FORUM D’ENTRAIDE INFORMATIQUE (FEI)
Site d’assistance et de sécurité informatique

[Résolu] Liens redirigés et centre de sécurité windows désac

Aide à la désinfection (pages publicitaires, moteur de recherche remplacé, redirections, virus...).
Règles du forum : Entraide concernant la désinfection et la sécurité informatique : en cas de publicités intempestives, pop-up, redirections, logiciels indésirables, ralentissements suspects, virus, etc.
Une désinfection complète vous sera assurée : désinfection, sécurisation, puis prévention.
Seuls les helpers (personnes qualifiées et formées à la désinfection) ainsi que le staff sont autorisés à apporter leur aide dans cette section.
Merci également de prendre connaissance de la charte générale du forum.
 Sujet verrouillé
  • Avatar du membre
  • Avatar du membre
Avatar du membre

[Résolu] Liens redirigés et centre de sécurité windows désac

par samsam
 dim. 26 mai 2013 17:06 #47380
Bonjour,


Depuis quelques jours la plupart de mes liens sont redirigés (ils arrivent sur sureonlinefind.com)
De plus, depuis hier j'ai remarqué que mon centre de sécurité Windows était désactivé.J'ai bien essayé de le relancer en le mettant en automatique , mais il de désactive tout de suite après.
Les deux problèmes sont liés je suppose?
J'ai lancé Mwbaw qui n'a rien trouvé
Ci -joint le rapport ZHPdiag : http://pjjoint.malekal.com/files.php?id ... u11n6e7w10

Merci d'avance pour votre aide
Avatar du membre

Re: [Résolu] Liens redirigés et centre de sécurité windows d

par 2011N2
 dim. 26 mai 2013 17:20 #47381
Salut,
  • Télécharge sur le bureau RogueKiller (par tigzy).
  • Clique sur l'icône RogueKiller qui correspond à ta version de Windows (64 bits ou non) pour télécharger RogueKiller.
  • Quitte tous les programmes en cours.
  • Lance RogueKiller.exe
  • Attends la fin du Prescan...
  • Clique sur Scan.
  • À la fin du scan, clique sur Rapport et copie/colle le contenu dans ta prochaine réponse.
Aide en vidéo : http://www.youtube.com/watch?v=YuwS6dMA ... e=youtu.be

Si tu as des questions, n'hésite pas à les poser !

@+

Gabriel.
Avatar du membre

Re: [Résolu] Liens redirigés et centre de sécurité windows d

par samsam
 dim. 26 mai 2013 17:29 #47385
Merci pour cette réponse rapide

Voici le rapport:

RogueKiller V8.5.4 [Mar 18 2013] par Tigzy
mail : tigzyRKgmailcom
Remontees : http://www.sur-la-toile.com/discussion- ... ntees.html
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : Mon PC [Droits d'admin]
Mode : Recherche -- Date : 26/05/2013 17:26:45
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [NON CHARGE] ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
-- C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEVT-60ZCT1 ATA Device +++++
--- User ---
[MBR] 143958e5a7647be1685fbacfd2ba0d41
[BSP] 16b6b40d4fea07bc4b0bdfd7ca760aea : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 225407 Mo
Avatar du membre

Re: [Résolu] Liens redirigés et centre de sécurité windows d

par 2011N2
 dim. 26 mai 2013 17:31 #47386
Re,

Ok, rien de ce côté là.


Nous allons nous occuper de les éradiquer.
  • Télécharge AdwCleaner (d'Xplode) sur ton bureau.
  • Lance le, clique sur [Recherche] puis patiente le temps du scan.
  • Une fois le scan fini, un rapport s'ouvrira. Poste moi son contenu dans ta prochaine réponse.

    Note : Le rapport est également sauvegardé sous C:\AdwCleaner[R1].txt
Aide en vidéo ici : http://www.youtube.com/watch?v=vOa47SdO ... e=youtu.be

Si tu as des questions, n'hésite pas à les poser !

Gabriel.
Avatar du membre

Re: [Résolu] Liens redirigés et centre de sécurité windows d

par samsam
 dim. 26 mai 2013 17:35 #47387
Et voici:

# AdwCleaner v2.301 - Rapport créé le 26/05/2013 à 17:34:47
# Mis à jour le 16/05/2013 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : Mon PC - MON-PC
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\Mon PC\Downloads\adwcleaner.exe
# Option [Recherche]


***** [Services] *****


***** [Fichiers / Dossiers] *****


***** [Registre] *****


***** [Navigateurs] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v21.0 (fr)

Fichier : C:\Users\Mon PC\AppData\Roaming\Mozilla\Firefox\Profiles\w9yjstci.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [772 octets] - [26/05/2013 17:34:47]
AdwCleaner[S1].txt - [360 octets] - [26/05/2013 12:40:57]
AdwCleaner[S2].txt - [11735 octets] - [26/05/2013 12:51:04]

########## EOF - C:\AdwCleaner[R1].txt - [951 octets] ##########
Avatar du membre

Re: [Résolu] Liens redirigés et centre de sécurité windows d

par 2011N2
 dim. 26 mai 2013 17:40 #47390
Re,

Rien non plus. ^^
  • Copie les lignes qui sont à l'intérieur de ce lien (Ctrl + A puis Ctrl + C) : https://dl.dropboxusercontent.com/u/328 ... samsam.txt
  • Ouvre ZHPfix, icone seringue (Vista/7/8 : "Exécuter en tant qu'administrateur").
  • Colle les lignes helpers si elles ne sont déjà présentes. Pour ce, clique sur la balise document (Coller le presse papier), à droite de l'appareil photo.
  • Clique sur Go.
  • Clique sur Oui pour confirmer le nettoyage des données.
  • Copie le rapport, et colle-le dans la prochaine réponse sur le forum.
P.S. Si le bureau disparaît, fais Ctrl + Alt + Suppr afin d'ouvrir le gestionnaire des tâches puis dans Applications, clique sur Nouvelle tâche puis tape explorer.exe. Le bureau devrait normalent réapparaître.

/!\ Attention, ta corbeille va être vidée. Vérifie qu'il n'y ait aucun fichier supprimé par mégarde à l'intérieur. /!\

Aide en vidéo ici : http://www.youtube.com/watch?v=8gBWXPow ... e=youtu.be


Si tu as des questions, n'hésite pas à me les poser.

@+

Gabriel.
Avatar du membre

Re: [Résolu] Liens redirigés et centre de sécurité windows d

par samsam
 dim. 26 mai 2013 17:55 #47394
J'ai ce rapport là (pourtant quand j'ai dit "oui" au nettoyage , une fenêtre s'est ouverte me disant "impossible de trouver le point de restauration" ou quelque chose comme ça :-))



Rapport de ZHPFix 2013.5.24.2 par Nicolas Coolman, Update du 24/05/2013
Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-26-05-2013-17-51-29.txt
Run by Mon PC at 26/05/2013 17:51:29
High Elevated Privileges : OK
Windows Vista Home Premium Edition, 64-bit (Build 6000)

Corbeille vidée

========== Clé(s) du Registre ==========
ERREUR Key: Service Legacy: LEGACY_ESGIGUARD
ABSENT SearchScopes :{ADD4210E-3093-4330-ABD7-46FACC8FF1AC}
ABSENT Key: HKCU\Software\uohvmlptjj
ABSENT Key: HKLM\Software\Wow6432Node\uohvmlptjj
ABSENT Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}
ABSENT Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}

========== Valeur(s) du Registre ==========
ABSENT RunValue: HP Software Update
ABSENT TCP Query User{45B26665-AEEA-471A-A324-0FD3D36E4B87}C:/users/mon pc/appdata/roaming/cacaoweb/cacaoweb.exe
ABSENT UDP Query User{5E92DDE4-261A-4132-ADA8-EDE4BA138E89}C:/users/mon pc/appdata/roaming/cacaoweb/cacaoweb.exe
ABSENT {A5E0DCB5-7246-4324-9DC0-FEC28659CFE9}
ABSENT {03A7272F-50C8-4527-9BAC-D5C9D1026298}
ABSENT {A66D6E4B-A34C-450A-A50E-73E5514AD514}
ABSENT {52D60DD4-42A5-426B-BAA4-2791AB87F36A}
ProxyFix : Configuration proxy supprimée avec succès
SUPPRIME ProxyServer Value
SUPPRIME ProxyEnable Value
SUPPRIME EnableHttp1_1 Value
SUPPRIME ProxyHttp1.1 Value
SUPPRIME ProxyOverride Value

========== Dossier(s) ==========
Aucun dossiers CLSID Local utilisateur vide

========== Fichier(s) ==========
ABSENT Folder/File: c:\users\mon pc\appdata\local\temp\shsetup.exe
ABSENT File: c:\users\mon pc\desktop\captvty-1.10.zip - raccourci.lnk
ABSENT File: c:\users\mon pc\downloads\captvty-1.10.zip (.not file.)
ABSENT File: c:\users\mon pc\desktop\freebox - raccourci.lnk
ABSENT Folder/File: c:\users\mon pc\appdata\local\temp\esgscanner.sys
ABSENT Folder/File: c:\users\mon pc\appdata\local\temp\sh4plist.dat
SUPPRIME Temporaires Windows
SUPPRIME Flash Cookies

========== Tache planifiée ==========
ABSENT Task: {4B32CA70-0884-4A61-8AF1-F47B4CF0D194}
ABSENT Task: {9EF5CC7E-92B7-44A5-88AE-7C507FB7F293}

========== Restauration Système ==========
Point de restauration non crée


========== Récapitulatif ==========
6 : Clé(s) du Registre
13 : Valeur(s) du Registre
1 : Dossier(s)
8 : Fichier(s)
2 : Tache planifiée
1 : Restauration Système


End of clean in 00mn 12s

========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 26/05/2013 16:42:44 [1694]
C:\ZHP\ZHPFix[R2].txt - 26/05/2013 16:46:44 [22332]
C:\ZHP\ZHPFix[R3].txt - 26/05/2013 16:46:51 [3948]
C:\ZHP\ZHPFix[R4].txt - 26/05/2013 17:51:29 [2626]
Avatar du membre

Re: [Résolu] Liens redirigés et centre de sécurité windows d

par samsam
 dim. 26 mai 2013 18:05 #47396
non je crois pas mais j'ai essayé plusieurs fois quand tu me l'as demandé ^^

rapport :


Rapport de ZHPDiag v2013.5.25.152 par Nicolas Coolman, Update du 25/05/2013
Run by Mon PC at 26/05/2013 18:01:18
WebSite: http://nicolascoolman.webs.com
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by program


---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16576
MFIE: Mozilla Firefox 21.0 (Defaut)

---\\ Windows Product Information
~ Langage: Français
Windows Vista Home Premium Edition, 64-bit (Build 6000)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
~ Windows Remaining Initializations Number : 0
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK

---\\ System Protection
Avira Free Antivirus v13.0.0.3640
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ System Optimizer
CCleaner v2.27 =Piriform Ltd

---\\ Peer To Peer (P2P)

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 21

---\\ System Information
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3002 MB (54% free)
System Restore: Désactivé (Disabled)
System drive C: has 125 GB (56%) free of 220 GB

---\\ Logged in mode
~ Computer Name: MON-PC
~ User Name: Mon PC
~ All Users Names: Mon PC, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Mon PC\AppData\Roaming\
~ %Desktop% : C:\Users\Mon PC\Desktop\
~ %Favorites% : C:\Users\Mon PC\Favorites\
~ %LocalAppData% : C:\Users\Mon PC\AppData\Local\
~ %StartMenu% : C:\Users\Mon PC\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 125 Go of 220 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 13 Go)
E:\ CD-ROM drive (Not Inserted)



---\\ Security Center Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 37 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.27A9000C534AA9BADC9EE74940F50C6D] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/05/2013 - 13:06:04.) -- C:\Windows\System32\wininet.dll [2242048]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/826
~ Mes musiques (My Musics) : 17/464
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/31
~ Mes Documents (My Documents) : 1/167
~ Mon Bureau (My Desktop) : 1/499
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 01s



---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.1888]
[MD5.CCF2234A35077CA217A61C9CACC48198] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392] [PID.2940]
[MD5.0C28CA66075C5C7E6E395CBD62EBB431] - (.Glarysoft Ltd - Memory Optimizer.) -- C:\Program Files (x86)\Glary Utilities\memdefrag.exe [108384] [PID.3064]
[MD5.8E7AF6DD4E43C14D957C0AD7CA0A7B89] - (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe [1476104] [PID.2068]
[MD5.E20433DAC42F0351F237F87D8ADC4E8A] - (.Samsung - KiesPDLR.) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296] [PID.1236]
[MD5.A2814FED5A47B00BBC99AC58F93B9337] - (.CyberLink Corp. - HP QuickPlay Resident Program.) -- C:\Program Files (x86)\Hp\QuickPlay\QPService.exe [468264] [PID.2780]
[MD5.8F89E6CB82E6DB45BC993D423CD0FDBD] - (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [323640] [PID.3084]
[MD5.5516C26A6AF8EB4E2CAB48EC98A74398] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe [54576] [PID.3148]
[MD5.5DBC85C723E421198FD35C3355EBA996] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280] [PID.3180]
[MD5.FD579C25D253A47DF82A76B7EE96ADB5] - (.Avira Operations GmbH Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345312] [PID.3208]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816] [PID.2856]
[MD5.0DE3C7622EC33126579B1742260F08C2] - (.Pas de propriétaire - HpqToaster Module.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe [632888] [PID.3788]
[MD5.95110A1C5A1D228AC1DDF6AB67D00BEB] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [920472] [PID.4408]
[MD5.6FC79A950476A5F539EEB65F9097C0A8] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.5108]
[MD5.23AA0FDCBDD87D0B78092798C68312D8] - (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe [1855880] [PID.4016]
[MD5.F72DD84DD69DF001CF4D1B909685A136] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7402496] [PID.5500]
[MD5.E41F55D0B71734BB68FF26963EB250E4] - (.Avira Operations GmbH Co. KG - Avira Scheduler.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752] [PID.1264]
[MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1432]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.1568]
[MD5.880AE0BEDE234F27AC252049373B8CB9] - (.Avira Operations GmbH Co. KG - Avira On-Access Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816] [PID.1636]
[MD5.83D8BE94E1CBCBE2EA8372DB1A95A159] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.1800]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1820]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.1852]
[MD5.498EB62A160674E793FA40FD65390625] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152] [PID.1900]
[MD5.9B7EDD3FE7C211C36E921D34D18A3A0A] - (.Hewlett-Packard Company - HP Software Framework WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1001376] [PID.3932]
[MD5.C7A0E61D5714AC20DE52D4F66EC773B8] - (.Hewlett-Packard Development Company, L.P. - Com for QLB application.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [227896] [PID.3696]
~ Processes Running: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Mon PC\AppData\Roaming\Mozilla\Firefox\Profiles\w9yjstci.default\prefs.js
~ Firefox Browser: 8 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Applications démarrées par registre par dossier (O4)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKCU\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files (x86)\CCleaner\ccleaner.exe =Piriform Ltd
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [Glary Memory Optimizer] . (.Glarysoft Ltd - Memory Optimizer.) -- C:\Program Files (x86)\Glary Utilities\memdefrag.exe
O4 - HKCU\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
O4 - HKLM\..\Wow6432Node\Run: [QPService] . (.CyberLink Corp. - HP QuickPlay Resident Program.) -- C:\Program Files (x86)\HP\QuickPlay\QPService.exe
O4 - HKLM\..\Wow6432Node\Run: [UCam_Menu] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [QlbCtrl.exe] . (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdatePRCShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [Easybits Recovery] . (.EasyBits Software AS - Pas de description.) -- C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Wow6432Node\Run: [WirelessAssistant] . (.Hewlett-Packard Company - HP Wireless Assistant Main Program.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Wow6432Node\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-3333000847-1185285615-873805259-1002\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKUS\S-1-5-21-3333000847-1185285615-873805259-1002\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files (x86)\CCleaner\ccleaner.exe =Piriform Ltd
O4 - HKUS\S-1-5-21-3333000847-1185285615-873805259-1002\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-3333000847-1185285615-873805259-1002\..\Run: [Glary Memory Optimizer] . (.Glarysoft Ltd - Memory Optimizer.) -- C:\Program Files (x86)\Glary Utilities\memdefrag.exe
O4 - HKUS\S-1-5-21-3333000847-1185285615-873805259-1002\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: HPAdvisor.lnk . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Glary Utilities.lnk . (.Glarysoft Ltd - Glary Utilities.) -- C:\Program Files (x86)\Glary Utilities\Integrator.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Samsung Kies (Lite).lnk . (...) -- C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe
O4 - GS\QuickLaunch: Samsung Kies.lnk . (...) -- C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
~ Global Startup: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FE8B857-D129-4C83-A761-AF9A96655FE9}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{4FE8B857-D129-4C83-A761-AF9A96655FE9}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{4FE8B857-D129-4C83-A761-AF9A96655FE9}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\fbvjm.job [308]
~ Scheduled Task: 13 Legitimates Filtered in 00mn 08s



