Ecran noir apres 1 sec et toujours allumé
masterskp3
Messages postés
5
Statut
Membre
-
masterskp3 Messages postés 5 Statut Membre -
masterskp3 Messages postés 5 Statut Membre -
Bonjour,
Je suis vraiment très embêté. Comme dit dans le titre, mon écran devient noir sans s'eteindre au bout d'une seconde. Alors pour gagner du temps voici des réponses aux premières questions que vous me poserez:
- La diode de l'écran reste verte malgré que l'écran soit noir.
- J'ai essayé d'autres cables.
- J'ai mis un aucre écran.
- J'ai enlevé la Geforce pour passer sur le chip de la carte mere.
- J'ai connecté ma tour (qui pose probleme) sur mon portable.
- J'ai fait (tant bien que mal) un adwcleaner et un scan antivirus.
- Et le probleme arrive aussi avant l'ouverture de windows, à l'ecran d'accueil pour mettre le mode sans échec ça le fait aussi....
Une idée?
Je suis vraiment très embêté. Comme dit dans le titre, mon écran devient noir sans s'eteindre au bout d'une seconde. Alors pour gagner du temps voici des réponses aux premières questions que vous me poserez:
- La diode de l'écran reste verte malgré que l'écran soit noir.
- J'ai essayé d'autres cables.
- J'ai mis un aucre écran.
- J'ai enlevé la Geforce pour passer sur le chip de la carte mere.
- J'ai connecté ma tour (qui pose probleme) sur mon portable.
- J'ai fait (tant bien que mal) un adwcleaner et un scan antivirus.
- Et le probleme arrive aussi avant l'ouverture de windows, à l'ecran d'accueil pour mettre le mode sans échec ça le fait aussi....
Une idée?
A voir également:
- Ecran noir apres 1 sec et toujours allumé
- Ecran noir - Guide
- Double ecran - Guide
- Capture d'écran ipad - Guide
- Capture d'écran whatsapp - Accueil - Messagerie instantanée
- La moitié de mon écran tv est noir - Forum Téléviseurs
4 réponses
J'ai eu la même mais avec un écran bleu...
Dit moi peut-tu accéder au menu Windows "F8" sinon essaye de redémarrer en mode sans échec si le problème persiste vérifie ta pile de bios dans ton ordinateur ah oui pc fixe ou portable ?
Dit moi peut-tu accéder au menu Windows "F8" sinon essaye de redémarrer en mode sans échec si le problème persiste vérifie ta pile de bios dans ton ordinateur ah oui pc fixe ou portable ?
Bonjour.
je pense avoir à faire à un virus.
j'ai regardé le journal d'événements et ai vu un plantage suivi d'une reconfiguartion du bios alors que personne n'était devant le pc à cette heure là.
J'ai remis les paramètres usines sur le bios mais pas de resultat, ou presque...
Quand je remets les paramètres usines dans le bios, le pc demarre et j'ai mon affichage normal jusqu'au lancement de windows. Au bout de trois secondes, avant meme d'arriver au mot de passe de session je perd mon affichage.
Donc j'ai démarré en mode sans échec et ai accès à l ordi via teamviewer.
Alors j'ai essayé adwcleaner, windows essentials, spybot et malwarebytes. A chaque fois le meme scénario:
Le scan progresse et detecte un élément, le pc plante et reboote, et dès l'ouverture de windows le pilote graphique se réinstalle.
J'ai fait un scan des pilotes sans faire de passe antivirus et aucun probleme détecté à ce niveau. J'ai mis à jour le pilote graphique moi meme en reprennant le driver nvidia mais aucun résultat.
Et pour repondre à ta question c'est une tour.
J'ai essayé de demarrer le pc via un cd live linux et hiren's boot mais comme j'ai pas d affichage et que teamviewer n'est pas installé sur le cd je suis coincé.
Demain en rentrant du boulot je vais remettre encore les paramètres usine dans le bios et au lieu de redemarrer sur windows, je vais redemarrer sur hiren's boot cd. Avec un peu de chance, le virus n'aura pas eu le temps de se reactiver et je pourrai tenter une desinfection...
je pense avoir à faire à un virus.
j'ai regardé le journal d'événements et ai vu un plantage suivi d'une reconfiguartion du bios alors que personne n'était devant le pc à cette heure là.
J'ai remis les paramètres usines sur le bios mais pas de resultat, ou presque...
Quand je remets les paramètres usines dans le bios, le pc demarre et j'ai mon affichage normal jusqu'au lancement de windows. Au bout de trois secondes, avant meme d'arriver au mot de passe de session je perd mon affichage.
Donc j'ai démarré en mode sans échec et ai accès à l ordi via teamviewer.
Alors j'ai essayé adwcleaner, windows essentials, spybot et malwarebytes. A chaque fois le meme scénario:
Le scan progresse et detecte un élément, le pc plante et reboote, et dès l'ouverture de windows le pilote graphique se réinstalle.
J'ai fait un scan des pilotes sans faire de passe antivirus et aucun probleme détecté à ce niveau. J'ai mis à jour le pilote graphique moi meme en reprennant le driver nvidia mais aucun résultat.
