Aller au contenu

rafw

Membres
  • Compteur de contenus

    39
  • Inscription

  • Dernière visite

Réputation sur la communauté

0 Neutral

À propos de rafw

  • Rang
    Member
  1. rafw

    Bluescreen et divers plantages

    Quand le plugin plante, je l'arrete et je rafraichi la page, à ce moment la ça refonctionne. J'ai aussi des logiciels qui freeze et que je dois fermer (interface devenue opaque et "ce programme ne repond pas") Globalement ça va beaucoup mieux mais j'ai toujours ces petits bugs... Une idée ? En tout cas merci encore pour votre aide.
  2. rafw

    Bluescreen et divers plantages

    Bonjour, J'ai remplacé la barette défectueuse, depuis le PC a regagné sa stabilité. Les problèmes ont disparus sauf une petite erreur qui arrive de temps en temps, firefox se ferme et j'ai le message d'erreur suivant : "Shockwave Flash est peut-être occupé ou ne répond plus. Vous pouvez arreter le plugin maintenant ou continuer pour voir s'il terminera son action" Je suis obligé d'areter le plugin et de rafraichir mes pages web... D'ou ce probleme peut-il provenir ? Merci pour votre aide, Raphael
  3. rafw

    Bluescreen et divers plantages

    Merci de votre réponse, Voici le rapport : Crash Dump Analysis Crash dump directory: C:\Windows\Minidump Crash dumps are enabled on your computer. On Fri 25/07/2014 09:04:32 GMT your computer crashed crash dump file: C:\Windows\Minidump\072514-62790-01.dmp This was probably caused by the following module: ntoskrnl.exe (nt+0x75BC0) Bugcheck code: 0x4E (0x2, 0x12FA47, 0x41F7FF, 0x800) Error: PFN_LIST_CORRUPT file path: C:\Windows\system32\ntoskrnl.exe product: Microsoft® Windows® Operating System company: Microsoft Corporation description: NT Kernel & System Bug check description: This indicates that the page frame number (PFN) list is corrupted. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules. The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time. On Fri 18/07/2014 17:25:06 GMT your computer crashed crash dump file: C:\Windows\Minidump\071814-20638-01.dmp This was probably caused by the following module: ntoskrnl.exe (nt+0x75BC0) Bugcheck code: 0x1A (0x8885, 0xFFFFFA80038EEE70, 0xFFFFFA80038EED50, 0x302) Error: MEMORY_MANAGEMENT file path: C:\Windows\system32\ntoskrnl.exe product: Microsoft® Windows® Operating System company: Microsoft Corporation description: NT Kernel & System Bug check description: This indicates that a severe memory management error occurred. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules. The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time. On Fri 27/06/2014 16:13:28 GMT your computer crashed crash dump file: C:\Windows\Minidump\062714-22916-01.dmp This was probably caused by the following module: ntoskrnl.exe (nt+0x75BC0) Bugcheck code: 0x1A (0x8885, 0xFFFFFA80038EED80, 0xFFFFFA80038EED50, 0x302) Error: MEMORY_MANAGEMENT file path: C:\Windows\system32\ntoskrnl.exe product: Microsoft® Windows® Operating System company: Microsoft Corporation description: NT Kernel & System Bug check description: This indicates that a severe memory management error occurred. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules. The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time. Conclusion 3 crash dumps have been found and analyzed. No offending third party drivers have been found. Connsider using WhoCrashed Professional which offers more detailed analysis using symbol resolution. Also configuring your system to produce a full memory dump may help you. Read the topic general suggestions for troubleshooting system crashes for more information. Note that it's not always possible to state with certainty whether a reported driver is responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.
  4. pas de plantage jusqu'a maintenant, le démarrage est un peu plus fluide, c'est pas mal ! Avira me demande toujours l'autorisation admin au démarrage, c'est normal ? En tout cas merci pour le (bon) boulot !
  5. Voila mon rapport ZHPfix, merci pour ces reponses rapides. Rapport de ZHPFix 2013.9.15.7 par Nicolas Coolman, Update du 15/09/2013 Fichier d'export Registre : Run by Raphael at 17/09/2013 13:30:16 High Elevated Privileges : OK Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601) Corbeille vidée ========== Processus mémoire ========== SUPPRIMÉ: Memory Process: C:\Users\Raphael\AppData\Local\Temp\AskPIP_FF_.exe ========== Modules mémoire ========== SUPPRIMÉ: Memory Module: C:\Users\Raphael\AppData\Local\Temp\AskSLib.dll ========== Clés du Registre ========== SUPPRIMÉ: HKLM\Software\Classes\Installer\Features\AF2CF8FE20EBB4443855807CA5D6E7A3 SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AF2CF8FE20EBB4443855807CA5D6E7A3 SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8 SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA SUPPRIMÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC SUPPRIMÉ: SearchScopes :{BD1922B1-8634-4f53-8AB4-2B688BE13E22} ========== Valeurs du Registre ========== SUPPRIMÉ RunValue: AdobeBridge ABSENT Valeur Standard Profile: FirewallRaz : ABSENT Valeur Domain Profile: FirewallRaz : Aucune valeur présente dans la clé d'exception du registre (FirewallRaz) ========== Eléments de donnée du Registre ========== SUPPRIMÉ: R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant SUPPRIMÉ: R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch ========== Dossiers ========== SUPPRIMÉ: C:\ProgramData\EED730676EF6BCC90000EED64197C35F SUPPRIME Flash Cookies SUPPRIME Temporaires Windows ========== Fichiers ========== SUPPRIMÉ: C:\Windows\Installer\8162c7.msi SUPPRIMÉ:* c:\windows\installer\8162c7.msi SUPPRIMÉ: c:\users\raphael\appdata\local\temp\askpip_ff_.exe SUPPRIMÉ:* c:\users\raphael\appdata\local\temp\askslib.dll SUPPRIME Flash Cookies SUPPRIME Temporaires Windows ========== Restauration Système ========== Point de restauration du système créé avec succès ========== Récapitulatif ========== 1 : Processus mémoire 1 : Modules mémoire 7 : Clés du Registre 4 : Valeurs du Registre 2 : Eléments de donnée du Registre 3 : Dossiers 6 : Fichiers 1 : Restauration Système End of clean in 03mn 45s ========== Chemin de fichier rapport ========== C:\ZHP\ZHPFix[R1].txt - 17/09/2013 13:31:19 [2643]
