Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 15-07-18.01 - Gilbert 18/07/2015 11:46:55.1.2 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.4063.2094 [GMT 2:00]
Lancé depuis: c:\users\Gilbert\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
/wow section - STAGE 32
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le système ne peut trouver le fichier LockedB.
Le système ne peut trouver le fichier lockedB.
Le système ne peut trouver le fichier LockedB.
Accès refusé.
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gilbert\abyssthewraithsofeden_sv{1255957}.exe.download
c:\users\Gilbert\AppData\Roaming\.#
c:\users\Gilbert\detectivequestthecrystalslipper{1257516}.exe.download
c:\users\Gilbert\fairytalesmysteriesthepuppetthief_sv{1213336}.exe.download
c:\users\Gilbert\hallowedlegendsshipofbones{1268440}.exe.download
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
-------\Service_USBSafelyRemoveService
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-06-18 au 2015-07-18 ))))))))))))))))))))))))))))))))))))
.
.
2015-07-17 07:16 . 2015-07-17 07:16 -------- d-----w- c:\users\Default\AppData\Roaming\AVAST Software
2015-07-16 08:43 . 2015-07-16 08:36 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-07-16 08:39 . 2015-07-16 08:39 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-07-15 14:14 . 2015-07-15 14:14 254976 ----a-w- c:\windows\system32\cewmdm.dll
2015-07-15 14:14 . 2015-07-15 14:14 210432 ----a-w- c:\windows\SysWow64\cewmdm.dll
2015-07-15 14:14 . 2015-07-15 14:14 188416 ----a-w- c:\windows\system32\cryptsvc.dll
2015-07-15 14:14 . 2015-07-15 14:14 143872 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2015-07-15 14:14 . 2015-07-15 14:14 1174528 ----a-w- c:\windows\SysWow64\crypt32.dll
2015-07-15 14:14 . 2015-07-15 14:14 229376 ----a-w- c:\windows\system32\wintrust.dll
2015-07-15 14:14 . 2015-07-15 14:14 179200 ----a-w- c:\windows\SysWow64\wintrust.dll
2015-07-15 14:14 . 2015-07-15 14:14 1480192 ----a-w- c:\windows\system32\crypt32.dll
2015-07-15 14:14 . 2015-07-15 14:14 140288 ----a-w- c:\windows\system32\cryptnet.dll
2015-07-15 14:14 . 2015-07-15 14:14 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2015-07-15 14:12 . 2015-07-15 14:12 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-15 14:12 . 2015-07-15 14:12 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
2015-07-15 14:12 . 2015-07-15 14:12 3207168 ----a-w- c:\windows\system32\win32k.sys
2015-07-15 14:12 . 2015-07-15 14:12 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-07-15 14:12 . 2015-07-15 14:12 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-07-15 14:12 . 2015-07-15 14:12 3180544 ----a-w- c:\windows\system32\rdpcorets.dll
2015-07-15 14:12 . 2015-07-15 14:12 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 14:11 . 2015-07-15 14:11 3242496 ----a-w- c:\windows\system32\msi.dll
2015-07-15 14:11 . 2015-07-15 14:11 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-07-15 14:11 . 2015-07-15 14:11 1941504 ----a-w- c:\windows\system32\authui.dll
2015-07-15 14:11 . 2015-07-15 14:11 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-07-15 14:11 . 2015-07-15 14:11 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-07-15 14:11 . 2015-07-15 14:11 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-07-15 14:11 . 2015-07-15 14:11 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-07-15 14:11 . 2015-07-15 14:11 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-07-15 14:11 . 2015-07-15 14:11 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-07-15 14:11 . 2015-07-15 14:11 112064 ----a-w- c:\windows\system32\consent.exe
2015-07-15 14:11 . 2015-07-15 14:11 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2015-07-15 14:11 . 2015-07-15 14:11 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-07-15 14:07 . 2015-07-09 17:59 17856 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-07-15 14:07 . 2015-07-09 17:58 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-07-15 14:07 . 2015-07-09 17:58 765440 ----a-w- c:\windows\system32\invagent.dll
2015-07-15 14:07 . 2015-07-09 17:58 433664 ----a-w- c:\windows\system32\devinv.dll
2015-07-15 14:07 . 2015-07-09 17:58 1085440 ----a-w- c:\windows\system32\appraiser.dll
2015-07-15 14:07 . 2015-07-09 17:58 67584 ----a-w- c:\windows\system32\acmigration.dll
2015-07-15 14:07 . 2015-07-09 17:50 1145856 ----a-w- c:\windows\system32\aeinv.dll
2015-07-15 14:07 . 2015-07-15 14:07 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-07-15 14:05 . 2015-07-15 14:05 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-07-15 14:05 . 2015-07-15 14:05 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-07-15 14:05 . 2015-07-15 14:05 41984 ----a-w- c:\windows\system32\lpk.dll
2015-07-15 14:05 . 2015-07-15 14:05 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-07-15 14:05 . 2015-07-15 14:05 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-07-15 14:05 . 2015-07-15 14:05 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-07-15 14:05 . 2015-07-15 14:05 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-07-15 14:05 . 2015-07-15 14:05 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-07-15 14:05 . 2015-07-15 14:05 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-07-15 14:05 . 2015-07-15 14:05 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-06-28 08:39 . 2015-06-28 08:39 -------- d-----w- c:\users\Gilbert\AppData\Roaming\AVAST Software
