Cyril_31

Membres

Afficher le profil Afficher son activité

Compteur de contenus
10
Inscription
le 11 septembre 2011
Dernière visite
le 30 septembre 2011

Autres informations

Mes langues
Français, Anglais

Cyril_31's Achievements

Junior Member (3/12)

Réputation sur la communauté

Plantages à répétition

Cyril_31 a répondu à un(e) sujet de Cyril_31 dans Software

Oui, je l'ai testé avec Memtest et c'est OK. Ma config est à mon avis à jour : tous les updates drivers ont été faits, ainsi que les update Windows.
- le 24 septembre 2011
- 3 réponses
Plantages à répétition

Cyril_31 a posté un sujet dans Software

Bonjour, Depuis plusieurs semaines, j'avais des plantage avec écrans bleus en permanence. J'ai été aidé par quelqu'un du Forum Sécurité. La situation s'est nettement améliorée, mais j'ai encore régulièrement des plantages quelques minutes après le démarrage du PC. L'écran se fige, et je dois alors débrancher le PC pour pouvoir redémarrer. Plus d'écrans bleu par contre. Vous pouvez trouver mon historique sur le forum sécurité ici. Le gars du forum m'a renvoyé sur le forum Software. Quelqu'un peut-il m'aider ? Merci d'avance
- le 23 septembre 2011
- 3 réponses
Blue screen à répétition

Cyril_31 a répondu à un(e) sujet de Cyril_31 dans Analyses et éradication malwares

OK, merci
- le 20 septembre 2011
- 14 réponses
Blue screen à répétition

Cyril_31 a répondu à un(e) sujet de Cyril_31 dans Analyses et éradication malwares

Merci beaucoup, j'ai fait tout cela, mais le problème n'est ps encore résolu. Je viens d'avoir un nouveau plantage. Sans écran bleu cette fois-ci...
- le 20 septembre 2011
- 14 réponses
Blue screen à répétition

Cyril_31 a répondu à un(e) sujet de Cyril_31 dans Analyses et éradication malwares

Pour FlashPlayer, je l'avais déjà fait, mais j'obtiens le message : "Votre navigateur Google Chrome inclut déjà Adobe® Flash® Player. Google Chrome lancera automatiquement les mises à jour lorsque de nouvelles versions de Flash Player seront disponibles." Avec IE: "Flash Player 10.3 n'est pas disponible pour Internet Explorer 9 Bêta (64 bits). Téléchargez une version préliminaire de Flash Player intégrant une prise en charge optimisée d'Internet Explorer 9 Bêta (32 bits et 64 bits) sur Adobe Labs.", et là, je suis redirigé sur un site où je télécharge la version indiquée pour Windows 64 bits au lien suivant http://labs.adobe.com/downloads/flashplayer11.html. Voici le rapport OTL. ça s'est effecivement mieux passé avec la ligne en moins: All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ef79f67a-6ad7-4715-a0f8-932fca442023} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef79f67a-6ad7-4715-a0f8-932fca442023}\ not found. File C:\Program Files (x86)\BittorrentBar_FR\tbBit1.dll not found. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ef79f67a-6ad7-4715-a0f8-932fca442023}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef79f67a-6ad7-4715-a0f8-932fca442023}\ not found. File C:\Program Files (x86)\BittorrentBar_FR\tbBit1.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ef79f67a-6ad7-4715-a0f8-932fca442023} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef79f67a-6ad7-4715-a0f8-932fca442023}\ not found. File C:\Program Files (x86)\BittorrentBar_FR\tbBit1.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF79F67A-6AD7-4715-A0F8-932FCA442023} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF79F67A-6AD7-4715-A0F8-932FCA442023}\ not found. File C:\Program Files (x86)\BittorrentBar_FR\tbBit1.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. 64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully. 64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully. File Protocol\Handler\grooveLocalGWS - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully. File Protocol\Handler\livecall - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully. File Protocol\Handler\ms-help - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully. File Protocol\Handler\ms-itss - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully. File Protocol\Handler\msnim - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully. File Protocol\Handler\wlmailhtml - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully. File Protocol\Handler\wlpg - No CLSID value found not found. C:\Windows\0 moved successfully. C:\Windows\99999 moved successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\alotToolbar not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\BittorrentBar_FR Toolbar not found. ========== FILES ========== < ipconfig /flushdns /c > Configuration IP de Windows Cache de r‚solution DNS vid‚. C:\Users\Cyril\Desktop\cmd.bat deleted successfully. C:\Users\Cyril\Desktop\cmd.txt deleted successfully. C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully. File\Folder C:\*.sqm not found. File\Folder C:\WINDOWS\System32\*.tmp not found. File\Folder C:\WINDOWS\*.tmp not found. C:\Program Files (x86)\BittorrentBar_FR folder moved successfully. C:\PROGRA~2\iMesh Applications\MediaBar folder moved successfully. C:\PROGRA~2\iMesh Applications folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Anso ->Temp folder emptied: 3718 bytes ->Temporary Internet Files folder emptied: 231081785 bytes ->Google Chrome cache emptied: 9866957 bytes ->Flash cache emptied: 4748 bytes User: Cyril ->Temp folder emptied: 6938483 bytes ->Temporary Internet Files folder emptied: 30670338 bytes ->Google Chrome cache emptied: 12970868 bytes ->Flash cache emptied: 4026 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 402 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2946101 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84227 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 281,00 mb [EMPTYFLASH] User: All Users User: Anso ->Flash cache emptied: 0 bytes User: Cyril ->Flash cache emptied: 0 bytes User: Default User: Default User User: Public User: UpdatusUser Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.28.0 log created on 09172011_175629 Files\Folders moved on Reboot... File move failed. C:\Users\Cyril\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot. File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot...
- le 17 septembre 2011
- 14 réponses
Blue screen à répétition

