | C:\Users\moi\Desktop\winlogon.exe (. - g3n-h@ckm@n.) - (2.1.0.13) -> "C:\Users\moi\Desktop\winlogon.exe" [2184043 Ko]
[MD5.BD8235468636C0336809E02870F6A9F4] - [21/01/2008 04:24:59] - 2700 | C:\Windows\system32\WUDFHost.exe (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l'infrastructure de pilotes en mode utilisateur.) - (6.0.6001.18000) -> "C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-039de068-6e2d-4c3e-8d29-031ed8653dba -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-e1732033-7f7d-4233-b05d-0b4041a23bf6 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-659b9263-b42f-4434-8a2a-cb5fee5fec5b -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:3b135247-8199-40b8-96b0-273e24ac1ef5 [142336 Ko]
[MD5.722E084E343D931816A2D2460A90322A] - [18/08/2009 11:29:22] - 3472 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (.Microsoft Corporation - Microsoft® Windows Live ID Service.) - (6.500.3165.0) -> "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [1529728 Ko]
[MD5.84BFEFB961F08FD31D0CC201A7EE2295] - [18/08/2009 11:29:22] - 3552 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (.Microsoft Corporation - Microsoft® Windows Live ID Service Monitor.) - (6.500.3165.0) -> WLIDSvcM.exe 3472 [183152 Ko]
[MD5.701AAD2C6A028D1A53F15B904E78218A] - [24/05/2010 17:37:00] - 1808 | C:\Windows\system32\SearchIndexer.exe (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.6002.18005) -> C:\Windows\system32\SearchIndexer.exe /Embedding [441344 Ko]
[MD5.AC0429539F33CEE12CD626CDCB5C9301] - [26/01/2011 21:41:43] - 620 | C:\Windows\system32\taskeng.exe (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.0.6002.18342) -> taskeng.exe {AAA4804B-9263-4C2F-AC4C-87E98871EA11} [171520 Ko]
[MD5.B760E2B743302B9C9C501836E7F80076] - [28/08/2009 19:42:54] - 316 | C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (.Apple Inc. - Apple Mobile Device Service.) - (2.50.39.0) -> "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [144672 Ko]
[MD5.E28516FED46251119ADDAF4CF33BA401] - [25/05/2008 17:50:12] - 1492 | C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (.Acer Inc. - Acer eLock Management.) - (2.5.4011.0) -> "C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe" [24576 Ko]
[MD5.44E8E86CEEB0D9F0F934B5EDC21E0444] - [25/05/2008 17:48:10] - 2088 | C:\Acer\Empowering Technology\eNet\eNet Service.exe (.Acer Inc. - acer eNet Management Service.) - (2.6.4.303) -> "C:\Acer\Empowering Technology\eNet\eNet Service.exe" [131072 Ko]
[MD5.25D7326440FDF48AA98DF39BEAF87A0E] - [25/05/2008 17:46:49] - 2308 | C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (.acer - WMIServi Application.) - (2.5.4301.0) -> "C:\Acer\Empowering Technology\ePower\ePowerSvc.exe" [167936 Ko]
[MD5.A9745687A57CDD71237915859ABA8DAC] - [25/05/2008 17:52:02] - 2420 | C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe (. - Service.) - (2.5.4302.0) -> "C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe" [24576 Ko]
[MD5.AC0429539F33CEE12CD626CDCB5C9301] - [26/01/2011 21:41:43] - 3204 | C:\Windows\system32\taskeng.exe (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.0.6002.18342) -> taskeng.exe {B65D0CAA-D98E-4E00-B32F-206892F33E90} [171520 Ko]
[MD5.97D9D6A04E3AD9B6C626B9931DB78DBA] - [24/05/2010 17:32:16] - 2660 | C:\Windows\servicing\TrustedInstaller.exe (.Microsoft Corporation - Programme d'installation de modules Windows.) - (6.0.6002.18005) -> C:\Windows\servicing\TrustedInstaller.exe [39424 Ko]