2015-06-28 08:38 . 2015-06-28 08:38 272248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-06-28 08:38 . 2015-06-28 08:37 137288 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-06-28 08:38 . 2015-06-28 08:38 442264 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-06-28 08:38 . 2015-06-28 08:38 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-06-28 08:38 . 2015-06-28 08:38 89944 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-06-28 08:38 . 2015-06-28 08:38 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-06-28 08:38 . 2015-06-28 08:38 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-06-28 08:38 . 2015-06-28 08:37 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-06-28 08:38 . 2015-06-28 08:38 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-06-28 08:37 . 2015-06-28 08:37 43112 ----a-w- c:\windows\avastSS.scr
2015-06-28 08:28 . 2015-06-28 08:28 -------- d-----w- c:\program files\AVAST Software
2015-06-28 08:27 . 2015-06-28 08:27 -------- d-----w- c:\programdata\AVAST Software
2015-06-26 16:35 . 2015-07-18 10:58 -------- d-----w- c:\users\Gilbert\AppData\Roaming\Spamihilator
2015-06-26 15:02 . 2015-06-26 16:31 -------- d-----w- C:\Pre_Scan
2015-06-19 14:21 . 2015-06-19 14:21 -------- d-----w- c:\programdata\LULU Software
2015-06-19 14:19 . 2015-06-23 06:52 -------- d-----w- c:\users\Gilbert\AppData\Roaming\Soda PDF 7
2015-06-19 14:15 . 2015-06-19 14:32 -------- d-----w- c:\program files (x86)\Soda PDF 7
2015-06-19 13:56 . 2015-06-19 13:56 -------- d-----w- c:\programdata\Soda PDF 7
2015-06-19 09:48 . 2015-06-28 08:13 -------- d-sh--w- C:\DrWeb Quarantine
2015-06-19 09:48 . 2015-06-19 09:48 -------- d-----w- C:\Device
2015-06-19 07:17 . 2015-06-19 11:05 -------- d-----w- c:\users\Gilbert\Doctor Web
2015-06-19 06:57 . 2015-06-28 08:15 -------- d-----w- c:\program files\DrWeb
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-18 09:44 . 2015-07-18 09:44 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{21AFF6B6-713F-43D0-9788-713CA430057E}\offreg.4080.dll
2015-07-15 14:39 . 2009-12-16 13:09 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-07-15 14:18 . 2009-12-17 14:35 130333168 ----a-w- c:\windows\system32\MRT.exe
2015-07-15 14:01 . 2012-07-24 07:34 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-15 14:01 . 2011-06-17 08:39 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-21 08:39 . 2014-07-09 08:37 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-21 08:28 . 2014-07-09 08:37 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-21 08:28 . 2014-07-09 08:37 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-21 08:28 . 2014-01-28 09:36 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-20 07:13 . 2015-04-20 09:09 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-06-16 23:01 . 2015-06-16 23:01 1202856 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-06-12 07:50 . 2015-07-17 14:20 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{21AFF6B6-713F-43D0-9788-713CA430057E}\mpengine.dll
2015-06-02 16:41 . 2015-06-10 08:19 121432 ----a-w- c:\windows\system32\drivers\RapportHades64.sys
2015-05-25 18:24 . 2015-06-12 07:06 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-05-25 18:21 . 2015-06-12 07:06 1728960 ----a-w- c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-12 07:06 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-12 07:06 243712 ----a-w- c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-12 07:06 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-12 07:06 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-12 07:06 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-12 07:06 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-12 07:06 503808 ----a-w- c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-12 07:06 50176 ----a-w- c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-12 07:06 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-12 07:06 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-12 07:06 424960 ----a-w- c:\windows\system32\KernelBase.dll
2015-05-25 18:19 . 2015-06-12 07:06 1162752 ----a-w- c:\windows\system32\kernel32.dll
2015-05-25 18:18 . 2015-06-12 07:06 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-12 07:06 879104 ----a-w- c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-12 07:06 47104 ----a-w- c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-12 07:06 404992 ----a-w- c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-12 07:06 112640 ----a-w- c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-12 07:06 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-12 07:06 43008 ----a-w- c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-12 07:06 104448 ----a-w- c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-12 07:06 19456 ----a-w- c:\windows\system32\diskperf.exe
2015-05-25 18:18 . 2015-06-12 07:06 338432 ----a-w- c:\windows\system32\conhost.exe