Cyril_31 a répondu à un(e) sujet de Cyril_31 dans Analyses et éradication malwares

Bonjour, Pourquoi les updates Windows ne se font pas ? Aucune idée : Windows update m'indique pourtant que Windows est à jour. Je n'ai pas réussi à faire cette manip avec OTL. la première fois, j'ai pris un écran bleu à peine OTL lancé, et depuis, quand je le lance Correction, le programme OTL passe Sans Réponse. J'ai bien vérifié, j'ai bien : au début et ] à la fin. Le dernier message dans la fenêtre OTL est: Processing O3:64bit: -HKCU\..\Toolbar\WebBrowser - No CLSID value found... Ma version OTL est 3.2.28.0 et mon antivrus et parefeux sont bien désactivés. J'ai réessayé plusieurs fois et terminant le process OTL avec le gestionnaire de tâche, et j'ai systématiquement le même résultat. A+ Cyril
- le 17 septembre 2011
- 14 réponses
Blue screen à répétition

Cyril_31 a répondu à un(e) sujet de Cyril_31 dans Analyses et éradication malwares

Bonjour, 2 nouveaux écrans bleus ce matin ! Voici les 2 liens demandés: OTL et Extra Lien CJoint.com AIrk3HZq9YJ Lien CJoint.com AIrk4TlqxNp Merci Cyril
- le 17 septembre 2011
- 14 réponses
Blue screen à répétition

Cyril_31 a répondu à un(e) sujet de Cyril_31 dans Analyses et éradication malwares