Et pour repondre à ta question c'est une tour.
J'ai essayé de demarrer le pc via un cd live linux et hiren's boot mais comme j'ai pas d affichage et que teamviewer n'est pas installé sur le cd je suis coincé.
Demain en rentrant du boulot je vais remettre encore les paramètres usine dans le bios et au lieu de redemarrer sur windows, je vais redemarrer sur hiren's boot cd. Avec un peu de chance, le virus n'aura pas eu le temps de se reactiver et je pourrai tenter une desinfection...
ça ne s'arrange pas...
Bon quand je fais un scan antivirus le pc plante.
Donc comme j'ai accès au pc via teamviewer j'ai fait une analyse du blue screen. J'ai trouvé 2 fichiers corrompus dans system32 :
- ntoskrnl.exe
-amdk8.sys
j'ai remplacé les deux fichiers sans effet.
j'ai aussi flashé le bios... sans effet non plus.
Je n'arrive pas à comprendre comment un virus pourrait réécrire le bios et qu'un flashage ne change rien!
La je viens de passer combofix qui a trouvé le virus et viré des DLL, mais au redemarrage, j'ai toujours l'ecran noir...
Bon quand je fais un scan antivirus le pc plante.
Donc comme j'ai accès au pc via teamviewer j'ai fait une analyse du blue screen. J'ai trouvé 2 fichiers corrompus dans system32 :
- ntoskrnl.exe
-amdk8.sys
j'ai remplacé les deux fichiers sans effet.
j'ai aussi flashé le bios... sans effet non plus.
Je n'arrive pas à comprendre comment un virus pourrait réécrire le bios et qu'un flashage ne change rien!
La je viens de passer combofix qui a trouvé le virus et viré des DLL, mais au redemarrage, j'ai toujours l'ecran noir...
voici le rapport
ComboFix 15-03-14.03 - Redwarrior 20/03/2015 21:36:42.1.2 - x86
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.32.1036.18.1919.1115 [GMT 1:00]
Lancé depuis: e:\users\Redwarrior\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\programdata\xml1C56.tmp
e:\programdata\xml3B77.tmp
e:\programdata\xml3C24.tmp
e:\programdata\xml4889.tmp
e:\windows\system32\drivers\etc\hosts.ics
e:\windows\system32\Packet.dll
e:\windows\system32\wpcap.dll
.
e:\windows\System32\ntoskrnl.exe . . . est infecté!!
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-02-20 au 2015-03-20 ))))))))))))))))))))))))))))))))))))
.
.
2015-03-20 20:56 . 2015-03-20 20:56 39464 ----a-w- e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB7F770B-F643-4F3F-8463-D5645149FEDE}\MpKsle6e3cc7c.sys
2015-03-20 20:54 . 2015-03-20 20:57 -------- d-----w- e:\users\Redwarrior\AppData\Local\temp
2015-03-20 20:54 . 2015-03-20 20:54 -------- d-----w- e:\users\UpdatusUser\AppData\Local\temp
2015-03-20 20:54 . 2015-03-20 20:54 -------- d-----w- e:\users\Default\AppData\Local\temp
2015-03-20 20:22 . 2015-03-20 20:22 39464 ----a-w- e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB7F770B-F643-4F3F-8463-D5645149FEDE}\MpKsl5365430f.sys
2015-03-20 19:26 . 2015-03-20 19:26 -------- d--h--w- e:\windows\PIF
2015-03-20 18:59 . 2015-01-29 09:49 9041640 ----a-w- e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB7F770B-F643-4F3F-8463-D5645149FEDE}\mpengine.dll
2015-03-19 21:38 . 2015-03-19 21:38 -------- d-----w- e:\program files\DLLSuite
2015-03-19 21:33 . 2015-03-19 21:33 -------- d-----w- e:\program files\DllTool
2015-03-19 21:22 . 2015-03-19 21:22 -------- d-----w- e:\users\Redwarrior\AppData\Roaming\KSafe
2015-03-19 21:22 . 2015-03-19 21:22 -------- d-----w- e:\programdata\KSafe
2015-03-19 21:21 . 2015-03-19 21:21 -------- d-----w- e:\program files\IU DLL Cleaner
2015-03-19 20:30 . 2015-03-19 20:30 -------- d-----w- e:\windows\Logs
2015-03-19 20:25 . 2015-03-19 20:25 -------- d-----w- e:\windows\system32\wbem\Logs
2015-03-18 22:22 . 2015-03-20 20:25 114904 ----a-w- e:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-18 22:21 . 2015-03-18 22:21 -------- d-----w- e:\program files\Malwarebytes Anti-Malware
2015-03-18 22:21 . 2015-03-18 22:21 -------- d-----w- e:\programdata\Malwarebytes
2015-03-18 22:21 . 2014-11-21 05:14 51928 ----a-w- e:\windows\system32\drivers\mwac.sys
2015-03-18 22:21 . 2014-11-21 05:14 75480 ----a-w- e:\windows\system32\drivers\mbamchameleon.sys
2015-03-18 22:21 . 2014-11-21 05:14 23256 ----a-w- e:\windows\system32\drivers\mbam.sys
2015-03-18 22:05 . 2015-03-18 22:05 -------- d-----w- e:\programdata\ProductData
2015-03-18 22:04 . 2015-03-18 22:04 23840 ----a-w- e:\windows\system32\drivers\HWiNFO32.SYS
2015-03-18 22:04 . 2015-03-18 22:04 -------- d-----w- e:\programdata\IObit
2015-03-18 22:04 . 2015-03-18 22:04 -------- d-----w- e:\users\Redwarrior\AppData\Roaming\IObit
2015-03-18 22:03 . 2015-03-18 22:03 -------- d-----w- e:\program files\IObit
2015-03-18 21:22 . 2015-01-29 09:49 9041640 ----a-w- e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-03-11 08:40 . 2015-02-20 02:22 2724864 ----a-w- e:\windows\system32\mshtml.tlb
2015-03-05 00:50 . 2015-03-05 00:48 898472 ----a-w- e:\windows\system32\npDeployJava1.dll
2015-03-05 00:50 . 2015-03-05 00:48 818088 ----a-w- e:\windows\system32\deployJava1.dll
2015-03-05 00:47 . 2015-03-05 00:56 -------- d-----w- e:\programdata\Oracle
2015-02-25 20:28 . 2015-02-25 20:28 -------- d-----w- e:\program files\ESET
2015-02-25 19:50 . 2013-09-20 09:49 18968 ----a-w- e:\windows\system32\sdnclean.exe
