cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

���������� | Shortcut_Module | g3n-h@ckm@n | 22.02.2014.6

����� XP | Vista | 7 | 8 - 32/64 bits ����� - Start 03:33:11 - 23/02/2014

Mis � jour le : 22/02/2014 | 20.50 par g3n-h@ckm@n

Contact : http://www.sosvirus.net

Boot : Normal

Syst�me : Windows 8 (64 bits) Core

M�moire RAM = Total (MB) : 4077 | Libre (MB) : 2585
Pagefile = Total (MB) : 4798 | Libre (MB) : 3269
Virtuelle = Total (MB) : 4194 | Libre (MB) : 3992


Registre sauvegard� , pour restaurer : C:\Shortcut_Module\Save\Clean\ERDNT.exe

���������� | Mises � jour Windows

Aucune mise � jour d�tect�e !!!

860 | C:\Windows\system32\nvvsvc.exe (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 306.97.) - (8.17.13.697) -> C:\Windows\system32\nvvsvc.exe
312 | C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.697) -> "C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
1028 | C:\Windows\system32\nvvsvc.exe (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 306.97.) - (8.17.13.697) -> C:\Windows\system32\nvvsvc.exe -session -first
1248 | C:\Windows\system32\WLANExt.exe (.Microsoft Corporation - Infrastructure d�extensibilit� pour les services r�seau Windows sans fil 802.11.) - (6.2.9200.16384) -> C:\Windows\system32\WLANExt.exe 141112597504
1272 | C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (.ASUSTek Computer Inc. - ASLDR Service.) - (1.0.71.1) -> "C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"
1320 | C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (.ASUS - GFNEXSrv.) - (1.0.11.1) -> "C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
1776 | C:\Windows\System32\spoolsv.exe (.Microsoft Corporation - Application sous-syst�me spouleur.) - (6.2.9200.16384) -> C:\Windows\System32\spoolsv.exe
1964 | C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (.Apple Inc. - MobileDeviceService.) - (17.96.2.2) -> "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
1064 | C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (.ASUS - ASUS InstantOn Program.) - (2.3.1.1) -> "C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe"
1184 | C:\Program Files\Bonjour\mDNSResponder.exe (.Apple Inc. - Bonjour Service.) - (3.0.0.10) -> "C:\Program Files\Bonjour\mDNSResponder.exe"
1108 | C:\Windows\system32\dashost.exe (.Microsoft Corporation - Device Association Framework Provider Host.) - (6.2.9200.16384) -> dashost.exe {37ac8a95-357f-407a-b1f284ddfd139124}
1740 | C:\Program Files\Intel\WiFi\bin\EvtEng.exe (.Intel(R) Corporation - Intel(R) PROSet/Wireless Event Log Service.) - (16.1.0.0) -> "C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
1896 | C:\Program Files\Intel\iCLS Client\HeciServer.exe (.Intel(R) Corporation - Intel(R) Capability Licensing Service Interface.) - (1.24.388.1) -> "C:\Program Files\Intel\iCLS Client\HeciServer.exe"
2060 | C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (8.1.0.1252) -> "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
2200 | C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (.Native Instruments GmbH - NIHardwareService.) - (1.5.6.1344) -> "C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe"
2248 | C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (.Intel(R) Corporation - Intel(R) PROSet/Wireless Registry Service.) - (16.1.0.0) -> "C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
2356 | C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (.Intel� Corporation - Intel� PROSet/Wireless Zero Configure Service.) - (16.1.0.0) -> "C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
2572 | C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (.ASUSTek Computer Inc. - HControl.) - (1.0.71.4) -> "C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
2584 | C:\Windows\system32\taskhostex.exe (.Microsoft Corporation - Processus h�te pour T�ches Windows.) - (6.2.9200.16547) -> taskhostex.exe
2804 | C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe (.ASUS - ASUS InstantOn.) - (3.0.4.0) -> "C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe"
2812 | C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) - (2.0.9.0) -> "C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"
2832 | C:\Program Files\ASUS\P4G\BatteryLife.exe (.ASUS - Power4Gear Hybrid.) - (1.1.1.11) -> "C:\Program Files\ASUS\P4G\BatteryLife.exe"
2840 | C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (.ASUS - ASUS InstantOn Program.) - (3.0.3.0) -> "C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe"
2928 | C:\Windows\system32\wbem\unsecapp.exe (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.2.9200.16384) -> C:\Windows\system32\wbem\unsecapp.exe -Embedding
2128 | C:\Windows\Explorer.EXE (.Microsoft Corporation - Explorateur Windows.) - (6.2.9200.16628) -> C:\Windows\Explorer.EXE