Bonjour, Voici le Rapport. A noter que je n'ai pas pu désinstaller BittorrentBar_FRToolbar. Message :" Le fichier INSTALL.LOG n'a pas pu être ouvert. ###Rapport COMBO FIX ComboFix 11-09-15.05 - Cyril 15/09/2011 19:27:58.2.2 - x64 Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.8191.7051 [GMT 2:00] Lancé depuis: c:\users\Cyril\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\Cyril\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\Cyril\Documents\Downloads\install_757.exe" "c:\users\Cyril\Downloads\registrybooster.exe" "c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\upgrade[1].cab" "c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\upgrade[1].cab" "c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\upgrade[1].cab" "c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\upgrade[1].cab" . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Cyril\Documents\Downloads\install_757.exe c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\upgrade[1].cab c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\upgrade[1].cab . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-08-15 au 2011-09-15 )))))))))))))))))))))))))))))))))))) . . 2011-09-15 17:34 . 2011-09-15 17:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-09-15 17:34 . 2011-09-15 17:34 -------- d-----w- c:\users\Anso\AppData\Local\temp 2011-09-12 17:59 . 2011-09-12 18:00 -------- d--h--w- c:\windows\AxInstSV 2011-09-12 17:44 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-09-11 05:20 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AABF967D-AA11-4C51-8B4E-A7510EA7C5E1}\mpengine.dll 2011-09-10 14:22 . 2011-09-11 05:10 -------- d-----w- c:\program files (x86)\ZHPDiag 2011-09-10 08:39 . 2011-09-10 08:39 -------- d-----w- c:\users\Cyril\AppData\Local\Sunbelt Software 2011-09-10 08:39 . 2011-09-11 00:02 -------- dc-h--w- c:\programdata\{589802B2-1BF3-4609-9ADE-CF6E6608D06D} 2011-09-10 08:38 . 2011-09-10 08:43 -------- d-----w- c:\programdata\Lavasoft 2011-09-10 08:38 . 2011-09-10 08:38 -------- d-----w- c:\program files (x86)\Lavasoft 2011-09-10 08:36 . 2011-09-10 08:36 -------- d-----w- c:\users\Cyril\AppData\Roaming\Malwarebytes 2011-09-10 08:35 . 2011-09-10 08:35 -------- d-----w- c:\programdata\Malwarebytes 2011-09-10 08:35 . 2011-09-14 17:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-09-09 21:26 . 2011-09-09 21:26 -------- d-----w- C:\NVIDIA 2011-09-09 21:05 . 2011-09-09 21:05 -------- d-----w- c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42} 2011-09-09 21:04 . 2011-09-09 21:04 -------- d-----w- c:\users\Cyril\AppData\Roaming\Intel Corporation 2011-09-09 20:57 . 2011-09-09 20:57 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation 2011-09-09 20:53 . 2011-09-09 20:53 -------- d-----w- c:\program files\Intel 2011-09-09 20:51 . 2011-09-09 20:51 -------- d-----w- c:\users\Cyril\AppData\Roaming\InstallShield 2011-09-09 20:00 . 2011-09-09 20:00 -------- d-----w- c:\users\Cyril\AppData\Local\PackageAware 2011-09-09 19:54 . 2011-09-09 19:54 -------- d-----w- c:\users\Cyril\AppData\Roaming\HD Tune Pro 2011-09-09 19:54 . 2011-09-11 05:10 -------- d-----w- c:\program files (x86)\HD Tune Pro 2011-09-04 12:28 . 2011-09-04 12:28 -------- d-----w- c:\users\Cyril\AppData\Roaming\Template 2011-09-04 08:02 . 2011-09-04 08:02 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-03 21:15 . 2011-09-03 21:15 -------- d-----w- c:\program files\CPUID 2011-09-03 21:15 . 2010-11-09 13:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys 2011-09-03 21:07 . 2011-09-14 19:02 -------- d-----w- c:\program files\WhoCrashed 2011-09-02 12:30 . 2011-09-11 05:10 -------- d-----w- c:\program files\ma-config.com 2011-09-02 12:30 . 2011-09-09 20:06 -------- d-----w- c:\programdata\ma-config.com 2011-09-01 16:49 . 2011-09-01 16:49 -------- d-----w- c:\programdata\NVIDIA Corporation 2011-09-01 07:11 . 2011-09-12 17:31 -------- d-----w- c:\users\UpdatusUser 2011-09-01 07:11 . 2011-09-11 05:08 -------- d-----w- c:\programdata\NVIDIA 2011-09-01 07:10 . 2011-05-21 04:01 6300776 ----a-w- c:\windows\system32\nvcpl.dll 2011-09-01 07:10 . 2011-05-21 04:01 61544 ----a-w- c:\windows\system32\nvshext.dll 2011-09-01 07:10 . 2011-05-21 04:01 3040872 ----a-w- c:\windows\system32\nvsvc64.dll 2011-09-01 07:10 . 2011-05-21 04:01 2560616 ----a-w- c:\windows\system32\nvsvcr.dll 2011-09-01 07:10 . 2011-05-21 04:01 117864 ----a-w- c:\windows\system32\nvmctray.dll 2011-09-01 07:10 . 2011-05-21 04:01 1016936 ----a-w- c:\windows\system32\nvvsvc.exe 2011-09-01 07:10 . 2011-05-21 04:01 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll 2011-08-26 09:20 . 2011-09-11 05:10 -------- d-----w- c:\program files\iTunes 2011-08-26 09:20 . 2011-09-11 05:10 -------- d-----w- c:\program files\iPod 2011-08-26 09:20 . 2011-09-11 05:10 -------- d-----w- c:\program files (x86)\iTunes 2011-08-26 09:19 . 2011-09-11 05:10 -------- d-----w- c:\program files\Bonjour 2011-08-26 09:19 . 2011-09-11 05:10 -------- d-----w- c:\program files (x86)\Bonjour 2011-08-26 09:17 . 2011-08-26 09:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2011-08-26 09:17 . 2011-08-26 09:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2011-08-26 09:17 . 2011-08-26 09:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2011-08-26 09:17 . 