2015-05-25 18:11 . 2015-06-12 07:06 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-05-25 18:11 . 2015-06-12 07:06 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-25 18:07 . 2015-06-12 07:06 3989440 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-12 07:06 3934144 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-12 07:06 1310744 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-05-25 18:01 . 2015-06-12 07:06 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-12 07:06 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-05-25 18:01 . 2015-06-12 07:06 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-12 07:06 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-05-25 18:01 . 2015-06-12 07:06 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-05-25 18:01 . 2015-06-12 07:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-25 18:00 . 2015-06-12 07:06 40448 ----a-w- c:\windows\SysWow64\typeperf.exe
2015-05-25 18:00 . 2015-06-12 07:06 364544 ----a-w- c:\windows\SysWow64\tracerpt.exe
2015-05-25 18:00 . 2015-06-12 07:06 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2015-05-25 18:00 . 2015-06-12 07:06 37888 ----a-w- c:\windows\SysWow64\relog.exe
2015-05-25 18:00 . 2015-06-12 07:06 82944 ----a-w- c:\windows\SysWow64\logman.exe
2015-05-25 18:00 . 2015-06-12 07:06 17408 ----a-w- c:\windows\SysWow64\diskperf.exe
2015-05-25 17:59 . 2015-06-12 07:06 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2015-05-25 17:59 . 2015-06-12 07:06 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2015-05-25 17:55 . 2015-06-12 07:06 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2015-05-25 17:55 . 2015-06-12 07:06 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 17:55 . 2015-06-12 07:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 17:55 . 2015-06-12 07:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 17:55 . 2015-06-12 07:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 17:55 . 2015-06-12 07:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 17:55 . 2015-06-12 07:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 17:55 . 2015-06-12 07:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 17:55 . 2015-06-12 07:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 17:55 . 2015-06-12 07:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 17:55 . 2015-06-12 07:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 17:55 . 2015-06-12 07:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 17:55 . 2015-06-12 07:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 17:55 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2015-05-25 17:55 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 17:55 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 17:55 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MailNotifier"="c:\program files (x86)\Orange\MailNotifier\MailNotifier.exe" [2010-11-04 634368]
"GUDelayStartup"="c:\program files (x86)\Glary Utilities 5\StartupManager.exe" [2015-07-06 37152]
"CCleaner Monitoring"="c:\program files (x86)\CCleaner\CCleaner64.exe" [2015-06-25 8358680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-03-20 60712]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
"Ad Muncher"="c:\program files (x86)\Ad Muncher\AdMunch.exe" [2015-04-18 595144]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-06-28 5515496]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-07-16 334896]
.
c:\users\Gilbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Spamihilator.lnk - c:\program files\Spamihilator\spamihilator.exe [2012-12-26 2472448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAPower"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"MAAgent"=c:\program files (x86)\MarkAny\ContentSafer\MAAgent.exe
.
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 AVerAF35;AVerMedia A825 USB Dual DVB-T;c:\windows\system32\Drivers\AVerAF35.sys;c:\windows\SYSNATIVE\Drivers\AVerAF35.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
R3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver.sys [x]
R3 Soda PDF 7 CrashHandler;Soda PDF 7 CrashHandler;c:\program files (x86)\Soda PDF 7\crash-handler-ws.exe;c:\program files (x86)\Soda PDF 7\crash-handler-ws.exe [x]
R3 Soda PDF 7;Soda PDF 7;c:\program files (x86)\Soda PDF 7\ws.exe;c:\program files (x86)\Soda PDF 7\ws.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\BatteryCare\WinRing0x64.sys;c:\program files (x86)\BatteryCare\WinRing0x64.sys [x]
R3 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 RapportHades64;RapportHades64;c:\windows\System32\Drivers\RapportHades64.sys;c:\windows\SYSNATIVE\Drivers\RapportHades64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
S1 RapportCerberus_1412112;RapportCerberus_1412112;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1412112.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1412112.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NovaPdfServer;novaPDF Server;c:\program files\Softland\novaPDF 8\Server\novapdfs.exe;c:\program files\Softland\novaPDF 8\Server\novapdfs.exe [x]
S2 ogmservice;Online Games Manager;c:\program files (x86)\Online Games Manager\ogmservice.exe;c:\program files (x86)\Online Games Manager\ogmservice.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 Soda PDF 7 Creator;Soda PDF 7 Creator;c:\program files (x86)\Soda PDF 7\creator-ws.exe;c:\program files (x86)\Soda PDF 7\creator-ws.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys;c:\windows\SYSNATIVE\DRIVERS\johci.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys;c:\windows\SYSNATIVE\drivers\keyscrambler.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-15 07:36 991048 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.134\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2015-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 14:01]
.