---\\ HKCU HKLM Software Keys
[HKCU\Software\Baraka Casino Online]
[HKLM\Software\Wow6432Node\Baraka Casino Online]
~ Key Software: 203 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/03/2013 - 23:34:35 - [0] ----D C:\ProgramData\Tracing
O43 - CFD: 17/07/2010 - 01:27:46 - [0,071] ----D C:\Users\Mon PC\AppData\Local\Ares
~ Program Folder: 164 Legitimates Filtered in 00mn 03s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 26/05/2013 - 13:06:04 ---A- . (...) -- C:\Windows\SysNative\ieuinit.inf [25185]
O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 26/05/2013 - 13:06:04 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [25185]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 25/05/2013 - 20:03:17 ---A- . (...) -- C:\autoexec.bat [0]
~ Files: 134 Legitimates Filtered in 00mn 05s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKCU\...\Policies\System] - "WallpaperStyle"=
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
O58 - SDL:[MD5.1BF91F352D746AD7469FA71783B5FAE8] - 28/11/2006 - 20:46:22 ---A- . (.Printing Communications Assoc., Inc. (PCAUS - PCAUSA NDIS 5.0 MPR Protocol Driver.) -- C:\Windows\SysWOW64\drivers\PCAMp50.sys [28224]
~ Drivers: Scanned in 00mn 00s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (esgiguard) .(...) - LEGACY_ESGIGUARD
~ Legacy: 111 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [Mon PC - w9yjstci.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {23046832-EC72-4A12-95A3-2E33CF55EED0} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {57C2B6C1-1AC1-4A0C-B420-B5F58D97E092} - (Kelkoo) - http://fr.kelkoopartners.net
O69 - SBI: SearchScopes [HKCU] {880A9FCC-690A-4C42-94BE-25111BF006BF} - (AOL Recherche) - http://slirsredirect.search.aol.com
O69 - SBI: SearchScopes [HKCU] {9FFCFBA8-423D-4B55-B6EE-EAB16A3B5FC1} - (Yahoo!) - http://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {D178F9F5-FF12-4726-9E98-87FF7BB5AFDC} - (Ask Search) - http://websearch.ask.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.80C00FF59E224B61F6D6186674BAE201] [SPRF][20/05/2013] (...) -- C:\Users\Mon PC\AppData\Roaming\wklnhst.dat [1390]
~ Files: Scanned in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{8046C32E-60F3-4DF0-A3DC-2B5426B2CD37}C:\program files (x86)\ares\ares.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\ares\ares.exe (.not file.)
O87 - FAEL: "UDP Query User{E1397193-A1E6-4385-A49A-D6C54DD0C123}C:\program files (x86)\ares\ares.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\ares\ares.exe (.not file.)
O87 - FAEL: "TCP Query User{6E2BB215-BEF3-4ABD-9D09-F54EB0BD2F20}C:\program files (x86)\ares\ares.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\ares\ares.exe (.not file.)
O87 - FAEL: "UDP Query User{B195A13D-FE5D-4673-9604-D5D46AE671D2}C:\program files (x86)\ares\ares.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\ares\ares.exe (.not file.)
O87 - FAEL: "{F98B87A8-2635-4524-9CF2-681D1CC9FA18}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "{76B034B3-E81D-4CFC-A3A1-BC7E024F8EED}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "TCP Query User{A4D36C31-018A-4816-BDCC-6410AF55D4E8}C:\program files (x86)\limewire\limewire.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\limewire\limewire.exe (.not file.)
O87 - FAEL: "UDP Query User{F836D7B2-8856-487E-BCFE-513AE1CE86AB}C:\program files (x86)\limewire\limewire.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\limewire\limewire.exe (.not file.)
O87 - FAEL: "TCP Query User{45B26665-AEEA-471A-A324-0FD3D36E4B87}C:\users\mon pc\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\mon pc\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =PUP.CacaoWeb
O87 - FAEL: "UDP Query User{5E92DDE4-261A-4132-ADA8-EDE4BA138E89}C:\users\mon pc\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\mon pc\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =PUP.CacaoWeb
~ Firewall: 221 Legitimates Filtered in 00mn 01s



---\\ Scan Additionnel (O88)
Database Version : v2.12362 - (25/05/2013)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ESGIGUARD] =Crapware.SpyHunter
~ Additionnel Scan: 294031 Items scanned in 00mn 49s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 15/05/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 02/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
SR - | Auto 30/03/2013 86752 | (AntiVirSchedulerService) . (.Avira Operations GmbH Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 30/03/2013 110816 | (AntiVirService) . (.Avira Operations GmbH Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Demand 25/02/2010 227896 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SS - | Demand 22/05/2009 250616 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
SR - | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
SR - | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 17/06/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 11/05/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 247152 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SS - | Auto 08/01/2013 161536 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 22/07/2009 240128 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
SS - | Disabled 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 00s



~ 1188 Legitimates filtered by white list
End of the scan (393 lines in 01mn 38s)(0)
Avatar du membre

Re: [Résolu] Liens redirigés et centre de sécurité windows d

par samsam
 dim. 26 mai 2013 18:20 #47400
J'ai redémarré : toujours les mêmes problèmes, liens redirigés et centre de sécurité impossible à activer

Une précision : depuis 2 mois mon windows 7 est reconnu comme non authentique alors qu'il l'est (licence achetée avec l'ordi)....je ne sais pas si ça a un rapport
Avatar du membre

Re: [Résolu] Liens redirigés et centre de sécurité windows d

par 2011N2
 dim. 26 mai 2013 18:22 #47401
Re,

Ah ok. Pour les redirections je ne pense pas, en revanche le centre de sécurité Windows, oui, c'est surement lié.
  • Quitte tous les programmes en cours.
  • Relance RogueKiller.exe.
  • Attends la fin du Prescan...
  • Cliquer sur Proxy. RAZ. Cliquer sur Rapport et copier coller le contenu du notepad dans ta réponse

    Si tu as des questions, n'hésite pas à les poser !
@+

Gabriel.
Avatar du membre

Re: [Résolu] Liens redirigés et centre de sécurité windows d

par samsam
 dim. 26 mai 2013 18:26 #47402
voilà :

RogueKiller V8.5.4 [Mar 18 2013] par Tigzy
mail : tigzyRKgmailcom
Remontees : http://www.sur-la-toile.com/discussion- ... ntees.html
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : Mon PC [Droits d'admin]
Mode : Proxy RAZ -- Date : 26/05/2013 18:25:00
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 0 ¤¤¤

¤¤¤ Driver : [NON CHARGE] ¤¤¤

Termine :
RKreport[1]_PR_26052013_182500.txt
Avatar du membre

Re: [Résolu] Liens redirigés et centre de sécurité windows d

par 2011N2
 dim. 26 mai 2013 19:10 #47413
Re,

On verra après pour le routeur.
C'est simplement ta box (Livrebox ou Freebox par exemple).

Mais fais ce qui est ci-dessous avant.
  • Télécharge TDSSKiller : http://support.kaspersky.com/downloads/ ... killer.zip
  • Lance-le (Utilisateurs de Vista/Seven = Clique droit puis "Exécuter en tant que administrateur")

    L'outil va télécharger automatiquement la dernière version de TDSSKiller.
  • Clique sur "Start Scan".

    Patiente pendant le scan. À la fin de l'analyse, appuie sur Report (en haut à droite du logiciel). Un rapport va s'ouvrir.
  • Copie/Colle son contenu dans ta prochaine réponse sur le forum.
Note : Le rapport se trouve également sous C:\tdsskiller.txt.

Si TDSS.tdl2 est détecté l'option delete sera cochée par défaut.
Si TDSS.tdl3 est détecté assure toi que Cure est bien cochée.
Si TDSS.tdl4 (\HardDisk0\MBR) est détecté assure toi que Cure est bien cochée.
Si Suspicious file est indiqué, laisse l''option cochée sur Skip
Si Rootkit.Win32.ZAccess est détecté règle sur "cure" en haut, et "delete" en bas.

Aide en vidéo : http://www.youtube.com/watch?v=-JhW3Okr ... e=youtu.be

Si tu as des questions, n'hésite pas à me les poser !

@+

Gabriel.
Avatar du membre

Re: [Résolu] Liens redirigés et centre de sécurité windows d

par samsam
 dim. 26 mai 2013 19:17 #47415
voici le rapport (mais je n'avais pas l'option pour l’exécuter en tant qu'admin)