2668 | C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (.ASUSTek Computer Inc. - KBFiltr.) - (1.0.67.1) -> KBFiltr.exe
3564 | C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (.AsusTek - ASUS Smart Gesture Loader.) - (1.0.13.0) -> "C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe"
3616 | C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (.ASUSTek Computer Inc. - ATKOSD2.) - (7.0.23.5) -> "C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
3612 | C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (.ASUSTek Computer Inc. - ATK Media.) - (2.0.14.2) -> "C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
3632 | C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) - (1.0.7.0) -> "C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe"
3684 | C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) - (1.0.7.0) -> "C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe"
3092 | C:\Windows\servicing\TrustedInstaller.exe (.Microsoft Corporation - Programme d�installation pour les modules Windows.) - (6.2.9200.16613) -> C:\Windows\servicing\TrustedInstaller.exe
1516 | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (.Microsoft Corporation - Communications Service.) - (17.0.1119.516) -> "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server
1512 | C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.697) -> "C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
1584 | C:\Windows\system32\SearchIndexer.exe (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.9200.16578) -> C:\Windows\system32\SearchIndexer.exe /Embedding
1976 | C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (.AsusTek - ASUS Smart Gesture Center.) - (1.0.0.43) -> "C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe"
4216 | C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe (.Microsoft Corporation - Windows Modules Installer Worker.) - (6.2.9200.16613) -> C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe -Embedding
4244 | C:\Windows\system32\SearchProtocolHost.exe (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.9200.16578) -> "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
4580 | C:\Windows\System32\RuntimeBroker.exe (.Microsoft Corporation - Runtime Broker.) - (6.2.9200.16384) -> C:\Windows\System32\RuntimeBroker.exe -Embedding
4852 | C:\Windows\System32\hkcmd.exe (.Intel Corporation - hkcmd Module.) - (8.15.10.2828) -> "C:\Windows\System32\hkcmd.exe"
4900 | C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.807) -> "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
4996 | C:\Windows\System32\rundll32.exe (.Microsoft Corporation - Processus h�te Windows (Rundll32).) - (6.2.9200.16384) -> "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
5024 | C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (.Alcor Micro Corp. - Single LUN Icon Utility for VID 058F PID 6366.) - (1.1.0.49) -> "C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
5060 | C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (.Motorola Solutions, Inc. - Bluetooth Device Monitor.) - (2.5.0.244) -> "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe"
5112 | C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (.Motorola Solutions, Inc. - Bluetooth OBEX Service.) - (2.5.0.244) -> "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe"
4104 | C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (.ASUS - ACMON .) - (1.0.8.0) -> "C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
3924 | C:\Windows\SysWOW64\ACEngSvr.exe (.ASUSTeK - ACEngSvr Module.) - (1.0.0.4) -> C:\Windows\SysWOW64\ACEngSvr.exe -Embedding
4816 | C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) - (1.4.7.0) -> "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
3972 | C:\Program Files (x86)\ASUS\APRP\aprp.exe (.ASUSTek Computer Inc. - ASUS Product Register Program.) - (1.0.0.14) -> "C:\Program Files (x86)\ASUS\APRP\aprp.exe"
4768 | C:\Program Files (x86)\iTunes\iTunesHelper.exe (.Apple Inc. - iTunesHelper.) - (11.0.5.5) -> "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
4880 | C:\Program Files\iPod\bin\iPodService.exe (.Apple Inc. - iPodService Module (64-bit).) - (11.0.5.5) -> "C:\Program Files\iPod\bin\iPodService.exe"
5240 | C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (.AsusTek - ASUS Smart Gesture Helper.) - (1.0.11.0) -> "C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe"
5856 | C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (.ASUSTeK Computer Inc. - ASUS Live Update.) - (3.1.8.0) -> "C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe"
5292 | C:\Program Files (x86)\Mozilla Firefox\firefox.exe (.Mozilla Corporation - Firefox.) - (27.0.1.5156) -> "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