2015-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-18 15:18]
.
2015-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-18 15:18]
.
2015-06-28 c:\windows\Tasks\HPCeeScheduleForGILBERT-PC$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-06-28 08:38 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11\WLTRAY.exe" [2014-01-17 7032320]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = https://www.google.com/?trackid=sp-006
mSearch Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
mSearch Bar = https://www.google.com/?trackid=sp-006
uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}&FORM=INMODF&PC=IN01
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: orange.fr\logicielsgratuits
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\b0l7bvlx.default\
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search/?trackid=sp-006
FF - prefs.js: browser.search.selectedEngine - Orange
FF - prefs.js: keyword.URL - hxxp://r.orange.fr/r?ref=O_OI_hook_openSearchFF&url=http%3A//rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata=
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-{ba679afc-8ba0-48f4-b8bf-c144e8699fbc} - (no file)
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
SafeBoot-SolutoService
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-BFG-House of 1,000 Doors - La Palme de Zoroastre - c:\program files (x86)\House of 1
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,80,48,76,4e,fd,e7,c2,42,94,76,e4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,48,72,2f,cd,ed,4d,4a,8c,39,5e,\
.
[HKEY_USERS\S-1-5-21-590695166-95238818-3074260695-1001\Software\SecuROM\License information*]
"datasecu"=hex:16,9b,df,e0,f1,63,5c,e3,fe,f5,a0,4c,11,32,5e,0b,57,80,cd,1e,d8,
a0,a5,a5,9a,5f,d5,59,65,02,63,21,4e,e2,eb,99,9e,02,1e,b0,16,e8,4f,2f,f7,a3,\
"rkeysecu"=hex:b3,a6,db,3c,87,0c,3e,99,24,5e,0d,1c,06,b7,47,de
.
[HKEY_USERS\S-1-5-21-590695166-95238818-3074260695-1001_Classes\Wow6432Node\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden]
"{6D31FCD2-64F7-4E43-8E18-5A2BBA7D13C9}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA0n1WdwAagUCP/nVDcr3raQAAAAACAAAAAAAQZgAAAAEAACAAAABiiw54aOvgKPRE6ym04ZxtOIKQZ4HQ6ViV4SleGZZxGQAAAAAOgAAAAAIAACAAAAD/Ho4tccuFvmgr/4MoSLvIXkx5S93a2RxO+Kq++12gqRAAAAAXcTuvXiHQBINDkfMWwoTvQAAAAFqgGcmI2W0zyO+QzNYSJI2aOJ1vvQ5RwVRNthzWs4EOq8kzl2gNh/Y2It0p+53EJRzHT1i7Ou1NKxQNgQ9ctAY="
"{2338F5D5-2437-4FC3-9005-A01804321264}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA3/ei4iFkZEmSMZR3qTiAHwAAAAACAAAAAAAQZgAAAAEAACAAAABimK+PgiJuC1R6Sd6rXQbGzAC5ukS3aBqxpg88puJX+gAAAAAOgAAAAAIAACAAAACT3WY7/MONOlTQdvtjXMoLlGKbNCHfSVCEbzLPnffuCSAAAACUCw6otbyqzgObaReLSS7+xBb5JZ5qGytfcDcMWlPSDEAAAADlOmnc9vAwVmXEs/TdTChijXCoVJ+9VbeeCsCiXtjt02FmB0hGsim5UOh62u7Qth+d4SSyZJ5VbWedFTfQ6bT9"
"{FCCCD80D-2A5E-401E-B64F-D1C2E375B955}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA3/ei4iFkZEmSMZR3qTiAHwAAAAACAAAAAAAQZgAAAAEAACAAAAAqnU78AOvAupb1fOoWUz+w2tq8exYJBJdHeIqwHc6zOAAAAAAOgAAAAAIAACAAAAB9e9hVnguvqy1gfIcX7aA/IAAMWg42YzvM7BIh6i+61BAAAADKB6jDmgGnDcRrNlBcBQLSQAAAABNXSC2jJ0CgToiPs+0mDyocTEt84WXDTJooW2goWiqQc18JhSjw99RbV0s8JPO8hkEAKHsiMkNSq5JDBpin/9M="
.
[HKEY_USERS\S-1-5-21-590695166-95238818-3074260695-1001_Classes\Wow6432Node\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden\DeltaClock]
"LastSynchronizationClock"=hex(b):00,25,7c,ee,c2,09,d2,08
"DeltaClock"=hex(b):2f,6a,65,d3,ff,ff,ff,ff
"LastNtpServer"="time.nist.gov"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Glary Utilities 5\Initialize.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Heure de fin: 2015-07-18 13:14:41 - La machine a redémarré
ComboFix-quarantined-files.txt 2015-07-18 11:14
.