[MD5.DD37E9B19A76AB31C184EFA13A7540ED] - [24/05/2010 17:37:51] - 3024 | C:\Windows\system32\SLsvc.exe (.Microsoft Corporation - Service de gestion des licences Microsoft.) - (6.0.6002.18005) -> C:\Windows\system32\SLsvc.exe [3408896 Ko]
¤¤¤¤¤¤¤¤¤¤ | Winlogon
¤
[HKLM | Winlogon]|[Shell] : Explorer.exe
[HKLM | Winlogon]|[AutoRestartShell] : 1 -> 0
[HKLM | Winlogon]|[userinit] : C:\Windows\system32\userinit.exe,
[HKLM | Winlogon]|[PowerDownAfterShutdown] : 0 -> 1
[HKLM | Winlogon]|[System] :
¤¤¤¤¤¤¤¤¤¤ | Associations
[.exe] : exefile
[exefile | command] : "%1" %*
[.com] : ComFile
[comfile | command] : "%1" %*
[.reg] : regfile
[regfile | command] : regedit.exe "%1"
[.scr] : scrfile
[scrfile | command] : "%1" /S
[.bat] : batfile
[batfile | command] : "%1" %*
[.cmd] : cmdfile
[cmdfile | command] : "%1" %*
[.pif] : piffile
[piffile | command] : "%1" %*
[.url] : InternetShortcut
[InternetShortcut | command] : "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l
[Application.Manifest | command] : rundll32.exe dfshim.dll,ShOpenVerbApplication %1
[Application.Reference | command] : rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2
[Folder | command] : %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L -> C:\Windows\explorer.exe
¤
[IE | Command] | @ : "C:\Program Files\Internet Explorer\iexplore.exe"
[Applications | IE | Command] | @ : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[Assoc | Applications] | @ : http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s
¤¤¤¤¤¤¤¤¤¤ | Corrections diverses
[HKLM | Advanced\Folder\Hidden\SHOWALL]|[CheckedValue] : 1
[HKLM | CurrentVersion\Explorer]|[AlwaysUnloadDll] : -> 1
[HKU\S-1-5-19 | Desktop]|[Wallpaper] : C:\windows\Web\Wallpaper\img24.jpg
[HKU\S-1-5-20 | Desktop]|[Wallpaper] : C:\windows\Web\Wallpaper\img24.jpg
[HKU\S-1-5-21-3246961087-3216457336-508488238-1000 | Desktop]|[Wallpaper] : C:\Users\moi\Pictures\wallpaper-planetes-et-espace.jpg
[HKU\S-1-5-18 | Desktop]|[Wallpaper] : (None)
[HKU\S-1-5-19 | Explorer\Advanced]|[Hidden] : -> 0
[HKU\S-1-5-20 | Explorer\Advanced]|[Hidden] : -> 0
[HKU\S-1-5-21-3246961087-3216457336-508488238-1000 | Explorer\Advanced]|[Hidden] : 2 -> 0
[HKU\S-1-5-21-3246961087-3216457336-508488238-1000_Classes | Explorer\Advanced]|[Hidden] : -> 0
[HKU\S-1-5-18 | Explorer\Advanced]|[Hidden] : -> 0
[HKLM | Policies\System]|[DisableRegistryTools] : 0
[HKLM | Control\SafeBoot]|[AlternateShell] : cmd.exe
[HKU\S-1-5-21-3246961087-3216457336-508488238-1000 | HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0
[HKU\S-1-5-21-3246961087-3216457336-508488238-1000 | HideDesktopIcons\ClassicStartMenu]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0
[HKLM | HideDesktopIcons\NewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0
[HKU\S-1-5-21-3246961087-3216457336-508488238-1000 | Explorer\Advanced]|[Start_ShowUser] : 1
[HKU\S-1-5-21-3246961087-3216457336-508488238-1000 | Explorer\Advanced]|[Start_EnableDragDrop] : 1
21:48:02
¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair
[HKLM | Safeboot] -> OK
[HKLM | Safeboot\Minimal] -> OK
[HKLM | Safeboot\Network] -> OK
¤
[HKLM | Minimal\Base] : Driver Group -> OK
[HKLM | Minimal\Boot Bus Extender] : Driver Group -> OK
[HKLM | Minimal\Boot file system] : Driver Group -> OK
[HKLM | Minimal\File system] : Driver Group -> OK
[HKLM | Minimal\Filter] : Driver Group -> OK