���������� | Services


���������� | Hosts

C:\Windows\System32\Drivers\etc\hosts : Remis a z�ro avec succ�s

���������� | Registre

Supprim� avec succ�s : HKLM\Software\Classes\SoftwareUpdate.ASUController
Supprim� avec succ�s : HKLM\Software\Classes\SoftwareUpdate.ASUController.1
Supprim� avec succ�s : HKLM\Software\Classes\System.Runtime.Remoting.Metadata.W3cXsd2001.SoapNotation
Supprim� avec succ�s : HKLM\Software\Classes\System.Runtime.Remoting.Metadata.W3cXsd2001.SoapNotation
Supprim� avec succ�s : [64]HKLM\Software\Classes\System.Runtime.Remoting.Metadata.W3cXsd2001.SoapNotation
Supprim� avec succ�s : [64]HKLM\Software\Classes\System.Runtime.Remoting.Metadata.W3cXsd2001.SoapNotation
Supprim� avec succ�s : HKLM\Software\Classes\AppID\{6A070EEA-E3F8-411E-9D3A-F3814ED6D1A8} : SoftwareUpdateApp
Supprim� avec succ�s : [HKLM\Software\mozilla\Firefox\Extensions]|[quick_start@gmail.com] : : C:\Users\Binar\AppData\Roaming\Mozilla\Firefox\Profiles\10vwjnnr.default\extensions\quick_start@gmail.com
Supprim� avec succ�s : HKLM\Software\Classes\Installer\Components\613B99D5CFD7FCB4793B500086BB4113
Supprim� avec succ�s : HKLM\Software\Classes\Installer\Components\690FC5046C4F8E34683550E381FFB540
Supprim� avec succ�s : HKLM\Software\Classes\Installer\Products\045F27F206F16624596059B2126D46D0 : C:\Users\Binar\AppData\Local\Temp\IXP667.TMP\
Supprim� avec succ�s : HKLM\Software\Classes\Installer\Products\0CC0CE8AD8DA44240B0824E4FDA76743 : C:\Users\Binar\AppData\Local\Temp\mia6338.tmp\data\
Supprim� avec succ�s : HKLM\Software\Classes\Installer\Products\277C90D53BCEB244C96C4B43C187DF2C : C:\Users\Binar\AppData\Local\Temp\IXP667.TMP\
Supprim� avec succ�s : HKLM\Software\Classes\Installer\Products\46B5A9879DD95AB419A50FCFA0B1B7EF : C:\Users\Binar\AppData\Local\Temp\IXP667.TMP\
Supprim� avec succ�s : HKLM\Software\Classes\Installer\Products\844C97FE649617D41843300487880C45 : C:\PROGRA~2\McAfee\Temp\qxz1208\
Supprim� avec succ�s : HKLM\Software\Classes\Installer\Products\90F91F82822Fbc94B8099FD77A81D04D : C:\Users\Binar\AppData\Local\Temp\mia7F08.tmp\data\
Supprim� avec succ�s : HKLM\Software\Classes\Installer\Products\B00968803F2BC2545B08061F52F3F708 : C:\Users\Binar\AppData\Local\Temp\miaFDC2.tmp\data\
Supprim� avec succ�s : HKLM\Software\Classes\Installer\Products\B851790648100414EB3C875897D45217 : C:\Users\ADMINI~1\AppData\Local\Temp\sef607A.tmp\x64\
Supprim� avec succ�s : HKLM\Software\Classes\Installer\Products\DFA4044F3FE21C04C890925E3F6B79B2 : C:\Windows\Temp\IIF2\IUS\
Supprim� avec succ�s : HKLM\Software\Classes\Installer\Products\0C471724E6909D046948C901B9EEC2FB : C:\Users\Binar\AppData\Local\Temp\IXP667.TMP\
Supprim� avec succ�s : HKLM\Software\Classes\Installer\Products\2B0163E6D0340BE4183EB2758E9BEDD8 : C:\Users\Binar\AppData\Local\Temp\IXP667.TMP\
Supprim� avec succ�s : HKLM\Software\Classes\Installer\Products\b25099274a207264182f8181add555d0 : C:\Users\Binar\AppData\Local\Temp\IXP001.TMP\
Supprim� avec succ�s : [64]HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02E76E4F424842C478C704C3DDDB4C54] : C:\Users\Binar\AppData\Local\Temp\mia6338.tmp\data\
Supprim� avec succ�s : [64]HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A3C1C4EF3C686F44A939172FA45CF8E] : C:\Users\Binar\AppData\Local\Temp\mia6338.tmp\data\
Supprim� avec succ�s : [64]HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\318AC4F32E13F8B4B98BAB30B7A9EA2D] : C:\Users\Binar\AppData\Local\Temp\miaFDC2.tmp\data\
Supprim� avec succ�s : [64]HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5F7476BABDB484A47B9D0F7304BBE187] : C:\Users\Binar\AppData\Local\Temp\miaFDC2.tmp\data\
Supprim� avec succ�s : [64]HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60602B312928CDC42A22C3A4E99DAAD9] : C:\Users\ADMINI~1\AppData\Local\Temp\BTMPPSetup_2.5.0.0248.exe
Supprim� avec succ�s : [64]HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\72E64F282B569CE41950F398DE991B92] : C:\Users\Binar\AppData\Local\Temp\mia7F08.tmp\data\
Supprim� avec succ�s : [64]HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C65E39F4E6BF5EF4B8D13597FC717FE0] : C:\Users\Binar\AppData\Local\Temp\mia6338.tmp\data\
Supprim� avec succ�s : [64]HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3AAC1497FA094B49ADC59ABB5094173] : C:\Users\Binar\AppData\Local\Temp\miaFDC2.tmp\data\