  6. J'ai oublié de préciser que le démarage du PC est aussi plus long qu'avant... Voila mes rapports : adwcleaner : http://cjoint.com/?CIrjwdpfHhC JRT : http://cjoint.com/?CIrjxAwmlNZ ZHPdiag : http://cjoint.com/?CIrjMh878Nl Merci !
  7. Bonjour, Firefox est ralentit depuis quelques temps, l'ouverture des pages est parfois lente... je remarque que le plugin flash plante assez souvent... Avira me demande l'autorisation d'administrateur a chaque démarrage de windows, est-ce normal ? Voila mon rapport hijackthis, merci pour votre aide ! : Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:33:33, on 16/09/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16686) FIREFOX: 24.0 (fr) Boot mode: Normal Running processes: C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe C:\Program Files (x86)\SFR\Mediacenter Evolution\MediaCenter.exe C:\Users\Raphael\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe C:\Program Files (x86)\Common Files\Adobe\dynamiclink\CS6\dynamiclinkmanager.exe C:\Program Files\Adobe\Adobe After Effects CS6\Support Files\32\Adobe QT32 Server.exe C:\Users\Raphael\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://kogoa.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kogoa.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - H:\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (file missing) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - H:\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (file missing) O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - HKCU\..\Run: [sFR Mediacenter] "C:\Program Files (x86)\SFR\Mediacenter Evolution\MediaCenter.exe" /tray O4 - Startup: Dropbox.lnk = Raphael\AppData\Roaming\Dropbox\bin\Dropbox.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira Planificateur (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Protection temps réel (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Service de liPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 64-bit 64-bit (mi-raysat_3dsMax2009_64) - Unknown owner - H:\Autodesk 3Dsmax\mentalray\satellite\raysat_3dsMax2009_64server.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: SharedAccess - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe -- End of file - 26956 bytes
  8. # DelFix v6.2 - Rapport créé le 17/12/2012 à 19:20:09 # Mis à jour le 11/11/2012 par Xplode # Système d'exploitation : Windows 7 Ultimate Service Pack 1 (64 bits) # Nom d'utilisateur : Raphael - RAPHAEL-PC # Exécuté depuis : C:\Users\Raphael\Downloads\delfix.exe # Option [suppression] ~~~~~~ Dossier(s) ~~~~~~ Supprimé : C:\Qoobox Supprimé : C:\ZHP Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP Supprimé : C:\Users\Raphael\Desktop\RK_Quarantine Supprimé : C:\Program Files (x86)\Ad-Remover Supprimé : C:\Program Files (x86)\ZHPDiag Supprimé : C:\Program Files (x86)\Trend Micro\Hijackthis ~~~~~~ Fichier(s) ~~~~~~ Supprimé : C:\Ad-Report-CLEAN[1].txt Supprimé : C:\AdwCleaner[R1].txt Supprimé : C:\AdwCleaner[s1].txt Supprimé : C:\ComboFix.txt Supprimé : C:\PhysicalDisk0_MBR.bin Supprimé : C:\Users\Raphael\Desktop\AD-R.lnk Supprimé : C:\Users\Raphael\Desktop\ComboFix.exe Supprimé : C:\Users\Raphael\Desktop\combofix.txt Supprimé : C:\Users\Raphael\Desktop\HiJackThis.lnk Supprimé : C:\Users\Raphael\Desktop\RKreport[1]_S_12122012_175554.txt Supprimé : C:\Users\Raphael\Desktop\RKreport[2]_S_12122012_180235.txt Supprimé : C:\Users\Raphael\Desktop\RKreport[3]_D_12122012_180512.txt Supprimé : C:\Users\Raphael\Desktop\RKreport[4]_H_12122012_180928.txt Supprimé : C:\Users\Raphael\Desktop\RKreport[5]_PR_12122012_181046.txt Supprimé : C:\Users\Raphael\Desktop\RKreport[6]_DN_12122012_181119.txt Supprimé : C:\Users\Raphael\Desktop\RKreport[7]_SC_12122012_181213.txt Supprimé : C:\Users\Raphael\Desktop\RKreport[8]_S_12122012_181728.txt Supprimé : C:\Users\Raphael\Desktop\roguekiller.txt Supprimé : C:\Users\Raphael\Desktop\TFC.exe Supprimé : C:\Users\Raphael\Desktop\ZHPDiag.txt Supprimé : C:\Users\Raphael\Desktop\ZHPDiag2.exe Supprimé : C:\Users\Public\Desktop\MBRCheck.lnk Supprimé : C:\Users\Public\Desktop\ZHPDiag.lnk Supprimé : C:\Users\Public\Desktop\ZHPFix.lnk Supprimé : C:\Users\Raphael\Downloads\adwcleaner.exe Supprimé : C:\Users\Raphael\Downloads\HiJackThis.exe Supprimé : C:\Users\Raphael\Downloads\hijackthis.log Supprimé : C:\Users\Raphael\Downloads\hijackthis_hijackthis_2.0.4_anglais_17891.msi Supprimé : C:\Users\Raphael\Downloads\RogueKillerX64.exe Supprimé : C:\Windows\grep.exe Supprimé : C:\Windows\PEV.exe Supprimé : C:\Windows\NIRCMD.exe Supprimé : C:\Windows\MBR.exe Supprimé : C:\Windows\SED.exe Supprimé : C:\Windows\SWREG.exe Supprimé : C:\Windows\SWSC.exe Supprimé : C:\Windows\SWXCACLS.exe Supprimé : C:\Windows\Zip.exe ~~~~~~ Registre ~~~~~~ Clé Supprimée : HKCU\Software\Ad-Remover Clé Supprimée : HKLM\SOFTWARE\OldTimer Tools Clé Supprimée : HKLM\SOFTWARE\AdwCleaner Clé Supprimée : HKLM\SOFTWARE\Swearware Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Remover Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1 Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe ~~~~~~ Autres ~~~~~~ -> Prefetch Vidé ************************* DelFix[R1].txt - [3120 octets] - [17/12/2012 19:20:03] DelFix[s1].txt - [3127 octets] - [17/12/2012 19:20:09] ########## EOF - C:\DelFix[s1].txt - [3251 octets] ##########