19:15:25.0932 2580 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:15:27.0934 2580 ============================================================
19:15:27.0934 2580 Current date / time: 2013/05/26 19:15:27.0934
19:15:27.0934 2580 SystemInfo:
19:15:27.0934 2580
19:15:27.0935 2580 OS Version: 6.1.7601 ServicePack: 1.0
19:15:27.0935 2580 Product type: Workstation
19:15:27.0935 2580 ComputerName: MON-PC
19:15:27.0935 2580 UserName: Mon PC
19:15:27.0935 2580 Windows directory: C:\Windows
19:15:27.0935 2580 System windows directory: C:\Windows
19:15:27.0935 2580 Running under WOW64
19:15:27.0935 2580 Processor architecture: Intel x64
19:15:27.0935 2580 Number of processors: 1
19:15:27.0935 2580 Page size: 0x1000
19:15:27.0935 2580 Boot type: Normal boot
19:15:27.0935 2580 ============================================================
19:15:29.0162 2580 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:15:29.0168 2580 ============================================================
19:15:29.0168 2580 \Device\Harddisk0\DR0:
19:15:29.0169 2580 MBR partitions:
19:15:29.0169 2580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
19:15:29.0169 2580 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B83F800
19:15:29.0169 2580 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1B8A3800, BlocksNum 0x1921800
19:15:29.0169 2580 ============================================================
19:15:29.0204 2580 C: \Device\Harddisk0\DR0\Partition2
19:15:29.0254 2580 D: \Device\Harddisk0\DR0\Partition3
19:15:29.0254 2580 ============================================================
19:15:29.0254 2580 Initialize success
19:15:29.0254 2580 ============================================================
19:15:35.0732 2400 ============================================================
19:15:35.0732 2400 Scan started
19:15:35.0732 2400 Mode: Manual;
19:15:35.0732 2400 ============================================================
19:15:36.0509 2400 ================ Scan system memory ========================
19:15:36.0509 2400 System memory - ok
19:15:36.0513 2400 ================ Scan services =============================
19:15:36.0710 2400 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:15:36.0732 2400 1394ohci - ok
19:15:36.0791 2400 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:15:36.0795 2400 ACPI - ok
19:15:36.0838 2400 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:15:36.0842 2400 AcpiPmi - ok
19:15:36.0950 2400 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:15:36.0951 2400 AdobeARMservice - ok
19:15:37.0111 2400 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:15:37.0114 2400 AdobeFlashPlayerUpdateSvc - ok
19:15:37.0157 2400 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:15:37.0174 2400 adp94xx - ok
19:15:37.0229 2400 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:15:37.0233 2400 adpahci - ok
19:15:37.0258 2400 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:15:37.0260 2400 adpu320 - ok
19:15:37.0305 2400 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:15:37.0312 2400 AeLookupSvc - ok
19:15:37.0425 2400 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
19:15:37.0433 2400 AESTFilters - ok
19:15:37.0497 2400 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:15:37.0548 2400 AFD - ok
19:15:37.0610 2400 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
19:15:37.0665 2400 AgereSoftModem - ok
19:15:37.0711 2400 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:15:37.0718 2400 agp440 - ok
19:15:37.0756 2400 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:15:37.0757 2400 ALG - ok
19:15:37.0799 2400 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:15:37.0800 2400 aliide - ok
19:15:37.0816 2400 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:15:37.0817 2400 amdide - ok
19:15:37.0866 2400 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:15:37.0874 2400 AmdK8 - ok
19:15:37.0899 2400 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:15:37.0907 2400 AmdPPM - ok
19:15:37.0961 2400 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:15:37.0962 2400 amdsata - ok
19:15:37.0998 2400 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:15:38.0000 2400 amdsbs - ok
19:15:38.0015 2400 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:15:38.0016 2400 amdxata - ok
19:15:38.0046 2400 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
19:15:38.0058 2400 androidusb - ok
19:15:38.0149 2400 [ E41F55D0B71734BB68FF26963EB250E4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:15:38.0213 2400 AntiVirSchedulerService - ok
19:15:38.0367 2400 [ 880AE0BEDE234F27AC252049373B8CB9 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:15:38.0377 2400 AntiVirService - ok
19:15:38.0425 2400 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:15:38.0432 2400 AppID - ok
19:15:38.0468 2400 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:15:38.0471 2400 AppIDSvc - ok
19:15:38.0506 2400 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
19:15:38.0514 2400 Appinfo - ok
19:15:38.0557 2400 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:15:38.0558 2400 arc - ok
19:15:38.0585 2400 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:15:38.0586 2400 arcsas - ok
19:15:38.0619 2400 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:15:38.0624 2400 AsyncMac - ok
19:15:38.0669 2400 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:15:38.0670 2400 atapi - ok
19:15:38.0737 2400 [ 38562A6A9CB10844759EAF2B01A7FCD3 ] athr C:\Windows\system32\DRIVERS\athrx.sys
19:15:38.0811 2400 athr - ok
19:15:38.0869 2400 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:15:38.0886 2400 AudioEndpointBuilder - ok
19:15:38.0911 2400 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:15:38.0915 2400 AudioSrv - ok
19:15:38.0982 2400 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:15:38.0984 2400 avgntflt - ok
19:15:39.0046 2400 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:15:39.0057 2400 avipbb - ok
19:15:39.0086 2400 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:15:39.0101 2400 avkmgr - ok
19:15:39.0141 2400 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:15:39.0150 2400 AxInstSV - ok
19:15:39.0197 2400 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:15:39.0226 2400 b06bdrv - ok
19:15:39.0274 2400 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:15:39.0287 2400 b57nd60a - ok
19:15:39.0332 2400 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:15:39.0344 2400 BDESVC - ok
19:15:39.0360 2400 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:15:39.0363 2400 Beep - ok
19:15:39.0413 2400 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:15:39.0446 2400 BFE - ok
19:15:39.0507 2400 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:15:39.0527 2400 BITS - ok
19:15:39.0562 2400 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:15:39.0569 2400 blbdrive - ok
19:15:39.0613 2400 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:15:39.0614 2400 bowser - ok
19:15:39.0652 2400 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:15:39.0659 2400 BrFiltLo - ok
19:15:39.0679 2400 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:15:39.0692 2400 BrFiltUp - ok
19:15:39.0740 2400 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:15:39.0749 2400 Browser - ok
19:15:39.0789 2400 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:15:39.0814 2400 Brserid - ok
19:15:39.0836 2400 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:15:39.0842 2400 BrSerWdm - ok
19:15:39.0865 2400 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:15:39.0869 2400 BrUsbMdm - ok
19:15:39.0888 2400 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:15:39.0892 2400 BrUsbSer - ok
19:15:39.0929 2400 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:15:39.0936 2400 BTHMODEM - ok
19:15:39.0988 2400 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:15:39.0998 2400 bthserv - ok
19:15:40.0037 2400 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:15:40.0044 2400 cdfs - ok
19:15:40.0094 2400 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
19:15:40.0105 2400 cdrom - ok
19:15:40.0146 2400 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:15:40.0154 2400 CertPropSvc - ok
19:15:40.0177 2400 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:15:40.0187 2400 circlass - ok
19:15:40.0213 2400 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:15:40.0219 2400 CLFS - ok
19:15:40.0303 2400 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:15:40.0311 2400 clr_optimization_v2.0.50727_32 - ok
19:15:40.0359 2400 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:15:40.0361 2400 clr_optimization_v2.0.50727_64 - ok
19:15:40.0432 2400 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:15:40.0434 2400 clr_optimization_v4.0.30319_32 - ok
19:15:40.0461 2400 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:15:40.0463 2400 clr_optimization_v4.0.30319_64 - ok
19:15:40.0494 2400 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:15:40.0498 2400 CmBatt - ok
19:15:40.0523 2400 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:15:40.0524 2400 cmdide - ok
19:15:40.0571 2400 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:15:40.0577 2400 CNG - ok
19:15:40.0631 2400 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
19:15:40.0634 2400 Com4QLBEx - ok
19:15:40.0661 2400 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:15:40.0662 2400 Compbatt - ok
19:15:40.0700 2400 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:15:40.0707 2400 CompositeBus - ok
19:15:40.0717 2400 COMSysApp - ok
19:15:40.0756 2400 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:15:40.0763 2400 crcdisk - ok
19:15:40.0816 2400 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:15:40.0830 2400 CryptSvc - ok
19:15:40.0893 2400 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:15:40.0911 2400 DcomLaunch - ok
19:15:40.0948 2400 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:15:40.0953 2400 defragsvc - ok
19:15:40.0999 2400 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:15:41.0000 2400 DfsC - ok
19:15:41.0045 2400 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:15:41.0067 2400 Dhcp - ok
19:15:41.0095 2400 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:15:41.0096 2400 discache - ok
19:15:41.0136 2400 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:15:41.0137 2400 Disk - ok
19:15:41.0196 2400 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:15:41.0208 2400 Dnscache - ok
19:15:41.0247 2400 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:15:41.0269 2400 dot3svc - ok
19:15:41.0309 2400 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:15:41.0311 2400 DPS - ok
19:15:41.0334 2400 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:15:41.0340 2400 drmkaud - ok
19:15:41.0394 2400 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:15:41.0455 2400 DXGKrnl - ok
19:15:41.0514 2400 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:15:41.0525 2400 EapHost - ok
19:15:41.0626 2400 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:15:41.0736 2400 ebdrv - ok
19:15:41.0775 2400 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:15:41.0789 2400 EFS - ok
19:15:41.0878 2400 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:15:41.0894 2400 ehRecvr - ok
19:15:41.0929 2400 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:15:41.0933 2400 ehSched - ok
19:15:41.0970 2400 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:15:41.0977 2400 elxstor - ok
19:15:42.0003 2400 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:15:42.0013 2400 ErrDev - ok
19:15:42.0099 2400 esgiguard - ok
19:15:42.0163 2400 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:15:42.0168 2400 EventSystem - ok
19:15:42.0211 2400 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:15:42.0223 2400 exfat - ok
19:15:42.0246 2400 ezSharedSvc - ok
19:15:42.0274 2400 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:15:42.0302 2400 fastfat - ok
19:15:42.0359 2400 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:15:42.0375 2400 Fax - ok
19:15:42.0417 2400 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:15:42.0426 2400 fdc - ok
19:15:42.0446 2400 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:15:42.0454 2400 fdPHost - ok
19:15:42.0472 2400 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:15:42.0473 2400 FDResPub - ok
19:15:42.0497 2400 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:15:42.0498 2400 FileInfo - ok
19:15:42.0525 2400 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:15:42.0531 2400 Filetrace - ok
19:15:42.0566 2400 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:15:42.0570 2400 flpydisk - ok
19:15:42.0611 2400 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:15:42.0614 2400 FltMgr - ok
19:15:42.0682 2400 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
19:15:42.0713 2400 FontCache - ok
19:15:42.0775 2400 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:15:42.0776 2400 FontCache3.0.0.0 - ok
19:15:42.0815 2400 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:15:42.0823 2400 FsDepends - ok
19:15:42.0871 2400 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:15:42.0877 2400 Fs_Rec - ok
19:15:42.0926 2400 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:15:42.0928 2400 fvevol - ok
19:15:42.0954 2400 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:15:42.0966 2400 gagp30kx - ok
19:15:43.0013 2400 [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
19:15:43.0016 2400 GameConsoleService - ok
19:15:43.0070 2400 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:15:43.0103 2400 gpsvc - ok
19:15:43.0137 2400 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:15:43.0146 2400 hcw85cir - ok
19:15:43.0206 2400 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:15:43.0236 2400 HdAudAddService - ok
19:15:43.0257 2400 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:15:43.0259 2400 HDAudBus - ok
19:15:43.0285 2400 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:15:43.0296 2400 HidBatt - ok
19:15:43.0367 2400 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:15:43.0379 2400 HidBth - ok
19:15:43.0396 2400 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:15:43.0403 2400 HidIr - ok
19:15:43.0446 2400 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:15:43.0452 2400 hidserv - ok
19:15:43.0472 2400 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
19:15:43.0478 2400 HidUsb - ok
19:15:43.0526 2400 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:15:43.0533 2400 hkmsvc - ok
19:15:43.0569 2400 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:15:43.0591 2400 HomeGroupListener - ok
19:15:43.0632 2400 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:15:43.0643 2400 HomeGroupProvider - ok
19:15:43.0715 2400 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
19:15:43.0716 2400 HP Support Assistant Service - ok
19:15:43.0738 2400 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
19:15:43.0745 2400 HpqKbFiltr - ok
19:15:43.0810 2400 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
19:15:43.0817 2400 hpqwmiex - ok
19:15:43.0858 2400 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:15:43.0859 2400 HpSAMD - ok
19:15:43.0919 2400 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:15:43.0962 2400 HTTP - ok
19:15:44.0005 2400 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:15:44.0005 2400 hwpolicy - ok
19:15:44.0054 2400 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:15:44.0064 2400 i8042prt - ok
19:15:44.0093 2400 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:15:44.0098 2400 iaStorV - ok
19:15:44.0170 2400 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:15:44.0216 2400 idsvc - ok
19:15:44.0504 2400 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:15:44.0809 2400 igfx - ok
19:15:44.0847 2400 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:15:44.0848 2400 iirsp - ok
19:15:44.0911 2400 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:15:44.0944 2400 IKEEXT - ok
19:15:44.0994 2400 [ D485D3BD3E2179AA86853A182F70699F ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
19:15:45.0003 2400 IntcHdmiAddService - ok
19:15:45.0036 2400 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:15:45.0037 2400 intelide - ok
19:15:45.0076 2400 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:15:45.0078 2400 intelppm - ok
19:15:45.0112 2400 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:15:45.0122 2400 IPBusEnum - ok
19:15:45.0164 2400 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:15:45.0172 2400 IpFilterDriver - ok
19:15:45.0224 2400 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:15:45.0246 2400 iphlpsvc - ok
19:15:45.0297 2400 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:15:45.0306 2400 IPMIDRV - ok
19:15:45.0344 2400 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:15:45.0354 2400 IPNAT - ok
19:15:45.0379 2400 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:15:45.0384 2400 IRENUM - ok
19:15:45.0396 2400 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:15:45.0397 2400 isapnp - ok
19:15:45.0446 2400 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:15:45.0478 2400 iScsiPrt - ok
19:15:45.0503 2400 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:15:45.0513 2400 kbdclass - ok
19:15:45.0544 2400 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:15:45.0550 2400 kbdhid - ok
19:15:45.0576 2400 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:15:45.0577 2400 KeyIso - ok
19:15:45.0628 2400 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:15:45.0629 2400 KSecDD - ok
19:15:45.0670 2400 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:15:45.0672 2400 KSecPkg - ok
19:15:45.0691 2400 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:15:45.0696 2400 ksthunk - ok
19:15:45.0732 2400 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:15:45.0762 2400 KtmRm - ok
19:15:45.0805 2400 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:15:45.0825 2400 LanmanServer - ok
19:15:45.0871 2400 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:15:45.0884 2400 LanmanWorkstation - ok
19:15:45.0966 2400 [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
19:15:45.0967 2400 LightScribeService - ok
19:15:45.0987 2400 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:15:45.0997 2400 lltdio - ok
19:15:46.0042 2400 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:15:46.0067 2400 lltdsvc - ok
19:15:46.0089 2400 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:15:46.0090 2400 lmhosts - ok
19:15:46.0136 2400 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:15:46.0138 2400 LSI_FC - ok
19:15:46.0167 2400 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:15:46.0168 2400 LSI_SAS - ok
19:15:46.0184 2400 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:15:46.0185 2400 LSI_SAS2 - ok
19:15:46.0228 2400 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:15:46.0229 2400 LSI_SCSI - ok
19:15:46.0259 2400 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:15:46.0261 2400 luafv - ok
19:15:46.0303 2400 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:15:46.0311 2400 Mcx2Svc - ok
19:15:46.0337 2400 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:15:46.0340 2400 megasas - ok
19:15:46.0365 2400 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:15:46.0368 2400 MegaSR - ok
19:15:46.0408 2400 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:15:46.0409 2400 MMCSS - ok
19:15:46.0438 2400 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:15:46.0444 2400 Modem - ok
19:15:46.0469 2400 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:15:46.0470 2400 monitor - ok
19:15:46.0508 2400 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
19:15:46.0519 2400 mouclass - ok
19:15:46.0542 2400 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:15:46.0548 2400 mouhid - ok
19:15:46.0582 2400 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:15:46.0583 2400 mountmgr - ok
19:15:46.0653 2400 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:15:46.0683 2400 MozillaMaintenance - ok
19:15:46.0727 2400 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:15:46.0729 2400 mpio - ok
19:15:46.0766 2400 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:15:46.0777 2400 mpsdrv - ok
19:15:46.0837 2400 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:15:46.0870 2400 MpsSvc - ok
19:15:46.0908 2400 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:15:46.0921 2400 MRxDAV - ok
19:15:46.0958 2400 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:15:46.0960 2400 mrxsmb - ok
19:15:47.0014 2400 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:15:47.0018 2400 mrxsmb10 - ok
19:15:47.0039 2400 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:15:47.0040 2400 mrxsmb20 - ok
19:15:47.0088 2400 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:15:47.0089 2400 msahci - ok
19:15:47.0113 2400 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:15:47.0114 2400 msdsm - ok
19:15:47.0144 2400 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:15:47.0146 2400 MSDTC - ok
19:15:47.0200 2400 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:15:47.0201 2400 Msfs - ok
19:15:47.0216 2400 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:15:47.0222 2400 mshidkmdf - ok
19:15:47.0266 2400 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:15:47.0268 2400 msisadrv - ok
19:15:47.0304 2400 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:15:47.0314 2400 MSiSCSI - ok
19:15:47.0324 2400 msiserver - ok
19:15:47.0344 2400 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:15:47.0351 2400 MSKSSRV - ok
19:15:47.0369 2400 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:15:47.0372 2400 MSPCLOCK - ok
19:15:47.0390 2400 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:15:47.0394 2400 MSPQM - ok
19:15:47.0451 2400 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:15:47.0456 2400 MsRPC - ok
19:15:47.0477 2400 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:15:47.0478 2400 mssmbios - ok
19:15:47.0503 2400 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:15:47.0509 2400 MSTEE - ok
19:15:47.0533 2400 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:15:47.0538 2400 MTConfig - ok
19:15:47.0560 2400 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:15:47.0561 2400 Mup - ok
19:15:47.0608 2400 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:15:47.0614 2400 napagent - ok
19:15:47.0707 2400 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:15:47.0721 2400 NativeWifiP - ok
19:15:47.0788 2400 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:15:47.0817 2400 NDIS - ok
19:15:47.0846 2400 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:15:47.0852 2400 NdisCap - ok
19:15:47.0870 2400 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:15:47.0878 2400 NdisTapi - ok
19:15:47.0927 2400 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:15:47.0935 2400 Ndisuio - ok
19:15:47.0973 2400 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:15:47.0983 2400 NdisWan - ok
19:15:48.0022 2400 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:15:48.0029 2400 NDProxy - ok
19:15:48.0058 2400 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:15:48.0059 2400 NetBIOS - ok
19:15:48.0105 2400 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:15:48.0122 2400 NetBT - ok
19:15:48.0144 2400 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:15:48.0146 2400 Netlogon - ok
19:15:48.0185 2400 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:15:48.0191 2400 Netman - ok
19:15:48.0228 2400 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:15:48.0259 2400 netprofm - ok
19:15:48.0295 2400 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:15:48.0297 2400 NetTcpPortSharing - ok
19:15:48.0447 2400 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
19:15:48.0612 2400 netw5v64 - ok
19:15:48.0632 2400 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:15:48.0633 2400 nfrd960 - ok
19:15:48.0669 2400 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:15:48.0699 2400 NlaSvc - ok
19:15:48.0736 2400 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:15:48.0737 2400 Npfs - ok
19:15:48.0771 2400 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:15:48.0776 2400 nsi - ok
19:15:48.0790 2400 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:15:48.0798 2400 nsiproxy - ok
19:15:48.0870 2400 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:15:48.0903 2400 Ntfs - ok
19:15:48.0923 2400 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:15:48.0927 2400 Null - ok
19:15:48.0955 2400 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:15:48.0956 2400 nvraid - ok
19:15:48.0997 2400 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:15:48.0999 2400 nvstor - ok
19:15:49.0041 2400 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:15:49.0050 2400 nv_agp - ok
19:15:49.0091 2400 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:15:49.0108 2400 ohci1394 - ok
19:15:49.0147 2400 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:15:49.0168 2400 p2pimsvc - ok
19:15:49.0209 2400 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:15:49.0240 2400 p2psvc - ok
19:15:49.0262 2400 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:15:49.0273 2400 Parport - ok
19:15:49.0315 2400 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:15:49.0316 2400 partmgr - ok
19:15:49.0327 2400 PCAMp50a64 - ok
19:15:49.0339 2400 PCASp50a64 - ok
19:15:49.0371 2400 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:15:49.0388 2400 PcaSvc - ok
19:15:49.0404 2400 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:15:49.0406 2400 pci - ok
19:15:49.0426 2400 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:15:49.0427 2400 pciide - ok
19:15:49.0468 2400 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:15:49.0486 2400 pcmcia - ok
19:15:49.0519 2400 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:15:49.0520 2400 pcw - ok
19:15:49.0558 2400 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:15:49.0602 2400 PEAUTH - ok
19:15:49.0709 2400 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:15:49.0711 2400 PerfHost - ok
19:15:49.0797 2400 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:15:49.0851 2400 pla - ok
19:15:49.0924 2400 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:15:49.0957 2400 PlugPlay - ok
19:15:49.0982 2400 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:15:49.0995 2400 PNRPAutoReg - ok
19:15:50.0026 2400 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:15:50.0030 2400 PNRPsvc - ok
19:15:50.0058 2400 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:15:50.0080 2400 PolicyAgent - ok
19:15:50.0139 2400 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:15:50.0150 2400 Power - ok
19:15:50.0204 2400 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:15:50.0213 2400 PptpMiniport - ok
19:15:50.0256 2400 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:15:50.0266 2400 Processor - ok
19:15:50.0321 2400 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:15:50.0343 2400 ProfSvc - ok
19:15:50.0357 2400 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:15:50.0358 2400 ProtectedStorage - ok
19:15:50.0398 2400 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:15:50.0399 2400 Psched - ok
19:15:50.0464 2400 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:15:50.0498 2400 ql2300 - ok
19:15:50.0515 2400 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:15:50.0516 2400 ql40xx - ok
19:15:50.0561 2400 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:15:50.0583 2400 QWAVE - ok
19:15:50.0621 2400 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:15:50.0626 2400 QWAVEdrv - ok
19:15:50.0649 2400 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:15:50.0656 2400 RasAcd - ok
19:15:50.0697 2400 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:15:50.0725 2400 RasAgileVpn - ok
19:15:50.0754 2400 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:15:50.0764 2400 RasAuto - ok
19:15:50.0800 2400 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:15:50.0829 2400 Rasl2tp - ok
19:15:50.0870 2400 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:15:50.0891 2400 RasMan - ok
19:15:50.0924 2400 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:15:50.0932 2400 RasPppoe - ok
19:15:50.0955 2400 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:15:50.0963 2400 RasSstp - ok
19:15:51.0014 2400 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:15:51.0018 2400 rdbss - ok
19:15:51.0038 2400 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:15:51.0048 2400 rdpbus - ok
19:15:51.0068 2400 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:15:51.0078 2400 RDPCDD - ok
19:15:51.0098 2400 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:15:51.0108 2400 RDPENCDD - ok
19:15:51.0132 2400 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:15:51.0141 2400 RDPREFMP - ok
19:15:51.0188 2400 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:15:51.0208 2400 RDPWD - ok
19:15:51.0258 2400 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:15:51.0258 2400 rdyboost - ok
19:15:51.0308 2400 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:15:51.0318 2400 RemoteAccess - ok
19:15:51.0380 2400 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:15:51.0390 2400 RemoteRegistry - ok
19:15:51.0502 2400 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
19:15:51.0532 2400 RichVideo - ok
19:15:51.0552 2400 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:15:51.0562 2400 RpcEptMapper - ok
19:15:51.0602 2400 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:15:51.0602 2400 RpcLocator - ok
19:15:51.0662 2400 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:15:51.0662 2400 RpcSs - ok
19:15:51.0704 2400 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:15:51.0711 2400 rspndr - ok
19:15:51.0743 2400 [ A5DF2F732A6C95554E548FCB6932BD31 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
19:15:51.0744 2400 RSUSBSTOR - ok
19:15:51.0794 2400 [ 66F9F7161D147B6486A22FEB9425930D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:15:51.0814 2400 RTL8167 - ok
19:15:51.0824 2400 RtsUIR - ok
19:15:51.0844 2400 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:15:51.0844 2400 SamSs - ok
19:15:51.0886 2400 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:15:51.0886 2400 sbp2port - ok
19:15:51.0926 2400 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:15:51.0956 2400 SCardSvr - ok
19:15:52.0012 2400 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:15:52.0018 2400 scfilter - ok
19:15:52.0078 2400 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:15:52.0118 2400 Schedule - ok
19:15:52.0158 2400 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:15:52.0158 2400 SCPolicySvc - ok
19:15:52.0208 2400 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
19:15:52.0218 2400 sdbus - ok
19:15:52.0258 2400 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:15:52.0288 2400 SDRSVC - ok
19:15:52.0318 2400 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:15:52.0329 2400 secdrv - ok
19:15:52.0370 2400 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:15:52.0380 2400 seclogon - ok
19:15:52.0420 2400 [ EDE7A1D2715AAC2190D51DC07AFD44E3 ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys
19:15:52.0430 2400 seehcri - ok
19:15:52.0450 2400 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:15:52.0450 2400 SENS - ok
19:15:52.0478 2400 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:15:52.0485 2400 SensrSvc - ok
19:15:52.0512 2400 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:15:52.0522 2400 Serenum - ok
19:15:52.0542 2400 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:15:52.0556 2400 Serial - ok
19:15:52.0585 2400 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:15:52.0594 2400 sermouse - ok
19:15:52.0655 2400 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:15:52.0656 2400 SessionEnv - ok
19:15:52.0706 2400 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:15:52.0716 2400 sffdisk - ok
19:15:52.0736 2400 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:15:52.0736 2400 sffp_mmc - ok
19:15:52.0756 2400 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:15:52.0756 2400 sffp_sd - ok
19:15:52.0782 2400 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:15:52.0798 2400 sfloppy - ok
19:15:52.0848 2400 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:15:52.0868 2400 SharedAccess - ok
19:15:52.0958 2400 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:15:52.0968 2400 ShellHWDetection - ok
19:15:53.0009 2400 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:15:53.0010 2400 SiSRaid2 - ok
19:15:53.0030 2400 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:15:53.0040 2400 SiSRaid4 - ok
19:15:53.0130 2400 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:15:53.0130 2400 SkypeUpdate - ok
19:15:53.0160 2400 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:15:53.0170 2400 Smb - ok
19:15:53.0232 2400 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:15:53.0232 2400 SNMPTRAP - ok
19:15:53.0262 2400 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:15:53.0262 2400 spldr - ok
19:15:53.0314 2400 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:15:53.0354 2400 Spooler - ok
19:15:53.0476 2400 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:15:53.0548 2400 sppsvc - ok
19:15:53.0579 2400 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:15:53.0589 2400 sppuinotify - ok
19:15:53.0630 2400 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:15:53.0640 2400 srv - ok
19:15:53.0660 2400 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:15:53.0670 2400 srv2 - ok
19:15:53.0720 2400 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
19:15:53.0740 2400 SrvHsfHDA - ok
19:15:53.0800 2400 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
19:15:53.0850 2400 SrvHsfV92 - ok
19:15:53.0890 2400 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
19:15:53.0920 2400 SrvHsfWinac - ok
19:15:53.0940 2400 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:15:53.0940 2400 srvnet - ok
19:15:53.0985 2400 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
19:15:53.0992 2400 ssadbus - ok
19:15:54.0022 2400 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
19:15:54.0022 2400 ssadmdfl - ok
19:15:54.0062 2400 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
19:15:54.0072 2400 ssadmdm - ok
19:15:54.0102 2400 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
19:15:54.0112 2400 ssadserd - ok
19:15:54.0182 2400 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:15:54.0212 2400 SSDPSRV - ok
19:15:54.0235 2400 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:15:54.0244 2400 SstpSvc - ok
19:15:54.0356 2400 [ 810199DCC3BDC38304D7D649992EA7BC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
19:15:54.0366 2400 STacSV - ok
19:15:54.0396 2400 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:15:54.0397 2400 stexstor - ok
19:15:54.0428 2400 [ ED1722F43CE61409EF68340402D6267D ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
19:15:54.0458 2400 STHDA - ok
19:15:54.0518 2400 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:15:54.0528 2400 stisvc - ok
19:15:54.0558 2400 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:15:54.0568 2400 swenum - ok
19:15:54.0608 2400 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:15:54.0628 2400 swprv - ok
19:15:54.0658 2400 [ 929C9FA0B18AD2EBC8340591C4BF00FF ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:15:54.0687 2400 SynTP - ok
19:15:54.0770 2400 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:15:54.0810 2400 SysMain - ok
19:15:54.0850 2400 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:15:54.0860 2400 TabletInputService - ok
19:15:54.0910 2400 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:15:54.0940 2400 TapiSrv - ok
19:15:54.0980 2400 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:15:54.0990 2400 TBS - ok
19:15:55.0080 2400 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:15:55.0120 2400 Tcpip - ok
19:15:55.0182 2400 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:15:55.0192 2400 TCPIP6 - ok
19:15:55.0244 2400 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:15:55.0254 2400 tcpipreg - ok
19:15:55.0302 2400 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:15:55.0307 2400 TDPIPE - ok
19:15:55.0357 2400 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:15:55.0357 2400 TDTCP - ok
19:15:55.0407 2400 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:15:55.0417 2400 tdx - ok
19:15:55.0473 2400 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:15:55.0479 2400 TermDD - ok
19:15:55.0539 2400 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:15:55.0569 2400 TermService - ok
19:15:55.0611 2400 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:15:55.0621 2400 Themes - ok
19:15:55.0651 2400 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:15:55.0651 2400 THREADORDER - ok
19:15:55.0683 2400 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:15:55.0683 2400 TrkWks - ok
19:15:55.0743 2400 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:15:55.0753 2400 TrustedInstaller - ok
19:15:55.0815 2400 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:15:55.0835 2400 tssecsrv - ok
19:15:55.0886 2400 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:15:55.0894 2400 TsUsbFlt - ok
19:15:55.0927 2400 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:15:55.0927 2400 tunnel - ok
19:15:55.0967 2400 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:15:55.0980 2400 uagp35 - ok
19:15:56.0029 2400 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:15:56.0049 2400 udfs - ok
19:15:56.0106 2400 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:15:56.0108 2400 UI0Detect - ok
19:15:56.0141 2400 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:15:56.0151 2400 uliagpkx - ok
19:15:56.0207 2400 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:15:56.0216 2400 umbus - ok
19:15:56.0246 2400 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:15:56.0259 2400 UmPass - ok
19:15:56.0299 2400 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:15:56.0332 2400 upnphost - ok
19:15:56.0348 2400 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:15:56.0368 2400 usbccgp - ok
19:15:56.0378 2400 USBCCID - ok
19:15:56.0430 2400 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:15:56.0440 2400 usbcir - ok
19:15:56.0460 2400 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:15:56.0470 2400 usbehci - ok
19:15:56.0504 2400 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
19:15:56.0532 2400 usbhub - ok
19:15:56.0552 2400 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:15:56.0562 2400 usbohci - ok
19:15:56.0594 2400 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:15:56.0604 2400 usbprint - ok
19:15:56.0634 2400 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:15:56.0634 2400 USBSTOR - ok
19:15:56.0687 2400 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:15:56.0696 2400 usbuhci - ok
19:15:56.0724 2400 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:15:56.0726 2400 usbvideo - ok
19:15:56.0766 2400 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:15:56.0776 2400 UxSms - ok
19:15:56.0796 2400 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:15:56.0796 2400 VaultSvc - ok
19:15:56.0806 2400 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:15:56.0806 2400 vdrvroot - ok
19:15:56.0861 2400 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:15:56.0881 2400 vds - ok
19:15:56.0911 2400 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:15:56.0930 2400 vga - ok
19:15:56.0954 2400 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:15:56.0960 2400 VgaSave - ok
19:15:56.0973 2400 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:15:56.0993 2400 vhdmp - ok
19:15:57.0041 2400 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:15:57.0042 2400 viaide - ok
19:15:57.0072 2400 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:15:57.0074 2400 volmgr - ok
19:15:57.0126 2400 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:15:57.0126 2400 volmgrx - ok
19:15:57.0156 2400 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:15:57.0156 2400 volsnap - ok
19:15:57.0196 2400 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:15:57.0196 2400 vsmraid - ok
19:15:57.0286 2400 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:15:57.0337 2400 VSS - ok
19:15:57.0369 2400 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:15:57.0388 2400 vwifibus - ok
19:15:57.0418 2400 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:15:57.0429 2400 vwififlt - ok
19:15:57.0480 2400 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:15:57.0480 2400 W32Time - ok
19:15:57.0524 2400 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:15:57.0542 2400 WacomPen - ok
19:15:57.0585 2400 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:15:57.0595 2400 WANARP - ok
19:15:57.0605 2400 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:15:57.0605 2400 Wanarpv6 - ok
19:15:57.0677 2400 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:15:57.0717 2400 WatAdminSvc - ok
19:15:57.0799 2400 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:15:57.0839 2400 wbengine - ok
19:15:57.0881 2400 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:15:57.0885 2400 WbioSrvc - ok
19:15:57.0931 2400 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:15:57.0931 2400 wcncsvc - ok
19:15:57.0971 2400 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:15:57.0991 2400 WcsPlugInService - ok
19:15:58.0011 2400 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:15:58.0011 2400 Wd - ok
19:15:58.0071 2400 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:15:58.0101 2400 Wdf01000 - ok
19:15:58.0121 2400 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:15:58.0131 2400 WdiServiceHost - ok
19:15:58.0151 2400 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:15:58.0151 2400 WdiSystemHost - ok
19:15:58.0193 2400 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:15:58.0213 2400 WebClient - ok
19:15:58.0243 2400 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:15:58.0263 2400 Wecsvc - ok
19:15:58.0283 2400 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:15:58.0303 2400 wercplsupport - ok
19:15:58.0336 2400 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:15:58.0338 2400 WerSvc - ok
19:15:58.0371 2400 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:15:58.0375 2400 WfpLwf - ok
19:15:58.0395 2400 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:15:58.0395 2400 WIMMount - ok
19:15:58.0425 2400 WinDefend - ok
19:15:58.0457 2400 WinHttpAutoProxySvc - ok
19:15:58.0517 2400 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:15:58.0517 2400 Winmgmt - ok
19:15:58.0607 2400 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:15:58.0687 2400 WinRM - ok
19:15:58.0756 2400 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:15:58.0766 2400 WinUsb - ok
19:15:58.0819 2400 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:15:58.0839 2400 Wlansvc - ok
19:15:58.0979 2400 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:15:58.0999 2400 wlidsvc - ok
19:15:59.0021 2400 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:15:59.0022 2400 WmiAcpi - ok
19:15:59.0063 2400 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:15:59.0067 2400 wmiApSrv - ok
19:15:59.0091 2400 WMPNetworkSvc - ok
19:15:59.0131 2400 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:15:59.0141 2400 WPCSvc - ok
19:15:59.0181 2400 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:15:59.0191 2400 WPDBusEnum - ok
19:15:59.0221 2400 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:15:59.0231 2400 ws2ifsl - ok
19:15:59.0281 2400 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:15:59.0291 2400 wscsvc - ok
19:15:59.0301 2400 WSearch - ok
19:15:59.0403 2400 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:15:59.0465 2400 wuauserv - ok
19:15:59.0505 2400 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:15:59.0505 2400 WudfPf - ok
19:15:59.0535 2400 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:15:59.0545 2400 WUDFRd - ok
19:15:59.0597 2400 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:15:59.0600 2400 wudfsvc - ok
19:15:59.0647 2400 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:15:59.0667 2400 WwanSvc - ok
19:15:59.0707 2400 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
19:15:59.0739 2400 yukonw7 - ok
19:15:59.0779 2400 ================ Scan global ===============================
19:15:59.0839 2400 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:15:59.0889 2400 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:15:59.0919 2400 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:15:59.0951 2400 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:16:00.0001 2400 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:16:00.0001 2400 [Global] - ok
19:16:00.0011 2400 ================ Scan MBR ==================================
19:16:00.0021 2400 [ A7E38E9EEAF032C7DB773BD095253998 ] \Device\Harddisk0\DR0
19:16:00.0253 2400 \Device\Harddisk0\DR0 - ok
19:16:00.0263 2400 ================ Scan VBR ==================================
19:16:00.0273 2400 [ C0020AA501A4711A0D1593EAEEDC381D ] \Device\Harddisk0\DR0\Partition1
19:16:00.0273 2400 \Device\Harddisk0\DR0\Partition1 - ok
19:16:00.0293 2400 [ 05E666D7023C3B698F0743BB3D0B130C ] \Device\Harddisk0\DR0\Partition2
19:16:00.0293 2400 \Device\Harddisk0\DR0\Partition2 - ok
19:16:00.0335 2400 [ 6E0B6C9D6534FBAB662A1E36415693B5 ] \Device\Harddisk0\DR0\Partition3
19:16:00.0335 2400 \Device\Harddisk0\DR0\Partition3 - ok
19:16:00.0335 2400 ============================================================
19:16:00.0335 2400 Scan finished
19:16:00.0335 2400 ============================================================
19:16:00.0355 3968 Detected object count: 0
19:16:00.0355 3968 Actual detected object count: 0
Avatar du membre