���������� | IFEO


���������� | Dossiers

Supprim� avec succ�s : C:\Users\Binar\AppData\Roaming\Bubble Dock.installation.log
Supprim� avec succ�s : C:\Users\Binar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TP3I0TD7\boxore_450x97[1].bmp
Supprim� avec succ�s : C:\Users\Binar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZNWV2OP5\remarkit-electrolyrics_450x97[1].bmp
Supprim� avec succ�s : C:\Users\Binar\AppData\Local\Temp\Bubble Dock.txt
Supprim� avec succ�s : C:\Users\Binar\AppData\Local\Temp\fullpackage_temp1393114054\QQBrowser.exe
Supprim� avec succ�s : C:\Users\Binar\AppData\Local\Temp\fullpackage_temp1393114054\log\QQBrowser.LOG
Supprim� avec succ�s : C:\Users\Binar\AppData\Local\Temp\fullpackage_temp1393114054\tmp\wpm.exe
Supprim� avec succ�s : C:\Users\Binar\AppData\Roaming\Mozilla\Firefox\Profiles\10vwjnnr.default\extensions\quick_start@gmail.com
Supprim� avec succ�s : C:\Users\All Users\Microsoft\Windows\DeviceSoftwareUpdates
Supprim� avec succ�s : C:\Users\Binar\AppData\Local\Microsoft\Media Player\Cache733717531

