UC tourne à 100%
Résolu
nonoy54
Messages postés
448
Date d'inscription
Statut
Membre
Dernière intervention
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Mon UC tourne à 100% en permanence, pourtant mon PC ne rame pas spécialement, mais parfois des pages WEB s'affichent toutes seules.
Ce sont des pages légitimes, de sites où je vais parfois!
Merci de votre aide
Mon UC tourne à 100% en permanence, pourtant mon PC ne rame pas spécialement, mais parfois des pages WEB s'affichent toutes seules.
Ce sont des pages légitimes, de sites où je vais parfois!
Merci de votre aide
45 réponses
salut
Attention !!! : Seuls ces liens sont officiels ne pas telecharger l'outil sur d'autres liens !!
Attention !!! : cet outil peut etre détecté à tort comme virus
Attention !!! : cet outil est puissant suivre scrupuleusement les instructions ci-dessous
tous les processus "non vitaux de windows" vont être coupés , enregistre ton travail. Il y aura une extinction du bureau pendant le scan --> pas de panique.
Désactive toutes tes protections si possible , antivirus , sandbox , pare-feux , etc....: https://forum.pcastuces.com/default.asp
telecharge et enregistre Pre_Scan sur ton bureau :
https://forums-fec.be/gen-hackman/Pre_Scan.exe
si le lien ne fonctionne pas :
http://www.archive-host.com
si l'outil est relancé plusieurs fois , il te proposera un menu et qu'aucune option n'est demandée, lance l'option "Scan|Kill"
si l'outil est bloqué par l'infection utilise cette version avec extension .pif :
https://forums-fec.be/gen-hackman/Pre_Scan.pif
si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"
Il se peut que des fenêtres noires clignotent , laisse-le travailler.
Laisse l'outil redemarrer ton pc.
Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra à la racine de ton disque système ( généralement C:\ )
NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)
Heberge le rapport sur https://www.cjoint.com/ puis donne le lien obtenu en echange sur le forum où tu te fais aider
afin de faire une étude sur l'amelioration du deuxieme module de l'outil heberge aussi :
C:\Pre_Scan\Process\Close.log
Attention !!! : Seuls ces liens sont officiels ne pas telecharger l'outil sur d'autres liens !!
Attention !!! : cet outil peut etre détecté à tort comme virus
Attention !!! : cet outil est puissant suivre scrupuleusement les instructions ci-dessous
tous les processus "non vitaux de windows" vont être coupés , enregistre ton travail. Il y aura une extinction du bureau pendant le scan --> pas de panique.
Désactive toutes tes protections si possible , antivirus , sandbox , pare-feux , etc....: https://forum.pcastuces.com/default.asp
telecharge et enregistre Pre_Scan sur ton bureau :
https://forums-fec.be/gen-hackman/Pre_Scan.exe
si le lien ne fonctionne pas :
http://www.archive-host.com
si l'outil est relancé plusieurs fois , il te proposera un menu et qu'aucune option n'est demandée, lance l'option "Scan|Kill"
si l'outil est bloqué par l'infection utilise cette version avec extension .pif :
https://forums-fec.be/gen-hackman/Pre_Scan.pif
si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"
Il se peut que des fenêtres noires clignotent , laisse-le travailler.
Laisse l'outil redemarrer ton pc.
Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra à la racine de ton disque système ( généralement C:\ )
NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)
Heberge le rapport sur https://www.cjoint.com/ puis donne le lien obtenu en echange sur le forum où tu te fais aider
afin de faire une étude sur l'amelioration du deuxieme module de l'outil heberge aussi :
C:\Pre_Scan\Process\Close.log
Merci à toi pour ta prise en charge
J'ai essayé plusieurs fois Pre_scan, mais à chaque fois il bloque avec le message: Pre_scan à cessé de fonctionner.
je retente ce soir après le boulot.
Bonne journée
J'ai essayé plusieurs fois Pre_scan, mais à chaque fois il bloque avec le message: Pre_scan à cessé de fonctionner.
je retente ce soir après le boulot.
Bonne journée
au pire lance-le en mode sans echec tu dois oublier de desactiver quelque chose ( genre l'autosandox si ton antivirus est avast ou autre )
bonsoir
Je viens de réessayer. Tout est désactivée, Comodo, Avira.
Ca bloque, même en mode sans échec.
A+
Je viens de réessayer. Tout est désactivée, Comodo, Avira.
Ca bloque, même en mode sans échec.
A+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question/!\ ATTENTION SUIVRE A LA LETTRE CES INDICATIONS/!\
Desactive tes protections : https://forum.pcastuces.com/default.asp
clique droit sur ce lien : Combofix =>enregistrer la cible sous....=> sur ton bureau => du nom que tu veux
Avant d'utiliser ComboFix :
Utilise Defogger pour désactiver temporairement les logiciels d'emulation :
▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau
▶ Lance le : clique sur "Disable" et fais redémarrer l'ordinateur si l'outil te le demande
Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur combofix renommé
¤¤¤¤¤¤¤¤¤¤ LAISSE-LE INSTALLER LA CONSOLE DE RECUPERATION S'IL TE LE DEMANDE ¤¤¤¤¤¤¤¤¤¤
▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!
▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
▶▶▶ Si, après le redémarrage de votre pc par combofix, vous avez des erreurs "Clé marquée pour suppression" ou des soucis de connexion internet, redémarrez à nouveau votre ordinateur
Je fais ce que tu me conseilles. Pre_scan m'a causé un gros problème: plus d'accès au réseau, plus de son, problème avec la carte graphique...
J'ai pu restaurer après quelques essais...
A+
J'ai pu restaurer après quelques essais...
A+
Voila le rapport
ComboFix 12-12-14.01 - Claude 14/12/2012 21:44:51.1.2 - x86
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3071.1675 [GMT 1:00]
Lancé depuis: c:\users\Claude\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Claude\recyclage .jpg
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
c:\windows\system32\Systems
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-11-14 au 2012-12-14 ))))))))))))))))))))))))))))))))))))
.
.
2012-12-14 20:53 . 2012-12-14 20:54 -------- d-----w- c:\users\Claude\AppData\Local\temp
2012-12-14 20:53 . 2012-12-14 20:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-14 20:53 . 2012-12-14 20:53 -------- d-----w- c:\users\Michèle\AppData\Local\temp
2012-12-14 20:53 . 2012-12-14 20:53 -------- d-----w- c:\users\Lucas\AppData\Local\temp
2012-12-14 20:53 . 2012-12-14 20:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-14 18:39 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7600D46F-C003-4A61-9D1C-888583AB3528}\mpengine.dll
2012-12-13 21:22 . 2012-12-14 18:31 -------- d-----w- C:\Pre_Scan
2012-11-17 15:23 . 2012-11-17 15:23 -------- d-----w- c:\program files\Common Files\Skype
2012-11-17 07:46 . 2012-11-17 07:47 -------- d-s---w- c:\users\Claude\Google Drive
2012-11-16 15:39 . 2012-11-16 15:41 -------- d-----w- c:\users\Claude\Copie carte identité
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 18:51 . 2012-01-10 19:52 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-14 18:51 . 2011-07-01 04:06 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 21:55 . 2012-11-13 21:37 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-11-07 23:37 . 2011-10-23 05:07 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-04 06:02 . 2012-11-04 06:02 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-04 06:02 . 2012-01-10 20:03 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-04 06:02 . 2010-05-15 09:54 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-18 17:59 . 2012-11-14 05:43 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-10-16 07:39 . 2012-11-28 05:05 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 17:40 . 2012-11-14 05:43 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 05:43 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-08 07:56 . 2012-11-14 06:07 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-10-08 07:48 . 2012-11-14 06:07 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-10-08 07:47 . 2012-11-14 06:07 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-10-08 07:44 . 2012-11-14 06:07 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-10-08 07:43 . 2012-11-14 06:07 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-10-08 07:40 . 2012-11-14 06:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-10-03 16:58 . 2012-11-14 05:51 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42 . 2012-11-14 05:51 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 16:42 . 2012-11-14 05:51 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 16:42 . 2012-11-14 05:51 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 05:51 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 16:42 . 2012-11-14 05:51 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 16:40 . 2012-11-14 05:51 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21 . 2012-11-14 05:51 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 20:06 . 2010-06-24 09:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-29 17:54 . 2009-08-27 18:07 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 22:47 . 2012-11-14 05:48 78336 ----a-w- c:\windows\system32\synceng.dll
2010-06-15 05:05 . 2010-06-15 05:05 734168 ----a-w- c:\program files\PSISetup.exe
2009-08-26 21:35 . 2009-08-26 21:35 122880 ----a-w- c:\program files\freedial.exe
2009-08-26 19:34 . 2009-08-26 19:34 1164624 ----a-w- c:\program files\wlsetup-custom.exe
2006-03-27 16:49 . 2009-08-27 16:10 3809280 ----a-w- c:\program files\Guitools.exe
2012-10-27 07:37 . 2012-10-27 07:37 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-02 20:03 220608 ----a-w- c:\users\Claude\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-02 20:03 220608 ----a-w- c:\users\Claude\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-02 20:03 220608 ----a-w- c:\users\Claude\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-13 348664]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-21 86016]
"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 163944]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-21 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-21 8497696]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-09 326176]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ASETRES.EXE [2008-4-14 20480]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\logishrd\Bluetooth\LBTWLgn.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-11 20:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-12 14:46 138096 ----atw- c:\users\Claude\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-08-29 20:17 133104 ----atw- c:\users\Claude\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 21:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 02:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 20:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 12:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-09-29 17:54 981656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-09-29 17:54 981656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-02-22 18:49 6591800 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 00:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-05-28 06:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-01-08 20:26 68640 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 DLINKVLANPT;D-Link Vlan Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\DLINKVlan60.sys [x]
R3 DLKRT32;D-Link DGE-528T Gigabit Ethernet Adapter Driver;c:\windows\system32\DRIVERS\DLKRT32.sys [x]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 DlinkNdPt60;D-Link NDIS Protocol Driver;c:\windows\system32\DRIVERS\DlinkNdPt60.sys [x]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - FSUSBEXDISK
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
GPSvcGroup REG_MULTI_SZ GPSvc
.
Contenu du dossier 'Tâches planifiées'
.
2012-12-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-01-10 18:51]
.
2012-12-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1483495875-3736717681-2145386771-1000Core.job
- c:\users\Claude\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-05 14:46]
.