  9. ComboFix 12-12-13.02 - Raphael 13/12/2012 21:11:07.1.8 - x64 MINIMAL Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.16361.14703 [GMT 1:00] Lancé depuis: c:\users\Raphael\Desktop\ComboFix.exe FW: ZoneAlarm Free Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé . . ((((((((((((((((((((((((((((( Fichiers créés du 2012-11-13 au 2012-12-13 )))))))))))))))))))))))))))))))))))) . . 2012-12-12 23:01 . 2012-11-14 07:06 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-12-12 23:01 . 2012-11-14 06:32 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-12-12 13:49 . 2012-12-12 13:49 388096 ----a-r- c:\users\Raphael\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-12-12 13:49 . 2012-12-12 13:49 -------- d-----w- c:\program files (x86)\Trend Micro 2012-12-04 12:39 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2705D0D3-BFBD-48BA-BAD4-E613663E2922}\mpengine.dll 2012-11-27 12:14 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-27 12:14 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-12 23:03 . 2011-11-02 11:19 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-12 10:40 . 2012-03-30 17:14 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-12 10:40 . 2011-11-04 16:00 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-14 14:22 . 2012-10-11 15:55 695578 ----a-w- c:\windows\unins000.exe 2012-10-10 20:23 . 2012-10-10 20:23 247144 ----a-w- c:\windows\system32\nvinitx.dll 2012-10-10 20:23 . 2012-10-10 20:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2012-10-10 20:23 . 2012-10-10 20:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll 2012-10-10 20:23 . 2012-10-10 20:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll 2012-10-10 20:23 . 2012-10-10 20:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll 2012-10-10 20:23 . 2012-10-10 20:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2012-10-10 20:23 . 2012-10-10 20:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll 2012-10-10 20:23 . 2012-10-10 20:23 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2012-10-10 20:23 . 2012-10-10 20:23 202600 ----a-w- c:\windows\SysWow64\nvinit.dll 2012-10-10 20:23 . 2012-10-10 20:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll 2012-10-10 20:23 . 2012-10-10 20:23 2731880 ----a-w- c:\windows\system32\nvapi64.dll 2012-10-10 20:23 . 2012-10-10 20:23 973672 ----a-w- c:\windows\system32\nvumdshimx.dll 2012-10-10 20:23 . 2012-10-10 20:23 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-10-10 20:23 . 2012-10-10 20:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll 2012-10-10 20:23 . 2012-10-10 20:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll 2012-10-10 20:23 . 2012-10-10 20:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-10-10 20:23 . 2012-10-10 20:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2012-10-10 20:22 . 2012-10-10 20:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-10-10 20:22 . 2012-10-10 20:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll 2012-10-10 20:22 . 2011-10-19 09:37 1760104 ----a-w- c:\windows\system32\nvdispco64.dll 2012-10-10 20:22 . 2012-10-10 20:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-10-10 20:22 . 2012-10-10 20:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll 2012-10-10 20:22 . 2012-10-10 20:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2012-10-10 20:22 . 2012-10-10 20:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-10-10 20:22 . 2012-10-10 20:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2012-10-04 16:40 . 2012-12-12 13:00 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-10-02 19:51 . 2012-02-22 11:21 3536817 ----a-w- c:\windows\system32\nvcoproc.bin 2012-10-02 19:51 . 2011-10-19 08:30 3293544 ----a-w- c:\windows\system32\nvsvc64.dll 2012-10-02 19:51 . 2011-10-19 08:30 6200680 ----a-w- c:\windows\system32\nvcpl.dll 2012-10-02 19:50 . 2011-10-19 08:30 891240 ----a-w- c:\windows\system32\nvvsvc.exe 2012-10-02 19:50 . 2011-10-19 08:30 63336 ----a-w- c:\windows\system32\nvshext.dll 2012-10-02 19:50 . 2011-10-19 08:30 2557800 ----a-w- c:\windows\system32\nvsvcr.dll 2012-10-02 19:50 . 2011-10-19 08:30 118120 ----a-w- c:\windows\system32\nvmctray.dll 2012-10-02 12:15 . 2012-10-02 12:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-09-29 18:54 . 2011-10-19 08:53 25928 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SuperCopier2.exe"="c:\program files (x86)\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392] "NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-08-03 1086376] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000] "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-01-04 296056] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv . R2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896] R2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336] R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-03 33672] R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-11-03 827520] R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-09 65536] R2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 64-bit 64-bit;h:\autodesk 3dsmax\mentalray\satellite\raysat_3dsMax2009_64server.exe [2008-03-09 65536] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248] R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-21 1255736] S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-27 297000] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736] . . Contenu du dossier 'Tâches planifiées' . 2012-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 10:40] . . --------- X64 Entries ----------- . . ------- Examen supplémentaire ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Raphael\AppData\Roaming\Mozilla\Firefox\Profiles\9v7wpc8l.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - ExtSQL: 2012-10-15 14:43; firefogg@firefogg.org; c:\users\Raphael\AppData\Roaming\Mozilla\Firefox\Profiles\9v7wpc8l.default\extensions\firefogg@firefogg.org . - - - - ORPHELINS SUPPRIMES - - - - . Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe HKLM-Run-ISW - (no file) AddRemove-Amazon MP3 Downloader - c:\program files (x86)\Amazon\MP3 Downloader\Uninstall.exe AddRemove-RealPlayer 15.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Heure de fin: 2012-12-13 21:17:08 ComboFix-quarantined-files.txt 2012-12-13 20:17 . Avant-CF: 327 652 298 752 octets libres Après-CF: 328 297 476 096 octets libres . - - End Of File - - 90C993E359E9FB4085629797D03A974C