���������� | D�tournements de raccourcis


���������� | D�tournement internet Explorer

R�par� : [HKU\S-1-5-21-2753087011-2657983416-1137893199-1001\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://asus13.msn.com -> http://www.google.com/
R�par� : [HKU\S-1-5-21-2753087011-2657983416-1137893199-1002\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.com -> http://www.google.com/
R�par� : [HKU\S-1-5-21-2753087011-2657983416-1137893199-1001\Software\Microsoft\Internet Explorer\Main]|[Local Page] : C:\windows\system32\blank.htm -> C:\Windows\SysWOW64\blank.htm
R�par� : [HKU\S-1-5-21-2753087011-2657983416-1137893199-1002\Software\Microsoft\Internet Explorer\Main]|[Local Page] : C:\Windows\system32\blank.htm -> C:\Windows\SysWOW64\blank.htm
R�par� : [HKU\S-1-5-21-2753087011-2657983416-1137893199-1001\Software\Microsoft\Internet Explorer\Main]|[Search Page] : http://go.microsoft.com/fwlink/?LinkId=54896 -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R�par� : [HKU\S-1-5-21-2753087011-2657983416-1137893199-1002\Software\Microsoft\Internet Explorer\Main]|[Search Page] : http://go.microsoft.com/fwlink/?LinkId=54896 -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R�par� : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.com -> http://go.microsoft.com/fwlink/?LinkId=69157
R�par� : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Search_URL] : http://www.google.com -> http://go.microsoft.com/fwlink/?LinkId=54896
R�par� : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Page_URL] : http://www.google.com -> http://go.microsoft.com/fwlink/?LinkId=69157
R�par� : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Search Page] : http://www.google.com -> http://go.microsoft.com/fwlink/?LinkId=54896
R�par� : [HKLM64\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.com -> http://go.microsoft.com/fwlink/?LinkId=69157
R�par� : [HKLM64\Software\Microsoft\Internet Explorer\Main]|[Local Page] : C:\Windows\System32\blank.htm -> C:\Windows\SysWOW64\blank.htm
R�par� : [HKLM64\Software\Microsoft\Internet Explorer\Main]|[Default_Search_URL] : http://www.google.com -> http://go.microsoft.com/fwlink/?LinkId=54896
R�par� : [HKLM64\Software\Microsoft\Internet Explorer\Main]|[Default_Page_URL] : http://www.google.com -> http://go.microsoft.com/fwlink/?LinkId=69157
R�par� : [HKLM64\Software\Microsoft\Internet Explorer\Main]|[Search Page] : http://www.google.com -> http://go.microsoft.com/fwlink/?LinkId=54896
R�par� : [HKU\S-1-5-21-2753087011-2657983416-1137893199-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1
R�par� : [HKU\S-1-5-21-2753087011-2657983416-1137893199-1002\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1