2015-02-25 19:50 . 2015-02-25 19:54 -------- d-----w- e:\program files\Spybot - Search & Destroy 2
2015-02-25 19:43 . 2015-02-25 19:43 388096 ----a-r- e:\users\Redwarrior\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2015-02-25 19:11 . 2015-02-25 19:11 -------- d-----w- e:\users\Redwarrior\AppData\Roaming\HPAppData
2015-02-23 18:40 . 2015-02-23 18:40 -------- d-----w- e:\programdata\McAfee
2015-02-22 11:05 . 2015-02-22 11:05 -------- d-----w- e:\users\Redwarrior\AppData\Local\Steam
2015-02-21 19:45 . 2014-09-17 14:15 908840 ----a-w- e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89077777-9FBB-4A2F-AFCA-88DC0A95DE58}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-05 00:48 . 2012-11-13 22:51 96680 ----a-w- e:\windows\system32\WindowsAccessBridge.dll
2015-03-03 13:16 . 2009-10-02 21:22 246920 ------w- e:\windows\system32\MpSigStub.exe
2015-02-17 14:26 . 2015-02-17 14:26 1217184 ----a-w- e:\windows\system32\FM20.DLL
2015-02-04 22:03 . 2012-08-31 22:46 71344 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-04 22:03 . 2012-08-31 22:46 701616 ----a-w- e:\windows\system32\FlashPlayerApp.exe
2015-02-04 02:54 . 2015-02-11 03:20 482304 ----a-w- e:\windows\system32\generaltel.dll
2015-02-04 02:53 . 2015-02-11 03:20 621056 ----a-w- e:\windows\system32\invagent.dll
2015-02-04 02:53 . 2015-02-11 03:20 325632 ----a-w- e:\windows\system32\devinv.dll
2015-02-04 02:53 . 2015-02-11 03:20 767488 ----a-w- e:\windows\system32\appraiser.dll
2015-02-04 02:53 . 2015-02-11 03:20 202752 ----a-w- e:\windows\system32\aepdu.dll
2015-02-04 02:53 . 2015-02-11 03:20 159744 ----a-w- e:\windows\system32\aepic.dll
2015-02-04 02:49 . 2015-02-11 03:20 886784 ----a-w- e:\windows\system32\aeinv.dll
2015-01-27 23:36 . 2015-02-11 03:20 1167520 ----a-w- e:\windows\system32\aitstatic.exe
2015-01-09 02:48 . 2015-02-12 08:00 76800 ----a-w- e:\windows\system32\wdi.dll
2015-01-09 02:48 . 2015-02-12 08:00 635904 ----a-w- e:\windows\system32\perftrack.dll
2015-01-09 02:48 . 2015-02-12 08:00 27136 ----a-w- e:\windows\system32\powertracker.dll
2009-09-27 07:39 369152 --sh--w- e:\windows\System32\avisynth.dll
2005-07-14 10:31 32256 --sh--w- e:\windows\System32\AVSredirect.dll
2004-02-22 08:11 719872 --sh--w- e:\windows\System32\devil.dll
2006-05-03 09:06 163328 --sha-r- e:\windows\System32\flvDX.dll
2004-01-24 22:00 70656 --sh--w- e:\windows\System32\i420vfw.dll
2007-02-21 10:47 31232 --sha-r- e:\windows\System32\msfDX.dll
2008-03-16 12:30 216064 --sha-r- e:\windows\System32\nbDX.dll
2010-01-06 21:00 107520 --sha-r- e:\windows\System32\TAKDSDecoder.dll
2012-10-05 17:54 188416 --sha-r- e:\windows\System32\winDCE32.dll
2004-01-24 22:00 70656 --sh--w- e:\windows\System32\yv12vfw.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- e:\users\Redwarrior\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- e:\users\Redwarrior\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- e:\users\Redwarrior\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- e:\users\Redwarrior\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- e:\users\Redwarrior\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- e:\users\Redwarrior\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- e:\users\Redwarrior\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- e:\users\Redwarrior\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-02-19 13:24 576840 ----a-w- e:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-02-19 13:24 576840 ----a-w- e:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-02-19 13:24 576840 ----a-w- e:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-02-19 13:24 576840 ----a-w- e:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-02-19 13:24 576840 ----a-w- e:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-02-19 13:24 576840 ----a-w- e:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="e:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Spybot-S&D Cleaning"="e:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2014-04-25 4566984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="e:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 978520]
"NvBackend"="e:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-08-19 1795872]
"SDTray"="e:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2014-04-25 4101584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\E:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PC Alert 4.lnk]
path=e:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PC Alert 4.lnk
backup=e:\windows\pss\PC Alert 4.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\E:^Users^Redwarrior^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=e:\users\Redwarrior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=e:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\E:^Users^Redwarrior^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=e:\users\Redwarrior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=e:\windows\pss\FrostWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-12-19 07:48 1022152 ----a-w- e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28 59240 ----a-w- e:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]