Avant-CF: 127 940 874 240 octets libres
Après-CF: 126 701 948 928 octets libres
.
- - End Of File - - A35B6CEB24F22DE00E19290498DF161C
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.4063.2094 [GMT 2:00]
Lancé depuis: c:\users\Gilbert\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
/wow section - STAGE 32
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Le système ne peut trouver le fichier LockedB.
Le système ne peut trouver le fichier lockedB.
Le système ne peut trouver le fichier LockedB.
Accès refusé.
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gilbert\abyssthewraithsofeden_sv{1255957}.exe.download
c:\users\Gilbert\AppData\Roaming\.#
c:\users\Gilbert\detectivequestthecrystalslipper{1257516}.exe.download
c:\users\Gilbert\fairytalesmysteriesthepuppetthief_sv{1213336}.exe.download
c:\users\Gilbert\hallowedlegendsshipofbones{1268440}.exe.download
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
-------\Service_USBSafelyRemoveService
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-06-18 au 2015-07-18 ))))))))))))))))))))))))))))))))))))
.
.
2015-07-17 07:16 . 2015-07-17 07:16 -------- d-----w- c:\users\Default\AppData\Roaming\AVAST Software
2015-07-16 08:43 . 2015-07-16 08:36 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-07-16 08:39 . 2015-07-16 08:39 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-07-15 14:14 . 2015-07-15 14:14 254976 ----a-w- c:\windows\system32\cewmdm.dll
2015-07-15 14:14 . 2015-07-15 14:14 210432 ----a-w- c:\windows\SysWow64\cewmdm.dll
2015-07-15 14:14 . 2015-07-15 14:14 188416 ----a-w- c:\windows\system32\cryptsvc.dll
2015-07-15 14:14 . 2015-07-15 14:14 143872 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2015-07-15 14:14 . 2015-07-15 14:14 1174528 ----a-w- c:\windows\SysWow64\crypt32.dll
2015-07-15 14:14 . 2015-07-15 14:14 229376 ----a-w- c:\windows\system32\wintrust.dll
2015-07-15 14:14 . 2015-07-15 14:14 179200 ----a-w- c:\windows\SysWow64\wintrust.dll
2015-07-15 14:14 . 2015-07-15 14:14 1480192 ----a-w- c:\windows\system32\crypt32.dll
2015-07-15 14:14 . 2015-07-15 14:14 140288 ----a-w- c:\windows\system32\cryptnet.dll
2015-07-15 14:14 . 2015-07-15 14:14 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2015-07-15 14:12 . 2015-07-15 14:12 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-15 14:12 . 2015-07-15 14:12 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
2015-07-15 14:12 . 2015-07-15 14:12 3207168 ----a-w- c:\windows\system32\win32k.sys
2015-07-15 14:12 . 2015-07-15 14:12 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-07-15 14:12 . 2015-07-15 14:12 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-07-15 14:12 . 2015-07-15 14:12 3180544 ----a-w- c:\windows\system32\rdpcorets.dll
2015-07-15 14:12 . 2015-07-15 14:12 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 14:11 . 2015-07-15 14:11 3242496 ----a-w- c:\windows\system32\msi.dll
2015-07-15 14:11 . 2015-07-15 14:11 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-07-15 14:11 . 2015-07-15 14:11 1941504 ----a-w- c:\windows\system32\authui.dll
2015-07-15 14:11 . 2015-07-15 14:11 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-07-15 14:11 . 2015-07-15 14:11 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-07-15 14:11 . 2015-07-15 14:11 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-07-15 14:11 . 2015-07-15 14:11 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-07-15 14:11 . 2015-07-15 14:11 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-07-15 14:11 . 2015-07-15 14:11 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-07-15 14:11 . 2015-07-15 14:11 112064 ----a-w- c:\windows\system32\consent.exe
2015-07-15 14:11 . 2015-07-15 14:11 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2015-07-15 14:11 . 2015-07-15 14:11 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-07-15 14:07 . 2015-07-09 17:59 17856 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-07-15 14:07 . 2015-07-09 17:58 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-07-15 14:07 . 2015-07-09 17:58 765440 ----a-w- c:\windows\system32\invagent.dll
2015-07-15 14:07 . 2015-07-09 17:58 433664 ----a-w- c:\windows\system32\devinv.dll
2015-07-15 14:07 . 2015-07-09 17:58 1085440 ----a-w- c:\windows\system32\appraiser.dll
2015-07-15 14:07 . 2015-07-09 17:58 67584 ----a-w- c:\windows\system32\acmigration.dll
2015-07-15 14:07 . 2015-07-09 17:50 1145856 ----a-w- c:\windows\system32\aeinv.dll
2015-07-15 14:07 . 2015-07-15 14:07 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-07-15 14:05 . 2015-07-15 14:05 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-07-15 14:05 . 2015-07-15 14:05 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-07-15 14:05 . 2015-07-15 14:05 41984 ----a-w- c:\windows\system32\lpk.dll
2015-07-15 14:05 . 2015-07-15 14:05 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-07-15 14:05 . 2015-07-15 14:05 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-07-15 14:05 . 2015-07-15 14:05 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-07-15 14:05 . 2015-07-15 14:05 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-07-15 14:05 . 2015-07-15 14:05 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-07-15 14:05 . 2015-07-15 14:05 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-07-15 14:05 . 2015-07-15 14:05 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-06-28 08:39 . 2015-06-28 08:39 -------- d-----w- c:\users\Gilbert\AppData\Roaming\AVAST Software