[HKLM | Minimal\PCI Configuration] : Driver Group -> OK
[HKLM | Minimal\PNP Filter] : Driver Group -> OK
[HKLM | Minimal\Primary disk] : Driver Group -> OK
[HKLM | Minimal\SCSI Class] : Driver Group -> OK
[HKLM | Minimal\System Bus Extender] : Driver Group -> OK
[HKLM | Minimal\AppMgmt] : Service -> OK
[HKLM | Minimal\CryptSvc] : Service -> OK
[HKLM | Minimal\DcomLaunch] : Service -> OK
[HKLM | Minimal\dmadmin] : -> Service
[HKLM | Minimal\dmserver] : -> Service
[HKLM | Minimal\EventLog] : Service -> OK
[HKLM | Minimal\HelpSvc] : Service -> OK
[HKLM | Minimal\Netlogon] : Service -> OK
[HKLM | Minimal\PlugPlay] : Service -> OK
[HKLM | Minimal\RpcSs] : Service -> OK
[HKLM | Minimal\SRService] : -> Service
[HKLM | Minimal\vds] : Service -> OK
[HKLM | Minimal\WinMgmt] : Service -> OK
[HKLM | Minimal\dmboot.sys] : -> Driver
[HKLM | Minimal\dmio.sys] : -> Driver
[HKLM | Minimal\dmload.sys] : -> Driver
[HKLM | Minimal\sermouse.sys] : Driver -> OK
[HKLM | Minimal\vga.sys] : Driver -> OK
[HKLM | Minimal\vgasave.sys] : Driver -> OK
[HKLM | Minimal\sr.sys] : -> FSFilter System Recovery
[HKLM | Minimal\{36FC9E60-C465-11CF-8056-444553540000}] : Universal Serial Bus controllers -> OK
[HKLM | Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] : CD-ROM Drive -> OK
[HKLM | Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] : DiskDrive -> OK
[HKLM | Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] : Standard floppy disk controller -> OK
[HKLM | Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] : Hdc -> OK
[HKLM | Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] : Keyboard -> OK
[HKLM | Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] : Mouse -> OK
[HKLM | Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] : PCMCIA Adapters -> OK
[HKLM | Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] : SCSIAdapter -> OK
[HKLM | Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] : System -> OK
[HKLM | Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] : Floppy disk drive -> OK
[HKLM | Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] : Volume shadow copy -> OK
[HKLM | Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] : Volume -> OK
[HKLM | Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] : Human Interface Devices -> OK
¤
[HKLM | Network\Base] : Driver Group -> OK
[HKLM | Network\Boot Bus Extender] : Driver Group -> OK
[HKLM | Network\Boot file system] : Driver Group -> OK
[HKLM | Network\File system] : Driver Group -> OK
[HKLM | Network\Filter] : Driver Group -> OK
[HKLM | Network\NDIS] : Driver Group -> OK
[HKLM | Network\NDIS Wrapper] : Driver Group -> OK
[HKLM | Network\NetBIOSGroup] : Driver Group -> OK
[HKLM | Network\NetDDEGroup] : Driver Group -> OK
[HKLM | Network\Network] : Driver Group -> OK
[HKLM | Network\NetworkProvider] : Driver Group -> OK
[HKLM | Network\PCI Configuration] : Driver Group -> OK
[HKLM | Network\PNP Filter] : Driver Group -> OK
[HKLM | Network\PNP_TDI] : Driver Group -> OK
[HKLM | Network\Primary disk] : Driver Group -> OK
[HKLM | Network\SCSI Class] : Driver Group -> OK
[HKLM | Network\Streams Drivers] : Driver Group -> OK
[HKLM | Network\System Bus Extender] : Driver Group -> OK
[HKLM | Network\TDI] : Driver Group -> OK
[HKLM | Network\AFD] : Service -> OK
[HKLM | Network\AppMgmt] : Service -> OK
[HKLM | Network\Browser] : Service -> OK
[HKLM | Network\CryptSvc] : Service -> OK
[HKLM | Network\DcomLaunch] : Service -> OK