2011-08-26 09:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2011-08-26 09:17 . 2011-08-26 09:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2011-08-26 09:17 . 2011-08-26 09:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2011-08-26 09:17 . 2011-08-26 09:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2011-08-26 09:11 . 2011-09-11 05:10 -------- d-----w- c:\program files (x86)\Apple Software Update 2011-08-24 06:28 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll 2011-08-24 06:28 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-08-21 13:37 . 2011-09-13 03:23 -------- d-----w- c:\windows\fr . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-06 20:45 . 2010-07-05 17:11 41184 ----a-w- c:\windows\avastSS.scr 2011-09-06 20:45 . 2010-01-24 08:30 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe 2011-09-06 20:45 . 2011-01-21 20:12 254400 ----a-w- c:\windows\system32\aswBoot.exe 2011-09-06 20:38 . 2011-06-30 05:06 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-09-06 20:38 . 2010-01-24 08:31 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-09-06 20:36 . 2010-01-24 08:31 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-09-06 20:36 . 2010-01-24 08:31 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-09-06 20:36 . 2010-01-24 08:31 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-09-06 20:36 . 2010-01-24 08:31 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-07-22 05:42 . 2011-08-13 21:44 2303488 ----a-w- c:\windows\system32\jscript9.dll 2011-07-22 05:36 . 2011-08-13 21:44 1389056 ----a-w- c:\windows\system32\wininet.dll 2011-07-22 05:32 . 2011-08-13 21:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-22 02:54 . 2011-08-13 21:44 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-07-22 02:48 . 2011-08-13 21:44 1126912 ----a-w- c:\windows\SysWow64\wininet.dll 2011-07-22 02:44 . 2011-08-13 21:44 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-07-16 05:41 . 2011-08-13 21:30 362496 ----a-w- c:\windows\system32\wow64win.dll 2011-07-16 05:41 . 2011-08-13 21:30 243200 ----a-w- c:\windows\system32\wow64.dll 2011-07-16 05:41 . 2011-08-13 21:30 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2011-07-16 05:39 . 2011-08-13 21:30 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2011-07-16 05:37 . 2011-08-13 21:30 421888 ----a-w- c:\windows\system32\KernelBase.dll 2011-07-16 05:21 . 2011-08-13 21:30 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2011-07-16 04:29 . 2011-08-13 21:30 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2011-07-16 04:26 . 2011-08-13 21:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-07-16 04:25 . 2011-08-13 21:30 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2011-07-16 04:24 . 2011-08-13 21:30 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2011-07-16 04:24 . 2011-08-13 21:30 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll 2011-07-16 04:15 . 2011-08-13 21:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll 2011-07-16 02:21 . 2011-08-13 21:30 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2011-07-16 02:21 . 2011-08-13 21:30 2048 ----a-w- c:\windows\SysWow64\user.exe 2011-07-16 02:17 . 2011-08-13 21:30 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-07-16 02:17 . 2011-08-13 21:30 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 02:17 . 2011-08-13 21:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 02:17 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2011-07-12 09:34 . 2011-07-12 09:34 96104 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 09:34 . 2011-07-12 09:34 85864 ----a-w- c:\windows\system32\dnssd.dll 2011-07-12 09:20 . 2011-07-12 09:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe 2011-07-12 09:20 . 2011-07-12 09:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll 2011-07-09 02:46 . 2011-08-13 21:31 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-07-05 16:37 . 2011-07-05 16:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2011-07-05 16:37 . 2011-07-05 16:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2011-06-24 05:34 . 2011-08-13 21:30 214528 ----a-w- c:\windows\system32\winsrv.dll 2011-06-24 05:25 . 2011-08-13 21:30 338432 ----a-w- c:\windows\system32\conhost.exe 2011-06-23 05:43 . 2011-08-13 21:30 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-06-23 04:33 . 2011-08-13 21:30 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-06-23 04:33 . 2011-08-13 21:30 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2011-06-21 06:34 . 2011-08-13 21:30 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys 2006-05-03 09:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll 2007-02-21 10:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll 2008-03-16 12:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-09-14_19.30.07 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2011-09-14 19:29 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2011-09-15 17:36 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-09-14 19:29 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-09-15 17:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-09-15 17:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2011-09-14 19:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-08-27 19:02 . 