Re: [Résolu] Liens redirigés et centre de sécurité windows d

par 2011N2
 dim. 26 mai 2013 19:20 #47416
Re,

Ok, mais je pense que si : c'est possible pour tous les logiciels, il te suffit de faire un clic droit dessus puis Exécuter en tant qu'administrateur.
Rien non plus là-dessus, si c'est un problème d'infection, elle se cache bien !

On va passer à la vitesse supérieur.
  • Télécharge ComboFix (de sUBs) sur ton bureau et pas à un autre endroit. Avant de le télécharger, renomme le en ccm.exe

    /!\ Ferme toutes les fenêtres ouvertes /!\
    /!\ Attention, combofix est un programme puissant à ne pas utiliser sans prescription par une personne qualifiée/!\
  • Double clique sur ccm.exe afin de le lancer. (Clique droit/Exécuter en tant qu'administrateur pour Vista/7)
  • Clique sur Oui.
  • Si tu es sous Windows XP, il va te demander d'installer la console de récupération : tu dois absolument accepter.

    /!\ Déconnecte-toi du net APRES l'installation de la console de récupération /!\
  • Si tu as installé la console de récupération, répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. /!\
    /!\ (ne touche a rien pendant que l'outil travaille pour ne pas figer ton pc)/!\
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
@+

Gabriel.
Avatar du membre

Re: [Résolu] Liens redirigés et centre de sécurité windows d

par samsam
 dim. 26 mai 2013 19:44 #47424
le dernier rapport:


ComboFix 13-05-25.02 - Mon PC 26/05/2013 19:31:36.1.1 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3003.1870 [GMT 2:00]
Lancé depuis: C:\Users\Mon PC\Downloads\ccm.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé


(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))


C:\config.Bin
C:\config.bin\F046C35AEB337F0
C:\Install.exe
C:\Windows\SysWow64\muzapp.exe
C:\Windows\SysWow64\System32\MASetupCleaner.exe
C:\Windows\SysWow64\System32\muzapp.exe


((((((((((((((((((((((((((((( Fichiers créés du 2013-04-26 au 2013-05-26 ))))))))))))))))))))))))))))))))))))


2013-05-26 17:39:12 . 2013-05-26 17:39:12 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-05-26 14:23:25 . 2013-05-26 16:01:48 -------- d-----w- C:\ZHP
2013-05-26 14:23:25 . 2013-05-26 16:01:27 -------- d-----w- C:\Program Files (x86)\ZHPDiag
2013-05-26 12:11:03 . 2013-05-26 12:11:03 -------- d-----w- C:\Windows\SysWow64\wbem\en-US
2013-05-26 12:11:03 . 2013-05-26 12:11:03 -------- d-----w- C:\Windows\system32\wbem\en-US
2013-05-26 11:38:36 . 2013-05-26 14:17:26 -------- d-----w- C:\Users\Mon PC\AppData\Local\ElevatedDiagnostics
2013-05-26 11:21:53 . 2013-05-26 11:21:58 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-26 09:17:44 . 2013-05-26 10:36:09 -------- d-----w- C:\Program Files (x86)\Spybot - Search Destroy 2
2013-05-25 19:02:52 . 2013-05-25 19:02:52 -------- d-----w- C:\Program Files\Enigma Software Group
2013-05-25 19:02:34 . 2013-05-26 00:29:11 -------- d-----w- C:\Windows\E63D89610BA94CF39E94407ACA42846C.TMP
2013-05-25 19:02:33 . 2013-05-25 19:02:33 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-05-22 21:39:59 . 2013-05-22 21:39:59 212992 --sha-r- C:\Windows\SysWow64\remotespx.dll
2013-05-15 17:06:41 . 2013-04-10 06:01:54 265064 ----a-w- C:\Windows\system32\drivers\dxgmms1.sys
2013-05-15 17:06:41 . 2013-04-10 06:01:53 983400 ----a-w- C:\Windows\system32\drivers\dxgkrnl.sys
2013-05-15 17:06:41 . 2011-02-03 11:25:18 144384 ----a-w- C:\Windows\system32\cdd.dll
2013-05-15 17:06:30 . 2013-02-27 05:52:56 14172672 ----a-w- C:\Windows\system32\shell32.dll
2013-05-15 17:06:29 . 2013-02-27 06:02:44 111448 ----a-w- C:\Windows\system32\consent.exe
2013-05-15 17:06:29 . 2013-02-27 05:52:55 197120 ----a-w- C:\Windows\system32\shdocvw.dll
2013-05-15 17:06:29 . 2013-02-27 05:48:00 1930752 ----a-w- C:\Windows\system32\authui.dll
2013-05-15 17:06:29 . 2013-02-27 05:47:10 70144 ----a-w- C:\Windows\system32\appinfo.dll
2013-05-15 17:06:29 . 2013-02-27 04:49:24 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-15 17:06:09 . 2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\system32\win32k.sys
2013-05-13 17:17:38 . 2013-05-13 17:17:23 83160 ----a-w- C:\Windows\system32\drivers\avnetflt.sys
2013-05-06 08:48:23 . 2013-05-06 08:53:52 -------- d-----w- C:\Program Files (x86)\Windows Live
2013-04-29 18:01:02 . 2013-04-29 18:01:02 -------- d-----w- C:\Windows\SysWow64\Wat
2013-04-29 18:01:02 . 2013-04-29 18:01:02 -------- d-----w- C:\Windows\system32\Wat
2013-04-28 09:10:22 . 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\system32\drivers\ntfs.sys
.