[HKLM | Network\Dhcp] : Service -> OK
[HKLM | Network\dmadmin] : -> Service
[HKLM | Network\dmserver] : -> Service
[HKLM | Network\DnsCache] : Service -> OK
[HKLM | Network\EventLog] : Service -> OK
[HKLM | Network\HelpSvc] : Service -> OK
[HKLM | Network\LanmanServer] : Service -> OK
[HKLM | Network\LanmanWorkstation] : Service -> OK
[HKLM | Network\LmHosts] : Service -> OK
[HKLM | Network\Messenger] : Service -> OK
[HKLM | Network\Ndisuio] : Service -> OK
[HKLM | Network\NetBIOS] : Service -> OK
[HKLM | Network\NetBT] : Service -> OK
[HKLM | Network\Netlogon] : Service -> OK
[HKLM | Network\NetMan] : Service -> OK
[HKLM | Network\NtLmSsp] : -> Service
[HKLM | Network\PlugPlay] : Service -> OK
[HKLM | Network\rdsessmgr] : Service -> OK
[HKLM | Network\RpcSs] : Service -> OK
[HKLM | Network\sharedaccess] : Service -> OK
[HKLM | Network\SRService] : -> Service
[HKLM | Network\Tcpip] : Service -> OK
[HKLM | Network\termservice] : -> Service
[HKLM | Network\vds] : Service -> OK
[HKLM | Network\WinMgmt] : Service -> OK
[HKLM | Network\Wlansvc] : Service -> OK
[HKLM | Network\dmboot.sys] : -> Driver
[HKLM | Network\dmio.sys] : -> Driver
[HKLM | Network\dmload.sys] : -> Driver
[HKLM | Network\ipnat.sys] : Driver -> OK
[HKLM | Network\ip6fw.sys] : -> Driver
[HKLM | Network\rdpcdd.sys] : -> Driver
[HKLM | Network\sr.sys] : -> FSFilter System Recovery
[HKLM | Network\{36FC9E60-C465-11CF-8056-444553540000}] : Universal Serial Bus controllers -> OK
[HKLM | Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] : CD-ROM Drive -> OK
[HKLM | Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] : DiskDrive -> OK
[HKLM | Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] : Standard floppy disk controller -> OK
[HKLM | Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] : Hdc -> OK
[HKLM | Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] : Keyboard -> OK
[HKLM | Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] : Mouse -> OK
[HKLM | Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] : Net -> OK
[HKLM | Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] : NetClient -> OK
[HKLM | Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] : NetService -> OK
[HKLM | Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] : NetTrans -> OK
[HKLM | Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] : PCMCIA Adapters -> OK
[HKLM | Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] : SCSIAdapter -> OK
[HKLM | Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] : System -> OK
[HKLM | Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] : Floppy disk drive -> OK
[HKLM | Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] : Volume -> OK
[HKLM | Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] : Human Interface Devices -> OK
¤¤¤¤¤¤¤¤¤¤ | IFEO
¤¤¤¤¤¤¤¤¤¤ | Mountpoints2
¤¤¤¤¤¤¤¤¤¤ | Windows
[HKLM | Session Manager\SubSystems]|[Windows] : winsrv : %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[Programs] : com exe bat pif cmd
¤¤¤¤¤¤¤¤¤¤ | Security Center
[HKLM | Security Center]|[AntiVirusDisableNotify] : 0
[HKLM | Security Center]|[FirewallDisableNotify] : 0
[HKLM | Security Center]|[UpdatesDisableNotify] : 0
[HKLM | Security Center\svc]|[AntispywareOverride] : 0
[HKLM | Security Center\svc]|[AntiVirusOverride] : 0
[HKLM | Security Center\svc]|[FirewallOverride] : 0
[HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
[HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]|[DisableMonitoring] : 1
[HKLM | FirewallPolicy\DomainProfile]|[DisableNotifications] : 0
[HKLM | FirewallPolicy\StandardProfile]|[DisableNotifications] : 0
¤¤¤¤¤¤¤¤¤¤ | Services Corrections
[Compbatt] : 0 : Actif
[RPCSS] : 2 : Actif
[Profsvc] : 2 : Actif
[PlugPlay] : 2 : Actif
[PEAUTH] : 2 : Actif
[Parvdm] : 2 : Inactif
[nsi] : 2 : Actif
[NLASvc] : 2 : Actif
[MPSsvc] : 2 : Actif
[MMCSS] : 2 : Actif
[luafv] : 2 : Actif
[lltdio] : 2 : Actif
[Iphlpsvc] : 2 : Actif
[IKEEXT] : 2 : Actif
[gpsvc] : 2 : Actif
[lmhosts] : 2 : Actif
[LanmanWorkstation] : 2 : Actif
[LanmanServer] : 2 : Actif
[agp440] : 3 -> 2 : Inactif
[AudioEndpointBuilder] : 2 : Actif
[Audiosrv] : 2 : Actif
[BFE] : 2 : Actif
[Bits] : 3 -> 2 : Actif
[CryptSvc] : 2 : Actif
[EapHost] : 3 -> 2 : Actif
[Wlansvc] : 2 : Actif
[SharedAccess] : 2 : Inactif
[windefend] : 3 -> 2 : Inactif
[winmgmt] : 2 : Actif
[wuauserv] : 2 : Actif
[wudfsvc] : 2 : Actif
[WerSvc] : 2 : Actif
[wscsvc] : 2 : Actif
[Cmbatt] : 3 : Actif
[Ndisuio] : 3 : Actif
21:48:02
¤¤¤¤¤¤¤¤¤¤ | Internet Explorer
[HKU\S-1-5-21-3246961087-3216457336-508488238-1000 | Main]|[Start Page] : http://yahoo.fr/ -> http://www.google.com/
[HKU\S-1-5-18 | Main]|[Start Page] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> http://www.google.com/
[HKU\S-1-5-21-3246961087-3216457336-508488238-1000 | Main]|[Local Page] : C:\Windows\system32\blank.htm
[HKU\S-1-5-21-3246961087-3216457336-508488238-1000 | Main]|[Search Page] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKU\S-1-5-18 | Main]|[Search Page] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKLM | Search]|[SearchAssistant] : http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> http://www.google.com/ie
[HKLM | Main]|[Start Page] : http://fr.fr.acer.yahoo.com -> http://go.microsoft.com/fwlink/?LinkId=69157
[HKLM | Main]|[Local Page] : C:\Windows\System32\blank.htm
[HKLM | Main]|[Default_Search_URL] : http://go.microsoft.com/fwlink/?LinkId=54896
[HKLM | Main]|[Default_Page_URL] : http://go.microsoft.com/fwlink/?LinkId=69157
[HKLM | Main]|[Search Page] : http://go.microsoft.com/fwlink/?LinkId=54896
[HKLM | AboutURLs]|[Tabs] : -> res://ieframe.dll/tabswelcome.htm
¤
[HKU\S-1-5-21-3246961087-3216457336-508488238-1000 | PhishingFilter]|[Enabled] : 2
[HKU\S-1-5-21-3246961087-3216457336-508488238-1000 | PhishingFilter]|[EnabledV8] : 1
[HKU\S-1-5-21-3246961087-3216457336-508488238-1000 | Internet settings]|[ProxyOverride] : <local> -> *.local
[HKU\S-1-5-19 | Internet settings]|[EnableHttp1_1] : 1
[HKU\S-1-5-20 | Internet settings]|[EnableHttp1_1] : 1
[HKU\S-1-5-21-3246961087-3216457336-508488238-1000 | Internet settings]|[EnableHttp1_1] : 1
[HKU\S-1-5-21-3246961087-3216457336-508488238-1000 | Internet settings]|[MigrateProxy] : 1
[HKU\S-1-5-19 | Internet settings]|[AutoConfigProxy] : wininet.dll
[HKU\S-1-5-20 | Internet settings]|[AutoConfigProxy] : wininet.dll
[HKU\S-1-5-21-3246961087-3216457336-508488238-1000 | Internet settings]|[AutoConfigProxy] : wininet.dll
[HKU\S-1-5-18 | Internet settings]|[AutoConfigProxy] : wininet.dll
¤¤¤¤¤¤¤¤¤¤ | Hosts
C:\Windows\System32\Drivers\etc\hosts : Cleaned :)
¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry
Quarantined and deleted Successfully : C:\Users\moi\AppData\Local\Temp\~DF42FD.tmp
Impossible to move : C:\Users\moi\AppData\Local\Temp\~DFB1D6.tmp
Quarantined and deleted Successfully : C:\Windows\Temp\hpqddsvc.log