2011-09-15 17:05 59200 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-09-15 17:05 32090 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-01-29 06:01 . 2011-09-15 06:35 13686 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1378754251-3107150725-2371396263-1003_UserData.bin - 2009-11-19 02:28 . 2011-09-13 06:38 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-11-19 02:28 . 2011-09-15 06:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-11-19 02:28 . 2011-09-15 06:34 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-11-19 02:28 . 2011-09-13 06:38 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-09-15 06:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2011-09-13 06:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-04-25 20:13 . 2011-09-14 19:41 1900 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2010-01-23 18:20 . 2011-09-15 17:05 7600 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1378754251-3107150725-2371396263-1000_UserData.bin - 2011-09-14 19:29 . 2011-09-14 19:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-09-15 17:35 . 2011-09-15 17:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-09-15 17:35 . 2011-09-15 17:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-09-14 19:29 . 2011-09-14 19:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-01-24 11:01 . 2011-09-15 17:20 326864 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin + 2009-07-14 05:01 . 2011-09-15 17:34 394772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2011-09-14 19:28 394772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2011-06-12 13:04 . 2011-09-14 06:53 14624248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1378754251-3107150725-2371396263-1003-4096.dat + 2011-06-12 13:04 . 2011-09-15 06:50 14624248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1378754251-3107150725-2371396263-1003-4096.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] 2009-10-15 08:53 165184 ----a-w- c:\program files (x86)\SFR\Kit\SFRNavErrorHelper.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ef79f67a-6ad7-4715-a0f8-932fca442023}] 2011-08-13 21:42 3911776 ----a-w- c:\program files (x86)\BittorrentBar_FR\tbBit1.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{ef79f67a-6ad7-4715-a0f8-932fca442023}"= "c:\program files (x86)\BittorrentBar_FR\tbBit1.dll" [2011-08-13 3911776] . [HKEY_CLASSES_ROOT\clsid\{ef79f67a-6ad7-4715-a0f8-932fca442023}] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-08-06 17:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888] "Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280] "EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464] "ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-07-31 128296] "PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-08-04 181480] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-07-04 3493720] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-18 421736] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-24 133104] R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-07-02 16640] R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-24 133104] R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\x64\maconfservice.exe [2011-07-09 421376] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Devices remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-06-04 55648] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x] S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-12 62208] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] . . Contenu du dossier 'Tâches planifiées' . 2011-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-24 08:31] . 2011-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-24 08:31] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-07-04 11:43 134384 ------w- c:\program files\Alwil Software\Avast5\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-08-06 17:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088] "EPSON Stylus DX4800 Series"="c:\windows\system32\spool\DRIVERS\x64\3\E_FATIADE.EXE" [2005-02-02 98304] . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.sfr.fr/kit/adsl/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&m=aspire_m3802&r=17360110qn06973d58rm5ug871l396 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHELINS SUPPRIMES - - - - . URLSearchHooks-{4daac69c-cba7-45e2-9bc8-1044483d3352} - (no file) BHO-{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - c:\progra~2\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll Toolbar-Locked - (no file) Toolbar-{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - c:\progra~2\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) WebBrowser-{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} - (no file) WebBrowser-{EF79F67A-6AD7-4715-A0F8-932FCA442023} - (no file) . . . ------------------------ Autres processus actifs ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe . ************************************************************************** . Heure de fin: 2011-09-15 19:45:28 - La machine a redémarré ComboFix-quarantined-files.txt 2011-09-15 17:45 ComboFix2.txt 2011-09-14 19:39 . Avant-CF: 331 722 874 880 octets libres Après-CF: 331 424 702 464 octets libres . - - End Of File - - 88798105DCF13F1594656D9F17AD0730
- le 15 septembre 2011
- 14 réponses
Blue screen à répétition