2012-12-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1483495875-3736717681-2145386771-1000UA.job
- c:\users\Claude\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-05 14:46]
.
2012-12-14 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-11-13 12:08]
.
2012-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 15:14]
.
2012-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 15:14]
.
2012-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1483495875-3736717681-2145386771-1000Core.job
- c:\users\Claude\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-29 20:17]
.
2012-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1483495875-3736717681-2145386771-1000UA.job
- c:\users\Claude\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-29 20:17]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://fr.yahoo.com?fr=fp-comodo
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Claude\AppData\Roaming\Mozilla\Firefox\Profiles\cnxy525b.default-1352014648656\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://portail.free.fr/
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=ytff-comodo&p=
FF - ExtSQL: 2012-10-27 09:37; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2012-11-04 15:24; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-11-04 16:38; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Claude\AppData\Roaming\Mozilla\Firefox\Profiles\cnxy525b.default-1352014648656\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-11-04 17:00; artur.dubovoy@gmail.com; c:\users\Claude\AppData\Roaming\Mozilla\Firefox\Profiles\cnxy525b.default-1352014648656\extensions\artur.dubovoy@gmail.com.xpi
FF - ExtSQL: 2012-11-04 17:00; {6e84150a-d526-41f1-a480-a67d3fed910d}; c:\users\Claude\AppData\Roaming\Mozilla\Firefox\Profiles\cnxy525b.default-1352014648656\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}.xpi
FF - ExtSQL: 2012-11-04 17:00; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Claude\AppData\Roaming\Mozilla\Firefox\Profiles\cnxy525b.default-1352014648656\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2012-11-04 17:01; {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}; c:\users\Claude\AppData\Roaming\Mozilla\Firefox\Profiles\cnxy525b.default-1352014648656\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
FF - ExtSQL: 2012-11-13 16:59; yesscript@userstyles.org; c:\users\Claude\AppData\Roaming\Mozilla\Firefox\Profiles\cnxy525b.default-1352014648656\extensions\yesscript@userstyles.org.xpi
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{6E454792-2F36-46D3-BB20-4BE949B6FB8A} - (no file)
HKCU-Run-GoogleDriveSync - c:\program files\Google\Drive\googledrivesync.exe
MSConfigStartUp-KiesPDLR - c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSConfigStartUp-KiesTrayAgent - c:\program files\Samsung\Kies\KiesTrayAgent.exe
MSConfigStartUp-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-26_VIA_driver2 - c:\program files\Samsung\USB Drivers\26_VIA_driver2\Uninstall.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1483495875-3736717681-2145386771-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Downloads]
@DACL=(02 0000)
@SACL=(02 0001)
.
[HKEY_USERS\S-1-5-21-1483495875-3736717681-2145386771-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Mozilla Firefox]
@DACL=(02 0000)
@SACL=(02 0001)
"Order"=hex:08,00,00,00,02,00,00,00,08,02,00,00,01,00,00,00,04,00,00,00,82,00,
00,00,fb,ff,ff,ff,74,00,32,00,84,00,00,00,1d,3b,34,4f,20,00,50,52,4f,50,4f,\
.
[HKEY_USERS\S-1-5-21-1483495875-3736717681-2145386771-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Téléchargement]
@DACL=(02 0000)
@SACL=(02 0001)
"Order"=hex:08,00,00,00,02,00,00,00,0c,00,00,00,01,00,00,00,00,00,00,00
.
[HKEY_USERS\S-1-5-21-1483495875-3736717681-2145386771-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{F4754E0F-4332-4215-BE0F-67B8246E4C5D}]
@DACL=(02 0000)
@SACL=(02 0001)
"WpadDecision"=dword:00000000
"WpadDecisionReason"=dword:00000001
"WpadDecisionTime"=hex:f0,81,60,29,95,c5,ca,01
"WpadNetworkName"="freebox"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2012-12-14 21:57:36
ComboFix-quarantined-files.txt 2012-12-14 20:57
.
Avant-CF: 120 482 185 216 octets libres
Après-CF: 119 926 312 960 octets libres
.
- - End Of File - - 7581A1E1B31B6509F0F44796F3471653
ComboFix 12-12-14.01 - Claude 14/12/2012 21:44:51.1.2 - x86
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3071.1675 [GMT 1:00]
Lancé depuis: c:\users\Claude\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Claude\recyclage .jpg
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
c:\windows\system32\Systems
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-11-14 au 2012-12-14 ))))))))))))))))))))))))))))))))))))
.
.
