Forums Zebulon.fr: Au secours - Forums Zebulon.fr

Bonjour,


Je viens demandé votre aide car j ai subi l attack d un virus apparament appelé security tool.
Suite au téléchargement sur un site du logiciel kies pour connecter ma tab samsung au pc.

les symptomes apparues: je ne pouvais plus ouvrir mes programmes, une fenêtre avec le faux logiciel sécurity tool est apparue.
.


J ai donc cherche des solutions:

1 j ai supprimer le programme securiter tool visible das appdata/securitool
2 j ai lancé c cleaner via topik suivant: Virus - Méthode préliminaire de désinfection | CommentCaMarche
3 j ai lance combofix (J ai déconnecté mon pc d internet car une fenêtre c est ouvert, m indiquant qu'un rootkit était détecté)


apparament un defaut majeur persiste puisque je ne peux toujours pas ouvrir mes programmes, mais en revanche security tool n apparait plus.
Je vous joins les infos établi par combofix.(ca n a pas l air sympa vu d ici, c est meme efrayant )

Je vous remercie par avance, si vous pouvez m aider car je suis dans l urgence.
Cdt,

ComboFix 11-11-08.02 - Kinky Daisy Party 09/11/2011 14:32:46.2.2 - x86
Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1033.18.2815.2285 [GMT 1:00]
Lancé depuis: L:\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kinky Daisy Party\AppData\Roaming\Adobe\plugs
c:\users\Kinky Daisy Party\AppData\Roaming\Adobe\shed
c:\windows\$NtUninstallKB2734$\586295388\@
c:\windows\$NtUninstallKB2734$\586295388\bckfg.tmp
c:\windows\$NtUninstallKB2734$\586295388\cfg.ini
c:\windows\$NtUninstallKB2734$\586295388\Desktop.ini
c:\windows\$NtUninstallKB2734$\586295388\keywords
c:\windows\$NtUninstallKB2734$\586295388\kwrd.dll
c:\windows\$NtUninstallKB2734$\586295388\L\xadqgnnk
c:\windows\$NtUninstallKB2734$\586295388\U\00000001.@
c:\windows\$NtUninstallKB2734$\586295388\U\00000002.@
c:\windows\$NtUninstallKB2734$\586295388\U\00000004.@
c:\windows\$NtUninstallKB2734$\586295388\U\80000000.@
c:\windows\$NtUninstallKB2734$\586295388\U\80000004.@
c:\windows\$NtUninstallKB2734$\586295388\U\80000032.@
c:\windows\$NtUninstallKB2734$\778989360
c:\windows\system32\muzapp.exe
c:\windows\system32\system32
c:\windows\system32\system32\3DAudio.ax
c:\windows\system32\system32\avrt.dll
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\mfplat.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
c:\windows\system32\Thumbs.db
c:\windows\$NtUninstallKB2734$ . . . . impossible à supprimer
.
c:\windows\system32\drivers\netbt.sys . . . est infecté!! . . . Impossible de trouver un substitut valide.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.netbt
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-10-09 au 2011-11-09 ))))))))))))))))))))))))))))))))))))
.
.
2011-11-09 13:41 . 2011-11-09 13:43 -------- d-----w- c:\users\Kinky Daisy Party\AppData\Local\temp
2011-11-09 13:41 . 2011-11-09 13:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-11-09 13:41 . 2011-11-09 13:41 -------- d-----w- c:\users\EA doudou\AppData\Local\temp
2011-11-09 13:41 . 2011-11-09 13:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-09 13:41 . 2011-11-09 13:41 -------- d-----w- c:\users\Acronis Agent User\AppData\Local\temp
2011-11-09 13:10 . 2011-11-09 13:10 110080 ----a-r- c:\users\Kinky Daisy Party\AppData\Roaming\Microsoft\Installer\{1C7CC8E2-CFCF-41E6-A863-7C7A45CE8A78}\IconF7A21AF7.exe
2011-11-09 13:10 . 2011-11-09 13:10 110080 ----a-r- c:\users\Kinky Daisy Party\AppData\Roaming\Microsoft\Installer\{1C7CC8E2-CFCF-41E6-A863-7C7A45CE8A78}\IconD7F16134.exe
2011-11-09 13:10 . 2011-11-09 13:10 110080 ----a-r- c:\users\Kinky Daisy Party\AppData\Roaming\Microsoft\Installer\{1C7CC8E2-CFCF-41E6-A863-7C7A45CE8A78}\IconCF33A0CE.exe
2011-11-09 13:10 . 2011-11-09 13:10 -------- d-----w- C:\sh4ldr
2011-11-09 13:10 . 2011-11-09 13:10 -------- d-----w- c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP
2011-11-09 12:36 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-11-08 20:13 . 2011-10-27 01:25 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2011-11-08 20:13 . 2011-10-27 01:25 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2011-11-08 20:13 . 2011-10-27 01:25 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2011-11-08 20:13 . 2011-10-27 01:25 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2011-11-08 20:13 . 2011-10-27 01:25 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2011-11-07 19:48 . 2011-11-07 19:48 -------- d-----w- c:\users\Kinky Daisy Party\.thumbnails