Quarantined and deleted Successfully : C:\Users\moi\AppData\Roaming\Microsoft\CLView\Toolbars.dat
Quarantined and deleted Successfully : C:\Users\moi\AppData\Local\microsoft\windows\WindowsUpdate.log
Quarantined and deleted Successfully : C:\ProgramData\hpzinstall.log
Quarantined and deleted Successfully : C:\ProgramData\ma-config.com\mcbase.db
Impossible to move : C:\ProgramData\ma-config.com
Quarantined and deleted Successfully : C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\instance.dat
Quarantined and deleted Successfully : C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\mia.dll
Quarantined and deleted Successfully : C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.dat
Quarantined and deleted Successfully : C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe
22:14:16
Impossible to move : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
Quarantined and deleted Successfully : C:\ProgramData\Microsoft\Windows\Start Menu\Installation du Contrôle Parental.lnk
Quarantined and deleted Successfully : C:\ProgramData\Microsoft\Windows\Start Menu\Program Updates.lnk
Quarantined and deleted Successfully : C:\Users\moi\Desktop\ZHP_uninstall.exe
Quarantined and deleted Successfully : C:\Users\moi\AppData\Local\d3d9caps.dat
Quarantined and deleted Successfully : |D| - C:\Users\moi\AppData\Roaming\InstallShield
Quarantined and deleted Successfully : C:\junction.exe
Quarantined and deleted Successfully : C:\Users\moi\AppData\Local\temporary internet files\Content.IE5\B7GGK2ME\desktop.ini
Quarantined and deleted Successfully : C:\Users\moi\AppData\Local\temporary internet files\Content.IE5\EVBQ2LTV\desktop.ini
Quarantined and deleted Successfully : C:\Users\moi\AppData\Local\temporary internet files\Content.IE5\EVBQ2LTV\NavAbonnes[1]..fr_extranet_servlet_NavAbonnes_tache=public&action=inscription
Quarantined and deleted Successfully : C:\Users\moi\AppData\Local\temporary internet files\Content.IE5\VC6P5I0V\desktop.ini
Quarantined and deleted Successfully : C:\Users\moi\AppData\Local\temporary internet files\Content.IE5\W4C2A06X\desktop.ini
Quarantined and deleted Successfully : C:\Users\moi\AppData\Local\temporary internet files\Low\Content.IE5\IGXIN12A\desktop.ini
Quarantined and deleted Successfully : C:\Users\moi\AppData\Local\temporary internet files\Low\Content.IE5\QO667WKW\desktop.ini
Quarantined and deleted Successfully : C:\Users\moi\AppData\Local\temporary internet files\Low\Content.IE5\SFFOP3U3\desktop.ini
Quarantined and deleted Successfully : C:\Users\moi\AppData\Local\temporary internet files\Low\Content.IE5\WX3SV3QZ\desktop.ini
Quarantined and deleted Successfully : |D| - C:\Users\moi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0
Quarantined and deleted successfully : C:\Windows\Prefetch\9LAUNCH.EXE-DC466C0D.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\ADWCLEANER.EXE-25D785B7.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\ATTRIB.EXE-A990CB86.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\AVASTEMUPDATE.EXE-6EF4B603.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\CAPUSERV.EXE-363A5C63.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\CCLEANER.EXE-D4D76A60.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\CMD.EXE-4A81B364.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\COMPILEMOF.EXE-BD9CCB90.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\CONIME.EXE-9781FD5F.