2012-12-14 20:53 . 2012-12-14 20:54 -------- d-----w- c:\users\Claude\AppData\Local\temp
2012-12-14 20:53 . 2012-12-14 20:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-14 20:53 . 2012-12-14 20:53 -------- d-----w- c:\users\Michèle\AppData\Local\temp
2012-12-14 20:53 . 2012-12-14 20:53 -------- d-----w- c:\users\Lucas\AppData\Local\temp
2012-12-14 20:53 . 2012-12-14 20:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-14 18:39 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7600D46F-C003-4A61-9D1C-888583AB3528}\mpengine.dll
2012-12-13 21:22 . 2012-12-14 18:31 -------- d-----w- C:\Pre_Scan
2012-11-17 15:23 . 2012-11-17 15:23 -------- d-----w- c:\program files\Common Files\Skype
2012-11-17 07:46 . 2012-11-17 07:47 -------- d-s---w- c:\users\Claude\Google Drive
2012-11-16 15:39 . 2012-11-16 15:41 -------- d-----w- c:\users\Claude\Copie carte identité
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 18:51 . 2012-01-10 19:52 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-14 18:51 . 2011-07-01 04:06 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 21:55 . 2012-11-13 21:37 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-11-07 23:37 . 2011-10-23 05:07 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-04 06:02 . 2012-11-04 06:02 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-04 06:02 . 2012-01-10 20:03 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-04 06:02 . 2010-05-15 09:54 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-18 17:59 . 2012-11-14 05:43 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-10-16 07:39 . 2012-11-28 05:05 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 17:40 . 2012-11-14 05:43 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 05:43 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-08 07:56 . 2012-11-14 06:07 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-10-08 07:48 . 2012-11-14 06:07 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-10-08 07:47 . 2012-11-14 06:07 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-10-08 07:44 . 2012-11-14 06:07 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-10-08 07:43 . 2012-11-14 06:07 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-10-08 07:40 . 2012-11-14 06:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-10-03 16:58 . 2012-11-14 05:51 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42 . 2012-11-14 05:51 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 16:42 . 2012-11-14 05:51 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 16:42 . 2012-11-14 05:51 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 05:51 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 16:42 . 2012-11-14 05:51 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 16:40 . 2012-11-14 05:51 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21 . 2012-11-14 05:51 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 20:06 . 2010-06-24 09:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-29 17:54 . 2009-08-27 18:07 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 22:47 . 2012-11-14 05:48 78336 ----a-w- c:\windows\system32\synceng.dll
2010-06-15 05:05 . 2010-06-15 05:05 734168 ----a-w- c:\program files\PSISetup.exe
2009-08-26 21:35 . 2009-08-26 21:35 122880 ----a-w- c:\program files\freedial.exe
2009-08-26 19:34 . 2009-08-26 19:34 1164624 ----a-w- c:\program files\wlsetup-custom.exe
2006-03-27 16:49 . 2009-08-27 16:10 3809280 ----a-w- c:\program files\Guitools.exe
2012-10-27 07:37 . 2012-10-27 07:37 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-02 20:03 220608 ----a-w- c:\users\Claude\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-02 20:03 220608 ----a-w- c:\users\Claude\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-02 20:03 220608 ----a-w- c:\users\Claude\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-13 348664]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-21 86016]
"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 163944]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-21 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-21 8497696]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-09 326176]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ASETRES.EXE [2008-4-14 20480]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\logishrd\Bluetooth\LBTWLgn.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-11 20:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-12 14:46 138096 ----atw- c:\users\Claude\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-08-29 20:17 133104 ----atw- c:\users\Claude\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 21:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 02:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 20:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 12:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-09-29 17:54 981656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-09-29 17:54 981656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-02-22 18:49 6591800 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 00:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-05-28 06:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-01-08 20:26 68640 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 DLINKVLANPT;D-Link Vlan Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\DLINKVlan60.sys [x]
R3 DLKRT32;D-Link DGE-528T Gigabit Ethernet Adapter Driver;c:\windows\system32\DRIVERS\DLKRT32.sys [x]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 DlinkNdPt60;D-Link NDIS Protocol Driver;c:\windows\system32\DRIVERS\DlinkNdPt60.sys [x]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - FSUSBEXDISK
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
GPSvcGroup REG_MULTI_SZ GPSvc
.
Contenu du dossier 'Tâches planifiées'
.
2012-12-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-01-10 18:51]
.
2012-12-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1483495875-3736717681-2145386771-1000Core.job
- c:\users\Claude\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-05 14:46]
.
2012-12-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1483495875-3736717681-2145386771-1000UA.job
- c:\users\Claude\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-05 14:46]
.
2012-12-14 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-11-13 12:08]
.
2012-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 15:14]
.
2012-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 15:14]
.
2012-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1483495875-3736717681-2145386771-1000Core.job
- c:\users\Claude\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-29 20:17]
.
2012-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1483495875-3736717681-2145386771-1000UA.job
- c:\users\Claude\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-29 20:17]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://fr.yahoo.com?fr=fp-comodo
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Claude\AppData\Roaming\Mozilla\Firefox\Profiles\cnxy525b.default-1352014648656\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://portail.free.fr/
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=ytff-comodo&p=
FF - ExtSQL: 2012-10-27 09:37; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2012-11-04 15:24; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-11-04 16:38; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Claude\AppData\Roaming\Mozilla\Firefox\Profiles\cnxy525b.default-1352014648656\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-11-04 17:00; artur.dubovoy@gmail.com; c:\users\Claude\AppData\Roaming\Mozilla\Firefox\Profiles\cnxy525b.default-1352014648656\extensions\artur.dubovoy@gmail.com.xpi
FF - ExtSQL: 2012-11-04 17:00; {6e84150a-d526-41f1-a480-a67d3fed910d}; c:\users\Claude\AppData\Roaming\Mozilla\Firefox\Profiles\cnxy525b.default-1352014648656\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}.xpi
FF - ExtSQL: 2012-11-04 17:00; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Claude\AppData\Roaming\Mozilla\Firefox\Profiles\cnxy525b.default-1352014648656\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2012-11-04 17:01; {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}; c:\users\Claude\AppData\Roaming\Mozilla\Firefox\Profiles\cnxy525b.default-1352014648656\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
FF - ExtSQL: 2012-11-13 16:59; yesscript@userstyles.org; c:\users\Claude\AppData\Roaming\Mozilla\Firefox\Profiles\cnxy525b.default-1352014648656\extensions\yesscript@userstyles.org.xpi
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{6E454792-2F36-46D3-BB20-4BE949B6FB8A} - (no file)
HKCU-Run-GoogleDriveSync - c:\program files\Google\Drive\googledrivesync.exe
MSConfigStartUp-KiesPDLR - c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSConfigStartUp-KiesTrayAgent - c:\program files\Samsung\Kies\KiesTrayAgent.exe
MSConfigStartUp-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-26_VIA_driver2 - c:\program files\Samsung\USB Drivers\26_VIA_driver2\Uninstall.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1483495875-3736717681-2145386771-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Downloads]
@DACL=(02 0000)
@SACL=(02 0001)
.