2015-06-28 08:38 . 2015-06-28 08:38 272248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-06-28 08:38 . 2015-06-28 08:37 137288 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-06-28 08:38 . 2015-06-28 08:38 442264 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-06-28 08:38 . 2015-06-28 08:38 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-06-28 08:38 . 2015-06-28 08:38 89944 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-06-28 08:38 . 2015-06-28 08:38 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-06-28 08:38 . 2015-06-28 08:38 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-06-28 08:38 . 2015-06-28 08:37 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-06-28 08:38 . 2015-06-28 08:38 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-06-28 08:37 . 2015-06-28 08:37 43112 ----a-w- c:\windows\avastSS.scr
2015-06-28 08:28 . 2015-06-28 08:28 -------- d-----w- c:\program files\AVAST Software
2015-06-28 08:27 . 2015-06-28 08:27 -------- d-----w- c:\programdata\AVAST Software
2015-06-26 16:35 . 2015-07-18 10:58 -------- d-----w- c:\users\Gilbert\AppData\Roaming\Spamihilator
2015-06-26 15:02 . 2015-06-26 16:31 -------- d-----w- C:\Pre_Scan
2015-06-19 14:21 . 2015-06-19 14:21 -------- d-----w- c:\programdata\LULU Software
2015-06-19 14:19 . 2015-06-23 06:52 -------- d-----w- c:\users\Gilbert\AppData\Roaming\Soda PDF 7
2015-06-19 14:15 . 2015-06-19 14:32 -------- d-----w- c:\program files (x86)\Soda PDF 7
2015-06-19 13:56 . 2015-06-19 13:56 -------- d-----w- c:\programdata\Soda PDF 7
2015-06-19 09:48 . 2015-06-28 08:13 -------- d-sh--w- C:\DrWeb Quarantine
2015-06-19 09:48 . 2015-06-19 09:48 -------- d-----w- C:\Device
2015-06-19 07:17 . 2015-06-19 11:05 -------- d-----w- c:\users\Gilbert\Doctor Web
2015-06-19 06:57 . 2015-06-28 08:15 -------- d-----w- c:\program files\DrWeb
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-18 09:44 . 2015-07-18 09:44 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{21AFF6B6-713F-43D0-9788-713CA430057E}\offreg.4080.dll
2015-07-15 14:39 . 2009-12-16 13:09 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-07-15 14:18 . 2009-12-17 14:35 130333168 ----a-w- c:\windows\system32\MRT.exe
2015-07-15 14:01 . 2012-07-24 07:34 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-15 14:01 . 2011-06-17 08:39 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-21 08:39 . 2014-07-09 08:37 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-21 08:28 . 2014-07-09 08:37 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-21 08:28 . 2014-07-09 08:37 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-21 08:28 . 2014-01-28 09:36 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-20 07:13 . 2015-04-20 09:09 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-06-16 23:01 . 2015-06-16 23:01 1202856 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-06-12 07:50 . 2015-07-17 14:20 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{21AFF6B6-713F-43D0-9788-713CA430057E}\mpengine.dll
2015-06-02 16:41 . 2015-06-10 08:19 121432 ----a-w- c:\windows\system32\drivers\RapportHades64.sys
2015-05-25 18:24 . 2015-06-12 07:06 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-05-25 18:21 . 2015-06-12 07:06 1728960 ----a-w- c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-12 07:06 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-12 07:06 243712 ----a-w- c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-12 07:06 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-12 07:06 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-12 07:06 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-12 07:06 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-12 07:06 503808 ----a-w- c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-12 07:06 50176 ----a-w- c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-12 07:06 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-12 07:06 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-12 07:06 424960 ----a-w- c:\windows\system32\KernelBase.dll
2015-05-25 18:19 . 2015-06-12 07:06 1162752 ----a-w- c:\windows\system32\kernel32.dll
2015-05-25 18:18 . 2015-06-12 07:06 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-12 07:06 879104 ----a-w- c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-12 07:06 47104 ----a-w- c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-12 07:06 404992 ----a-w- c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-12 07:06 112640 ----a-w- c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-12 07:06 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-12 07:06 43008 ----a-w- c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-12 07:06 104448 ----a-w- c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-12 07:06 19456 ----a-w- c:\windows\system32\diskperf.exe
2015-05-25 18:18 . 2015-06-12 07:06 338432 ----a-w- c:\windows\system32\conhost.exe