2014-10-07 14:35 843480 ----a-w- e:\program files\BlueStacks\HD-Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
2015-02-19 13:24 26232152 ----a-w- e:\program files\Google\Drive\googledrivesync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-08-31 00:52 21432 ----a-w- e:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2012-08-31 00:52 964024 ----a-w- e:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-08-31 00:52 3524536 ----a-w- e:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2012-09-12 22:38 204136 ----a-w- e:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- e:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- e:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2015-02-18 23:51 2874048 ----a-w- e:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R1 MpKsl1113ef31;MpKsl1113ef31;e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB7F770B-F643-4F3F-8463-D5645149FEDE}\MpKsl1113ef31.sys [2015-03-20 39464]
R1 MpKsl30714451;MpKsl30714451;e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB7F770B-F643-4F3F-8463-D5645149FEDE}\MpKsl30714451.sys [2015-03-20 39464]
R2 BstHdAndroidSvc;BlueStacks Android Service;e:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 SkypeUpdate;Skype Updater;e:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;e:\windows\system32\Drivers\ssadadb.sys [2010-12-21 30312]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);e:\windows\system32\DRIVERS\ssudbus.sys [2014-01-22 88576]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;e:\windows\system32\IEEtwCollector.exe [2015-02-20 102912]
R3 PCAlertDriver;PCAlertDriver;e:\program files\MSI\PC Alert 4\NTGLM7X.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;e:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 rt61x86;RT61 Extensible Wireless Driver;e:\windows\system32\DRIVERS\netr61.sys [2010-04-07 376160]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;e:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe [2009-05-17 98488]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);e:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);e:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;e:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 136808]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);e:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 114280]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);e:\windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 184192]
R3 Synth3dVsc;Synth3dVsc;e:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;e:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 tsusbhub;tsusbhub;e:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;e:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;e:\windows\system32\Wat\WatAdminSvc.exe [2011-03-12 1343400]
R4 FreemakeVideoCapture;FreemakeVideoCapture;e:\program files\Freemake\CaptureLib\CaptureLibService.exe [2013-02-25 9216]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;e:\windows\system32\drivers\HWiNFO32.SYS [2015-03-18 23840]
S1 mbamchameleon;mbamchameleon;e:\windows\system32\drivers\mbamchameleon.sys [2014-11-21 75480]
S1 MpKsl5365430f;MpKsl5365430f;e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB7F770B-F643-4F3F-8463-D5645149FEDE}\MpKsl5365430f.sys [2015-03-20 39464]
S1 MpKsle6e3cc7c;MpKsle6e3cc7c;e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB7F770B-F643-4F3F-8463-D5645149FEDE}\MpKsle6e3cc7c.sys [2015-03-20 39464]
S2 BstHdDrv;BlueStacks Hypervisor;e:\program files\BlueStacks\HD-Hypervisor-x86.sys [2014-10-07 112344]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;e:\program files\BlueStacks\HD-LogRotatorService.exe [2014-10-07 388824]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;e:\program files\BlueStacks\HD-UpdaterService.exe [2014-10-07 782040]
S2 MBAMScheduler;MBAMScheduler;e:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-21 1871160]
S2 MBAMService;MBAMService;e:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-21 969016]
S2 NisDrv;Microsoft Network Inspection System;e:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-11-15 95408]
S2 SBSDWSCService;SBSD Security Center Service;e:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;e:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-04-25 1738200]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;e:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-04-25 2081752]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;e:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;e:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-07-02 413128]
S2 ufad-p2v;VMware Converter Service;e:\program files\VMware\VMware Converter\vmware-ufad.exe [2007-01-30 155648]
S2 vstor2-p2v30;Vstor2 P2V30 Virtual Storage Driver;e:\program files\VMware\VMware Converter\vstor2-p2v30.sys [2007-01-30 12544]
S3 MBAMProtector;MBAMProtector;e:\windows\system32\drivers\mbam.sys [2014-11-21 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;e:\windows\system32\drivers\MBAMSwissArmy.sys [2015-03-20 114904]
S3 MBAMWebAccessControl;MBAMWebAccessControl;e:\windows\system32\drivers\mwac.sys [2014-11-21 51928]
S3 NisSrv;Inspection du réseau Microsoft;e:\program files\Microsoft Security Client\NisSrv.exe [2015-01-30 284472]
.
.
--- Autres Services/Pilotes en mémoire ---
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contenu du dossier 'Tâches planifiées'
.
2015-03-20 e:\windows\Tasks\Adobe Flash Player Updater.job
- e:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-31 22:03]
.
2015-03-20 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- e:\program files\Google\Update\GoogleUpdate.exe [2010-06-27 23:23]
.
2015-03-20 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- e:\program files\Google\Update\GoogleUpdate.exe [2010-06-27 23:23]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
IE: &Envoyer à OneNote - e:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xporter vers Microsoft Excel - e:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
TCP: DhcpNameServer = 62.197.111.140 109.88.203.3
.
- - - - ORPHELINS SUPPRIMES - - - -
.
BHO-{da7f5ae1-3be3-43c0-8098-c1d183616e97} - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-mbamchameleon
MSConfigStartUp-BackgroundContainer - e:\users\Redwarrior\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
MSConfigStartUp-Driver Manager - e:\program files\Driver Manager\Driver Manager\DriverManager.exe
MSConfigStartUp-DriverScanner - e:\progra~1\Uniblue\DRIVER~1\launcher.exe
MSConfigStartUp-SSDMonitor - e:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
MSConfigStartUp-WinampAgent - e:\program files\Winamp\winampa.exe
HKLM_ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - e:\program files\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe
AddRemove-01_Simmental - e:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - e:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - e:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - e:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - e:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - e:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - e:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - e:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - e:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - e:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - e:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - e:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - e:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - e:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - e:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - e:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - e:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - e:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - e:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-2685330645-3106664977-739368634-1000\Software\SecuROM\License information*]
"datasecu"=hex:cb,11,00,89,10,3d,bc,22,c4,6c,0e,25,3c,98,98,95,57,f9,3e,73,ed,
e6,e8,ce,05,af,43,7f,f4,42,b3,69,05,18,29,10,d4,f5,46,f9,22,14,c5,58,1c,8f,\
"rkeysecu"=hex:31,49,d7,e2,10,45,57,43,89,4a,3c,f3,9d,df,44,c6
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@e:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="e:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
e:\windows\system32\nvvsvc.exe
e:\program files\Microsoft Security Client\MsMpEng.exe
e:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
e:\windows\system32\taskhost.exe
e:\program files\Malwarebytes Anti-Malware\mbam.exe
e:\windows\system32\conhost.exe
e:\program files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
e:\windows\System32\WUDFHost.exe
e:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
e:\windows\system32\sppsvc.exe
e:\program files\Windows Media Player\wmpnetwk.exe
e:\windows\system32\taskhost.exe
.
.
Heure de fin: 2015-03-20 22:06:12 - La machine a redémarré
ComboFix-quarantined-files.txt 2015-03-20 21:06
.
Avant-CF: 22.104.821.760 octets libres
Après-CF: 21.825.523.712 octets libres
.
- - End Of File - - DEFEEE1EF5518AB300C55A690CA13C4A
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 15-03-14.03 - Redwarrior 20/03/2015 21:36:42.1.2 - x86
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.32.1036.18.1919.1115 [GMT 1:00]
Lancé depuis: e:\users\Redwarrior\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\programdata\xml1C56.tmp
e:\programdata\xml3B77.tmp
e:\programdata\xml3C24.tmp
e:\programdata\xml4889.tmp
e:\windows\system32\drivers\etc\hosts.ics
e:\windows\system32\Packet.dll
e:\windows\system32\wpcap.dll
.
e:\windows\System32\ntoskrnl.exe . . . est infecté!!
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-02-20 au 2015-03-20 ))))))))))))))))))))))))))))))))))))
.
.
2015-03-20 20:56 . 2015-03-20 20:56 39464 ----a-w- e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB7F770B-F643-4F3F-8463-D5645149FEDE}\MpKsle6e3cc7c.sys
2015-03-20 20:54 . 2015-03-20 20:57 -------- d-----w- e:\users\Redwarrior\AppData\Local\temp
2015-03-20 20:54 . 2015-03-20 20:54 -------- d-----w- e:\users\UpdatusUser\AppData\Local\temp
2015-03-20 20:54 . 2015-03-20 20:54 -------- d-----w- e:\users\Default\AppData\Local\temp
2015-03-20 20:22 . 2015-03-20 20:22 39464 ----a-w- e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB7F770B-F643-4F3F-8463-D5645149FEDE}\MpKsl5365430f.sys
2015-03-20 19:26 . 2015-03-20 19:26 -------- d--h--w- e:\windows\PIF
2015-03-20 18:59 . 2015-01-29 09:49 9041640 ----a-w- e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB7F770B-F643-4F3F-8463-D5645149FEDE}\mpengine.dll
2015-03-19 21:38 . 2015-03-19 21:38 -------- d-----w- e:\program files\DLLSuite
2015-03-19 21:33 . 2015-03-19 21:33 -------- d-----w- e:\program files\DllTool
2015-03-19 21:22 . 2015-03-19 21:22 -------- d-----w- e:\users\Redwarrior\AppData\Roaming\KSafe
2015-03-19 21:22 . 2015-03-19 21:22 -------- d-----w- e:\programdata\KSafe
2015-03-19 21:21 . 2015-03-19 21:21 -------- d-----w- e:\program files\IU DLL Cleaner
2015-03-19 20:30 . 2015-03-19 20:30 -------- d-----w- e:\windows\Logs
2015-03-19 20:25 . 2015-03-19 20:25 -------- d-----w- e:\windows\system32\wbem\Logs
2015-03-18 22:22 . 2015-03-20 20:25 114904 ----a-w- e:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-18 22:21 . 2015-03-18 22:21 -------- d-----w- e:\program files\Malwarebytes Anti-Malware
2015-03-18 22:21 . 2015-03-18 22:21 -------- d-----w- e:\programdata\Malwarebytes
2015-03-18 22:21 . 2014-11-21 05:14 51928 ----a-w- e:\windows\system32\drivers\mwac.sys
2015-03-18 22:21 . 2014-11-21 05:14 75480 ----a-w- e:\windows\system32\drivers\mbamchameleon.sys
2015-03-18 22:21 . 2014-11-21 05:14 23256 ----a-w- e:\windows\system32\drivers\mbam.sys
2015-03-18 22:05 . 2015-03-18 22:05 -------- d-----w- e:\programdata\ProductData
2015-03-18 22:04 . 2015-03-18 22:04 23840 ----a-w- e:\windows\system32\drivers\HWiNFO32.SYS
2015-03-18 22:04 . 2015-03-18 22:04 -------- d-----w- e:\programdata\IObit
2015-03-18 22:04 . 2015-03-18 22:04 -------- d-----w- e:\users\Redwarrior\AppData\Roaming\IObit
2015-03-18 22:03 . 2015-03-18 22:03 -------- d-----w- e:\program files\IObit
2015-03-18 21:22 . 2015-01-29 09:49 9041640 ----a-w- e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-03-11 08:40 . 2015-02-20 02:22 2724864 ----a-w- e:\windows\system32\mshtml.tlb
2015-03-05 00:50 . 2015-03-05 00:48 898472 ----a-w- e:\windows\system32\npDeployJava1.dll
2015-03-05 00:50 . 2015-03-05 00:48 818088 ----a-w- e:\windows\system32\deployJava1.dll
2015-03-05 00:47 . 2015-03-05 00:56 -------- d-----w- e:\programdata\Oracle
2015-02-25 20:28 . 2015-02-25 20:28 -------- d-----w- e:\program files\ESET
2015-02-25 19:50 . 2013-09-20 09:49 18968 ----a-w- e:\windows\system32\sdnclean.exe
2015-02-25 19:50 . 2015-02-25 19:54 -------- d-----w- e:\program files\Spybot - Search & Destroy 2
2015-02-25 19:43 . 2015-02-25 19:43 388096 ----a-r- e:\users\Redwarrior\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2015-02-25 19:11 . 2015-02-25 19:11 -------- d-----w- e:\users\Redwarrior\AppData\Roaming\HPAppData
2015-02-23 18:40 . 2015-02-23 18:40 -------- d-----w- e:\programdata\McAfee
2015-02-22 11:05 . 2015-02-22 11:05 -------- d-----w- e:\users\Redwarrior\AppData\Local\Steam
2015-02-21 19:45 . 2014-09-17 14:15 908840 ----a-w- e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89077777-9FBB-4A2F-AFCA-88DC0A95DE58}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-05 00:48 . 2012-11-13 22:51 96680 ----a-w- e:\windows\system32\WindowsAccessBridge.dll
2015-03-03 13:16 . 2009-10-02 21:22 246920 ------w- e:\windows\system32\MpSigStub.exe
2015-02-17 14:26 . 2015-02-17 14:26 1217184 ----a-w- e:\windows\system32\FM20.DLL
2015-02-04 22:03 . 2012-08-31 22:46 71344 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-04 22:03 . 2012-08-31 22:46 701616 ----a-w- e:\windows\system32\FlashPlayerApp.exe
2015-02-04 02:54 . 2015-02-11 03:20 482304 ----a-w- e:\windows\system32\generaltel.dll
2015-02-04 02:53 . 2015-02-11 03:20 621056 ----a-w- e:\windows\system32\invagent.dll
2015-02-04 02:53 . 2015-02-11 03:20 325632 ----a-w- e:\windows\system32\devinv.dll
2015-02-04 02:53 . 2015-02-11 03:20 767488 ----a-w- e:\windows\system32\appraiser.dll
2015-02-04 02:53 . 2015-02-11 03:20 202752 ----a-w- e:\windows\system32\aepdu.dll
2015-02-04 02:53 . 2015-02-11 03:20 159744 ----a-w- e:\windows\system32\aepic.dll
2015-02-04 02:49 . 2015-02-11 03:20 886784 ----a-w- e:\windows\system32\aeinv.dll
2015-01-27 23:36 . 2015-02-11 03:20 1167520 ----a-w- e:\windows\system32\aitstatic.exe
2015-01-09 02:48 . 2015-02-12 08:00 76800 ----a-w- e:\windows\system32\wdi.dll
2015-01-09 02:48 . 2015-02-12 08:00 635904 ----a-w- e:\windows\system32\perftrack.dll
2015-01-09 02:48 . 2015-02-12 08:00 27136 ----a-w- e:\windows\system32\powertracker.dll
2009-09-27 07:39 369152 --sh--w- e:\windows\System32\avisynth.dll
2005-07-14 10:31 32256 --sh--w- e:\windows\System32\AVSredirect.dll
2004-02-22 08:11 719872 --sh--w- e:\windows\System32\devil.dll
2006-05-03 09:06 163328 --sha-r- e:\windows\System32\flvDX.dll
2004-01-24 22:00 70656 --sh--w- e:\windows\System32\i420vfw.dll
2007-02-21 10:47 31232 --sha-r- e:\windows\System32\msfDX.dll
2008-03-16 12:30 216064 --sha-r- e:\windows\System32\nbDX.dll
2010-01-06 21:00 107520 --sha-r- e:\windows\System32\TAKDSDecoder.dll
2012-10-05 17:54 188416 --sha-r- e:\windows\System32\winDCE32.dll
2004-01-24 22:00 70656 --sh--w- e:\windows\System32\yv12vfw.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
- Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- e:\users\Redwarrior\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- e:\users\Redwarrior\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- e:\users\Redwarrior\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- e:\users\Redwarrior\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- e:\users\Redwarrior\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- e:\users\Redwarrior\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- e:\users\Redwarrior\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- e:\users\Redwarrior\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-02-19 13:24 576840 ----a-w- e:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-02-19 13:24 576840 ----a-w- e:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-02-19 13:24 576840 ----a-w- e:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-02-19 13:24 576840 ----a-w- e:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-02-19 13:24 576840 ----a-w- e:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-02-19 13:24 576840 ----a-w- e:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="e:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Spybot-S&D Cleaning"="e:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2014-04-25 4566984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="e:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 978520]
"NvBackend"="e:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-08-19 1795872]
"SDTray"="e:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2014-04-25 4101584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\E:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PC Alert 4.lnk]
path=e:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PC Alert 4.lnk
backup=e:\windows\pss\PC Alert 4.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\E:^Users^Redwarrior^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=e:\users\Redwarrior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=e:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\E:^Users^Redwarrior^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=e:\users\Redwarrior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=e:\windows\pss\FrostWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-12-19 07:48 1022152 ----a-w- e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28 59240 ----a-w- e:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]
2014-10-07 14:35 843480 ----a-w- e:\program files\BlueStacks\HD-Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
2015-02-19 13:24 26232152 ----a-w- e:\program files\Google\Drive\googledrivesync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-08-31 00:52 21432 ----a-w- e:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2012-08-31 00:52 964024 ----a-w- e:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-08-31 00:52 3524536 ----a-w- e:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2012-09-12 22:38 204136 ----a-w- e:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- e:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- e:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2015-02-18 23:51 2874048 ----a-w- e:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R1 MpKsl1113ef31;MpKsl1113ef31;e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB7F770B-F643-4F3F-8463-D5645149FEDE}\MpKsl1113ef31.sys [2015-03-20 39464]
R1 MpKsl30714451;MpKsl30714451;e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB7F770B-F643-4F3F-8463-D5645149FEDE}\MpKsl30714451.sys [2015-03-20 39464]
R2 BstHdAndroidSvc;BlueStacks Android Service;e:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 SkypeUpdate;Skype Updater;e:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;e:\windows\system32\Drivers\ssadadb.sys [2010-12-21 30312]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);e:\windows\system32\DRIVERS\ssudbus.sys [2014-01-22 88576]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;e:\windows\system32\IEEtwCollector.exe [2015-02-20 102912]
R3 PCAlertDriver;PCAlertDriver;e:\program files\MSI\PC Alert 4\NTGLM7X.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;e:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 rt61x86;RT61 Extensible Wireless Driver;e:\windows\system32\DRIVERS\netr61.sys [2010-04-07 376160]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;e:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe [2009-05-17 98488]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);e:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);e:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;e:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 136808]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);e:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 114280]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);e:\windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 184192]
R3 Synth3dVsc;Synth3dVsc;e:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;e:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 tsusbhub;tsusbhub;e:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;e:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;e:\windows\system32\Wat\WatAdminSvc.exe [2011-03-12 1343400]
R4 FreemakeVideoCapture;FreemakeVideoCapture;e:\program files\Freemake\CaptureLib\CaptureLibService.exe [2013-02-25 9216]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;e:\windows\system32\drivers\HWiNFO32.SYS [2015-03-18 23840]
S1 mbamchameleon;mbamchameleon;e:\windows\system32\drivers\mbamchameleon.sys [2014-11-21 75480]
S1 MpKsl5365430f;MpKsl5365430f;e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB7F770B-F643-4F3F-8463-D5645149FEDE}\MpKsl5365430f.sys [2015-03-20 39464]
S1 MpKsle6e3cc7c;MpKsle6e3cc7c;e:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB7F770B-F643-4F3F-8463-D5645149FEDE}\MpKsle6e3cc7c.sys [2015-03-20 39464]
S2 BstHdDrv;BlueStacks Hypervisor;e:\program files\BlueStacks\HD-Hypervisor-x86.sys [2014-10-07 112344]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;e:\program files\BlueStacks\HD-LogRotatorService.exe [2014-10-07 388824]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;e:\program files\BlueStacks\HD-UpdaterService.exe [2014-10-07 782040]
S2 MBAMScheduler;MBAMScheduler;e:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-21 1871160]
S2 MBAMService;MBAMService;e:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-21 969016]
S2 NisDrv;Microsoft Network Inspection System;e:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-11-15 95408]
S2 SBSDWSCService;SBSD Security Center Service;e:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;e:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-04-25 1738200]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;e:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-04-25 2081752]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;e:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;e:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-07-02 413128]
S2 ufad-p2v;VMware Converter Service;e:\program files\VMware\VMware Converter\vmware-ufad.exe [2007-01-30 155648]
S2 vstor2-p2v30;Vstor2 P2V30 Virtual Storage Driver;e:\program files\VMware\VMware Converter\vstor2-p2v30.sys [2007-01-30 12544]
S3 MBAMProtector;MBAMProtector;e:\windows\system32\drivers\mbam.sys [2014-11-21 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;e:\windows\system32\drivers\MBAMSwissArmy.sys [2015-03-20 114904]
S3 MBAMWebAccessControl;MBAMWebAccessControl;e:\windows\system32\drivers\mwac.sys [2014-11-21 51928]
S3 NisSrv;Inspection du réseau Microsoft;e:\program files\Microsoft Security Client\NisSrv.exe [2015-01-30 284472]
.
.
--- Autres Services/Pilotes en mémoire ---
.
- NewlyCreated* - MBAMSWISSARMY
- NewlyCreated* - MPKSLE6E3CC7C
- NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contenu du dossier 'Tâches planifiées'
.
2015-03-20 e:\windows\Tasks\Adobe Flash Player Updater.job
- e:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-31 22:03]
.
2015-03-20 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- e:\program files\Google\Update\GoogleUpdate.exe [2010-06-27 23:23]
.
2015-03-20 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- e:\program files\Google\Update\GoogleUpdate.exe [2010-06-27 23:23]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
IE: &Envoyer à OneNote - e:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xporter vers Microsoft Excel - e:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
TCP: DhcpNameServer = 62.197.111.140 109.88.203.3
.
- - - - ORPHELINS SUPPRIMES - - - -
.
BHO-{da7f5ae1-3be3-43c0-8098-c1d183616e97} - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-mbamchameleon
MSConfigStartUp-BackgroundContainer - e:\users\Redwarrior\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
MSConfigStartUp-Driver Manager - e:\program files\Driver Manager\Driver Manager\DriverManager.exe
MSConfigStartUp-DriverScanner - e:\progra~1\Uniblue\DRIVER~1\launcher.exe
MSConfigStartUp-SSDMonitor - e:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
MSConfigStartUp-WinampAgent - e:\program files\Winamp\winampa.exe
HKLM_ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - e:\program files\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe
AddRemove-01_Simmental - e:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - e:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - e:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - e:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - e:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - e:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - e:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - e:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - e:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - e:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - e:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - e:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - e:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - e:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - e:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - e:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - e:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - e:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - e:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-2685330645-3106664977-739368634-1000\Software\SecuROM\License information*]
"datasecu"=hex:cb,11,00,89,10,3d,bc,22,c4,6c,0e,25,3c,98,98,95,57,f9,3e,73,ed,
e6,e8,ce,05,af,43,7f,f4,42,b3,69,05,18,29,10,d4,f5,46,f9,22,14,c5,58,1c,8f,\
"rkeysecu"=hex:31,49,d7,e2,10,45,57,43,89,4a,3c,f3,9d,df,44,c6
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@e:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="e:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
e:\windows\system32\nvvsvc.exe
e:\program files\Microsoft Security Client\MsMpEng.exe
e:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
e:\windows\system32\taskhost.exe
e:\program files\Malwarebytes Anti-Malware\mbam.exe
e:\windows\system32\conhost.exe
e:\program files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
e:\windows\System32\WUDFHost.exe
e:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
e:\windows\system32\sppsvc.exe
e:\program files\Windows Media Player\wmpnetwk.exe
e:\windows\system32\taskhost.exe
.
.
Heure de fin: 2015-03-20 22:06:12 - La machine a redémarré
ComboFix-quarantined-files.txt 2015-03-20 21:06
.
Avant-CF: 22.104.821.760 octets libres
Après-CF: 21.825.523.712 octets libres
.
- - End Of File - - DEFEEE1EF5518AB300C55A690CA13C4A
A36C5E4F47E84449FF07ED3517B43A31