���������� | D�tournement Google Chrome


���������� | D�tournement Firefox

[Binar] Supprim� avec succ�s : C:\Users\Binar\AppData\Roaming\Mozilla\Firefox\Profiles\10vwjnnr.default\sessionstore.js
[Binar] Remplac� : user_pref("browser.startup.homepage", "about:home"); -> user_pref("browser.startup.homepage", "http://www.google.fr");
[Binar] Supprim� avec succ�s : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"quick_start@gmail.com\":{\"descriptor\":\"C:\\\\Users\\\\Binar\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\10vwjnnr.default\\\\extensions\\\\quick_start@gmail.com\",\"mtime\":1393114093221,\"rdfTime\":1392887830000}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1392523592471,\"rdfTime\":1392523592471}}},{\"name\":\"app-profile\",\"addons\":{\"personas@christopher.beard\":{\"descriptor\":\"C:\\\\Users\\\\Binar\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\10vwjnnr.default\\\\extensions\\\\personas@christopher.beard.xpi\",\"mtime\":1382792227849},\"quick_start@gmail.com\":{\"descriptor\":\"C:\\\\Users\\\\Binar\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\10vwjnnr.default\\\\extensions\\\\quick_start@gmail.com\",\"mtime\":1393114093221,\"rdfTime\":1392887830000},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"descriptor\":\"C:\\\\Users\\\\Binar\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\10vwjnnr.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"mtime\":1389914163412}}}]");
[Binar] Supprim� avec succ�s : user_pref("extensions.personas.current", "{\"category\":\"None\",\"iconURL\":\"https://addons.mozilla.org/_files/459478/icon.png?1376014838\",\"headerURL\":\"https://addons.mozilla.org/_files/459478/header.png?1376014838\",\"name\":\"Lollipop Abstract\",\"author\":\"MaDonna\",\"footer\":\"https://addons.mozilla.org/_files/459478/footer.png?1376014838\",\"previewURL\":\"https://addons.mozilla.org/_files/459478/preview.png?1376014838\",\"updateURL\":\"https://versioncheck.addons.mozilla.org/fr/themes/update-check/459478\",\"accentcolor\":\"#dee18a\",\"header\":\"https://addons.mozilla.org/_files/459478/header.png?1376014838\",\"version\":\"1.0\",\"footerURL\":\"https://addons.mozilla.org/_files/459478/footer.png?1376014838\",\"detailURL\":\"https://addons.mozilla.org/fr/firefox/addon/lollipop-abstract/\",\"textcolor\":\"#030303\",\"id\":\"459478\",\"description\":\"Designed by MaDonna\\n\\nMy wallpaper to match is at: http://abstract.desktopnexus.com/wallpaper/1537603/\",\"authorURL\":\"https://addons.mozilla.org/fr/firefox/user/MaDonna/?src=personas-plus\"}");
[Binar] Supprim� avec succ�s : user_pref("extensions.personas.lastselected0", "{\"category\":\"None\",\"iconURL\":\"https://addons.mozilla.org/_files/459478/icon.png?1376014838\",\"headerURL\":\"https://addons.mozilla.org/_files/459478/header.png?1376014838\",\"name\":\"Lollipop Abstract\",\"author\":\"MaDonna\",\"footer\":\"https://addons.mozilla.org/_files/459478/footer.png?1376014838\",\"previewURL\":\"https://addons.mozilla.org/_files/459478/preview.png?1376014838\",\"updateURL\":\"https://versioncheck.addons.mozilla.org/fr/themes/update-check/459478\",\"accentcolor\":\"#dee18a\",\"header\":\"https://addons.mozilla.org/_files/459478/header.png?1376014838\",\"version\":\"1.0\",\"footerURL\":\"https://addons.mozilla.org/_files/459478/footer.png?1376014838\",\"detailURL\":\"https://addons.mozilla.org/fr/firefox/addon/lollipop-abstract/\",\"textcolor\":\"#030303\",\"id\":\"459478\",\"description\":\"Designed by MaDonna\\n\\nMy wallpaper to match is at: http://abstract.desktopnexus.com/wallpaper/1537603/\",\"authorURL\":\"https://addons.mozilla.org/fr/firefox/user/MaDonna/?src=personas-plus\"}");