(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

2013-05-15 18:31:58 . 2013-01-16 19:10:39 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-15 18:31:58 . 2011-08-17 20:40:36 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 18:16:33 . 2010-04-01 18:46:16 75016696 ----a-w- C:\Windows\system32\MRT.exe
2013-05-06 08:47:50 . 2011-03-28 16:36:46 22240 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-18 19:52:18 . 2013-04-18 19:52:25 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-18 19:52:16 . 2013-04-18 19:52:38 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-04-18 19:52:16 . 2010-08-23 22:33:41 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-04-04 12:50:32 . 2013-04-19 20:02:52 25928 ----a-w- C:\Windows\system32\drivers\mbam.sys
2013-03-30 15:08:15 . 2013-03-30 15:08:31 28600 ----a-w- C:\Windows\system32\drivers\avkmgr.sys
2013-03-30 15:08:15 . 2013-03-30 15:08:31 130016 ----a-w- C:\Windows\system32\drivers\avipbb.sys
2013-03-30 15:08:15 . 2013-03-30 15:08:31 100712 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
2013-03-19 06:04:06 . 2013-04-18 18:41:56 5550424 ----a-w- C:\Windows\system32\ntoskrnl.exe
2013-03-19 05:46:56 . 2013-04-18 18:41:54 43520 ----a-w- C:\Windows\system32\csrsrv.dll
2013-03-19 05:04:13 . 2013-04-18 18:41:55 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 . 2013-04-18 18:41:55 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 . 2013-04-18 18:41:54 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 . 2013-04-18 18:41:54 112640 ----a-w- C:\Windows\system32\smss.exe


((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* les éléments vides les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 10:13:36 2363392]
"ccleaner"="C:\Program Files (x86)\CCleaner\ccleaner.exe" [2009-12-21 21:27:00 1803064]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-20 13:25:17 1475584]
"Glary Memory Optimizer"="C:\Program Files (x86)\Glary Utilities\memdefrag.exe" [2012-08-09 06:46:46 108384]
"KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe" [2012-12-20 17:44:26 1476104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="C:\Program Files (x86)\HP\QuickPlay\QPService.exe" [2009-06-23 20:34:22 468264]
"UCam_Menu"="C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 19:21:32 218408]
"QlbCtrl.exe"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 12:19:48 323640]
"UpdatePRCShortCut"="C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 20:16:16 222504]
"Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe" [2009-06-22 10:00:00 60464]
"WirelessAssistant"="C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 11:47:08 500792]
"KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 17:44:28 310280]
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-13 17:16:14 345312]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 05:32:50 253816]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 19:08:28 946352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 12:27:14 138576]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe [2009-07-14 01:39:46 27136]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-01-08 11:55:20 161536]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys [2010-12-21 05:55:02 36328]
R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 20:35:28 5434368]
R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50a64.sys [x]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50a64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys [2009-06-24 19:00:18 216576]
R3 RtsUIR;Realtek IR Driver;C:\Windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 21:01:11 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 21:01:11 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 21:01:11 740864]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys [2011-06-02 05:47:22 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 05:47:22 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 05:47:22 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys [2011-06-02 05:47:22 146920]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392]
R3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe [2013-04-29 18:01:00 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys [2009-06-10 20:35:33 389120]
S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys [2013-03-30 15:08:15 28600]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 21:42:58 89600]
S2 AntiVirSchedulerService;Avira Planificateur;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-30 15:08:07 86752]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 10:55:16 86528]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 12:21:32 227896]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys [2009-05-26 12:13:10 138752]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-12-19 08:11:40 314400]
S3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\system32\DRIVERS\seehcri.sys [2010-02-14 11:42:40 34032]


--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - 55520085
*Deregistered* - 55520085

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11:44 451872 ----a-w- C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe

Contenu du dossier 'Tâches planifiées'

2013-05-26 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-16 19:10:39 . 2013-05-15 18:32:02]

2013-05-26 C:\Windows\Tasks\fbvjm.job
- C:\Windows\system32\rundll32.exe [2009-07-13 23:41:43 . 2009-07-14 01:14:31]

2013-05-26 C:\Windows\Tasks\GlaryInitialize.job
- C:\Program Files (x86)\Glary Utilities\initialize.exe [2012-08-24 19:39:01 . 2012-08-09 06:46:38]

2013-04-28 C:\Windows\Tasks\HPCeeScheduleForMON-PC$.job
- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 02:22:28 . 2009-10-07 02:22:28]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [2009-07-22 01:33:32 450048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-08-19 14:23:42 171520]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2010-08-25 18:45:04 161304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2010-08-25 18:44:54 386584]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2010-08-25 18:45:00 415256]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache

------- Examen supplémentaire -------

uStart Page = hxxp://www.google.com/
uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
mSearch Bar = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.0.254
FF - ProfilePath - C:\Users\Mon PC\AppData\Roaming\Mozilla\Firefox\Profiles\p1wiyyg4.default-1369586340244\

- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-{0F04F2BC-396D-4B63-8DF6-458758A00A3E} - (no file)
HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - C:\Windows\system32\ezMDUninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - C:\Program Files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
Avatar du membre

Re: [Résolu] Liens redirigés et centre de sécurité windows d

par samsam
 dim. 26 mai 2013 19:51 #47430
apparemment non, j'avais pourtant fait ctrl+ a et ctrl+c



ComboFix 13-05-25.02 - Mon PC 26/05/2013 19:31:36.1.1 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3003.1870 [GMT 2:00]
Lancé depuis: c:\users\Mon PC\Downloads\ccm.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\config.Bin
c:\config.bin\F046C35AEB337F0
C:\Install.exe
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2013-04-26 au 2013-05-26 ))))))))))))))))))))))))))))))))))))
.
.
2013-05-26 17:39 . 2013-05-26 17:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-26 14:23 . 2013-05-26 16:01 -------- d-----w- C:\ZHP
2013-05-26 14:23 . 2013-05-26 16:01 -------- d-----w- c:\program files (x86)\ZHPDiag
2013-05-26 12:11 . 2013-05-26 12:11 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2013-05-26 12:11 . 2013-05-26 12:11 -------- d-----w- c:\windows\system32\wbem\en-US
2013-05-26 11:38 . 2013-05-26 14:17 -------- d-----w- c:\users\Mon PC\AppData\Local\ElevatedDiagnostics
2013-05-26 11:21 . 2013-05-26 11:21 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-05-26 09:17 . 2013-05-26 10:36 -------- d-----w- c:\program files (x86)\Spybot - Search Destroy 2
2013-05-25 19:02 . 2013-05-25 19:02 -------- d-----w- c:\program files\Enigma Software Group
2013-05-25 19:02 . 2013-05-26 00:29 -------- d-----w- c:\windows\E63D89610BA94CF39E94407ACA42846C.TMP
2013-05-25 19:02 . 2013-05-25 19:02 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-05-22 21:39 . 2013-05-22 21:39 212992 --sha-r- c:\windows\SysWow64\remotespx.dll
2013-05-15 17:06 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 17:06 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 17:06 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 17:06 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 17:06 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 17:06 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 17:06 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 17:06 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 17:06 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 17:06 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-13 17:17 . 2013-05-13 17:17 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-05-06 08:48 . 2013-05-06 08:53 -------- d-----w- c:\program files (x86)\Windows Live
2013-04-29 18:01 . 2013-04-29 18:01 -------- d-----w- c:\windows\SysWow64\Wat
2013-04-29 18:01 . 2013-04-29 18:01 -------- d-----w- c:\windows\system32\Wat
2013-04-28 09:10 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 18:31 . 2013-01-16 19:10 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 18:31 . 2011-08-17 20:40 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 18:16 . 2010-04-01 18:46 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-06 08:47 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-18 19:52 . 2013-04-18 19:52 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-18 19:52 . 2013-04-18 19:52 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-18 19:52 . 2010-08-23 22:33 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-04 12:50 . 2013-04-19 20:02 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-30 15:08 . 2013-03-30 15:08 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-30 15:08 . 2013-03-30 15:08 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-30 15:08 . 2013-03-30 15:08 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-19 06:04 . 2013-04-18 18:41 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-18 18:41 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-18 18:41 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-18 18:41 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-18 18:41 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-18 18:41 112640 ----a-w- c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"ccleaner"="c:\program files (x86)\CCleaner\ccleaner.exe" [2009-12-21 1803064]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Glary Memory Optimizer"="c:\program files (x86)\Glary Utilities\memdefrag.exe" [2012-08-09 108384]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-12-20 1476104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-23 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-06-22 60464]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-13 345312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [x]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 146920]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2013-04-29 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-30 28600]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AntiVirSchedulerService;Avira Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-30 86752]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 138752]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-12-19 314400]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-02-14 34032]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - 55520085
*Deregistered* - 55520085
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
.
2013-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-16 18:32]
.
2013-05-26 c:\windows\Tasks\fbvjm.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-05-26 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2012-08-24 06:46]
.
2013-04-28 c:\windows\Tasks\HPCeeScheduleForMON-PC$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 02:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-19 171520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Bar = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.0.254
FF - ProfilePath - c:\users\Mon PC\AppData\Roaming\Mozilla\Firefox\Profiles\p1wiyyg4.default-1369586340244\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-{0F04F2BC-396D-4B63-8DF6-458758A00A3E} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2013-05-26 19:43:30
ComboFix-quarantined-files.txt 2013-05-26 17:43
.
Avant-CF: 134 168 092 672 octets libres
Après-CF: 134 028 148 736 octets libres
.
- - End Of File - - 43927D70B4DC90C7FBBD7F88C1792782
Avatar du membre

Re: [Résolu] Liens redirigés et centre de sécurité windows d

par samsam
 dim. 26 mai 2013 20:20 #47438
le voici
ça dit quoi ? :-)

Rapport de ZHPDiag v2013.5.25.152 par Nicolas Coolman, Update du 25/05/2013
Run by Mon PC at 26/05/2013 20:14:51
WebSite: http://nicolascoolman.webs.com
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user


---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16576
MFIE: Mozilla Firefox 21.0 (Defaut)

---\\ Windows Product Information
~ Langage: Français
Windows Vista Home Premium Edition, 64-bit (Build 6000)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
~ Windows Remaining Initializations Number : 0
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK

---\\ System Protection
Avira Free Antivirus v13.0.0.3640
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ System Optimizer
CCleaner v2.27 =Piriform Ltd

---\\ Peer To Peer (P2P)

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 21

---\\ System Information
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3002 MB (61% free)
System Restore: Désactivé (Disabled)
System drive C: has 125 GB (56%) free of 220 GB

---\\ Logged in mode
~ Computer Name: MON-PC
~ User Name: Mon PC
~ All Users Names: Mon PC, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Mon PC\AppData\Roaming\
~ %Desktop% : C:\Users\Mon PC\Desktop\
~ %Favorites% : C:\Users\Mon PC\Favorites\
~ %LocalAppData% : C:\Users\Mon PC\AppData\Local\
~ %StartMenu% : C:\Users\Mon PC\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 125 Go of 220 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 13 Go)
E:\ CD-ROM drive (Not Inserted)



---\\ Security Center Tools Informations
~ Security Center: 37 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.27A9000C534AA9BADC9EE74940F50C6D] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/05/2013 - 13:06:04.) -- C:\Windows\System32\wininet.dll [2242048]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/826
~ Mes musiques (My Musics) : 17/464
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/30
~ Mes Documents (My Documents) : 1/167
~ Mon Bureau (My Desktop) : 1/665
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 03s



---\\ Processus lancés
[MD5.CCF2234A35077CA217A61C9CACC48198] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392] [PID.1844]
[MD5.0C28CA66075C5C7E6E395CBD62EBB431] - (.Glarysoft Ltd - Memory Optimizer.) -- C:\Program Files (x86)\Glary Utilities\memdefrag.exe [108384] [PID.1536]
[MD5.8E7AF6DD4E43C14D957C0AD7CA0A7B89] - (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe [1476104] [PID.360]
[MD5.A2814FED5A47B00BBC99AC58F93B9337] - (.CyberLink Corp. - HP QuickPlay Resident Program.) -- C:\Program Files (x86)\Hp\QuickPlay\QPService.exe [468264] [PID.2720]
[MD5.8F89E6CB82E6DB45BC993D423CD0FDBD] - (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [323640] [PID.3116]
[MD5.5DBC85C723E421198FD35C3355EBA996] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280] [PID.3212]
[MD5.FD579C25D253A47DF82A76B7EE96ADB5] - (.Avira Operations GmbH Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345312] [PID.3240]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816] [PID.2968]
[MD5.0DE3C7622EC33126579B1742260F08C2] - (.Pas de propriétaire - HpqToaster Module.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe [632888] [PID.2992]
[MD5.95110A1C5A1D228AC1DDF6AB67D00BEB] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [920472] [PID.2492]
[MD5.6FC79A950476A5F539EEB65F9097C0A8] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.4432]
[MD5.23AA0FDCBDD87D0B78092798C68312D8] - (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe [1855880] [PID.4468]
[MD5.F72DD84DD69DF001CF4D1B909685A136] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7402496] [PID.2588]
[MD5.E41F55D0B71734BB68FF26963EB250E4] - (.Avira Operations GmbH Co. KG - Avira Scheduler.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752] [PID.1232]
[MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1440]
[MD5.880AE0BEDE234F27AC252049373B8CB9] - (.Avira Operations GmbH Co. KG - Avira On-Access Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816] [PID.1496]
[MD5.83D8BE94E1CBCBE2EA8372DB1A95A159] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.1632]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.1688]
[MD5.498EB62A160674E793FA40FD65390625] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152] [PID.1924]
[MD5.9B7EDD3FE7C211C36E921D34D18A3A0A] - (.Hewlett-Packard Company - HP Software Framework WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1001376] [PID.4092]
[MD5.C7A0E61D5714AC20DE52D4F66EC773B8] - (.Hewlett-Packard Development Company, L.P. - Com for QLB application.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [227896] [PID.3800]
~ Processes Running: Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Applications démarrées par registre par dossier (O4)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKCU\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files (x86)\CCleaner\ccleaner.exe =Piriform Ltd
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [Glary Memory Optimizer] . (.Glarysoft Ltd - Memory Optimizer.) -- C:\Program Files (x86)\Glary Utilities\memdefrag.exe
O4 - HKCU\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
O4 - HKLM\..\Wow6432Node\Run: [QPService] . (.CyberLink Corp. - HP QuickPlay Resident Program.) -- C:\Program Files (x86)\HP\QuickPlay\QPService.exe
O4 - HKLM\..\Wow6432Node\Run: [UCam_Menu] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [QlbCtrl.exe] . (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdatePRCShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [Easybits Recovery] . (.EasyBits Software AS - Pas de description.) -- C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Wow6432Node\Run: [WirelessAssistant] . (.Hewlett-Packard Company - HP Wireless Assistant Main Program.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Wow6432Node\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKUS\S-1-5-21-3333000847-1185285615-873805259-1002\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKUS\S-1-5-21-3333000847-1185285615-873805259-1002\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files (x86)\CCleaner\ccleaner.exe =Piriform Ltd
O4 - HKUS\S-1-5-21-3333000847-1185285615-873805259-1002\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-3333000847-1185285615-873805259-1002\..\Run: [Glary Memory Optimizer] . (.Glarysoft Ltd - Memory Optimizer.) -- C:\Program Files (x86)\Glary Utilities\memdefrag.exe
O4 - HKUS\S-1-5-21-3333000847-1185285615-873805259-1002\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: HPAdvisor.lnk . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Glary Utilities.lnk . (.Glarysoft Ltd - Glary Utilities.) -- C:\Program Files (x86)\Glary Utilities\Integrator.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Samsung Kies (Lite).lnk . (...) -- C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe
O4 - GS\QuickLaunch: Samsung Kies.lnk . (...) -- C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
~ Global Startup: Scanned in 00mn 17s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FE8B857-D129-4C83-A761-AF9A96655FE9}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{4FE8B857-D129-4C83-A761-AF9A96655FE9}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{4FE8B857-D129-4C83-A761-AF9A96655FE9}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\fbvjm.job [308]
~ Scheduled Task: 13 Legitimates Filtered in 00mn 10s