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\CONSENT.EXE-531BD9EA.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\CSCRIPT.EXE-D1EF4768.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\DEFRAG.EXE-588F90AD.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\DFRGNTFS.EXE-7E4077FE.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\DLLHOST.EXE-766398D2.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\DLLHOST.EXE-B2EB1806.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\DRVINST.EXE-4CB4314A.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\DWM.EXE-6FFD3DA8.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\ELISA.EXE-9E01C1CF.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\EPOWERSVC.EXE-959CFF97.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\FINDSTR.EXE-2E9C6FE2.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\ICACLS.EXE-E79D2D93.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\IEXPLORE.EXE-0CECD92D.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\IEXPLORE.EXE-812AD5F1.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\IEXPLORE.EXE-8F1B6CBC.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\IGFXSRVC.EXE-96A493A4.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\INFOCARD.EXE-ECED8D38.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\IPCONFIG.EXE-912F3D5B.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\MBRWRWIN.EXE-2144233B.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\MFPMP.EXE-26F35380.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\MMC.EXE-D557C836.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\MOBSYNC.EXE-C5E2284F.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\MSCORSVW.EXE-C3C515BD.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\MSOHTMED.EXE-675EE324.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\NIRCMD.EXE-3196DFA3.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\NIRCMDB.EXE-90BE1A8C.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\PEV.EXE-1365ECE9.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\PEV.EXE-27C730E0.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\PING.EXE-7E94E73E.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\REGEDIT.EXE-90FEEA06.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\REGSVR32.EXE-8461DBEE.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\ROUTE.EXE-5E3D06CB.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\RSTRUI.EXE-2D50C58D.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\RUNDLL32.EXE-1304AE86.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\RUNDLL32.EXE-6D2968F1.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SDCLT.EXE-E10B972A.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SED.EXE-3A5D7D2E.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SF.EXE-08EC603E.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SORT.EXE-99A4F778.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SPOOLSV.EXE-D1F6B8B6.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SSVAGENT.EXE-42E515EF.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SVCHOST.EXE-007FEA55.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SVCHOST.EXE-E2C2633A.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SWREG.EXE-3B27F432.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\SWSC.EXE-0A6BEB9A.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\TASKMGR.EXE-5F5F473D.