[HKEY_USERS\S-1-5-21-1483495875-3736717681-2145386771-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Mozilla Firefox]
@DACL=(02 0000)
@SACL=(02 0001)
"Order"=hex:08,00,00,00,02,00,00,00,08,02,00,00,01,00,00,00,04,00,00,00,82,00,
00,00,fb,ff,ff,ff,74,00,32,00,84,00,00,00,1d,3b,34,4f,20,00,50,52,4f,50,4f,\
.
[HKEY_USERS\S-1-5-21-1483495875-3736717681-2145386771-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Téléchargement]
@DACL=(02 0000)
@SACL=(02 0001)
"Order"=hex:08,00,00,00,02,00,00,00,0c,00,00,00,01,00,00,00,00,00,00,00
.
[HKEY_USERS\S-1-5-21-1483495875-3736717681-2145386771-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{F4754E0F-4332-4215-BE0F-67B8246E4C5D}]
@DACL=(02 0000)
@SACL=(02 0001)
"WpadDecision"=dword:00000000
"WpadDecisionReason"=dword:00000001
"WpadDecisionTime"=hex:f0,81,60,29,95,c5,ca,01
"WpadNetworkName"="freebox"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2012-12-14 21:57:36
ComboFix-quarantined-files.txt 2012-12-14 20:57
.
Avant-CF: 120 482 185 216 octets libres
Après-CF: 119 926 312 960 octets libres
.
- - End Of File - - 7581A1E1B31B6509F0F44796F3471653
je doute que pre_scan t'ai causé tant de soucis , je sais ce que je programme.....
l'as tu bien telechargé de mon lien bleu ?
l'as tu bien telechargé de mon lien bleu ?
et t'as pas suivi les indications avec combofix
et je suis sûr que tout est rentré dans l'ordre après redemarrage
et je suis sûr que tout est rentré dans l'ordre après redemarrage
Oups, j'ai effectivement oublié de renommer combofix. Je recommence.
J'ai eu un peu de mal à déactiver totalement comodo. Je l'ai supprimé.
J'ai eu un peu de mal à déactiver totalement comodo. Je l'ai supprimé.
Merci à toi.
Bonne journée
Voici le nouveau rapport:
ComboFix 12-12-14.01 - Claude 15/12/2012 8:34.2.2 - x86
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3071.1822 [GMT 1:00]
Lancé depuis: c:\users\Claude\Desktop\toto.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-11-15 au 2012-12-15 ))))))))))))))))))))))))))))))))))))
.
.
2012-12-15 07:43 . 2012-12-15 07:43 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-15 07:43 . 2012-12-15 07:43 -------- d-----w- c:\users\Michèle\AppData\Local\temp
2012-12-15 07:43 . 2012-12-15 07:43 -------- d-----w- c:\users\Mcx1-ORDI\AppData\Local\temp
2012-12-15 07:43 . 2012-12-15 07:43 -------- d-----w- c:\users\Lucas\AppData\Local\temp
2012-12-15 07:43 . 2012-12-15 07:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-14 20:57 . 2012-12-15 07:43 -------- d-----w- c:\users\Claude\AppData\Local\temp
2012-12-14 18:39 . 2012-11-05 20:32 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 18:39 . 2012-11-05 20:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-14 18:39 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7600D46F-C003-4A61-9D1C-888583AB3528}\mpengine.dll
2012-12-14 18:39 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 21:22 . 2012-12-14 18:31 -------- d-----w- C:\Pre_Scan
2012-11-17 15:23 . 2012-11-17 15:23 -------- d-----w- c:\program files\Common Files\Skype
2012-11-17 07:46 . 2012-11-17 07:47 -------- d-s---w- c:\users\Claude\Google Drive
2012-11-16 15:39 . 2012-11-16 15:41 -------- d-----w- c:\users\Claude\Copie carte identité
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 18:51 . 2012-01-10 19:52 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-14 18:51 . 2011-07-01 04:06 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 21:55 . 2012-11-13 21:37 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-11-07 23:37 . 2011-10-23 05:07 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-04 06:02 . 2012-11-04 06:02 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-04 06:02 . 2012-01-10 20:03 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-04 06:02 . 2010-05-15 09:54 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-16 07:39 . 2012-11-28 05:05 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 17:40 . 2012-11-14 05:43 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 05:43 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-03 16:58 . 2012-11-14 05:51 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42 . 2012-11-14 05:51 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 16:42 . 2012-11-14 05:51 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 16:42 . 2012-11-14 05:51 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 05:51 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 16:42 . 2012-11-14 05:51 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 16:40 . 2012-11-14 05:51 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21 . 2012-11-14 05:51 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 20:06 . 2010-06-24 09:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-29 17:54 . 2009-08-27 18:07 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 22:47 . 2012-11-14 05:48 78336 ----a-w- c:\windows\system32\synceng.dll
2010-06-15 05:05 . 2010-06-15 05:05 734168 ----a-w- c:\program files\PSISetup.exe
2009-08-26 21:35 . 2009-08-26 21:35 122880 ----a-w- c:\program files\freedial.exe
2009-08-26 19:34 . 2009-08-26 19:34 1164624 ----a-w- c:\program files\wlsetup-custom.exe
2006-03-27 16:49 . 2009-08-27 16:10 3809280 ----a-w- c:\program files\Guitools.exe
2012-10-27 07:37 . 2012-10-27 07:37 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-02 20:03 220608 ----a-w- c:\users\Claude\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-02 20:03 220608 ----a-w- c:\users\Claude\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-02 20:03 220608 ----a-w- c:\users\Claude\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-13 348664]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-21 86016]
"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 163944]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-21 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-21 8497696]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-09 326176]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ASETRES.EXE [2008-4-14 20480]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\logishrd\Bluetooth\LBTWLgn.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-11 20:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-12 14:46 138096 ----atw- c:\users\Claude\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-08-29 20:17 133104 ----atw- c:\users\Claude\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 21:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 02:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 20:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 12:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-09-29 17:54 981656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-09-29 17:54 981656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-02-22 18:49 6591800 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 00:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-05-28 06:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-01-08 20:26 68640 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 DLINKVLANPT;D-Link Vlan Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\DLINKVlan60.sys [x]
R3 DLKRT32;D-Link DGE-528T Gigabit Ethernet Adapter Driver;c:\windows\system32\DRIVERS\DLKRT32.sys [x]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 DlinkNdPt60;D-Link NDIS Protocol Driver;c:\windows\system32\DRIVERS\DlinkNdPt60.sys [x]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
GPSvcGroup REG_MULTI_SZ GPSvc
.
Contenu du dossier 'Tâches planifiées'
.
2012-12-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-01-10 18:51]
.
2012-12-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1483495875-3736717681-2145386771-1000Core.job
- c:\users\Claude\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-05 14:46]
.
2012-12-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1483495875-3736717681-2145386771-1000UA.job
- c:\users\Claude\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-05 14:46]
.
2012-12-15 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-11-13 12:08]
.
2012-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 15:14]
.
2012-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 15:14]
.
2012-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1483495875-3736717681-2145386771-1000Core.job
- c:\users\Claude\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-29 20:17]
.
2012-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1483495875-3736717681-2145386771-1000UA.job
- c:\users\Claude\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-29 20:17]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://fr.yahoo.com?fr=fp-comodo
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Claude\AppData\Roaming\Mozilla\Firefox\Profiles\cnxy525b.default-1352014648656\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://portail.free.fr/
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=ytff-comodo&p=
FF - ExtSQL: 2012-10-27 09:37; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2012-11-04 15:24; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-11-04 16:38; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Claude\AppData\Roaming\Mozilla\Firefox\Profiles\cnxy525b.default-1352014648656\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-11-04 17:00; artur.dubovoy@gmail.com; c:\users\Claude\AppData\Roaming\Mozilla\Firefox\Profiles\cnxy525b.default-1352014648656\extensions\artur.dubovoy@gmail.com.xpi
FF - ExtSQL: 2012-11-04 17:00; {6e84150a-d526-41f1-a480-a67d3fed910d}; c:\users\Claude\AppData\Roaming\Mozilla\Firefox\Profiles\cnxy525b.default-1352014648656\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}.xpi
FF - ExtSQL: 2012-11-04 17:00; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Claude\AppData\Roaming\Mozilla\Firefox\Profiles\cnxy525b.default-1352014648656\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2012-11-04 17:01; {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}; c:\users\Claude\AppData\Roaming\Mozilla\Firefox\Profiles\cnxy525b.default-1352014648656\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
FF - ExtSQL: 2012-11-13 16:59; yesscript@userstyles.org; c:\users\Claude\AppData\Roaming\Mozilla\Firefox\Profiles\cnxy525b.default-1352014648656\extensions\yesscript@userstyles.org.xpi
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1483495875-3736717681-2145386771-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Downloads]
@DACL=(02 0000)
@SACL=(02 0001)
.
[HKEY_USERS\S-1-5-21-1483495875-3736717681-2145386771-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Mozilla Firefox]
@DACL=(02 0000)
@SACL=(02 0001)
"Order"=hex:08,00,00,00,02,00,00,00,08,02,00,00,01,00,00,00,04,00,00,00,82,00,
00,00,fb,ff,ff,ff,74,00,32,00,84,00,00,00,1d,3b,34,4f,20,00,50,52,4f,50,4f,\
.
[HKEY_USERS\S-1-5-21-1483495875-3736717681-2145386771-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Téléchargement]
@DACL=(02 0000)
@SACL=(02 0001)
"Order"=hex:08,00,00,00,02,00,00,00,0c,00,00,00,01,00,00,00,00,00,00,00
.
[HKEY_USERS\S-1-5-21-1483495875-3736717681-2145386771-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{F4754E0F-4332-4215-BE0F-67B8246E4C5D}]
@DACL=(02 0000)
@SACL=(02 0001)
"WpadDecision"=dword:00000000
"WpadDecisionReason"=dword:00000001
"WpadDecisionTime"=hex:f0,81,60,29,95,c5,ca,01
"WpadNetworkName"="freebox"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(1052)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Heure de fin: 2012-12-15 08:46:35
ComboFix-quarantined-files.txt 2012-12-15 07:46
ComboFix2.txt 2012-12-14 20:57
.
Avant-CF: 119 193 300 992 octets libres
Après-CF: 119 109 525 504 octets libres
.
- - End Of File - - BD826C46C7CF67233732AD11546C2120
Bonne journée
Voici le nouveau rapport:
ComboFix 12-12-14.01 - Claude 15/12/2012 8:34.2.2 - x86
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3071.1822 [GMT 1:00]
Lancé depuis: c:\users\Claude\Desktop\toto.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-11-15 au 2012-12-15 ))))))))))))))))))))))))))))))))))))
.
.
2012-12-15 07:43 . 2012-12-15 07:43 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-15 07:43 . 2012-12-15 07:43 -------- d-----w- c:\users\Michèle\AppData\Local\temp
2012-12-15 07:43 . 2012-12-15 07:43 -------- d-----w- c:\users\Mcx1-ORDI\AppData\Local\temp
2012-12-15 07:43 . 2012-12-15 07:43 -------- d-----w- c:\users\Lucas\AppData\Local\temp
2012-12-15 07:43 . 2012-12-15 07:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-14 20:57 . 2012-12-15 07:43 -------- d-----w- c:\users\Claude\AppData\Local\temp
2012-12-14 18:39 . 2012-11-05 20:32 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 18:39 . 2012-11-05 20:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-14 18:39 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7600D46F-C003-4A61-9D1C-888583AB3528}\mpengine.dll
2012-12-14 18:39 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 21:22 . 2012-12-14 18:31 -------- d-----w- C:\Pre_Scan
2012-11-17 15:23 . 2012-11-17 15:23 -------- d-----w- c:\program files\Common Files\Skype
2012-11-17 07:46 . 2012-11-17 07:47 -------- d-s---w- c:\users\Claude\Google Drive
2012-11-16 15:39 . 2012-11-16 15:41 -------- d-----w- c:\users\Claude\Copie carte identité
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 18:51 . 2012-01-10 19:52 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-14 18:51 . 2011-07-01 04:06 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 21:55 . 2012-11-13 21:37 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-11-07 23:37 . 2011-10-23 05:07 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-04 06:02 . 2012-11-04 06:02 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-04 06:02 . 2012-01-10 20:03 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-04 06:02 . 2010-05-15 09:54 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-16 07:39 . 2012-11-28 05:05 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 17:40 . 2012-11-14 05:43 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 05:43 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-03 16:58 . 2012-11-14 05:51 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42 . 2012-11-14 05:51 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 16:42 . 2012-11-14 05:51 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 16:42 . 2012-11-14 05:51 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 05:51 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 16:42 . 2012-11-14 05:51 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 16:40 . 2012-11-14 05:51 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21 . 2012-11-14 05:51 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 20:06 . 2010-06-24 09:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-29 17:54 . 2009-08-27 18:07 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 22:47 . 2012-11-14 05:48 78336 ----a-w- c:\windows\system32\synceng.dll
2010-06-15 05:05 . 2010-06-15 05:05 734168 ----a-w- c:\program files\PSISetup.exe
2009-08-26 21:35 . 2009-08-26 21:35 122880 ----a-w- c:\program files\freedial.exe
2009-08-26 19:34 . 2009-08-26 19:34 1164624 ----a-w- c:\program files\wlsetup-custom.exe
2006-03-27 16:49 . 2009-08-27 16:10 3809280 ----a-w- c:\program files\Guitools.exe
2012-10-27 07:37 . 2012-10-27 07:37 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-02 20:03 220608 ----a-w- c:\users\Claude\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-02 20:03 220608 ----a-w- c:\users\Claude\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-02 20:03 220608 ----a-w- c:\users\Claude\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-13 348664]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-21 86016]
"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 163944]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-21 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-21 8497696]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-09 326176]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ASETRES.EXE [2008-4-14 20480]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\logishrd\Bluetooth\LBTWLgn.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-11 20:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-12 14:46 138096 ----atw- c:\users\Claude\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-08-29 20:17 133104 ----atw- c:\users\Claude\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 21:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 02:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 20:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 12:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-09-29 17:54 981656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-09-29 17:54 981656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-02-22 18:49 6591800 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 00:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-05-28 06:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-01-08 20:26 68640 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 DLINKVLANPT;D-Link Vlan Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\DLINKVlan60.sys [x]
R3 DLKRT32;D-Link DGE-528T Gigabit Ethernet Adapter Driver;c:\windows\system32\DRIVERS\DLKRT32.sys [x]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 DlinkNdPt60;D-Link NDIS Protocol Driver;c:\windows\system32\DRIVERS\DlinkNdPt60.sys [x]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
GPSvcGroup REG_MULTI_SZ GPSvc
.
Contenu du dossier 'Tâches planifiées'
.
2012-12-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-01-10 18:51]
.
2012-12-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1483495875-3736717681-2145386771-1000Core.job
- c:\users\Claude\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-05 14:46]
.
2012-12-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1483495875-3736717681-2145386771-1000UA.job
- c:\users\Claude\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-05 14:46]
.
2012-12-15 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-11-13 12:08]
.
2012-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 15:14]
.
2012-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-20 15:14]
.
2012-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1483495875-3736717681-2145386771-1000Core.job
- c:\users\Claude\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-29 20:17]
.
2012-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1483495875-3736717681-2145386771-1000UA.job
- c:\users\Claude\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-29 20:17]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://fr.yahoo.com?fr=fp-comodo
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Claude\AppData\Roaming\Mozilla\Firefox\Profiles\cnxy525b.default-1352014648656\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://portail.free.fr/
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=ytff-comodo&p=
FF - ExtSQL: 2012-10-27 09:37; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2012-11-04 15:24; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-11-04 16:38; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Claude\AppData\Roaming\Mozilla\Firefox\Profiles\cnxy525b.default-1352014648656\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-11-04 17:00; artur.dubovoy@gmail.com; c:\users\Claude\AppData\Roaming\Mozilla\Firefox\Profiles\cnxy525b.default-1352014648656\extensions\artur.dubovoy@gmail.com.xpi
FF - ExtSQL: 2012-11-04 17:00; {6e84150a-d526-41f1-a480-a67d3fed910d}; c:\users\Claude\AppData\Roaming\Mozilla\Firefox\Profiles\cnxy525b.default-1352014648656\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}.xpi
FF - ExtSQL: 2012-11-04 17:00; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Claude\AppData\Roaming\Mozilla\Firefox\Profiles\cnxy525b.default-1352014648656\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2012-11-04 17:01; {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}; c:\users\Claude\AppData\Roaming\Mozilla\Firefox\Profiles\cnxy525b.default-1352014648656\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
FF - ExtSQL: 2012-11-13 16:59; yesscript@userstyles.org; c:\users\Claude\AppData\Roaming\Mozilla\Firefox\Profiles\cnxy525b.default-1352014648656\extensions\yesscript@userstyles.org.xpi
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1483495875-3736717681-2145386771-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Downloads]
@DACL=(02 0000)
@SACL=(02 0001)
.
[HKEY_USERS\S-1-5-21-1483495875-3736717681-2145386771-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Mozilla Firefox]
@DACL=(02 0000)
@SACL=(02 0001)
"Order"=hex:08,00,00,00,02,00,00,00,08,02,00,00,01,00,00,00,04,00,00,00,82,00,
00,00,fb,ff,ff,ff,74,00,32,00,84,00,00,00,1d,3b,34,4f,20,00,50,52,4f,50,4f,\
.
[HKEY_USERS\S-1-5-21-1483495875-3736717681-2145386771-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Téléchargement]
@DACL=(02 0000)
@SACL=(02 0001)
"Order"=hex:08,00,00,00,02,00,00,00,0c,00,00,00,01,00,00,00,00,00,00,00
.
[HKEY_USERS\S-1-5-21-1483495875-3736717681-2145386771-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{F4754E0F-4332-4215-BE0F-67B8246E4C5D}]
@DACL=(02 0000)
@SACL=(02 0001)
"WpadDecision"=dword:00000000
"WpadDecisionReason"=dword:00000001
"WpadDecisionTime"=hex:f0,81,60,29,95,c5,ca,01
"WpadNetworkName"="freebox"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(1052)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Heure de fin: 2012-12-15 08:46:35
ComboFix-quarantined-files.txt 2012-12-15 07:46
ComboFix2.txt 2012-12-14 20:57
.
Avant-CF: 119 193 300 992 octets libres
Après-CF: 119 109 525 504 octets libres
.
- - End Of File - - BD826C46C7CF67233732AD11546C2120
sympa Guitols ^^
si t'as glary => degage-le
==
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
clique sur "Parcourir" et trouve puis selectionne ce(s) fichier(s) :
c:\windows\system32\atmfd.dll
c:\windows\system32\atmlib.dll
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
si t'as glary => degage-le
==
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
clique sur "Parcourir" et trouve puis selectionne ce(s) fichier(s) :
c:\windows\system32\atmfd.dll
c:\windows\system32\atmlib.dll
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
on va faire ca et après je te ferai un script avec combofix
==========================
fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
▶ Télécharge ici :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
==========================
fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
▶ Télécharge ici :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
Pas de résultat positif.
Voici le rapport:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Version de la base de données: v2012.12.15.03
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Claude :: ORDI [administrateur]
15/12/2012 12:38:26
mbam-log-2012-12-15 (12-38-26).txt
Type d'examen: Examen complet (C:\|D:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 472276
Temps écoulé: 51 minute(s), 41 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)
(fin)
Voici le rapport:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Version de la base de données: v2012.12.15.03
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Claude :: ORDI [administrateur]
15/12/2012 12:38:26
mbam-log-2012-12-15 (12-38-26).txt
Type d'examen: Examen complet (C:\|D:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 472276
Temps écoulé: 51 minute(s), 41 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)
(fin)