2011-11-07 19:48 . 2011-11-07 19:48 -------- d-----w- c:\program files\Blender Foundation
2011-10-20 17:59 . 2011-10-20 17:59 -------- d-----w- c:\program files\bayardKids
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 16:47 . 2011-06-19 06:40 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyAs.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 15:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2011-01-17 15:54 175912 ----a-w- c:\program files\MyAshampoo\prxtbMyAs.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyAs.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\prxtbMyAs.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-11-08 929168]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-11-08 3508624]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-11-08 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-02 847872]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
La Solution Ciel.lnk - c:\program files\Ciel\Starter.exe [2011-3-26 155648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\astyjys]
2011-11-09 06:21 11264 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\astyjys.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-09-25 18:41 377888 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-09-25 18:20 948024 ----a-w- c:\program files\Common Files\Acronis\Timounter\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupAndRecoveryMonitor.exe]
2009-09-25 18:16 1518688 ----a-w- c:\program files\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-02-27 02:38 136176 ----atw- c:\users\Kinky Daisy Party\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 16:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
2011-02-28 18:01 353736 ----a-w- c:\program files\IncrediMail\Bin\IncMail.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 09:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2009-06-18 08:04 772096 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 13:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIWatcher]
2011-04-06 07:27 2535296 ----a-w- c:\program files\ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe
.
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 136176]
R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 136176]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-10-27 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-10-27 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-10-27 136808]
R4 AcronisAgent;Acronis Remote Agent;c:\program files\Common Files\Acronis\Agent\agent.exe [2009-09-25 1869640]
R4 MMS;Acronis Managed Machine Service;c:\program files\Acronis\BackupAndRecovery\mms.exe [2009-09-25 3819952]
R4 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [2009-09-14 153600]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [2009-09-14 121856]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
.
2011-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 10:29]
.
2011-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-10 10:29]
.
2011-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3234875173-3711634244-137862057-1000Core.job
- c:\users\Kinky Daisy Party\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-27 02:38]
.
2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3234875173-3711634244-137862057-1000UA.job
- c:\users\Kinky Daisy Party\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-27 02:38]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\Kinky Daisy Party\AppData\Roaming\Mozilla\Firefox\Profiles\mar2d92r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=3ce4763c000000000000001fe25afc57&tlver=1.4.31.2&instlRef=sst&affID=19950&q=
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKCU-Run-Privacy Protection - c:\programdata\privacy.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\PowerDVD\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Heure de fin: 2011-11-09 14:46:36 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-11-09 13:46
ComboFix2.txt 2011-07-03 23:13
.
Avant-CF: 6 419 861 504 octets libres
Après-CF: 6 285 275 136 octets libres
.
- - End Of File - - C3E054E2716BBF65604EA916F1CE1B6D

bonsoir fait ceci s.t.p



* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal " soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL " Personnalisation"

Citation

* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
Mets le rapport ici car il prend bien de la place.
Cliquez ici.
ou la
Accueil de Cjoint.com