Cyril_31 a répondu à un(e) sujet de Cyril_31 dans Analyses et éradication malwares

Merci pour l'aide. Depuis mon mail précédent, la situation semble s'arranger. Je n'ai eu qu'un plantage, et sans génération d'écran bleu, ni restauration de Windows. Voici les rapports : ###MBAM Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Version de la base de données: 7716 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 14/09/2011 19:33:34 mbam-log-2011-09-14 (19-33-34).txt Type d'examen: Examen rapide Elément(s) analysé(s): 210393 Temps écoulé: 5 minute(s), 37 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) ##COMBOFIX ComboFix 11-09-14.02 - Cyril 14/09/2011 21:21:39.1.2 - x64 Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.8191.6650 [GMT 2:00] Lancé depuis: c:\users\Cyril\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-08-14 au 2011-09-14 )))))))))))))))))))))))))))))))))))) . . 2011-09-14 19:28 . 2011-09-14 19:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-09-14 19:28 . 2011-09-14 19:28 -------- d-----w- c:\users\Anso\AppData\Local\temp 2011-09-12 17:59 . 2011-09-12 18:00 -------- d--h--w- c:\windows\AxInstSV 2011-09-12 17:44 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-09-11 16:52 . 2011-09-11 16:52 -------- d-----w- c:\program files (x86)\ESET 2011-09-11 05:20 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AABF967D-AA11-4C51-8B4E-A7510EA7C5E1}\mpengine.dll 2011-09-10 14:22 . 2011-09-11 05:10 -------- d-----w- c:\program files (x86)\ZHPDiag 2011-09-10 08:39 . 2011-09-10 08:39 -------- d-----w- c:\users\Cyril\AppData\Local\Sunbelt Software 2011-09-10 08:39 . 2011-09-11 00:02 -------- dc-h--w- c:\programdata\{589802B2-1BF3-4609-9ADE-CF6E6608D06D} 2011-09-10 08:38 . 2011-09-10 08:43 -------- d-----w- c:\programdata\Lavasoft 2011-09-10 08:38 . 2011-09-10 08:38 -------- d-----w- c:\program files (x86)\Lavasoft 2011-09-10 08:36 . 2011-09-10 08:36 -------- d-----w- c:\users\Cyril\AppData\Roaming\Malwarebytes 2011-09-10 08:35 . 2011-09-10 08:35 -------- d-----w- c:\programdata\Malwarebytes 2011-09-10 08:35 . 2011-09-14 17:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-09-09 21:26 . 2011-09-09 21:26 -------- d-----w- C:\NVIDIA 2011-09-09 21:05 . 2011-09-09 21:05 -------- d-----w- c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42} 2011-09-09 21:04 . 2011-09-09 21:04 -------- d-----w- c:\users\Cyril\AppData\Roaming\Intel Corporation 2011-09-09 20:57 . 2011-09-09 20:57 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation 2011-09-09 20:53 . 2011-09-09 20:53 -------- d-----w- c:\program files\Intel 2011-09-09 20:51 . 2011-09-09 20:51 -------- d-----w- c:\users\Cyril\AppData\Roaming\InstallShield 2011-09-09 20:00 . 2011-09-09 20:00 -------- d-----w- c:\users\Cyril\AppData\Local\PackageAware 2011-09-09 19:54 . 2011-09-09 19:54 -------- d-----w- c:\users\Cyril\AppData\Roaming\HD Tune Pro 2011-09-09 19:54 . 2011-09-11 05:10 -------- d-----w- c:\program files (x86)\HD Tune Pro 2011-09-04 12:28 . 2011-09-04 12:28 -------- d-----w- c:\users\Cyril\AppData\Roaming\Template 2011-09-04 08:02 . 2011-09-04 08:02 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-03 21:15 . 2011-09-03 21:15 -------- d-----w- c:\program files\CPUID 2011-09-03 21:15 . 2010-11-09 13:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys 2011-09-03 21:07 . 2011-09-14 19:02 -------- d-----w- c:\program files\WhoCrashed 2011-09-02 12:30 . 2011-09-11 05:10 -------- d-----w- c:\program files\ma-config.com 2011-09-02 12:30 . 2011-09-09 20:06 -------- d-----w- c:\programdata\ma-config.com 2011-09-01 16:49 . 2011-09-01 16:49 -------- d-----w- c:\programdata\NVIDIA Corporation 2011-09-01 07:11 . 2011-09-12 17:31 -------- d-----w- c:\users\UpdatusUser 2011-09-01 07:11 . 2011-09-11 05:08 -------- d-----w- c:\programdata\NVIDIA 2011-09-01 07:10 . 2011-05-21 04:01 6300776 ----a-w- c:\windows\system32\nvcpl.dll 2011-09-01 07:10 . 2011-05-21 04:01 61544 ----a-w- c:\windows\system32\nvshext.dll 2011-09-01 07:10 . 2011-05-21 04:01 3040872 ----a-w- c:\windows\system32\nvsvc64.dll 2011-09-01 07:10 . 2011-05-21 04:01 2560616 ----a-w- c:\windows\system32\nvsvcr.dll 2011-09-01 07:10 . 2011-05-21 04:01 117864 ----a-w- c:\windows\system32\nvmctray.dll 2011-09-01 07:10 . 2011-05-21 04:01 1016936 ----a-w- c:\windows\system32\nvvsvc.exe 2011-09-01 07:10 . 2011-05-21 04:01 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll 2011-08-26 09:20 . 2011-09-11 05:10 -------- d-----w- c:\program files\iTunes 2011-08-26 09:20 . 2011-09-11 05:10 -------- d-----w- c:\program files\iPod 2011-08-26 09:20 . 2011-09-11 05:10 -------- d-----w- c:\program files (x86)\iTunes 2011-08-26 09:19 . 2011-09-11 05:10 -------- d-----w- c:\program files\Bonjour 2011-08-26 09:19 . 2011-09-11 05:10 -------- d-----w- c:\program files (x86)\Bonjour 2011-08-26 09:17 . 2011-08-26 09:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2011-08-26 09:17 . 2011-08-26 09:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2011-08-26 09:17 . 2011-08-26 09:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2011-08-26 09:17 . 2011-08-26 09:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2011-08-26 09:17 . 2011-08-26 09:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2011-08-26 09:17 . 2011-08-26 09:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2011-08-26 09:17 . 2011-08-26 09:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2011-08-26 09:11 . 2011-09-11 05:10 -------- d-----w- c:\program files (x86)\Apple Software Update 2011-08-24 06:28 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll 2011-08-24 06:28 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-08-21 13:37 . 2011-09-13 03:23 -------- d-----w- c:\windows\fr . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-06 20:45 . 2010-07-05 17:11 41184 ----a-w- c:\windows\avastSS.scr 2011-09-06 20:45 . 2010-01-24 08:30 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe 2011-09-06 20:45 . 2011-01-21 20:12 254400 ----a-w- c:\windows\system32\aswBoot.exe 2011-09-06 20:38 . 2011-06-30 05:06 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-09-06 20:38 . 2010-01-24 08:31 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-09-06 20:36 . 2010-01-24 08:31 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-09-06 20:36 . 2010-01-24 08:31 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-09-06 20:36 . 2010-01-24 08:31 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-09-06 20:36 . 2010-01-24 08:31 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-07-22 05:42 . 2011-08-13 21:44 2303488 ----a-w- c:\windows\system32\jscript9.dll 2011-07-22 05:36 . 2011-08-13 21:44 1389056 ----a-w- c:\windows\system32\wininet.dll 2011-07-22 05:32 . 2011-08-13 21:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-22 02:54 . 2011-08-13 21:44 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-07-22 02:48 . 2011-08-13 21:44 1126912 ----a-w- c:\windows\SysWow64\wininet.dll 2011-07-22 02:44 . 