---\\ HKCU HKLM Software Keys
[HKCU\Software\Baraka Casino Online]
[HKLM\Software\Wow6432Node\Baraka Casino Online]
~ Key Software: 208 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/03/2013 - 23:34:35 - [0] ----D C:\ProgramData\Tracing
O43 - CFD: 17/07/2010 - 01:27:46 - [0,071] ----D C:\Users\Mon PC\AppData\Local\Ares
~ Program Folder: 164 Legitimates Filtered in 00mn 35s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D7A08DD4D9AECC99C9B1AE1498582956] - 26/05/2013 - 18:43:31 ---A- . (...) -- C:\ComboFix.txt [18498]
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 26/05/2013 - 18:39:19 ---A- . (...) -- C:\Windows\system.ini [215]
O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 26/05/2013 - 18:29:55 ---A- . (...) -- C:\Windows\MBR.exe [208896]
O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 26/05/2013 - 18:29:55 ---A- . (...) -- C:\Windows\PEV.exe [256000]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 26/05/2013 - 18:29:55 ---A- . (...) -- C:\Windows\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 26/05/2013 - 18:29:55 ---A- . (...) -- C:\Windows\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 26/05/2013 - 18:29:55 ---A- . (...) -- C:\Windows\zip.exe [68096]
O44 - LFC:[MD5.16122A25EBB382F6F612DF37C34527A0] - 26/05/2013 - 18:26:22 ---A- . (...) -- C:\TDSSKiller.2.8.16.0_26.05.2013_19.15.25_log.txt [128618]
O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 26/05/2013 - 13:06:04 ---A- . (...) -- C:\Windows\SysNative\ieuinit.inf [25185]
O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 26/05/2013 - 13:06:04 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [25185]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 25/05/2013 - 20:03:17 ---A- . (...) -- C:\autoexec.bat [0]
~ Files: 145 Legitimates Filtered in 00mn 55s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
O58 - SDL:[MD5.1BF91F352D746AD7469FA71783B5FAE8] - 28/11/2006 - 20:46:22 ---A- . (.Printing Communications Assoc., Inc. (PCAUS - PCAUSA NDIS 5.0 MPR Protocol Driver.) -- C:\Windows\SysWOW64\drivers\PCAMp50.sys [28224]
~ Drivers: Scanned in 00mn 00s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (esgiguard) .(...) - LEGACY_ESGIGUARD
~ Legacy: 113 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {23046832-EC72-4A12-95A3-2E33CF55EED0} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {57C2B6C1-1AC1-4A0C-B420-B5F58D97E092} - (Kelkoo) - http://fr.kelkoopartners.net
O69 - SBI: SearchScopes [HKCU] {880A9FCC-690A-4C42-94BE-25111BF006BF} - (AOL Recherche) - http://slirsredirect.search.aol.com
O69 - SBI: SearchScopes [HKCU] {9FFCFBA8-423D-4B55-B6EE-EAB16A3B5FC1} - (Yahoo!) - http://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {D178F9F5-FF12-4726-9E98-87FF7BB5AFDC} - (Ask Search) - http://websearch.ask.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.80C00FF59E224B61F6D6186674BAE201] [SPRF][20/05/2013] (...) -- C:\Users\Mon PC\AppData\Roaming\wklnhst.dat [1390]
~ Files: Scanned in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{8046C32E-60F3-4DF0-A3DC-2B5426B2CD37}C:\program files (x86)\ares\ares.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\ares\ares.exe (.not file.)
O87 - FAEL: "UDP Query User{E1397193-A1E6-4385-A49A-D6C54DD0C123}C:\program files (x86)\ares\ares.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\ares\ares.exe (.not file.)
O87 - FAEL: "TCP Query User{6E2BB215-BEF3-4ABD-9D09-F54EB0BD2F20}C:\program files (x86)\ares\ares.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\ares\ares.exe (.not file.)
O87 - FAEL: "UDP Query User{B195A13D-FE5D-4673-9604-D5D46AE671D2}C:\program files (x86)\ares\ares.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\ares\ares.exe (.not file.)
O87 - FAEL: "{F98B87A8-2635-4524-9CF2-681D1CC9FA18}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "{76B034B3-E81D-4CFC-A3A1-BC7E024F8EED}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "TCP Query User{A4D36C31-018A-4816-BDCC-6410AF55D4E8}C:\program files (x86)\limewire\limewire.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\limewire\limewire.exe (.not file.)
O87 - FAEL: "UDP Query User{F836D7B2-8856-487E-BCFE-513AE1CE86AB}C:\program files (x86)\limewire\limewire.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\limewire\limewire.exe (.not file.)
O87 - FAEL: "TCP Query User{45B26665-AEEA-471A-A324-0FD3D36E4B87}C:\users\mon pc\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\mon pc\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =PUP.CacaoWeb
O87 - FAEL: "UDP Query User{5E92DDE4-261A-4132-ADA8-EDE4BA138E89}C:\users\mon pc\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\mon pc\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =PUP.CacaoWeb
~ Firewall: 221 Legitimates Filtered in 00mn 01s



---\\ Scan Additionnel (O88)
Database Version : v2.12362 - (25/05/2013)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ESGIGUARD] =Crapware.SpyHunter
~ Additionnel Scan: 294075 Items scanned in 00mn 50s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 15/05/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 02/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
SR - | Auto 30/03/2013 86752 | (AntiVirSchedulerService) . (.Avira Operations GmbH Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 30/03/2013 110816 | (AntiVirService) . (.Avira Operations GmbH Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Demand 25/02/2010 227896 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SS - | Demand 22/05/2009 250616 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
SR - | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
SR - | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 17/06/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SS - | Demand 11/05/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 247152 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SS - | Auto 08/01/2013 161536 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 22/07/2009 240128 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
SS - | Disabled 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 01s



~ 1208 Legitimates filtered by white list
End of the scan (375 lines in 03mn 27s)(0)
Avatar du membre

Re: [Résolu] Liens redirigés et centre de sécurité windows d

par 2011N2
 dim. 26 mai 2013 20:33 #47441
Re,

Bah ça dit que y'a pas grand chose de spécial et que je ne comprends pas d'où proviennent tes redirections...
On va utiliser un outil de script plus puissant pour virer quelque chose de récalcitrant, on sait jamais, mais je doute que tu constates des améliorations après. On aura tout de même encore d'autres choses à tenter.

/!\ Le script proposé ci-dessous n'est valable que pour l'helpé en cours /!\
  • Télécharge OTM (de Olt_Timer) sur ton bureau.
  • Lance-le (Clique droit/Exécuter en tant qu'administrateur pour Vista/7)
  • Dans la partie de gauche, copie/colle les lignes suivantes.

    :Reg
    [-HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ESGIGUARD]

    :files
    C:\users\mon pc\appdata\roaming\cacaoweb\cacaoweb.exe

    :Services
    esgiguard

    :commands
    [emptytemp]
  • Clique sur Movelt!.
  • Patiente le temps du nettoyage, ton ordinateur va redémarrer.
  • Poste le rapport situé sous C:\_OTM\MovedFiles\[MMJJAAAA_***].txt
    précédemment hébergé sur http://www.cjoint.com
@+

Gabriel.
Avatar du membre

Re: [Résolu] Liens redirigés et centre de sécurité windows d

par samsam
 dim. 26 mai 2013 21:09 #47448
Oui toujours avec IE mais pas avec Mozilla pour le moment

dernier rapport:

Rapport de ZHPDiag v2013.5.25.152 par Nicolas Coolman, Update du 25/05/2013
Run by Mon PC at 26/05/2013 20:53:41
WebSite: http://nicolascoolman.webs.com
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by program


---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16576
MFIE: Mozilla Firefox 21.0 (Defaut)

---\\ Windows Product Information
~ Langage: Français
Windows Vista Home Premium Edition, 64-bit (Build 6000)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
~ Windows Remaining Initializations Number : 0
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK

---\\ System Protection
Avira Free Antivirus v13.0.0.3640
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ System Optimizer
CCleaner v2.27 =Piriform Ltd

---\\ Peer To Peer (P2P)

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 21

---\\ System Information
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3002 MB (60% free)
System Restore: Désactivé (Disabled)
System drive C: has 125 GB (56%) free of 220 GB

---\\ Logged in mode
~ Computer Name: MON-PC
~ User Name: Mon PC
~ All Users Names: Mon PC, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Mon PC\AppData\Roaming\
~ %Desktop% : C:\Users\Mon PC\Desktop\
~ %Favorites% : C:\Users\Mon PC\Favorites\
~ %LocalAppData% : C:\Users\Mon PC\AppData\Local\
~ %StartMenu% : C:\Users\Mon PC\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 125 Go of 220 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 13 Go)
E:\ CD-ROM drive (Not Inserted)



---\\ Security Center Tools Informations
~ Security Center: 37 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.27A9000C534AA9BADC9EE74940F50C6D] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/05/2013 - 13:06:04.) -- C:\Windows\System32\wininet.dll [2242048]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/826
~ Mes musiques (My Musics) : 17/464
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/30
~ Mes Documents (My Documents) : 1/167
~ Mon Bureau (My Desktop) : 1/665
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 07s



---\\ Processus lancés
[MD5.CCF2234A35077CA217A61C9CACC48198] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392] [PID.3048]
[MD5.0C28CA66075C5C7E6E395CBD62EBB431] - (.Glarysoft Ltd - Memory Optimizer.) -- C:\Program Files (x86)\Glary Utilities\memdefrag.exe [108384] [PID.2592]
[MD5.8E7AF6DD4E43C14D957C0AD7CA0A7B89] - (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe [1476104] [PID.2668]
[MD5.A2814FED5A47B00BBC99AC58F93B9337] - (.CyberLink Corp. - HP QuickPlay Resident Program.) -- C:\Program Files (x86)\Hp\QuickPlay\QPService.exe [468264] [PID.2868]
[MD5.8F89E6CB82E6DB45BC993D423CD0FDBD] - (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [323640] [PID.2936]
[MD5.5DBC85C723E421198FD35C3355EBA996] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280] [PID.3112]
[MD5.FD579C25D253A47DF82A76B7EE96ADB5] - (.Avira Operations GmbH Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345312] [PID.3124]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816] [PID.3004]
[MD5.0DE3C7622EC33126579B1742260F08C2] - (.Pas de propriétaire - HpqToaster Module.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe [632888] [PID.2116]
[MD5.95110A1C5A1D228AC1DDF6AB67D00BEB] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [920472] [PID.3492]
[MD5.F72DD84DD69DF001CF4D1B909685A136] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7402496] [PID.1832]
[MD5.E41F55D0B71734BB68FF26963EB250E4] - (.Avira Operations GmbH Co. KG - Avira Scheduler.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752] [PID.1184]
[MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1488]
[MD5.880AE0BEDE234F27AC252049373B8CB9] - (.Avira Operations GmbH Co. KG - Avira On-Access Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816] [PID.1556]
[MD5.83D8BE94E1CBCBE2EA8372DB1A95A159] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.1768]
[MD5.498EB62A160674E793FA40FD65390625] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152] [PID.1808]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.2152]
[MD5.9B7EDD3FE7C211C36E921D34D18A3A0A] - (.Hewlett-Packard Company - HP Software Framework WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1001376] [PID.3668]
[MD5.C7A0E61D5714AC20DE52D4F66EC773B8] - (.Hewlett-Packard Development Company, L.P. - Com for QLB application.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [227896] [PID.3460]
~ Processes Running: Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Applications démarrées par registre par dossier (O4)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKCU\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files (x86)\CCleaner\ccleaner.exe =Piriform Ltd
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [Glary Memory Optimizer] . (.Glarysoft Ltd - Memory Optimizer.) -- C:\Program Files (x86)\Glary Utilities\memdefrag.exe
O4 - HKCU\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
O4 - HKLM\..\Wow6432Node\Run: [QPService] . (.CyberLink Corp. - HP QuickPlay Resident Program.) -- C:\Program Files (x86)\HP\QuickPlay\QPService.exe
O4 - HKLM\..\Wow6432Node\Run: [UCam_Menu] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [QlbCtrl.exe] . (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdatePRCShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [Easybits Recovery] . (.EasyBits Software AS - Pas de description.) -- C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Wow6432Node\Run: [WirelessAssistant] . (.Hewlett-Packard Company - HP Wireless Assistant Main Program.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Wow6432Node\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKUS\S-1-5-21-3333000847-1185285615-873805259-1002\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKUS\S-1-5-21-3333000847-1185285615-873805259-1002\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files (x86)\CCleaner\ccleaner.exe =Piriform Ltd
O4 - HKUS\S-1-5-21-3333000847-1185285615-873805259-1002\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-3333000847-1185285615-873805259-1002\..\Run: [Glary Memory Optimizer] . (.Glarysoft Ltd - Memory Optimizer.) -- C:\Program Files (x86)\Glary Utilities\memdefrag.exe
O4 - HKUS\S-1-5-21-3333000847-1185285615-873805259-1002\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: HPAdvisor.lnk . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Glary Utilities.lnk . (.Glarysoft Ltd - Glary Utilities.) -- C:\Program Files (x86)\Glary Utilities\Integrator.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Samsung Kies (Lite).lnk . (...) -- C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe
O4 - GS\QuickLaunch: Samsung Kies.lnk . (...) -- C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
~ Global Startup: Scanned in 00mn 18s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FE8B857-D129-4C83-A761-AF9A96655FE9}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{4FE8B857-D129-4C83-A761-AF9A96655FE9}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{4FE8B857-D129-4C83-A761-AF9A96655FE9}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\fbvjm.job [308]
~ Scheduled Task: 13 Legitimates Filtered in 00mn 13s



---\\ HKCU HKLM Software Keys
[HKCU\Software\Baraka Casino Online]
[HKLM\Software\Wow6432Node\Baraka Casino Online]
~ Key Software: 209 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/03/2013 - 23:34:35 - [0] ----D C:\ProgramData\Tracing
O43 - CFD: 17/07/2010 - 01:27:46 - [0,071] ----D C:\Users\Mon PC\AppData\Local\Ares
~ Program Folder: 164 Legitimates Filtered in 00mn 55s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D7A08DD4D9AECC99C9B1AE1498582956] - 26/05/2013 - 18:43:31 ---A- . (...) -- C:\ComboFix.txt [18498]
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 26/05/2013 - 18:39:19 ---A- . (...) -- C:\Windows\system.ini [215]
O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 26/05/2013 - 18:29:55 ---A- . (...) -- C:\Windows\MBR.exe [208896]
O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 26/05/2013 - 18:29:55 ---A- . (...) -- C:\Windows\PEV.exe [256000]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 26/05/2013 - 18:29:55 ---A- . (...) -- C:\Windows\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 26/05/2013 - 18:29:55 ---A- . (...) -- C:\Windows\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 26/05/2013 - 18:29:55 ---A- . (...) -- C:\Windows\zip.exe [68096]
O44 - LFC:[MD5.16122A25EBB382F6F612DF37C34527A0] - 26/05/2013 - 18:26:22 ---A- . (...) -- C:\TDSSKiller.2.8.16.0_26.05.2013_19.15.25_log.txt [128618]
O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 26/05/2013 - 13:06:04 ---A- . (...) -- C:\Windows\SysNative\ieuinit.inf [25185]
O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 26/05/2013 - 13:06:04 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [25185]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 25/05/2013 - 20:03:17 ---A- . (...) -- C:\autoexec.bat [0]
~ Files: 145 Legitimates Filtered in 01mn 45s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
O58 - SDL:[MD5.1BF91F352D746AD7469FA71783B5FAE8] - 28/11/2006 - 20:46:22 ---A- . (.Printing Communications Assoc., Inc. (PCAUS - PCAUSA NDIS 5.0 MPR Protocol Driver.) -- C:\Windows\SysWOW64\drivers\PCAMp50.sys [28224]
~ Drivers: Scanned in 00mn 00s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\elxstor.sys (elxstor) .(.Emulex - Storport Miniport Driver for LightPulse HBA.) - LEGACY_ELXSTOR
~ Legacy: 113 Legitimates Filtered in 00mn 01s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {23046832-EC72-4A12-95A3-2E33CF55EED0} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {57C2B6C1-1AC1-4A0C-B420-B5F58D97E092} - (Kelkoo) - http://fr.kelkoopartners.net
O69 - SBI: SearchScopes [HKCU] {880A9FCC-690A-4C42-94BE-25111BF006BF} - (AOL Recherche) - http://slirsredirect.search.aol.com
O69 - SBI: SearchScopes [HKCU] {9FFCFBA8-423D-4B55-B6EE-EAB16A3B5FC1} - (Yahoo!) - http://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {D178F9F5-FF12-4726-9E98-87FF7BB5AFDC} - (Ask Search) - http://websearch.ask.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.80C00FF59E224B61F6D6186674BAE201] [SPRF][20/05/2013] (...) -- C:\Users\Mon PC\AppData\Roaming\wklnhst.dat [1390]
~ Files: Scanned in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{8046C32E-60F3-4DF0-A3DC-2B5426B2CD37}C:\program files (x86)\ares\ares.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\ares\ares.exe (.not file.)
O87 - FAEL: "UDP Query User{E1397193-A1E6-4385-A49A-D6C54DD0C123}C:\program files (x86)\ares\ares.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\ares\ares.exe (.not file.)
O87 - FAEL: "TCP Query User{6E2BB215-BEF3-4ABD-9D09-F54EB0BD2F20}C:\program files (x86)\ares\ares.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\ares\ares.exe (.not file.)
O87 - FAEL: "UDP Query User{B195A13D-FE5D-4673-9604-D5D46AE671D2}C:\program files (x86)\ares\ares.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\ares\ares.exe (.not file.)
O87 - FAEL: "{F98B87A8-2635-4524-9CF2-681D1CC9FA18}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "{76B034B3-E81D-4CFC-A3A1-BC7E024F8EED}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "TCP Query User{A4D36C31-018A-4816-BDCC-6410AF55D4E8}C:\program files (x86)\limewire\limewire.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\limewire\limewire.exe (.not file.)
O87 - FAEL: "UDP Query User{F836D7B2-8856-487E-BCFE-513AE1CE86AB}C:\program files (x86)\limewire\limewire.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\limewire\limewire.exe (.not file.)
O87 - FAEL: "TCP Query User{45B26665-AEEA-471A-A324-0FD3D36E4B87}C:\users\mon pc\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\mon pc\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =PUP.CacaoWeb
O87 - FAEL: "UDP Query User{5E92DDE4-261A-4132-ADA8-EDE4BA138E89}C:\users\mon pc\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\mon pc\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =PUP.CacaoWeb
~ Firewall: 221 Legitimates Filtered in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : v2.12362 - (25/05/2013)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ESGIGUARD] =Crapware.SpyHunter
~ Additionnel Scan: 294047 Items scanned in 01mn 09s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 15/05/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 02/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
SR - | Auto 30/03/2013 86752 | (AntiVirSchedulerService) . (.Avira Operations GmbH Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 30/03/2013 110816 | (AntiVirService) . (.Avira Operations GmbH Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Demand 25/02/2010 227896 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SS - | Demand 22/05/2009 250616 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
SR - | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
SR - | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 17/06/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SS - | Demand 11/05/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 247152 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SS - | Auto 08/01/2013 161536 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 22/07/2009 240128 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
SS - | Disabled 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 03s



~ 1209 Legitimates filtered by white list
End of the scan (373 lines in 05mn 21s)(0)
Avatar du membre

Re: [Résolu] Liens redirigés et centre de sécurité windows d

par 2011N2
 dim. 26 mai 2013 21:15 #47450
Re,

Ah, c'est déjà ça.