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\UNSECAPP.EXE-A02905A6.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\USERINIT.EXE-2257A3E7.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\VERCLSID.EXE-7C52E31C.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\WERCON.EXE-E36BD04E.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\WERFAULT.EXE-E69F695A.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\WMPLAYER.EXE-BAD6BD53.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\WSQMCONS.EXE-118B52B7.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\WUAUCLT.EXE-70318591.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\XCOPY.EXE-41E6513F.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\PRE_SCAN.PIF-D1C70390.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\PRE_SCAN.PIF-F297CC81.pf
Quarantined and deleted successfully : C:\Windows\Prefetch\CHCP.COM-61043047.pf
¤¤¤¤¤¤¤¤¤¤ | quarantined at reboot
Quarantined and deleted Successfully at Reboot : C:\Users\moi\AppData\Local\Temp\~DFB1D6.tmp
Quarantined and deleted Successfully at Reboot : C:\ProgramData\ma-config.com
Quarantined and deleted Successfully at Reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
¤¤¤¤¤
22:19:57
¤¤¤¤¤¤¤¤¤¤ | Listing Partition(s)
Disk: 0 Size=305G
Pos MBRndx Type/Name Size Active Hide Start Sector Sectors
--- ------ ---------- ---- ------ ---- ------------ ------------
0 0 27-UNKNWN 10.0G No No 2,048 20,480,000
1 1 07-NTFS 148G Yes No 20,482,048 302,346,240
2 2 07-NTFS 148G No No 322,828,288 302,311,424
¤¤¤¤¤¤¤¤¤¤ | MBR Control
MBR code signature : 11 75 CF CE
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD3200BEVT-22ZCT0 rev.11.01A11 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
1 ntkrnlpa!IofCallDriver[82C5F936] -> \Device\Harddisk0\DR0[8684C210]
3 CLASSPNP[8B3A38B3] -> ntkrnlpa!IofCallDriver[82C5F936] -> [861385D8]
5 acpi[8069F6BC] -> ntkrnlpa!IofCallDriver[82C5F936] -> \Device\Ide\IdeDeviceP2T0L0-2[860FE5A8]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 7c1b; MOV DI, 61b; PUSH AX; PUSH DI; MOV CX, 1e5; REP MOVSB ; RETF ; MOV DI, 5; XOR AX, AX; MOV DL, 80; INT 13; JAE 2d; DEC DI; }
user & kernel MBR OK
22:20:06
[HKLM | Winlogon] | AutoRestartShell : 0 -> 1
¤¤¤¤¤¤¤¤¤¤ | Hidden files
~ [Disque d:] Folders : 0 | Files : 0
~ [Disque f:] Folders : 0 | Files : 0
~ [Disque C:] Folders : 0 | Files : 0
~ [ProgramFiles] Folders : 1 | Files : 0 ¤¤¤¤¤ Unhide ¤¤¤¤¤ Folders : 1 | Files : 0
~ [Utilisateurs] Folders : 1 | Files : 0 ¤¤¤¤¤ Unhide ¤¤¤¤¤ Folders : 1 | Files : 0
~ [Music] Folders : 0 | Files : 0
~ [Pictures] Folders : 0 | Files : 0
~ [Videos] Folders : 0 | Files : 0
~ [Downloads] Folders : 0 | Files : 0
~ [Desktop] Folders : 0 | Files : 0
~ [Links] Folders : 0 | Files : 0
~ [Searches] Folders : 0 | Files : 0
~ [Contacts] Folders : 0 | Files : 0
~ [Saved_Games] Folders : 0 | Files : 0
~ [Favorites] Folders : 0 | Files : 0
~ [Documents] Folders : 3 | Files : 0 ¤¤¤¤¤ Unhide ¤¤¤¤¤ Folders : 3 | Files : 0
~ [Windows] Folders : 6 | Files : 85 ¤¤¤¤¤ Unhide ¤¤¤¤¤ Folders : 6 | Files : 85
~ [Start_Menu] Folders : 1 | Files : 0 ¤¤¤¤¤ Unhide ¤¤¤¤¤ Folders : 1 | Files : 0
~ [Libraries] Folders : 0 | Files : 0
~ [quick launch] Folders : 0 | Files : 0
~ [AppData] Folders : 0 | Files : 1 ¤¤¤¤¤ Unhide ¤¤¤¤¤ Folders : 0 | Files : 1
Fin : 22:25:15
¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤
