Sujet Précédent Sujet Suivant

Portable infecté?

alexandrelepetit -  
g3n-h@ckm@n Messages postés 14350 Statut Membre -
Bonjour,

Je voudrais savoir si mon portable était infecté, car il rame pour s'allumer et surtout il plante souvent avec l'apparition d'un ecran bleu.
Merçi d'avance

A voir également:

53 réponses

Précédent
Réponse 41 / 53
g3n-h@ckm@n Messages postés 14350 Statut Membre 948
 
fais ce grand menage et dis quoi

http://security-helpzone.com/gen-hackman/nettoyage-en-fin-de-desinfection/
0
alexandrelepetit
 
voici le rapport delfix

# DelFix v10.4 - Rapport créé le 04/08/2013 à 18:56:38
# Mis à jour le 19/07/2013 par Xplode
# Nom d'utilisateur : lionel - LIONEL-PC
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activation de l'UAC ... OK

~ Suppression des outils de désinfection ...

Supprimé : C:\pre_scan
Supprimé : C:\Users\lionel\Desktop\mbar
Supprimé : C:\AdwCleaner[R1].txt
Supprimé : C:\AdwCleaner[R2].txt
Supprimé : C:\AdwCleaner[R3].txt
Supprimé : C:\AdwCleaner[R4].txt
Supprimé : C:\AdwCleaner[S1].txt
Supprimé : C:\AdwCleaner[S2].txt
Supprimé : C:\AdwCleaner[S3].txt
Supprimé : C:\AdwCleaner[S4].txt
Supprimé : C:\AdwCleaner[S5].txt
Supprimé : C:\AdwCleaner[S6].txt
Supprimé : C:\Extras.Txt
Supprimé : C:\JavaRa.log
Supprimé : C:\OTL.Txt
Supprimé : C:\Pre_Diag_31_07_2013_13_05_16.txt
Supprimé : C:\Pre_Scan_31_07_2013_00_57_45.txt
Supprimé : C:\Users\lionel\Desktop\AdwCleaner.exe
Supprimé : C:\Users\lionel\Desktop\Extras.Txt
Supprimé : C:\Users\lionel\Desktop\JavaRa.def
Supprimé : C:\Users\lionel\Desktop\JavaRa.exe
Supprimé : C:\Users\lionel\Desktop\JavaRa.zip
Supprimé : C:\Users\lionel\Desktop\OTL.Txt
Supprimé : C:\Users\lionel\Desktop\OTL.exe
Supprimé : C:\Users\lionel\Desktop\Pre_Scan.exe
Supprimé : C:\Users\lionel\Desktop\Pre_script.txt
Supprimé : C:\Users\lionel\Desktop\Reload_Tdsskiller.exe
Supprimé : C:\Users\lionel\Desktop\TDSSKiller.2.8.16.0_03.08.2013_11.23.44_log.txt
Supprimé : C:\Users\lionel\Downloads\Extras.Txt
Supprimé : C:\Users\lionel\Downloads\OTL.Txt
Supprimée : HKCU\Software\g3n-h@ckm@n
Supprimée : HKLM\SOFTWARE\OldTimer Tools
Supprimée : HKLM\SOFTWARE\AdwCleaner
Supprimée : HKLM\SOFTWARE\g3n-h@ckm@n

~ Sauvegarde de la base de registre ... OK

~ Purge de la restauration système ...

Supprimé : RP #151 [Windows Update | 07/30/2013 10:52:02]
Supprimé : RP #152 [Windows Update | 08/03/2013 05:23:03]
Supprimé : RP #153 [OTL Restore Point - 03/08/2013 23:11:43 | 08/03/2013 21:11:45]
Supprimé : RP #154 [OTL Restore Point - 04/08/2013 13:26:45 | 08/04/2013 11:26:47]

Nouveau point de restauration créé !

~ Réinitialisation des paramètres système ... OK

########## - EOF - ##########
0
alexandrelepetit
 
de plus pour malware il me dit que ma période d'essai est passé et que mon ordi n'est plus protégé, comment faire pour qu'il protége mon ordi.
0
Réponse 42 / 53
g3n-h@ckm@n Messages postés 14350 Statut Membre 948
 
bah soit tu payes , soit tu le mets à jour toi meme et tu fais un scan par semaine complet manuellement.

ton antivirus te protège déjà...enfin....c'est toujours pareil , si tu fais n importe quoi avec le pc rien en te protègera
0
alexandrelepetit
 
ok, par contre j'ai toujours un problème au démarage ( il s'allume 1 fois sur 2), et lorsqu'il se met en veille avec l'apparition d'un écran bleu
0
Réponse 43 / 53
g3n-h@ckm@n Messages postés 14350 Statut Membre 948
 
▶ Télécharge : Gmer clique sur "Download EXE" et enregistre-le sur ton bureau

Desactive toutes tes protections : https://forum.pcastuces.com/default.asp

Pour XP => double clique sur gmer.exe
Pour Vista et 7 => clique droit "executer en tant que...."

▶ clique sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.

▶ Les lignes rouges indiquent la presence d'un rootkit.

Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)

ensuite :

fais bien attention que toutes les cases à droites soient cochées , puis clique sur scan

j'attends donc deux rapports hébergés

0
alexandrelepetit
 
lors du 1er scan, l'ecran bleu est apparu et mon ordi a planté.
j'ai relancé le scan
0
Réponse 44 / 53
alexandrelepetit
 
le 1er rapport

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-08-04 23:08:30
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST500LM0 rev.2AR1 465,76GB
Running: x1cjh6cs.exe; Driver: C:\Users\lionel\AppData\Local\Temp\uwdirpog.sys

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800031f6000 78 bytes [54, 24, 1C, 52, 8D, 4C, 24, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 639 fffff800031f604f 10 bytes [00, 00, 89, 44, 24, 24, 89, ...]

---- User code sections - GMER 2.1 ----

.text C:\windows\system32\wininit.exe[652] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62]
.text C:\windows\system32\services.exe[708] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62]
.text C:\windows\system32\svchost.exe[860] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62]
.text C:\windows\system32\nvvsvc.exe[940] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62]
.text C:\windows\System32\svchost.exe[332] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62]
.text C:\windows\System32\svchost.exe[436] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62]
.text C:\windows\system32\svchost.exe[456] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62]
.text C:\windows\system32\svchost.exe[608] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62]
.text C:\windows\system32\winlogon.exe[1028] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62]
.text C:\windows\system32\AUDIODG.EXE[1132] C:\windows\System32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62]
.text C:\windows\system32\svchost.exe[1236] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1596] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62]
.text C:\windows\system32\nvvsvc.exe[1608] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62]
.text C:\windows\System32\spoolsv.exe[1736] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62]
.text C:\windows\system32\svchost.exe[1764] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1940] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[1972] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62]
.text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe[1180] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1368] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[1356] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1928] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[1360] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\Program Files (x86)\SFR\Gestionnaire de Connexion\SFR.DashBoard.Service.exe[2060] C:\windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\windows\system32\taskhost.exe[2168] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2236] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\windows\Explorer.EXE[2336] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2796] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\windows\system32\svchost.exe[2852] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[2904] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3012] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3180] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3180] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075011465 2 bytes [01, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3180] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750114bb 2 bytes [01, 75]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[3996] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe[4016] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[4044] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[4060] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4068] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62]
.text C:\Windows\System32\rundll32.exe[4076] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62]
.text C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe[4092] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\Program Files\Elantech\ETDCtrl.exe[2448] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62]
.text C:\Program Files (x86)\SFR\Kit\9props.exe[3144] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3808] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2652] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2652] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075011465 2 bytes [01, 75]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2652] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750114bb 2 bytes [01, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[2968] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\windows\system32\SearchIndexer.exe[4100] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62]
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4268] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62]
.text C:\windows\system32\svchost.exe[4696] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62]
.text C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe[5084] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2432] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[4356] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077123ae0 6 bytes {NOP ; JMP 0xffffffff8925cc7c}
.text C:\Program Files\Internet Explorer\iexplore.exe[4356] C:\windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077127a90 6 bytes {NOP ; JMP 0xffffffff89258914}
.text C:\Program Files\Internet Explorer\iexplore.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077151490 6 bytes {NOP ; JMP 0xffffffff8922f684}
.text C:\Program Files\Internet Explorer\iexplore.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000771514f0 6 bytes {NOP ; JMP 0xffffffff8922f9dc}
.text C:\Program Files\Internet Explorer\iexplore.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771515d0 6 bytes {NOP ; JMP 0xffffffff8923006c}
.text C:\Program Files\Internet Explorer\iexplore.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077151810 6 bytes {NOP ; JMP 0xffffffff8922fa74}
.text C:\Program Files\Internet Explorer\iexplore.exe[4356] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077152840 6 bytes {NOP ; JMP 0xffffffff8922f1b4}
.text C:\Program Files\Internet Explorer\iexplore.exe[4356] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[4356] C:\windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd3e6e00 6 bytes {NOP ; JMP 0xffffffff8001afac}
.text C:\Program Files\Internet Explorer\iexplore.exe[4356] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd3e6f2c 6 bytes {NOP ; JMP 0xffffffff80019fa0}
.text C:\Program Files\Internet Explorer\iexplore.exe[4356] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd3e7220 6 bytes {NOP ; JMP 0xffffffff8001a064}
.text C:\Program Files\Internet Explorer\iexplore.exe[4356] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd3e739c 6 bytes {NOP ; JMP 0xffffffff8001a2a0}
.text C:\Program Files\Internet Explorer\iexplore.exe[4356] C:\windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd3e7538 6 bytes {NOP ; JMP 0xffffffff8001a4bc}
.text C:\Program Files\Internet Explorer\iexplore.exe[4356] C:\windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd3e75e8 6 bytes {NOP ; JMP 0xffffffff80018dbc}
.text C:\Program Files\Internet Explorer\iexplore.exe[4356] C:\windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd3e790c 6 bytes {NOP ; JMP 0xffffffff80018e50}
.text C:\Program Files\Internet Explorer\iexplore.exe[4356] C:\windows\SYSTEM32\sechost.dll!DeleteService 000007fefd3e7ab4 6 bytes {NOP ; JMP 0xffffffff80019060}
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2740] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2740] C:\windows\syswow64\WININET.dll!HttpOpenRequestW 0000000074da83dd 5 bytes JMP 00000001695c4062
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2740] C:\windows\syswow64\WININET.dll!HttpOpenRequestA 0000000074e73595 5 bytes JMP 00000001695c3efe
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2740] C:\windows\syswow64\WS2_32.dll!closesocket 0000000075953918 5 bytes JMP 00000001695591d9
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2740] C:\windows\syswow64\WS2_32.dll!socket 0000000075953eb8 5 bytes JMP 000000016955844e
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2740] C:\windows\syswow64\WS2_32.dll!getaddrinfo 0000000075954296 5 bytes JMP 000000016955860e
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2740] C:\windows\syswow64\WS2_32.dll!recv 0000000075956b0e 5 bytes JMP 00000001695594da
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2740] C:\windows\syswow64\WS2_32.dll!connect 0000000075956bdd 5 bytes JMP 00000001695584de
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2740] C:\windows\syswow64\WS2_32.dll!send 0000000075956f01 5 bytes JMP 0000000169558ab2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2740] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075011465 2 bytes [01, 75]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2740] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750114bb 2 bytes [01, 75]
.text ... * 2
.text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe[3752] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[1868] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[1868] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075011465 2 bytes [01, 75]
.text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe[1868] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750114bb 2 bytes [01, 75]
.text ... * 2
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3440] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62]
.text C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe[5164] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5172] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5172] C:\windows\syswow64\WININET.dll!HttpOpenRequestW 0000000074da83dd 5 bytes JMP 00000001695c4062
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5172] C:\windows\syswow64\WININET.dll!HttpOpenRequestA 0000000074e73595 5 bytes JMP 00000001695c3efe
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5172] C:\windows\syswow64\WS2_32.dll!closesocket 0000000075953918 5 bytes JMP 00000001695591d9
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5172] C:\windows\syswow64\WS2_32.dll!socket 0000000075953eb8 5 bytes JMP 000000016955844e
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5172] C:\windows\syswow64\WS2_32.dll!getaddrinfo 0000000075954296 5 bytes JMP 000000016955860e
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5172] C:\windows\syswow64\WS2_32.dll!recv 0000000075956b0e 5 bytes JMP 00000001695594da
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5172] C:\windows\syswow64\WS2_32.dll!connect 0000000075956bdd 5 bytes JMP 00000001695584de
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5172] C:\windows\syswow64\WS2_32.dll!send 0000000075956f01 5 bytes JMP 0000000169558ab2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5172] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075011465 2 bytes [01, 75]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5172] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750114bb 2 bytes [01, 75]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5184] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5184] C:\windows\syswow64\WININET.dll!HttpOpenRequestW 0000000074da83dd 5 bytes JMP 00000001695c4062
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5184] C:\windows\syswow64\WININET.dll!HttpOpenRequestA 0000000074e73595 5 bytes JMP 00000001695c3efe
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5184] C:\windows\syswow64\WS2_32.dll!closesocket 0000000075953918 5 bytes JMP 00000001695591d9
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5184] C:\windows\syswow64\WS2_32.dll!socket 0000000075953eb8 5 bytes JMP 000000016955844e
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5184] C:\windows\syswow64\WS2_32.dll!getaddrinfo 0000000075954296 5 bytes JMP 000000016955860e
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5184] C:\windows\syswow64\WS2_32.dll!recv 0000000075956b0e 5 bytes JMP 00000001695594da
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5184] C:\windows\syswow64\WS2_32.dll!connect 0000000075956bdd 5 bytes JMP 00000001695584de
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5184] C:\windows\syswow64\WS2_32.dll!send 0000000075956f01 5 bytes JMP 0000000169558ab2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5184] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075011465 2 bytes [01, 75]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[5184] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750114bb 2 bytes [01, 75]
.text ... * 2
.text C:\windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe[5668] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62]
.text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[5696] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[5748] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[5776] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe[5808] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\Users\lionel\Desktop\x1cjh6cs.exe[4772] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\windows\system32\wbem\wmiprvse.exe[5924] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62]
.text C:\windows\system32\igfxsrvc.exe[6012] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007703eecd 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5940] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5940] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075011465 2 bytes [01, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5940] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750114bb 2 bytes [01, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6696] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000759ca30a 1 byte [62]

---- Threads - GMER 2.1 ----

Thread System [4:6240] fffff8800a225518

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@DisplayName aswKbd
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Group Keyboard Port
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Description avast! keyboard filter driver (aswKbd)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Tag 7
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 50
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 425646
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\windows
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 10
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description G?re et impl?mente les services de l'antivirus avast! pour cet ordinateur. Ceci inclut la protection r?sidente, la zone de quarantaine et le planificateur.
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002454f1df46
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749f59338f
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b803052e57e2
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b803052e57e2@78471dd9429c 0x77 0xEC 0xCA 0x94 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b803052e57e2@5ce8ebe60b9f 0xAE 0xC2 0xE5 0x66 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca9710db474
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\30-7e-cb-a7-c1-a0@ClientLocalPort 62581
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\30-7e-cb-a7-c1-a0@TeredoAddress 2001:0:9d38:6ab8:3cef:b8a:92ee:8a7f
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 13837
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 11765
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@DisplayName aswKbd
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Group Keyboard Port
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Description avast! keyboard filter driver (aswKbd)
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Tag 7
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 50
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 425646
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\windows
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 53
g3n-h@ckm@n Messages postés 14350 Statut Membre 948
 
heberge-les sur cjoint stp c'est trop long pour le forum
0
alexandrelepetit
 
désolé voici le lien

http://cjoint.com/?3HexwU3a9jd
0
Réponse 46 / 53
g3n-h@ckm@n Messages postés 14350 Statut Membre 948
 
? il est pas complet non plus
0
alexandreleêtit
 
j'espere que celui-ci sera bon

http://cjoint.com/?3HfmV5f5cFp
0
Réponse 47 / 53
g3n-h@ckm@n Messages postés 14350 Statut Membre 948
 
y'a ecrit quoi sur l ecran bleu quand il se met en veille ?
0
alexandrelepetit
 
j'ai pas le temps de tous lire et en plus c'est en anglais, mais le début c'est windows a rencontré un probleme et doit ferme...
0
Réponse 48 / 53
g3n-h@ckm@n Messages postés 14350 Statut Membre 948
 
vire les restes de NORTON avec ceci :

https://support.norton.com/sp/fr/fr/home/current/solutions/v60392881
0
alexandrelepetit
 
salut

voila c'est fait.
j'ai souvent aussi un message lors du démarrage qui me dit SWMAgent redémarre, ca veut dire quoi?
0
g3n-h@ckm@n Messages postés 14350 Statut Membre 948
 
tu as du materiel samsung qui se connecte à l'ordinateur ?
0
alexandrelepetit
 
de temps en temps un téléphone.
0
g3n-h@ckm@n Messages postés 14350 Statut Membre 948
 
reinstalle le logiciel samsung il peut que ce message vienne de lui
0
alexandrelepetit
 
ok d'accord je vais essayer.
0
Réponse 49 / 53
alexandrelepetit
 
bonjour,

j'ai toujours le problème d'écran bleu, et quand je veux le rallumer je suis obligé de m'y prendre en plusieurs fois et lorsqu'il redémarre il vérifie à chaque le disque dur.
0
Réponse 50 / 53
g3n-h@ckm@n Messages postés 14350 Statut Membre 948
 

/!\ ATTENTION SUIVRE A LA LETTRE CES INDICATIONS/!\

Desactive tes protections : https://forum.pcastuces.com/default.asp

Télécharge ici : Combofix et enregistre-le sur ton bureau

renomme combofix en ce que tu veux (important pour contrer certaines infections)

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur combofix renommé

¤¤¤¤¤¤¤¤¤¤ LAISSE-LE INSTALLER LA CONSOLE DE RECUPERATION S'IL TE LE DEMANDE ¤¤¤¤¤¤¤¤¤¤

▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!

▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

▶▶▶ Si, après le redémarrage de votre pc par combofix, vous avez des erreurs "Clé marquée pour suppression" ou des soucis de connexion internet, redémarrez à nouveau votre ordinateur

0
alexandrelepetit
 
voici le lien du rapport

http://cjoint.com/?3HinpEi9jdq
0
Réponse 51 / 53
g3n-h@ckm@n Messages postés 14350 Statut Membre 948
 

__________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
----------------------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
KillAll::

ClearJavaCache::

File::
c:\windows\SysWow64\shoD19E.tmp

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]


------------------------------------------------------------------

▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes

▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix comme sur cette : illustration

▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt

0
alexandrelepetit
 
bonjour,
voici le lien

http://cjoint.com/?3HkkGcR1qBx
0
Réponse 52 / 53
g3n-h@ckm@n Messages postés 14350 Statut Membre 948
 
ok quelle ecolution a-t-on ?

au fait t'as pas desactivé windows defender pour combofix , et en plus il sert à rien juste à bloquer les outils

¤¤¤¤¤¤¤¤¤¤_Pre_Scan_Concept_¤¤¤¤¤¤¤¤¤¤
Windows 8 => meme flop que Vista X 10
0
alexandrelepetit
 
toujours pareil, lors de la reprise en veille l'ecran bleu apparait
0
g3n-h@ckm@n Messages postés 14350 Statut Membre 948
 
la reprise en veille ? v'la autre chose...
0
alexandrelepetit
 
beh oui, l'ecran bleu apparait aprés que l'ordi s'st mis en veille, je vois pas ce qu'il y a d'extraordinaire
0
g3n-h@ckm@n Messages postés 14350 Statut Membre 948
 
c'est le terme "reprise en veille que j'ai pas bien saisi" ^^

==

faudrait faire controler ta carte graphique à la section "materiel" moi je ne peux rien faire de plus ce n'est pas infectieux
0
alexandrelepetit
 
ok merci
0
Réponse 53 / 53
g3n-h@ckm@n Messages postés 14350 Statut Membre 948
 
refais Delfix pour virer les outils quand meme
0
alexandrelepetit
 
bonjour,

apparemment c'était mon disque dur qi était HS.
0
g3n-h@ckm@n Messages postés 14350 Statut Membre 948
 
ah ben alors là.....les outils ne pouvaient rien faire ^^

merci pour le retour
0

Discussions similaires

Annuaire portable gratuit à partir d'un nom
dani26 -
Authority -

9 réponses
Localiser un portable gratuitement sans autorisation
zazamfg -
georges97 -

8 réponses