2015-05-25 18:11 . 2015-06-12 07:06 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-05-25 18:11 . 2015-06-12 07:06 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 18:11 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-25 18:07 . 2015-06-12 07:06 3989440 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-12 07:06 3934144 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-12 07:06 1310744 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-05-25 18:01 . 2015-06-12 07:06 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-12 07:06 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-05-25 18:01 . 2015-06-12 07:06 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-12 07:06 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-05-25 18:01 . 2015-06-12 07:06 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-05-25 18:01 . 2015-06-12 07:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-25 18:00 . 2015-06-12 07:06 40448 ----a-w- c:\windows\SysWow64\typeperf.exe
2015-05-25 18:00 . 2015-06-12 07:06 364544 ----a-w- c:\windows\SysWow64\tracerpt.exe
2015-05-25 18:00 . 2015-06-12 07:06 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2015-05-25 18:00 . 2015-06-12 07:06 37888 ----a-w- c:\windows\SysWow64\relog.exe
2015-05-25 18:00 . 2015-06-12 07:06 82944 ----a-w- c:\windows\SysWow64\logman.exe
2015-05-25 18:00 . 2015-06-12 07:06 17408 ----a-w- c:\windows\SysWow64\diskperf.exe
2015-05-25 17:59 . 2015-06-12 07:06 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2015-05-25 17:59 . 2015-06-12 07:06 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2015-05-25 17:55 . 2015-06-12 07:06 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2015-05-25 17:55 . 2015-06-12 07:06 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 17:55 . 2015-06-12 07:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 17:55 . 2015-06-12 07:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 17:55 . 2015-06-12 07:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 17:55 . 2015-06-12 07:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 17:55 . 2015-06-12 07:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 17:55 . 2015-06-12 07:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 17:55 . 2015-06-12 07:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 17:55 . 2015-06-12 07:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 17:55 . 2015-06-12 07:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 17:55 . 2015-06-12 07:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 17:55 . 2015-06-12 07:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 17:55 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2015-05-25 17:55 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 17:55 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 17:55 . 2015-06-12 07:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MailNotifier"="c:\program files (x86)\Orange\MailNotifier\MailNotifier.exe" [2010-11-04 634368]
"GUDelayStartup"="c:\program files (x86)\Glary Utilities 5\StartupManager.exe" [2015-07-06 37152]
"CCleaner Monitoring"="c:\program files (x86)\CCleaner\CCleaner64.exe" [2015-06-25 8358680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-03-20 60712]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
"Ad Muncher"="c:\program files (x86)\Ad Muncher\AdMunch.exe" [2015-04-18 595144]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-06-28 5515496]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-07-16 334896]
.
c:\users\Gilbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Spamihilator.lnk - c:\program files\Spamihilator\spamihilator.exe [2012-12-26 2472448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAPower"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"MAAgent"=c:\program files (x86)\MarkAny\ContentSafer\MAAgent.exe
.
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 AVerAF35;AVerMedia A825 USB Dual DVB-T;c:\windows\system32\Drivers\AVerAF35.sys;c:\windows\SYSNATIVE\Drivers\AVerAF35.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
R3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver.sys [x]
R3 Soda PDF 7 CrashHandler;Soda PDF 7 CrashHandler;c:\program files (x86)\Soda PDF 7\crash-handler-ws.exe;c:\program files (x86)\Soda PDF 7\crash-handler-ws.exe [x]
R3 Soda PDF 7;Soda PDF 7;c:\program files (x86)\Soda PDF 7\ws.exe;c:\program files (x86)\Soda PDF 7\ws.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\BatteryCare\WinRing0x64.sys;c:\program files (x86)\BatteryCare\WinRing0x64.sys [x]
R3 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 RapportHades64;RapportHades64;c:\windows\System32\Drivers\RapportHades64.sys;c:\windows\SYSNATIVE\Drivers\RapportHades64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
S1 RapportCerberus_1412112;RapportCerberus_1412112;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1412112.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1412112.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NovaPdfServer;novaPDF Server;c:\program files\Softland\novaPDF 8\Server\novapdfs.exe;c:\program files\Softland\novaPDF 8\Server\novapdfs.exe [x]
S2 ogmservice;Online Games Manager;c:\program files (x86)\Online Games Manager\ogmservice.exe;c:\program files (x86)\Online Games Manager\ogmservice.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 Soda PDF 7 Creator;Soda PDF 7 Creator;c:\program files (x86)\Soda PDF 7\creator-ws.exe;c:\program files (x86)\Soda PDF 7\creator-ws.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys;c:\windows\SYSNATIVE\DRIVERS\johci.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys;c:\windows\SYSNATIVE\drivers\keyscrambler.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-15 07:36 991048 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.134\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2015-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 14:01]
.