[Binar] Supprim� avec succ�s : user_pref("extensions.personas.toolbarButtonInstalled", true);
[Binar] Supprim� avec succ�s : user_pref("lightweightThemes.usedThemes", "[{\"id\":\"459478\",\"name\":\"Lollipop Abstract\",\"headerURL\":\"https://addons.mozilla.org/_files/459478/header.png?1376014838\",\"footerURL\":\"https://addons.mozilla.org/_files/459478/footer.png?1376014838\",\"textcolor\":\"#030303\",\"accentcolor\":\"#dee18a\",\"iconURL\":\"https://addons.mozilla.org/_files/459478/icon.png?1376014838\",\"previewURL\":\"https://addons.mozilla.org/_files/459478/preview.png?1376014838\",\"author\":\"MaDonna\",\"updateURL\":\"https://versioncheck.addons.mozilla.org/en-US/themes/update-check/459478\",\"version\":\"0\",\"updateDate\":1377969424877,\"installDate\":1377883984356},{\"id\":\"459103\",\"name\":\"Redbud by Redbud\",\"headerURL\":\"https://addons.mozilla.org/_files/459103/header.png?1375788039\",\"footerURL\":\"https://addons.mozilla.org/_files/459103/footer.png?1375788039\",\"textcolor\":\"#ff5990\",\"accentcolor\":\"#f0f0f0\",\"iconURL\":\"https://addons.mozilla.org/_files/459103/icon.png?1375788039\",\"previewURL\":\"https://addons.mozilla.org/_files/459103/preview.png?1375788039\",\"author\":\"Redbud\",\"description\":\"This is the blossoms from a Redbud tree. I chose this name, (Redbud) because of my red hair, and I am a friend (buddy) to all, and I chose the Redbud tree to represent my name in this theme.\",\"updateURL\":\"https://versioncheck.addons.mozilla.org/fr/themes/update-check/459103\",\"version\":\"1.0\",\"updateDate\":1377883957416,\"installDate\":1377883957416},{\"id\":\"15131\",\"name\":\"Groovy Blue\",\"headerURL\":\"https://addons.mozilla.org/_files/15131/tbox-groovy_blue.jpg?1229632232\",\"footerURL\":\"https://addons.mozilla.org/_files/15131/stbar-groovy_blue.jpg?1229632232\",\"textcolor\":\"#07188d\",\"accentcolor\":\"#6699ff\",\"iconURL\":\"https://addons.mozilla.org/_files/15131/preview_small.jpg?1229632232\",\"previewURL\":\"https://addons.mozilla.org/_files/15131/preview.jpg?1229632232\",\"author\":\"Lee.Tom\",\"updateURL\":\"https://versioncheck.addons.mozilla.org/en-US/themes/update-check/15131\",\"version\":\"1.0\",\"updateDate\":1377883044252,\"installDate\":1377883044252}]");
[Binar] Supprim� avec succ�s : user_pref("pdfjs.database", "{\"files\":[{\"fingerprint\":\"cff13934ad63384b59db541032c9a0\",\"exists\":true,\"page\":1,\"zoom\":\"auto\",\"scrollLeft\":0,\"scrollTop\":450},{\"fingerprint\":\"ddb5bfe7fd35814bbf7ab46621f37a8\",\"exists\":true,\"page\":14,\"zoom\":\"auto\",\"scrollLeft\":0,\"scrollTop\":215},{\"fingerprint\":\"18168aa8c96ec946abe7344131697c\",\"exists\":true,\"page\":5,\"zoom\":\"auto\",\"scrollLeft\":0,\"scrollTop\":7},{\"fingerprint\":\"6b9a28ba456c1542af6574535cf6349\",\"exists\":true,\"page\":1,\"zoom\":\"auto\",\"scrollLeft\":0,\"scrollTop\":715},{\"fingerprint\":\"54a3e8d38a9134a929e754dc2a248c7\",\"exists\":true