  10. Le rapport roguekiller : RogueKiller V8.4.0 _x64_ [Dec 12 2012] par Tigzy mail : tigzyRK<at>gmail<dot>com Remontees : RogueKiller - Geeks to Go Forums Site Web : RogueKiller Blog : tigzy-RK Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Demarrage : Mode normal Utilisateur : Raphael [Droits d'admin] Mode : Recherche -- Date : 12/12/2012 18:02:35 ¤¤¤ Processus malicieux : 1 ¤¤¤ [sVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe -> TUÉ [TermProc] ¤¤¤ Entrees de registre : 3 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-2645121737-3791933040-3167358574-1000\$b12b9849c5bbc2b870ff75a120bebf29\n.) -> TROUVÉ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ [ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-18\$b12b9849c5bbc2b870ff75a120bebf29\n --> TROUVÉ [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$b12b9849c5bbc2b870ff75a120bebf29\@ --> TROUVÉ [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-2645121737-3791933040-3167358574-1000\$b12b9849c5bbc2b870ff75a120bebf29\@ --> TROUVÉ [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$b12b9849c5bbc2b870ff75a120bebf29\U --> TROUVÉ [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-2645121737-3791933040-3167358574-1000\$b12b9849c5bbc2b870ff75a120bebf29\U --> TROUVÉ [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$b12b9849c5bbc2b870ff75a120bebf29\L --> TROUVÉ [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-2645121737-3791933040-3167358574-1000\$b12b9849c5bbc2b870ff75a120bebf29\L --> TROUVÉ ¤¤¤ Driver : [NON CHARGE] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: OCZ-VERTEX2 +++++ --- User --- [MBR] 228ceee546c42f0c39b83b1b12a0fdb5 [bSP] 8dc0230057709327fbc1478ab132b7ad : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 57138 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD5000AAKX-083CA1 +++++ --- User --- [MBR] e8a426c3766043ee58d1ff88194d22e0 [bSP] 310836012d6d0a23d1e288cb4ea0b279 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: WDC WD10EALX-009BA0 +++++ --- User --- [MBR] dea7815170df6baeb90b411c7c89bc57 [bSP] 218098b06c5f8bb6370eeb4a7c6d8aab : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive3: WDC WD10EALX-009BA0 +++++ --- User --- [MBR] 642f0a3a4cecd6a7b719c1bfb1db9088 [bSP] 4e4a350f32884baa597090a60029a122 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[2]_S_12122012_180235.txt >> RKreport[1]_S_12122012_175554.txt ; RKreport[2]_S_12122012_180235.txt Rapport après suppression : RogueKiller V8.4.0 _x64_ [Dec 12 2012] par Tigzy mail : tigzyRK<at>gmail<dot>com Remontees : RogueKiller - Geeks to Go Forums Site Web : RogueKiller Blog : tigzy-RK Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Demarrage : Mode normal Utilisateur : Raphael [Droits d'admin] Mode : Suppression -- Date : 12/12/2012 18:05:12 ¤¤¤ Processus malicieux : 1 ¤¤¤ [sVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe -> TUÉ [TermProc] ¤¤¤ Entrees de registre : 3 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0) [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-2645121737-3791933040-3167358574-1000\$b12b9849c5bbc2b870ff75a120bebf29\n.) -> REMPLACÉ (C:\Windows\system32\shell32.dll) ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ [ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-18\$b12b9849c5bbc2b870ff75a120bebf29\n --> SUPPRIMÉ AU REBOOT [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$b12b9849c5bbc2b870ff75a120bebf29\@ --> SUPPRIMÉ AU REBOOT [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-2645121737-3791933040-3167358574-1000\$b12b9849c5bbc2b870ff75a120bebf29\@ --> SUPPRIMÉ [Del.Parent][FILE] 00000001.@ : C:\$recycle.bin\S-1-5-18\$b12b9849c5bbc2b870ff75a120bebf29\U\00000001.@ --> SUPPRIMÉ [Del.Parent][FILE] 80000000.@ : C:\$recycle.bin\S-1-5-18\$b12b9849c5bbc2b870ff75a120bebf29\U\80000000.@ --> SUPPRIMÉ [Del.Parent][FILE] 800000cb.@ : C:\$recycle.bin\S-1-5-18\$b12b9849c5bbc2b870ff75a120bebf29\U\800000cb.@ --> SUPPRIMÉ [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$b12b9849c5bbc2b870ff75a120bebf29\U --> SUPPRIMÉ [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-2645121737-3791933040-3167358574-1000\$b12b9849c5bbc2b870ff75a120bebf29\U --> SUPPRIMÉ [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$b12b9849c5bbc2b870ff75a120bebf29\L --> SUPPRIMÉ [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-2645121737-3791933040-3167358574-1000\$b12b9849c5bbc2b870ff75a120bebf29\L --> SUPPRIMÉ ¤¤¤ Driver : [NON CHARGE] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: OCZ-VERTEX2 +++++ --- User --- [MBR] 228ceee546c42f0c39b83b1b12a0fdb5 [bSP] 8dc0230057709327fbc1478ab132b7ad : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 57138 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD5000AAKX-083CA1 +++++ --- User --- [MBR] e8a426c3766043ee58d1ff88194d22e0 [bSP] 310836012d6d0a23d1e288cb4ea0b279 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: WDC WD10EALX-009BA0 +++++ --- User --- [MBR] dea7815170df6baeb90b411c7c89bc57 [bSP] 218098b06c5f8bb6370eeb4a7c6d8aab : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive3: WDC WD10EALX-009BA0 +++++ --- User --- [MBR] 642f0a3a4cecd6a7b719c1bfb1db9088 [bSP] 4e4a350f32884baa597090a60029a122 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[3]_D_12122012_180512.txt >> RKreport[1]_S_12122012_175554.txt ; RKreport[2]_S_12122012_180235.txt ; RKreport[3]_D_12122012_180512.txt Rapport host raz : RogueKiller V8.4.0 _x64_ [Dec 12 2012] par Tigzy mail : tigzyRK<at>gmail<dot>com Remontees : RogueKiller - Geeks to Go Forums Site Web : RogueKiller Blog : tigzy-RK Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Demarrage : Mode normal Utilisateur : Raphael [Droits d'admin] Mode : HOSTS RAZ -- Date : 12/12/2012 18:09:28 ¤¤¤ Processus malicieux : 1 ¤¤¤ [sVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe -> TUÉ [TermProc] ¤¤¤ Entrees de registre : 0 ¤¤¤ ¤¤¤ Driver : [NON CHARGE] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ Nouveau fichier HOSTS: ¤¤¤ Termine : << RKreport[4]_H_12122012_180928.txt >> RKreport[1]_S_12122012_175554.txt ; RKreport[2]_S_12122012_180235.txt ; RKreport[3]_D_12122012_180512.txt ; RKreport[4]_H_12122012_180928.txt Rapport proxy raz : RogueKiller V8.4.0 _x64_ [Dec 12 2012] par Tigzy mail : tigzyRK<at>gmail<dot>com Remontees : RogueKiller - Geeks to Go Forums Site Web : RogueKiller Blog : tigzy-RK Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Demarrage : Mode normal Utilisateur : Raphael [Droits d'admin] Mode : Proxy RAZ -- Date : 12/12/2012 18:10:46 ¤¤¤ Processus malicieux : 1 ¤¤¤ [sVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe -> TUÉ [TermProc] ¤¤¤ Entrees de registre : 0 ¤¤¤ ¤¤¤ Driver : [NON CHARGE] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ Termine : << RKreport[5]_PR_12122012_181046.txt >> RKreport[1]_S_12122012_175554.txt ; RKreport[2]_S_12122012_180235.txt ; RKreport[3]_D_12122012_180512.txt ; RKreport[4]_H_12122012_180928.txt ; RKreport[5]_PR_12122012_181046.txt Rapport DNS RAZ : RogueKiller V8.4.0 _x64_ [Dec 12 2012] par Tigzy mail : tigzyRK<at>gmail<dot>com Remontees : RogueKiller - Geeks to Go Forums Site Web : RogueKiller Blog : tigzy-RK Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Demarrage : Mode normal Utilisateur : Raphael [Droits d'admin] Mode : DNS RAZ -- Date : 12/12/2012 18:11:19 ¤¤¤ Processus malicieux : 1 ¤¤¤ [sVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe -> TUÉ [TermProc] ¤¤¤ Entrees de registre : 0 ¤¤¤ ¤¤¤ Driver : [NON CHARGE] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ Termine : << RKreport[6]_DN_12122012_181119.txt >> RKreport[1]_S_12122012_175554.txt ; RKreport[2]_S_12122012_180235.txt ; RKreport[3]_D_12122012_180512.txt ; RKreport[4]_H_12122012_180928.txt ; RKreport[5]_PR_12122012_181046.txt ; RKreport[6]_DN_12122012_181119.txt rapport racc. RAZ : RogueKiller V8.4.0 _x64_ [Dec 12 2012] par Tigzy mail : tigzyRK<at>gmail<dot>com Remontees : RogueKiller - Geeks to Go Forums Site Web : RogueKiller Blog : tigzy-RK Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Demarrage : Mode normal Utilisateur : Raphael [Droits d'admin] Mode : Raccourcis RAZ -- Date : 12/12/2012 18:12:13 ¤¤¤ Processus malicieux : 1 ¤¤¤ [sVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe -> TUÉ [TermProc] ¤¤¤ Driver : [NON CHARGE] ¤¤¤ ¤¤¤ Attributs de fichiers restaures: ¤¤¤ Bureau: Success 1 / Fail 0 Lancement rapide: Success 1 / Fail 0 Programmes: Success 20 / Fail 0 Menu demarrer: Success 1 / Fail 0 Dossier utilisateur: Success 778 / Fail 0 Mes documents: Success 1 / Fail 1 Mes favoris: Success 0 / Fail 0 Mes images: Success 0 / Fail 0 Ma musique: Success 60 / Fail 0 Mes videos: Success 4 / Fail 0 Disques locaux: Success 603 / Fail 0 Sauvegarde: [NOT FOUND] Lecteurs: [C:] \Device\HarddiskVolume3 -- 0x3 --> Restored [D:] \Device\CdRom0 -- 0x5 --> Skipped [F:] \Device\HarddiskVolume4 -- 0x3 --> Restored [G:] \Device\HarddiskVolume5 -- 0x3 --> Restored [H:] \Device\HarddiskVolume2 -- 0x3 --> Restored [i:] \Device\HarddiskVolume7 -- 0x2 --> Restored ¤¤¤ Infection : ZeroAccess ¤¤¤ Termine : << RKreport[7]_SC_12122012_181213.txt >> RKreport[1]_S_12122012_175554.txt ; RKreport[2]_S_12122012_180235.txt ; RKreport[3]_D_12122012_180512.txt ; RKreport[4]_H_12122012_180928.txt ; RKreport[5]_PR_12122012_181046.txt ; RKreport[6]_DN_12122012_181119.txt ; RKreport[7]_SC_12122012_181213.txt Notepad racc. RAZ : --- Sauvegarde : No backup found --- --- Bureau --- DIR: C:\Users\Public\Desktop -> Attributes restored --- Lancement rapide --- DIR: User Pinned -> Attributes restored --- Programmes --- DIR: CanonBJ -> Attributes restored DIR: IJPrinter -> Attributes restored DIR: Canon MG5200 series -> Attributes restored DIR: Uninstall Information -> Attributes restored DIR: OMGRIGHT -> Attributes restored DIR: DeviceVM -> Attributes restored DIR: InstallShield Installation Information -> Attributes restored DIR: Temp -> Attributes restored DIR: Uninstall Information -> Attributes restored --- Menu demarrer --- DIR: Tablet PC -> Attributes restored --- Mes documents --- --- Mes favoris --- --- Ma musique --- --- Mes images --- --- Mes videos --- --- Dossier utilisateur --- DIR: AppData -> Attributes restored DIR: kJGKGuuTyf -> Attributes restored DIR: downloads -> Attributes restored DIR: {5588ACFD-6436-411B-A5CE-666AE6A92D3D}~ -> Attributes restored DIR: WebSlices~ -> Attributes restored DIR: Feeds Cache -> Attributes restored DIR: DFU4UFSI -> Attributes restored DIR: HIQUBCDT -> Attributes restored DIR: HX8V8G3U -> Attributes restored DIR: ZRRZD2Q5 -> Attributes restored DIR: Cache d’images -> Attributes restored DIR: Cookies -> Attributes restored DIR: Fichiers Internet temporaires -> Attributes restored DIR: Content.IE5 -> Attributes restored DIR: 1TISHA7D -> Attributes restored DIR: 7712CCG9 -> Attributes restored DIR: HFKHMKSJ -> Attributes restored DIR: VJJ8OB79 -> Attributes restored DIR: History -> Attributes restored DIR: History.IE5 -> Attributes restored DIR: Cookies -> Attributes restored DIR: Fichiers Internet temporaires -> Attributes restored DIR: Content.IE5 -> Attributes restored DIR: 3RTQ0L27 -> Attributes restored DIR: BBTGP137 -> Attributes restored DIR: RRTB8IH6 -> Attributes restored DIR: YIV1O6CT -> Attributes restored DIR: History -> Attributes restored DIR: History.IE5 -> Attributes restored DIR: tB8Jap26z -> Attributes restored DIR: xN2PHNUwROp -> Attributes restored DIR: DOMStore -> Attributes restored DIR: 0PNDZBDK -> Attributes restored DIR: 150IVPL3 -> Attributes restored DIR: QFAQZQC2 -> Attributes restored DIR: WO4RGPZ7 -> Attributes restored DIR: history -> Attributes restored DIR: ml -> Attributes restored DIR: sc -> Attributes restored DIR: NxN2PHNUwRO -> Attributes restored DIR: ob5kjPtnon5N -> Attributes restored DIR: Cookies -> Attributes restored DIR: Low -> Attributes restored DIR: IECompatCache -> Attributes restored DIR: Low -> Attributes restored DIR: IEDownloadHistory -> Attributes restored DIR: IETldCache -> Attributes restored DIR: Low -> Attributes restored DIR: PrivacIE -> Attributes restored DIR: Low -> Attributes restored Drives found : [C:D:F:G:H:I:] --- [C:] \Device\HarddiskVolume3 -- 0x3 --> Restoring... --- DIR: MSOCache -> Attributes restored DIR: ProgramData -> Attributes restored DIR: CanonBJ -> Attributes restored DIR: IJPrinter -> Attributes restored DIR: CNMWindows -> Attributes restored DIR: Canon MG5200 series Printer -> Attributes restored DIR: CanonEPP -> Attributes restored DIR: CanonIJEPPEX2 -> Attributes restored DIR: CanonIJScan -> Attributes restored DIR: MG5200 series -> Attributes restored DIR: Server -> Attributes restored DIR: WwanSvc -> Attributes restored DIR: Profiles -> Attributes restored DIR: 9ESwczk2liLXu -> Attributes restored DIR: eWHhDWCNSTyi -> Attributes restored DIR: Default -> Attributes restored