2011-08-13 21:44 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-07-16 05:41 . 2011-08-13 21:30 362496 ----a-w- c:\windows\system32\wow64win.dll 2011-07-16 05:41 . 2011-08-13 21:30 243200 ----a-w- c:\windows\system32\wow64.dll 2011-07-16 05:41 . 2011-08-13 21:30 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2011-07-16 05:39 . 2011-08-13 21:30 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2011-07-16 05:37 . 2011-08-13 21:30 421888 ----a-w- c:\windows\system32\KernelBase.dll 2011-07-16 05:21 . 2011-08-13 21:30 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2011-07-16 05:21 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2011-07-16 04:29 . 2011-08-13 21:30 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2011-07-16 04:26 . 2011-08-13 21:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-07-16 04:25 . 2011-08-13 21:30 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2011-07-16 04:24 . 2011-08-13 21:30 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2011-07-16 04:24 . 2011-08-13 21:30 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll 2011-07-16 04:15 . 2011-08-13 21:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll 2011-07-16 04:15 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll 2011-07-16 02:21 . 2011-08-13 21:30 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2011-07-16 02:21 . 2011-08-13 21:30 2048 ----a-w- c:\windows\SysWow64\user.exe 2011-07-16 02:17 . 2011-08-13 21:30 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-07-16 02:17 . 2011-08-13 21:30 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 02:17 . 2011-08-13 21:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 02:17 . 2011-08-13 21:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2011-07-12 09:34 . 2011-07-12 09:34 96104 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 09:34 . 2011-07-12 09:34 85864 ----a-w- c:\windows\system32\dnssd.dll 2011-07-12 09:20 . 2011-07-12 09:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe 2011-07-12 09:20 . 2011-07-12 09:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll 2011-07-09 02:46 . 2011-08-13 21:31 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-07-05 16:37 . 2011-07-05 16:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2011-07-05 16:37 . 2011-07-05 16:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2011-06-24 05:34 . 2011-08-13 21:30 214528 ----a-w- c:\windows\system32\winsrv.dll 2011-06-24 05:25 . 2011-08-13 21:30 338432 ----a-w- c:\windows\system32\conhost.exe 2011-06-23 05:43 . 2011-08-13 21:30 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-06-23 04:33 . 2011-08-13 21:30 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-06-23 04:33 . 2011-08-13 21:30 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2011-06-21 06:34 . 2011-08-13 21:30 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys 2006-05-03 09:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll 2007-02-21 10:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll 2008-03-16 12:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files (x86)\Softonic_France\prxtbSof0.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] 2009-10-15 08:53 165184 ----a-w- c:\program files (x86)\SFR\Kit\SFRNavErrorHelper.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-08-13 21:42 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngin0.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}] 2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Softonic_France\prxtbSof0.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}] 2009-11-20 17:34 87472 ----a-w- c:\progra~2\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ef79f67a-6ad7-4715-a0f8-932fca442023}] 2011-08-13 21:42 3911776 ----a-w- c:\program files (x86)\BittorrentBar_FR\tbBit1.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\progra~2\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll" [2009-11-20 87472] "{ef79f67a-6ad7-4715-a0f8-932fca442023}"= "c:\program files (x86)\BittorrentBar_FR\tbBit1.dll" [2011-08-13 3911776] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngin0.dll" [2011-08-13 3911776] "{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files (x86)\Softonic_France\prxtbSof0.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}] . [HKEY_CLASSES_ROOT\clsid\{ef79f67a-6ad7-4715-a0f8-932fca442023}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-08-06 17:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888] "Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280] "EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464] "ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-07-31 128296] "PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-08-04 181480] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-07-04 3493720] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-18 421736] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-24 133104] R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-07-02 16640] R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-24 133104] R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\x64\maconfservice.exe [2011-07-09 421376] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Devices remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-06-04 55648] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x] S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-12 62208] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] . . Contenu du dossier 'Tâches planifiées' . 2011-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-24 08:31] . 2011-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-24 08:31] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-07-04 11:43 134384 ------w- c:\program files\Alwil Software\Avast5\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-08-06 17:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088] "EPSON Stylus DX4800 Series"="c:\windows\system32\spool\DRIVERS\x64\3\E_FATIADE.EXE" [2005-02-02 98304] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.sfr.fr/kit/adsl/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&m=aspire_m3802&r=17360110qn06973d58rm5ug871l396 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHELINS SUPPRIMES - - - - . Toolbar-Locked - (no file) SafeBoot-mcmscsvc SafeBoot-MCODS Toolbar-Locked - (no file) WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) WebBrowser-{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} - (no file) WebBrowser-{EF79F67A-6AD7-4715-A0F8-932FCA442023} - (no file) . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Autres processus actifs ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe . ************************************************************************** . Heure de fin: 2011-09-14 21:39:29 - La machine a redémarré ComboFix-quarantined-files.txt 2011-09-14 19:39 . Avant-CF: 331 466 526 720 octets libres Après-CF: 331 422 511 104 octets libres . - - End Of File - - 6DC344BD3E64293666A81F67C9EAEA77
- le 14 septembre 2011
- 14 réponses
Blue screen à répétition