,\"page\":1,\"zoom\":\"auto\",\"scrollLeft\":0,\"scrollTop\":624},{\"fingerprint\":\"d79e24ffdf12f5cf8977f94def58fc61\",\"exists\":true,\"page\":6,\"zoom\":\"auto\",\"scrollLeft\":0,\"scrollTop\":625},{\"fingerprint\":\"2bfb9afebee38f4d92b32c4ae9b45e8f\",\"exists\":true,\"page\":1,\"zoom\":\"auto\",\"scrollLeft\":0,\"scrollTop\":1624},{\"fingerprint\":\"455fe2e1b3e6a38dbb7e1768a8d61b3\",\"exists\":true,\"page\":2,\"zoom\":\"auto\",\"scrollLeft\":0,\"scrollTop\":450},{\"fingerprint\":\"25475965be48f873b52d35b99b8e\",\"exists\":true,\"page\":1,\"zoom\":\"auto\",\"scrollLeft\":0,\"scrollTop\":450},{\"fingerprint\":\"7d6476d72b8d49d8e9eb89c823ea727\",\"exists\":true,\"page\":104,\"zoom\":\"auto\",\"scrollLeft\":0,\"scrollTop\":732},{\"fingerprint\":\"ad47ff23914ebe61935028c3187f84b\",\"exists\":true,\"page\":1,\"zoom\":\"auto\",\"scrollLeft\":0,\"scrollTop\":842},{\"fingerprint\":\"f7bdb7dfff18ddfce295e9c59811958\",\"exists\":true,\"page\":3,\"zoom\":\"auto\",\"scrollLeft\":0,\"scrollTop\":462},{\"fingerprint\":\"78c91ac1739b506249384f192bb86ff5\",\"exists\":true,\"page\":1,\"zoom\":\"auto\",\"scrollLeft\":0,\"scrollTop\":451},{\"fingerprint\":\"2aa2de873377841b9a75b92e31e95d1\",\"exists\":true,\"page\":1,\"zoom\":\"auto\",\"scrollLeft\":-12,\"scrollTop\":463},{\"fingerprint\":\"4de7c7c2cd7dc2ecf496a40bec45d2a\",\"exists\":true,\"page\":3,\"zoom\":\"auto\",\"scrollLeft\":0,\"scrollTop\":30},{\"fingerprint\":\"f55a1ec16c1bc56f2163126aaebfc8e1\",\"exists\":true,\"page\":27,\"zoom\":\"auto\",\"scrollLeft\":541,\"scrollTop\":0},{\"fingerprint\":\"cdddf661d16955ccabab96e9822edbf\",\"exists\":true,\"page\":11,\"zoom\":\"auto\",\"scrollLeft\":0,\"scrollTop\":181},{\"fingerprint\":\"f7eadcf2639efc4a56f03e606aa93ba6\",\"exists\":true,\"page\":22,\"zoom\":\"auto\",\"scrollLeft\":0,\"scrollTop\":55},{\"fingerprint\":\"d305e1f98144f3dbb512f6bd9f3c24\",\"exists\":true,\"page\":2,\"zoom\":210,\"scrollLeft\":0,\"scrollTop\":799},{\"fingerprint\":\"7bdf9f803db1ac6e5687d4d58eb566\",\"exists\":true,\"page\":2,\"zoom\":\"auto\",\"scrollLeft\":0,\"scrollTop\":4}]}");

���������� | D�tournement des cl�s StartMenuInternet

R�par� : [HKLM\Software\Clients\StartMenuInternet\Firefox.exe\shell\open\command] : firefox.exe -> "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"
R�par� : [HKLM\Software\Clients\StartMenuInternet\IExplore.exe\shell\open\command] : iexplore.exe -> "C:\Program Files (x86)\Internet Explorer\iexplore.exe"

���������� | AppInit_DLLs



[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1

���������� | D�tournement Javascript


���������� | Firewall

R�par� : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]|[EnableFirewall] : 1 -> 0
R�par� : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]|[EnableFirewall] : 1 -> 0
R�par� : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]|[EnableFirewall] : 1 -> 0


���������� | Fichiers temporaires

[All Users] Fichiers temporaires Supprim�s : 0 Ko
[Default User] Fichiers temporaires Supprim�s : 0 Ko
[Default] Fichiers temporaires Supprim�s : 0 Ko
[UpdatusUser] Fichiers temporaires Supprim�s : 0 Ko
[Public] Fichiers temporaires Supprim�s : 0 Ko
[Binar] Fichiers temporaires Supprim�s : 362577 Ko


���������� |EOF| ���������� | 03:39:52

Publicité


Signaler le contenu de ce document

Publicité