DIR: AppData -> Attributes restored DIR: Favorites -> Attributes restored DIR: Libraries -> Attributes restored DIR: AppData -> Attributes restored DIR: kJGKGuuTyf -> Attributes restored DIR: downloads -> Attributes restored DIR: {5588ACFD-6436-411B-A5CE-666AE6A92D3D}~ -> Attributes restored DIR: WebSlices~ -> Attributes restored DIR: Feeds Cache -> Attributes restored DIR: 444EJQ7Y -> Attributes restored DIR: 7A26RNWJ -> Attributes restored DIR: KAAV5NST -> Attributes restored DIR: YFBXW1S5 -> Attributes restored DIR: Cache d’images -> Attributes restored DIR: 10ITtB8Ja -> Attributes restored DIR: TKGULcYZgFcO -> Attributes restored DIR: xN2PHNUwROp -> Attributes restored DIR: Internet Explorer -> Attributes restored DIR: DOMStore -> Attributes restored DIR: 4Z7KRL2K -> Attributes restored DIR: 6EL27DOV -> Attributes restored DIR: AFMUAVY5 -> Attributes restored DIR: CQAXCBN4 -> Attributes restored DIR: User Pinned -> Attributes restored DIR: NxN2PHNUwRO -> Attributes restored DIR: ob5kjPtnon5N -> Attributes restored DIR: AppData -> Attributes restored DIR: kJGKGuuTyf.DIR -> Attributes restored DIR: kJGKGuuTyf -> Attributes restored --- [D:] \Device\CdRom0 -- 0x5 --> Skipped. --- --- [F:] \Device\HarddiskVolume4 -- 0x3 --> Restoring... --- DIR: F: -> Attributes restored --- [G:] \Device\HarddiskVolume5 -- 0x3 --> Restoring... --- DIR: G: -> Attributes restored --- [H:] \Device\HarddiskVolume2 -- 0x3 --> Restoring... --- DIR: H: -> Attributes restored --- [i:] \Device\HarddiskVolume7 -- 0x2 --> Restoring... --- DIR: .Trashes -> Attributes restored DIR: .fseventsd -> Attributes restored DIR: .Spotlight-V100 -> Attributes restored Rapport Adwcleaner : # AdwCleaner v2.100 - Rapport créé le 12/12/2012 à 18:19:35 # Mis à jour le 09/12/2012 par Xplode # Système d'exploitation : Windows 7 Ultimate Service Pack 1 (64 bits) # Nom d'utilisateur : Raphael - RAPHAEL-PC # Mode de démarrage : Normal # Exécuté depuis : C:\Users\Raphael\Downloads\adwcleaner.exe # Option [Recherche] ***** [services] ***** Présent : supdate ***** [Fichiers / Dossiers] ***** Dossier Présent : C:\Program Files (x86)\Boxore Dossier Présent : C:\Program Files (x86)\Software Dossier Présent : C:\Users\Raphael standart\AppData\LocalLow\Conduit Dossier Présent : C:\Users\Raphael standart\AppData\LocalLow\ConduitEngine Dossier Présent : C:\Users\Raphael\AppData\Local\Software Dossier Présent : C:\Windows\Installer\{EF8FC2FA-BE02-444B-8355-08C75A6D7E3A} Fichier Présent : C:\user.js Fichier Présent : C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job Fichier Présent : C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job ***** [Registre] ***** Clé Présente : HKCU\Software\Ask.com.tmp Clé Présente : HKLM\SOFTWARE\Classes\AppID\{32451DFC-C23B-4E12-866C-FC7982238504} Clé Présente : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL Clé Présente : HKLM\SOFTWARE\Classes\Installer\Features\64A6E60055D801F4BB8AC269354B72B8 Clé Présente : HKLM\SOFTWARE\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8 Clé Présente : HKLM\SOFTWARE\Classes\Installer\Products\AF2CF8FE20EBB4443855807CA5D6E7A3 Clé Présente : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160 Clé Présente : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\BA086F2D38A8E1A47912955A68B3AD24 Clé Présente : HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.software.oneclickctrl.8 Clé Présente : HKLM\SOFTWARE\Classes\Prod.cap Clé Présente : HKLM\SOFTWARE\Classes\Software.OneClickCtrl.8 Clé Présente : HKLM\SOFTWARE\Classes\SoftwareUpdate.CoreClass Clé Présente : HKLM\SOFTWARE\Classes\SoftwareUpdate.CoreClass.1 Clé Présente : HKLM\SOFTWARE\Classes\SoftwareUpdate.OnDemandCOMClassMachine Clé Présente : HKLM\SOFTWARE\Classes\SoftwareUpdate.OnDemandCOMClassMachine.1.0 Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4} Clé Présente : HKLM\SOFTWARE\MozillaPlugins\@www.dlmanager.net/omaha/tools//Software Update;version=8 Clé Présente : HKLM\SOFTWARE\MozillaPlugins\@www.dlmanager.net/omaha/tools//Software Update;version=8\ Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{092A2C6B-43EE-4F9F-8F8E-14ED5E11C14B} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{257A6158-1416-4B31-9BF8-29FF49F3814F} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32451DFC-C23B-4E12-866C-FC7982238504} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AC5C4189-A8A0-4C9D-8910-C9CEF8360077} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{736EF78E-5A04-46F9-893E-EDEC6EA5DF45} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7A1BCE27-099C-4628-B63A-AEC00C6376B3} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AF3AFF7C-B9E9-48DD-9002-212B6DEAAC02} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DBE82879-914A-422F-BAE9-2ECC80BE536F} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E12D7149-73EF-45E4-A1E9-99FD7DAE62D3} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F2B184F1-547C-4EE9-BFC4-AC489C7077D9} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda Clé Présente : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jeaihkehdlhkocphopopahkfjcfcphef Clé Présente : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4} Clé Présente : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 Clé Présente : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EF8FC2FA-BE02-444B-8355-08C75A6D7E3A} Clé Présente : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Clé Présente : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Clé Présente : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160 Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\BA086F2D38A8E1A47912955A68B3AD24 ***** [Navigateurs] ***** -\\ Internet Explorer v9.0.8112.16455 [OK] Le registre ne contient aucune entrée illégitime. -\\ Mozilla Firefox v18.0 (fr) Nom du profil : default Fichier : C:\Users\Raphael\AppData\Roaming\Mozilla\Firefox\Profiles\9v7wpc8l.default\prefs.js [OK] Le fichier ne contient aucune entrée illégitime. Nom du profil : default Fichier : C:\Users\Raphael standart\AppData\Roaming\Mozilla\Firefox\Profiles\tmrdv3vu.default\prefs.js [OK] Le fichier ne contient aucune entrée illégitime. ************************* AdwCleaner[R1].txt - [5530 octets] - [12/12/2012 18:19:35] ########## EOF - C:\AdwCleaner[R1].txt - [5590 octets] ########## Rapport de suppression : # AdwCleaner v2.100 - Rapport créé le 12/12/2012 à 18:21:57 # Mis à jour le 09/12/2012 par Xplode # Système d'exploitation : Windows 7 Ultimate Service Pack 1 (64 bits) # Nom d'utilisateur : Raphael - RAPHAEL-PC # Mode de démarrage : Normal # Exécuté depuis : C:\Users\Raphael\Downloads\adwcleaner.exe # Option [suppression] ***** [services] ***** Arrêté & Supprimé : supdate ***** [Fichiers / Dossiers] ***** Dossier Supprimé : C:\Program Files (x86)\Boxore Dossier Supprimé : C:\Users\Raphael standart\AppData\LocalLow\Conduit Dossier Supprimé : C:\Users\Raphael standart\AppData\LocalLow\ConduitEngine Dossier Supprimé : C:\Users\Raphael\AppData\Local\Software Dossier Supprimé : C:\Windows\Installer\{EF8FC2FA-BE02-444B-8355-08C75A6D7E3A} Fichier Supprimé : C:\user.js Fichier Supprimé : C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job Fichier Supprimé : C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job Supprimé au redémarrage : C:\Program Files (x86)\Software ***** [Registre] ***** Clé Supprimée : HKCU\Software\Ask.com.tmp Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{32451DFC-C23B-4E12-866C-FC7982238504} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL Clé Supprimée : HKLM\SOFTWARE\Classes\Installer\Features\64A6E60055D801F4BB8AC269354B72B8 Clé Supprimée : HKLM\SOFTWARE\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8 Clé Supprimée : HKLM\SOFTWARE\Classes\Installer\Products\AF2CF8FE20EBB4443855807CA5D6E7A3 Clé Supprimée : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160 Clé Supprimée : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\BA086F2D38A8E1A47912955A68B3AD24 Clé Supprimée : HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.software.oneclickctrl.8 Clé Supprimée : HKLM\SOFTWARE\Classes\Prod.cap Clé Supprimée : HKLM\SOFTWARE\Classes\Software.OneClickCtrl.8 Clé Supprimée : HKLM\SOFTWARE\Classes\SoftwareUpdate.CoreClass Clé Supprimée : HKLM\SOFTWARE\Classes\SoftwareUpdate.CoreClass.1 Clé Supprimée : HKLM\SOFTWARE\Classes\SoftwareUpdate.OnDemandCOMClassMachine Clé Supprimée : HKLM\SOFTWARE\Classes\SoftwareUpdate.OnDemandCOMClassMachine.1.0 Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4} Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@www.dlmanager.net/omaha/tools//Software Update;version=8 Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{092A2C6B-43EE-4F9F-8F8E-14ED5E11C14B} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{257A6158-1416-4B31-9BF8-29FF49F3814F} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32451DFC-C23B-4E12-866C-FC7982238504} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AC5C4189-A8A0-4C9D-8910-C9CEF8360077} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{736EF78E-5A04-46F9-893E-EDEC6EA5DF45} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7A1BCE27-099C-4628-B63A-AEC00C6376B3} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AF3AFF7C-B9E9-48DD-9002-212B6DEAAC02} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DBE82879-914A-422F-BAE9-2ECC80BE536F} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E12D7149-73EF-45E4-A1E9-99FD7DAE62D3} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F2B184F1-547C-4EE9-BFC4-AC489C7077D9} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jeaihkehdlhkocphopopahkfjcfcphef Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4} Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EF8FC2FA-BE02-444B-8355-08C75A6D7E3A} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160 Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\BA086F2D38A8E1A47912955A68B3AD24 ***** [Navigateurs] ***** -\\ Internet Explorer v9.0.8112.16455 [OK] Le registre ne contient aucune entrée illégitime. -\\ Mozilla Firefox v18.0 (fr) Nom du profil : default Fichier : C:\Users\Raphael\AppData\Roaming\Mozilla\Firefox\Profiles\9v7wpc8l.default\prefs.js [OK] Le fichier ne contient aucune entrée illégitime. Nom du profil : default Fichier : C:\Users\Raphael standart\AppData\Roaming\Mozilla\Firefox\Profiles\tmrdv3vu.default\prefs.js [OK] Le fichier ne contient aucune entrée illégitime. ************************* AdwCleaner[R1].txt - [5649 octets] - [12/12/2012 18:19:35] AdwCleaner[s1].txt - [5556 octets] - [12/12/2012 18:21:57] ########## EOF - C:\AdwCleaner[s1].txt - [5616 octets] ########## Rapport Mbam : Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Version de la base de données: v2012.12.12.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Raphael :: RAPHAEL-PC [administrateur] 12/12/2012 18:30:24 mbam-log-2012-12-12 (18-30-24).txt Type d'examen: Examen complet (C:\|F:\|G:\|H:\|I:\|) Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 635934 Temps écoulé: 49 minute(s), 51 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 5 C:\Users\Raphael\AppData\Local\Temp\7726.tmp (Trojan.Zaccess) -> Mis en quarantaine et supprimé avec succès. C:\Users\Raphael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\56996ac-3492545f (Trojan.Agent.WFSGen) -> Mis en quarantaine et supprimé avec succès. C:\Users\Raphael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\3e49953e-6b6eaa31 (Trojan.Agent) -> Mis en quarantaine et supprimé avec succès. I:\copy.exe (Worm.Perlovga) -> Mis en quarantaine et supprimé avec succès. I:\host.exe (Trojan.Dropper) -> Mis en quarantaine et supprimé avec succès. (fin)
  11. Merci pour cette réponse rapide ! Voila le rapport : pjjoint.malekal.com - Submit a file Merci.
  12. Bonjour, tout marchais pour le mieux quand internet s'est mis à ne plus fonctionner. Quand je désactive zone alarme, je peux surfer sans problème. J'ai essayé la restauration système mais elle ne peux pas aboutir a cause de la présence d'un antivirus... j'ai donc désinstallé antivir et maintenant je n’arrive pas à le réinstaller... je n'arrive pas non plus a faire de rapport hijackthis ! entre temps antivir m'informais de la présence de deux virus, et ce toutes les deux minutes... bref, plus d'antivirus, plus de firewall... un coup de main serai le bienvenu ! Merci ! Raphaël.
  13. rafw