Cyril_31 a posté un sujet dans Analyses et éradication malwares

Bonjour, Depuis plusieurs jours, à chaque démarrage de mon PC (Windows 7), j'ai un plantage après quelques minutes d'utilisation normale de l'ordi. J'ai alors généralement un écran bleu avec un message d'erreur qui varie à chaque fois. J'ai souvent un nouvel écran bleu au redémarrage, même en mode sans échec. Je redémarrage jusqu'à ce que Windows fasse une restauration après plusieurs plantage. Le PC se met à la fin à fonctionner correctement, jusqu'au lendemain où le problème revient au premier démarrage.... Un spécialiste peut-il m'aider ? Merci d'avance pour votre aide ! J'ai suivi les étapes demandées : ## 1 - StartUpLite : j'ai supprimé une application QuickTime Task. ça ne semble ps fonctionner car si je redémarre l'ordi et relance StartUpLite, j'ai exactement la même application qui apparait ! ## 2 - MBAM : voici le log Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Version de la base de données: 7702 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 12/09/2011 19:51:09 mbam-log-2011-09-12 (19-51-09).txt Type d'examen: Examen rapide Elément(s) analysé(s): 210189 Temps écoulé: 3 minute(s), 33 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 15 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 5 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2 (Adware.Hotbar) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790571B2765E5A37AF93 (Malware.Trace) -> Value: SRS_IT_E8790571B2765E5A37AF93 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790777B47658503EAE95 (Malware.Trace) -> Value: SRS_IT_E8790777B47658503EAE95 -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): c:\program files (x86)\shoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully. Fichier(s) infecté(s): c:\Users\Cyril\documents\downloads\ccleaner.exe (Trojan.SMSScam) -> Quarantined and deleted successfully. c:\$Recycle.Bin\s-1-5-21-1378754251-3107150725-2371396263-1000\$R2GLRNJ.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Users\Cyril\downloads\plugin_vlc.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Users\Cyril\downloads\VLCSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully. c:\program files (x86)\shoppingreport2\Uninst.exe (Adware.ShoppingReport2) -> Quarantined and deleted successfully. ## 3 : ESET Online Scanner : voici le scan C:\Users\Cyril\Documents\Downloads\install_757.exe une variante probable de Win32/Agent.COUVVMQ cheval de troie C:\Users\Cyril\Downloads\registrybooster.exe une variante de Win32/RegistryBooster application C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\upgrade[1].cab menaces multiples C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\upgrade[1].cab une variante de Win32/Adware.OneStep.X application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\upgrade[1].cab menaces multiples C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\upgrade[1].cab une variante de Win32/Adware.OneStep.X application ## 4 : Security Check: voici le rapport Results of screen317's Security Check version 0.99.18 Windows 7 (UAC is enabled) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: avast! Free Antivirus ESET Online Scanner v3 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Flash Player Out of Date! Adobe Flash Player 10.0.45.2 ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe MiKTeX 2.9 miktex bin AvastSvc.exe -?- Alwil Software Avast5 AvastUI.exe ``````````End of Log````````````
- le 12 septembre 2011
- 14 réponses

Connexion

Cyril_31

Compteur de contenus

Inscription

Dernière visite

Autres informations

Cyril_31's Achievements

Junior Member (3/12)

Réputation sur la communauté

Plantages à répétition

Plantages à répétition

Blue screen à répétition

Blue screen à répétition

Blue screen à répétition

Blue screen à répétition

Blue screen à répétition

Blue screen à répétition

Blue screen à répétition

Blue screen à répétition

Zebulon

Outils en ligne

Naviguer