On va refaire OTM un dernier coup, sinon on essaye encore autre chose.
  • Lance OTM.
  • Dans la partie de gauche, copie/colle les lignes suivantes.

    :Reg
    [-HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ESGIGUARD]

    :files
    C:\users\mon pc\appdata\roaming\cacaoweb\cacaoweb.exe

    :commands
    [reboot]
  • Clique sur Movelt!.
  • Patiente le temps du nettoyage, ton ordinateur va redémarrer.
  • Poste le rapport situé sous C:\_OTM\MovedFiles\[MMJJAAAA_***].txt
    précédemment hébergé sur http://www.cjoint.com
@+

Gabriel.
Avatar du membre

Re: [Résolu] Liens redirigés et centre de sécurité windows d

par samsam
 dim. 26 mai 2013 21:28 #47452
mauvaise nouvelle: encore des redirections avec Mozilla, et vers des sites (enfin des adresses puisqu'il n'y a rien qui s'affiche) différents des anciens

Le rapport:

========== REGISTRY ==========
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ESGIGUARD\ scheduled to be deleted on reboot.
========== FILES ==========
File/Folder C:\users\mon pc\appdata\roaming\cacaoweb\cacaoweb.exe not found.
========== COMMANDS ==========

OTM by OldTimer - Version 3.1.21.0 log created on 05262013_212107

Files moved on Reboot...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ESGIGUARD\ scheduled to be deleted on reboot.
Avatar du membre

Re: [Résolu] Liens redirigés et centre de sécurité windows d

par samsam
 dim. 26 mai 2013 21:46 #47454
une question : pourquoi il est écrit windows vista dans le rapport alors que je suis sous win7?

Rapport de ZHPDiag v2013.5.25.152 par Nicolas Coolman, Update du 25/05/2013
Run by Mon PC at 26/05/2013 21:43:27
WebSite: http://nicolascoolman.webs.com
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user


---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16576
MFIE: Mozilla Firefox 21.0 (Defaut)

---\\ Windows Product Information
~ Langage: Français
Windows Vista Home Premium Edition, 64-bit (Build 6000)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
~ Windows Remaining Initializations Number : 0
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK

---\\ System Protection
Avira Free Antivirus v13.0.0.3640
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ System Optimizer
CCleaner v2.27 =Piriform Ltd

---\\ Peer To Peer (P2P)

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 21

---\\ System Information
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3002 MB (51% free)
System Restore: Désactivé (Disabled)
System drive C: has 125 GB (56%) free of 220 GB

---\\ Logged in mode
~ Computer Name: MON-PC
~ User Name: Mon PC
~ All Users Names: Mon PC, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Mon PC\AppData\Roaming\
~ %Desktop% : C:\Users\Mon PC\Desktop\
~ %Favorites% : C:\Users\Mon PC\Favorites\
~ %LocalAppData% : C:\Users\Mon PC\AppData\Local\
~ %StartMenu% : C:\Users\Mon PC\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 125 Go of 220 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 13 Go)
E:\ CD-ROM drive (Not Inserted)



---\\ Security Center Tools Informations
~ Security Center: 37 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.27A9000C534AA9BADC9EE74940F50C6D] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/05/2013 - 13:06:04.) -- C:\Windows\System32\wininet.dll [2242048]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/826
~ Mes musiques (My Musics) : 17/464
~ Mes Videos (My Videos) : 1/4
~ Mes Favoris (My Favorites) : 1/62
~ Mes Documents (My Documents) : 1/334
~ Mon Bureau (My Desktop) : 1/1330
~ Menu demarrer (Programs) : 1/64
~ Hidden Files: Scanned in 00mn 01s



---\\ Processus lancés
[MD5.CCF2234A35077CA217A61C9CACC48198] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392] [PID.1484]
[MD5.0C28CA66075C5C7E6E395CBD62EBB431] - (.Glarysoft Ltd - Memory Optimizer.) -- C:\Program Files (x86)\Glary Utilities\memdefrag.exe [108384] [PID.2868]
[MD5.8E7AF6DD4E43C14D957C0AD7CA0A7B89] - (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe [1476104] [PID.2924]
[MD5.A2814FED5A47B00BBC99AC58F93B9337] - (.CyberLink Corp. - HP QuickPlay Resident Program.) -- C:\Program Files (x86)\Hp\QuickPlay\QPService.exe [468264] [PID.3076]
[MD5.8F89E6CB82E6DB45BC993D423CD0FDBD] - (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [323640] [PID.3108]
[MD5.5DBC85C723E421198FD35C3355EBA996] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280] [PID.3172]
[MD5.FD579C25D253A47DF82A76B7EE96ADB5] - (.Avira Operations GmbH Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345312] [PID.3180]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816] [PID.1204]
[MD5.95110A1C5A1D228AC1DDF6AB67D00BEB] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [920472] [PID.2656]
[MD5.0DE3C7622EC33126579B1742260F08C2] - (.Pas de propriétaire - HpqToaster Module.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe [632888] [PID.3992]
[MD5.6FC79A950476A5F539EEB65F9097C0A8] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.4280]
[MD5.23AA0FDCBDD87D0B78092798C68312D8] - (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe [1855880] [PID.4320]
[MD5.F72DD84DD69DF001CF4D1B909685A136] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7402496] [PID.2068]
[MD5.E41F55D0B71734BB68FF26963EB250E4] - (.Avira Operations GmbH Co. KG - Avira Scheduler.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752] [PID.1208]
[MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1424]
[MD5.880AE0BEDE234F27AC252049373B8CB9] - (.Avira Operations GmbH Co. KG - Avira On-Access Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816] [PID.1592]
[MD5.83D8BE94E1CBCBE2EA8372DB1A95A159] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.1724]
[MD5.498EB62A160674E793FA40FD65390625] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152] [PID.1764]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.1436]
[MD5.9B7EDD3FE7C211C36E921D34D18A3A0A] - (.Hewlett-Packard Company - HP Software Framework WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1001376] [PID.3920]
[MD5.C7A0E61D5714AC20DE52D4F66EC773B8] - (.Hewlett-Packard Development Company, L.P. - Com for QLB application.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [227896] [PID.560]
~ Processes Running: Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Applications démarrées par registre par dossier (O4)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKCU\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files (x86)\CCleaner\ccleaner.exe =Piriform Ltd
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [Glary Memory Optimizer] . (.Glarysoft Ltd - Memory Optimizer.) -- C:\Program Files (x86)\Glary Utilities\memdefrag.exe
O4 - HKCU\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
O4 - HKLM\..\Wow6432Node\Run: [QPService] . (.CyberLink Corp. - HP QuickPlay Resident Program.) -- C:\Program Files (x86)\HP\QuickPlay\QPService.exe
O4 - HKLM\..\Wow6432Node\Run: [UCam_Menu] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [QlbCtrl.exe] . (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdatePRCShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [Easybits Recovery] . (.EasyBits Software AS - Pas de description.) -- C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Wow6432Node\Run: [WirelessAssistant] . (.Hewlett-Packard Company - HP Wireless Assistant Main Program.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Wow6432Node\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\RunOnce: [OTM] . (.OldTimer Tools - Pas de description.) -- C:\Users\Mon PC\Downloads\OTM.exe
O4 - HKUS\S-1-5-21-3333000847-1185285615-873805259-1002\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKUS\S-1-5-21-3333000847-1185285615-873805259-1002\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files (x86)\CCleaner\ccleaner.exe =Piriform Ltd
O4 - HKUS\S-1-5-21-3333000847-1185285615-873805259-1002\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-3333000847-1185285615-873805259-1002\..\Run: [Glary Memory Optimizer] . (.Glarysoft Ltd - Memory Optimizer.) -- C:\Program Files (x86)\Glary Utilities\memdefrag.exe
O4 - HKUS\S-1-5-21-3333000847-1185285615-873805259-1002\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: HPAdvisor.lnk . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Glary Utilities.lnk . (.Glarysoft Ltd - Glary Utilities.) -- C:\Program Files (x86)\Glary Utilities\Integrator.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Samsung Kies (Lite).lnk . (...) -- C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe
O4 - GS\QuickLaunch: Samsung Kies.lnk . (...) -- C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
~ Global Startup: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FE8B857-D129-4C83-A761-AF9A96655FE9}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{4FE8B857-D129-4C83-A761-AF9A96655FE9}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{4FE8B857-D129-4C83-A761-AF9A96655FE9}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\fbvjm.job [308]
~ Scheduled Task: 26 Legitimates Filtered in 00mn 08s



---\\ HKCU HKLM Software Keys
[HKCU\Software\Baraka Casino Online]
[HKLM\Software\Wow6432Node\Baraka Casino Online]
~ Key Software: 209 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/03/2013 - 23:34:35 - [0] ----D C:\ProgramData\Tracing
O43 - CFD: 17/07/2010 - 01:27:46 - [0,071] ----D C:\Users\Mon PC\AppData\Local\Ares
~ Program Folder: 164 Legitimates Filtered in 00mn 03s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D7A08DD4D9AECC99C9B1AE1498582956] - 26/05/2013 - 18:43:31 ---A- . (...) -- C:\ComboFix.txt [18498]
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 26/05/2013 - 18:39:19 ---A- . (...) -- C:\Windows\system.ini [215]
O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 26/05/2013 - 18:29:55 ---A- . (...) -- C:\Windows\MBR.exe [208896]
O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 26/05/2013 - 18:29:55 ---A- . (...) -- C:\Windows\PEV.exe [256000]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 26/05/2013 - 18:29:55 ---A- . (...) -- C:\Windows\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 26/05/2013 - 18:29:55 ---A- . (...) -- C:\Windows\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 26/05/2013 - 18:29:55 ---A- . (...) -- C:\Windows\zip.exe [68096]
O44 - LFC:[MD5.16122A25EBB382F6F612DF37C34527A0] - 26/05/2013 - 18:26:22 ---A- . (...) -- C:\TDSSKiller.2.8.16.0_26.05.2013_19.15.25_log.txt [128618]
O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 26/05/2013 - 13:06:04 ---A- . (...) -- C:\Windows\SysNative\ieuinit.inf [25185]
O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 26/05/2013 - 13:06:04 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [25185]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 25/05/2013 - 20:03:17 ---A- . (...) -- C:\autoexec.bat [0]
~ Files: 145 Legitimates Filtered in 00mn 05s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
O58 - SDL:[MD5.1BF91F352D746AD7469FA71783B5FAE8] - 28/11/2006 - 20:46:22 ---A- . (.Printing Communications Assoc., Inc. (PCAUS - PCAUSA NDIS 5.0 MPR Protocol Driver.) -- C:\Windows\SysWOW64\drivers\PCAMp50.sys [28224]
~ Drivers: Scanned in 00mn 00s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\elxstor.sys (elxstor) .(.Emulex - Storport Miniport Driver for LightPulse HBA.) - LEGACY_ELXSTOR
~ Legacy: 113 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {23046832-EC72-4A12-95A3-2E33CF55EED0} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {57C2B6C1-1AC1-4A0C-B420-B5F58D97E092} - (Kelkoo) - http://fr.kelkoopartners.net
O69 - SBI: SearchScopes [HKCU] {880A9FCC-690A-4C42-94BE-25111BF006BF} - (AOL Recherche) - http://slirsredirect.search.aol.com
O69 - SBI: SearchScopes [HKCU] {9FFCFBA8-423D-4B55-B6EE-EAB16A3B5FC1} - (Yahoo!) - http://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {D178F9F5-FF12-4726-9E98-87FF7BB5AFDC} - (Ask Search) - http://websearch.ask.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.80C00FF59E224B61F6D6186674BAE201] [SPRF][20/05/2013] (...) -- C:\Users\Mon PC\AppData\Roaming\wklnhst.dat [1390]
~ Files: Scanned in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{8046C32E-60F3-4DF0-A3DC-2B5426B2CD37}C:\program files (x86)\ares\ares.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\ares\ares.exe (.not file.)
O87 - FAEL: "UDP Query User{E1397193-A1E6-4385-A49A-D6C54DD0C123}C:\program files (x86)\ares\ares.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\ares\ares.exe (.not file.)
O87 - FAEL: "TCP Query User{6E2BB215-BEF3-4ABD-9D09-F54EB0BD2F20}C:\program files (x86)\ares\ares.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\ares\ares.exe (.not file.)
O87 - FAEL: "UDP Query User{B195A13D-FE5D-4673-9604-D5D46AE671D2}C:\program files (x86)\ares\ares.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\ares\ares.exe (.not file.)
O87 - FAEL: "{F98B87A8-2635-4524-9CF2-681D1CC9FA18}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "{76B034B3-E81D-4CFC-A3A1-BC7E024F8EED}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "TCP Query User{A4D36C31-018A-4816-BDCC-6410AF55D4E8}C:\program files (x86)\limewire\limewire.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\limewire\limewire.exe (.not file.)
O87 - FAEL: "UDP Query User{F836D7B2-8856-487E-BCFE-513AE1CE86AB}C:\program files (x86)\limewire\limewire.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\limewire\limewire.exe (.not file.)
O87 - FAEL: "TCP Query User{45B26665-AEEA-471A-A324-0FD3D36E4B87}C:\users\mon pc\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\mon pc\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =PUP.CacaoWeb
O87 - FAEL: "UDP Query User{5E92DDE4-261A-4132-ADA8-EDE4BA138E89}C:\users\mon pc\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\mon pc\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =PUP.CacaoWeb
~ Firewall: 221 Legitimates Filtered in 00mn 01s



---\\ Scan Additionnel (O88)
Database Version : v2.12362 - (25/05/2013)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ESGIGUARD] =Crapware.SpyHunter
~ Additionnel Scan: 294159 Items scanned in 00mn 52s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 15/05/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 02/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
SR - | Auto 30/03/2013 86752 | (AntiVirSchedulerService) . (.Avira Operations GmbH Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 30/03/2013 110816 | (AntiVirService) . (.Avira Operations GmbH Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Demand 25/02/2010 227896 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SS - | Demand 22/05/2009 250616 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
SR - | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
SR - | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 17/06/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SS - | Demand 11/05/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 247152 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SS - | Auto 08/01/2013 161536 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 22/07/2009 240128 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
SS - | Disabled 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 00s



~ 1230 Legitimates filtered by white list
End of the scan (376 lines in 01mn 41s)(0)
Avatar du membre

Re: [Résolu] Liens redirigés et centre de sécurité windows d

par 2011N2
 dim. 26 mai 2013 22:41 #47457
Re,

Pour Vista à la place de W7, un bug surement... On va essayer de virer une clé récalcitrante.
  • /!\ Attention : Cette procédure n'est valable que pour cet utilisateur /!\
  • Ouvre le bloc-note (Menu démarrer - Programmes - Accessoires - Bloc-Note)
  • Copie/Colle le texte ci-dessous dans le bloc-note :

    Registry::
    [-HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ESGIGUARD]

    File::
    C:\users\mon pc\appdata\roaming\cacaoweb\cacaoweb.exe

    Reboot::
  • Enregistre ce fichier sur le bureau en le nommant CFScript.txt (et pas autrement !)
  • Fais glisser le fichier CFScript.txt sur Combofix.exe

    Image
  • Combofix va se lancer. Patiente pendant le scan puis poste le contenu du rapport qui s'ouvrira dans ta prochaine réponse.
  • Note : Le fichier est enregistré sous C:\Combofix.txt
Bonne soirée, la suite sera pour demain.

Gabriel.
Avatar du membre

Re: [Résolu] Liens redirigés et centre de sécurité windows d

par samsam
 dim. 26 mai 2013 23:42 #47460
(Merci énormément pour votre aide et votre grande disponibilité, à demain)

L'analyse a été longue cette fois.
J'ai eu très peur : plus rien ne voulait s'ouvrir, ni les navigateurs ni un fichier quelconque, j'avais toujours le message suivant :" tentative d'opération non autorisée sur une clé ou Registre marquée pour suppression" .
J'ai redémarré et finalement ça marche.

Voici le dernier rapport : il a apparemment trouvé quelquechose, non?