    RAM surexploitée, lenteur

    Bonjour, Désolé pour la réponse super tardive, j'ai eu un max de boulot entre temps. J'ai quand même pu faire toutes les étapes, mais touts les rapports n'ont pas été enregistrés... Bref, dans tout les cas mon PC re-fonctionne très bien, en fait j'ai supprimé les fichiers "média cache" et de prévisualisation de mon projet qui plantait, et la tout s'est remis dans l'ordre ! J'ai aussi ajouté 8Go de RAM, donc avec 16 Go le travail est beaucoup plus rapide. Donc plus de problème à l'horizon ! Merci beaucoup pour votre aide et votre temps !
  14. rafw

    RAM surexploitée, lenteur

    Bonjour, Je m'occupe de ça cet après-midi, j'essaye de poster une réponse pour ce soir. Raphaël.
  15. rafw

    RAM surexploitée, lenteur

    Bonjour, Merci pour votre réponse. Voila le lien du rapport : Mon lien J'ai supprimé les fichiers de prévisualisation et tout est redevenu normal, j'ai pu enregistrer mon projet. Le pc est redevenu rapide. Depuis je constate encore certaines lenteurs, peut être normales vu la complexité de mon projet ? est-ce que je devrai passer de 8Go à 16Go de RAM ? Merci, Raphaël.
×
×
  • Créer...