ComboFix 13-05-25.02 - Mon PC 26/05/2013 22:55:19.2.1 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3003.1913 [GMT 2:00]
Lancé depuis: c:\users\Mon PC\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Mon PC\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
FILE ::
"c:\users\mon pc\appdata\roaming\cacaoweb\cacaoweb.exe"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\user32.dll . . . est infecté!!
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2013-04-26 au 2013-05-26 ))))))))))))))))))))))))))))))))))))
.
.
2013-05-26 21:04 . 2013-05-26 21:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-26 18:36 . 2013-05-26 18:36 -------- d-----w- C:\_OTM
2013-05-26 14:23 . 2013-05-26 19:43 -------- d-----w- C:\ZHP
2013-05-26 14:23 . 2013-05-26 19:43 -------- d-----w- c:\program files (x86)\ZHPDiag
2013-05-26 12:11 . 2013-05-26 12:11 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2013-05-26 12:11 . 2013-05-26 12:11 -------- d-----w- c:\windows\system32\wbem\en-US
2013-05-26 11:38 . 2013-05-26 14:17 -------- d-----w- c:\users\Mon PC\AppData\Local\ElevatedDiagnostics
2013-05-26 11:21 . 2013-05-26 11:21 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-05-26 09:17 . 2013-05-26 10:36 -------- d-----w- c:\program files (x86)\Spybot - Search Destroy 2
2013-05-25 19:02 . 2013-05-25 19:02 -------- d-----w- c:\program files\Enigma Software Group
2013-05-25 19:02 . 2013-05-25 19:02 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-05-22 21:39 . 2013-05-22 21:39 212992 --sha-r- c:\windows\SysWow64\remotespx.dll
2013-05-15 17:06 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 17:06 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 17:06 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 17:06 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 17:06 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 17:06 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 17:06 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 17:06 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 17:06 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 17:06 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-13 17:17 . 2013-05-13 17:17 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-05-06 08:48 . 2013-05-06 08:53 -------- d-----w- c:\program files (x86)\Windows Live
2013-04-29 18:01 . 2013-04-29 18:01 -------- d-----w- c:\windows\SysWow64\Wat
2013-04-29 18:01 . 2013-04-29 18:01 -------- d-----w- c:\windows\system32\Wat
2013-04-28 09:10 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 18:31 . 2013-01-16 19:10 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 18:31 . 2011-08-17 20:40 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 18:16 . 2010-04-01 18:46 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-06 08:47 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-18 19:52 . 2013-04-18 19:52 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-18 19:52 . 2013-04-18 19:52 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-18 19:52 . 2010-08-23 22:33 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-04 12:50 . 2013-04-19 20:02 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-30 15:08 . 2013-03-30 15:08 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-30 15:08 . 2013-03-30 15:08 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-30 15:08 . 2013-03-30 15:08 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-19 06:04 . 2013-04-18 18:41 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-18 18:41 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-18 18:41 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-18 18:41 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-18 18:41 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-18 18:41 112640 ----a-w- c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"ccleaner"="c:\program files (x86)\CCleaner\ccleaner.exe" [2009-12-21 1803064]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Glary Memory Optimizer"="c:\program files (x86)\Glary Utilities\memdefrag.exe" [2012-08-09 108384]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-12-20 1476104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-23 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-06-22 60464]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-13 345312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [x]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 146920]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2013-04-29 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-30 28600]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AntiVirSchedulerService;Avira Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-30 86752]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 138752]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-12-19 314400]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-02-14 34032]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
.
2013-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-16 18:32]
.
2013-05-26 c:\windows\Tasks\fbvjm.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-05-26 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2012-08-24 06:46]
.
2013-04-28 c:\windows\Tasks\HPCeeScheduleForMON-PC$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 02:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-19 171520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Bar = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.0.254
FF - ProfilePath - c:\users\Mon PC\AppData\Roaming\Mozilla\Firefox\Profiles\p1wiyyg4.default-1369586340244\
FF - prefs.js: browser.startup.homepage - http://www.google.fr
FF - ExtSQL: 2013-05-26 21:14; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Mon PC\AppData\Roaming\Mozilla\Firefox\Profiles\p1wiyyg4.default-1369586340244\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-{0F04F2BC-396D-4B63-8DF6-458758A00A3E} - (no file)
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Heure de fin: 2013-05-26 23:11:49 - La machine a redémarré
ComboFix-quarantined-files.txt 2013-05-26 21:11
ComboFix2.txt 2013-05-26 17:43
.
Avant-CF: 134 145 134 592 octets libres
Après-CF: 134 075 207 680 octets libres
.
- - End Of File - - 7A7877AC0E7DFF6B4FF75A33BC926D1F
Avatar du membre

Re: [Résolu] Liens redirigés et centre de sécurité windows d

par samsam
 lun. 27 mai 2013 20:27 #47490
Bonsoir,

oui toujours les redirections

rapport ZHPdiag:

Rapport de ZHPDiag v2013.5.25.152 par Nicolas Coolman, Update du 25/05/2013
Run by Mon PC at 27/05/2013 20:22:13
WebSite: http://nicolascoolman.webs.com
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by program


---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16576 (Defaut)
MFIE: Mozilla Firefox 21.0

---\\ Windows Product Information
~ Langage: Français
Windows Vista Home Premium Edition, 64-bit (Build 6000)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
~ Windows Remaining Initializations Number : 0
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK

---\\ System Protection
Avira Free Antivirus v13.0.0.3640
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ System Optimizer
CCleaner v2.27 =Piriform Ltd

---\\ Peer To Peer (P2P)

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 21

---\\ System Information
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3002 MB (58% free)
System Restore: Désactivé (Disabled)
System drive C: has 126 GB (57%) free of 220 GB

---\\ Logged in mode
~ Computer Name: MON-PC
~ User Name: Mon PC
~ All Users Names: Mon PC, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Mon PC\AppData\Roaming\
~ %Desktop% : C:\Users\Mon PC\Desktop\
~ %Favorites% : C:\Users\Mon PC\Favorites\
~ %LocalAppData% : C:\Users\Mon PC\AppData\Local\
~ %StartMenu% : C:\Users\Mon PC\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 126 Go of 220 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 13 Go)
E:\ CD-ROM drive (Not Inserted)



---\\ Security Center Tools Informations
~ Security Center: 37 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.27A9000C534AA9BADC9EE74940F50C6D] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/05/2013 - 13:06:04.) -- C:\Windows\System32\wininet.dll [2242048]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/826
~ Mes musiques (My Musics) : 17/464
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/32
~ Mes Documents (My Documents) : 1/167
~ Mon Bureau (My Desktop) : 1/254
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 04s



---\\ Processus lancés
[MD5.CCF2234A35077CA217A61C9CACC48198] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392] [PID.2640]
[MD5.0C28CA66075C5C7E6E395CBD62EBB431] - (.Glarysoft Ltd - Memory Optimizer.) -- C:\Program Files (x86)\Glary Utilities\memdefrag.exe [108384] [PID.2532]
[MD5.8E7AF6DD4E43C14D957C0AD7CA0A7B89] - (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe [1476104] [PID.376]
[MD5.A2814FED5A47B00BBC99AC58F93B9337] - (.CyberLink Corp. - HP QuickPlay Resident Program.) -- C:\Program Files (x86)\Hp\QuickPlay\QPService.exe [468264] [PID.2660]
[MD5.8F89E6CB82E6DB45BC993D423CD0FDBD] - (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [323640] [PID.2652]
[MD5.5DBC85C723E421198FD35C3355EBA996] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280] [PID.1840]
[MD5.FD579C25D253A47DF82A76B7EE96ADB5] - (.Avira Operations GmbH Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345312] [PID.1888]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816] [PID.808]
[MD5.0DE3C7622EC33126579B1742260F08C2] - (.Pas de propriétaire - HpqToaster Module.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe [632888] [PID.3172]
[MD5.95110A1C5A1D228AC1DDF6AB67D00BEB] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [920472] [PID.3660]
[MD5.6FC79A950476A5F539EEB65F9097C0A8] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.1096]
[MD5.23AA0FDCBDD87D0B78092798C68312D8] - (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe [1855880] [PID.4604]
[MD5.F72DD84DD69DF001CF4D1B909685A136] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7402496] [PID.1792]
[MD5.E41F55D0B71734BB68FF26963EB250E4] - (.Avira Operations GmbH Co. KG - Avira Scheduler.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752] [PID.1212]
[MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1364]
[MD5.880AE0BEDE234F27AC252049373B8CB9] - (.Avira Operations GmbH Co. KG - Avira On-Access Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816] [PID.1432]
[MD5.83D8BE94E1CBCBE2EA8372DB1A95A159] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.1720]
[MD5.498EB62A160674E793FA40FD65390625] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152] [PID.1796]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.2176]
[MD5.9B7EDD3FE7C211C36E921D34D18A3A0A] - (.Hewlett-Packard Company - HP Software Framework WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1001376] [PID.3552]
[MD5.C7A0E61D5714AC20DE52D4F66EC773B8] - (.Hewlett-Packard Development Company, L.P. - Com for QLB application.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [227896] [PID.3200]
~ Processes Running: Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Applications démarrées par registre par dossier (O4)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKCU\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files (x86)\CCleaner\ccleaner.exe =Piriform Ltd
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [Glary Memory Optimizer] . (.Glarysoft Ltd - Memory Optimizer.) -- C:\Program Files (x86)\Glary Utilities\memdefrag.exe
O4 - HKCU\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
O4 - HKLM\..\Wow6432Node\Run: [QPService] . (.CyberLink Corp. - HP QuickPlay Resident Program.) -- C:\Program Files (x86)\HP\QuickPlay\QPService.exe
O4 - HKLM\..\Wow6432Node\Run: [UCam_Menu] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [QlbCtrl.exe] . (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdatePRCShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [Easybits Recovery] . (.EasyBits Software AS - Pas de description.) -- C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Wow6432Node\Run: [WirelessAssistant] . (.Hewlett-Packard Company - HP Wireless Assistant Main Program.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Wow6432Node\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKUS\S-1-5-21-3333000847-1185285615-873805259-1002\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKUS\S-1-5-21-3333000847-1185285615-873805259-1002\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files (x86)\CCleaner\ccleaner.exe =Piriform Ltd
O4 - HKUS\S-1-5-21-3333000847-1185285615-873805259-1002\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-3333000847-1185285615-873805259-1002\..\Run: [Glary Memory Optimizer] . (.Glarysoft Ltd - Memory Optimizer.) -- C:\Program Files (x86)\Glary Utilities\memdefrag.exe
O4 - HKUS\S-1-5-21-3333000847-1185285615-873805259-1002\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: HPAdvisor.lnk . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Glary Utilities.lnk . (.Glarysoft Ltd - Glary Utilities.) -- C:\Program Files (x86)\Glary Utilities\Integrator.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Samsung Kies (Lite).lnk . (...) -- C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe
O4 - GS\QuickLaunch: Samsung Kies.lnk . (...) -- C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
~ Global Startup: Scanned in 00mn 17s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FE8B857-D129-4C83-A761-AF9A96655FE9}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{4FE8B857-D129-4C83-A761-AF9A96655FE9}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{4FE8B857-D129-4C83-A761-AF9A96655FE9}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\fbvjm.job [308]
~ Scheduled Task: 13 Legitimates Filtered in 00mn 14s



---\\ HKCU HKLM Software Keys
[HKCU\Software\Baraka Casino Online]
[HKLM\Software\Wow6432Node\Baraka Casino Online]
~ Key Software: 209 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/03/2013 - 23:34:35 - [0] ----D C:\ProgramData\Tracing
O43 - CFD: 17/07/2010 - 01:27:46 - [0,071] ----D C:\Users\Mon PC\AppData\Local\Ares
~ Program Folder: 164 Legitimates Filtered in 00mn 40s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D485B567C4F6F15F2E87B6DFE70C4D90] - 26/05/2013 - 22:11:50 ---A- . (...) -- C:\ComboFix.txt [19028]
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 26/05/2013 - 22:06:14 ---A- . (...) -- C:\Windows\system.ini [215]
O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 26/05/2013 - 18:29:55 ---A- . (...) -- C:\Windows\MBR.exe [208896]
O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 26/05/2013 - 18:29:55 ---A- . (...) -- C:\Windows\PEV.exe [256000]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 26/05/2013 - 18:29:55 ---A- . (...) -- C:\Windows\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 26/05/2013 - 18:29:55 ---A- . (...) -- C:\Windows\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 26/05/2013 - 18:29:55 ---A- . (...) -- C:\Windows\zip.exe [68096]
O44 - LFC:[MD5.16122A25EBB382F6F612DF37C34527A0] - 26/05/2013 - 18:26:22 ---A- . (...) -- C:\TDSSKiller.2.8.16.0_26.05.2013_19.15.25_log.txt [128618]
O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 26/05/2013 - 13:06:04 ---A- . (...) -- C:\Windows\SysNative\ieuinit.inf [25185]
O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 26/05/2013 - 13:06:04 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [25185]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 25/05/2013 - 20:03:17 ---A- . (...) -- C:\autoexec.bat [0]
~ Files: 147 Legitimates Filtered in 00mn 56s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
O58 - SDL:[MD5.1BF91F352D746AD7469FA71783B5FAE8] - 28/11/2006 - 20:46:22 ---A- . (.Printing Communications Assoc., Inc. (PCAUS - PCAUSA NDIS 5.0 MPR Protocol Driver.) -- C:\Windows\SysWOW64\drivers\PCAMp50.sys [28224]
~ Drivers: Scanned in 00mn 00s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\elxstor.sys (elxstor) .(.Emulex - Storport Miniport Driver for LightPulse HBA.) - LEGACY_ELXSTOR
~ Legacy: 113 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {23046832-EC72-4A12-95A3-2E33CF55EED0} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {57C2B6C1-1AC1-4A0C-B420-B5F58D97E092} - (Kelkoo) - http://fr.kelkoopartners.net
O69 - SBI: SearchScopes [HKCU] {880A9FCC-690A-4C42-94BE-25111BF006BF} - (AOL Recherche) - http://slirsredirect.search.aol.com
O69 - SBI: SearchScopes [HKCU] {9FFCFBA8-423D-4B55-B6EE-EAB16A3B5FC1} - (Yahoo!) - http://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {D178F9F5-FF12-4726-9E98-87FF7BB5AFDC} - (Ask Search) - http://websearch.ask.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.80C00FF59E224B61F6D6186674BAE201] [SPRF][20/05/2013] (...) -- C:\Users\Mon PC\AppData\Roaming\wklnhst.dat [1390]
[MD5.B3DCC5116740C65427887ABFFD3A8AEB] [SPRF][26/05/2013] (.Swearware - ComboFix NSIS Installer.) -- C:\Users\Mon PC\Desktop\ComboFix.exe [5071432]
~ Files: Scanned in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{8046C32E-60F3-4DF0-A3DC-2B5426B2CD37}C:\program files (x86)\ares\ares.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\ares\ares.exe (.not file.)
O87 - FAEL: "UDP Query User{E1397193-A1E6-4385-A49A-D6C54DD0C123}C:\program files (x86)\ares\ares.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\ares\ares.exe (.not file.)
O87 - FAEL: "TCP Query User{6E2BB215-BEF3-4ABD-9D09-F54EB0BD2F20}C:\program files (x86)\ares\ares.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\ares\ares.exe (.not file.)
O87 - FAEL: "UDP Query User{B195A13D-FE5D-4673-9604-D5D46AE671D2}C:\program files (x86)\ares\ares.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\ares\ares.exe (.not file.)
O87 - FAEL: "{F98B87A8-2635-4524-9CF2-681D1CC9FA18}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "{76B034B3-E81D-4CFC-A3A1-BC7E024F8EED}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "TCP Query User{A4D36C31-018A-4816-BDCC-6410AF55D4E8}C:\program files (x86)\limewire\limewire.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\limewire\limewire.exe (.not file.)
O87 - FAEL: "UDP Query User{F836D7B2-8856-487E-BCFE-513AE1CE86AB}C:\program files (x86)\limewire\limewire.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\limewire\limewire.exe (.not file.)
O87 - FAEL: "TCP Query User{45B26665-AEEA-471A-A324-0FD3D36E4B87}C:\users\mon pc\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\mon pc\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =PUP.CacaoWeb
O87 - FAEL: "UDP Query User{5E92DDE4-261A-4132-ADA8-EDE4BA138E89}C:\users\mon pc\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\mon pc\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =PUP.CacaoWeb
~ Firewall: 221 Legitimates Filtered in 00mn 01s



---\\ Scan Additionnel (O88)
Database Version : v2.12362 - (25/05/2013)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ESGIGUARD] =Crapware.SpyHunter
~ Additionnel Scan: 294127 Items scanned in 00mn 50s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 15/05/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 02/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
SR - | Auto 30/03/2013 86752 | (AntiVirSchedulerService) . (.Avira Operations GmbH Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 30/03/2013 110816 | (AntiVirService) . (.Avira Operations GmbH Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Demand 25/02/2010 227896 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SS - | Demand 22/05/2009 250616 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
SR - | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
SR - | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 17/06/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SS - | Demand 11/05/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 247152 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SS - | Auto 08/01/2013 161536 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 22/07/2009 240128 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
SS - | Disabled 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 02s



~ 1212 Legitimates filtered by white list
End of the scan (375 lines in 03mn 40s)(0)
 Sujet verrouillé
 Retourner vers « Désinfection »
Logiciel 3D aménagement de jardin

Bonjour, Est-ce que l'un d'entre vous aurait un &[…]

FLTL_READ_MORE
Gestion des Pare-feu.

Bonjour, J'ai un petit réseau de 3 PC conn[…]

FLTL_READ_MORE
Hi all members

Hello. As far as I know, tomb of the mask is an […]

FLTL_READ_MORE
atteindre mon site web wordpress sur synology DSM via freebox revolution et serveur TENDA AS 3000

Configurez la redirection de port sur votre Freebo[…]

FLTL_READ_MORE
FLTL_VIEW_MORE_TOPICS