2015-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-18 15:18]
.
2015-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-18 15:18]
.
2015-06-28 c:\windows\Tasks\HPCeeScheduleForGILBERT-PC$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-06-28 08:38 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11\WLTRAY.exe" [2014-01-17 7032320]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = https://www.google.com/?trackid=sp-006
mSearch Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
mSearch Bar = https://www.google.com/?trackid=sp-006
uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}&FORM=INMODF&PC=IN01
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: orange.fr\logicielsgratuits
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\b0l7bvlx.default\
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search/?trackid=sp-006
FF - prefs.js: browser.search.selectedEngine - Orange
FF - prefs.js: keyword.URL - hxxp://r.orange.fr/r?ref=O_OI_hook_openSearchFF&url=http%3A//rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata=
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-{ba679afc-8ba0-48f4-b8bf-c144e8699fbc} - (no file)
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
SafeBoot-SolutoService
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-BFG-House of 1,000 Doors - La Palme de Zoroastre - c:\program files (x86)\House of 1
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,80,48,76,4e,fd,e7,c2,42,94,76,e4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,48,72,2f,cd,ed,4d,4a,8c,39,5e,\
.
[HKEY_USERS\S-1-5-21-590695166-95238818-3074260695-1001\Software\SecuROM\License information*]
"datasecu"=hex:16,9b,df,e0,f1,63,5c,e3,fe,f5,a0,4c,11,32,5e,0b,57,80,cd,1e,d8,
a0,a5,a5,9a,5f,d5,59,65,02,63,21,4e,e2,eb,99,9e,02,1e,b0,16,e8,4f,2f,f7,a3,\
"rkeysecu"=hex:b3,a6,db,3c,87,0c,3e,99,24,5e,0d,1c,06,b7,47,de
.
[HKEY_USERS\S-1-5-21-590695166-95238818-3074260695-1001_Classes\Wow6432Node\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden]
"{6D31FCD2-64F7-4E43-8E18-5A2BBA7D13C9}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA0n1WdwAagUCP/nVDcr3raQAAAAACAAAAAAAQZgAAAAEAACAAAABiiw54aOvgKPRE6ym04ZxtOIKQZ4HQ6ViV4SleGZZxGQAAAAAOgAAAAAIAACAAAAD/Ho4tccuFvmgr/4MoSLvIXkx5S93a2RxO+Kq++12gqRAAAAAXcTuvXiHQBINDkfMWwoTvQAAAAFqgGcmI2W0zyO+QzNYSJI2aOJ1vvQ5RwVRNthzWs4EOq8kzl2gNh/Y2It0p+53EJRzHT1i7Ou1NKxQNgQ9ctAY="
"{2338F5D5-2437-4FC3-9005-A01804321264}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA3/ei4iFkZEmSMZR3qTiAHwAAAAACAAAAAAAQZgAAAAEAACAAAABimK+PgiJuC1R6Sd6rXQbGzAC5ukS3aBqxpg88puJX+gAAAAAOgAAAAAIAACAAAACT3WY7/MONOlTQdvtjXMoLlGKbNCHfSVCEbzLPnffuCSAAAACUCw6otbyqzgObaReLSS7+xBb5JZ5qGytfcDcMWlPSDEAAAADlOmnc9vAwVmXEs/TdTChijXCoVJ+9VbeeCsCiXtjt02FmB0hGsim5UOh62u7Qth+d4SSyZJ5VbWedFTfQ6bT9"
"{FCCCD80D-2A5E-401E-B64F-D1C2E375B955}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA3/ei4iFkZEmSMZR3qTiAHwAAAAACAAAAAAAQZgAAAAEAACAAAAAqnU78AOvAupb1fOoWUz+w2tq8exYJBJdHeIqwHc6zOAAAAAAOgAAAAAIAACAAAAB9e9hVnguvqy1gfIcX7aA/IAAMWg42YzvM7BIh6i+61BAAAADKB6jDmgGnDcRrNlBcBQLSQAAAABNXSC2jJ0CgToiPs+0mDyocTEt84WXDTJooW2goWiqQc18JhSjw99RbV0s8JPO8hkEAKHsiMkNSq5JDBpin/9M="
.
[HKEY_USERS\S-1-5-21-590695166-95238818-3074260695-1001_Classes\Wow6432Node\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden\DeltaClock]
"LastSynchronizationClock"=hex(b):00,25,7c,ee,c2,09,d2,08
"DeltaClock"=hex(b):2f,6a,65,d3,ff,ff,ff,ff
"LastNtpServer"="time.nist.gov"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Glary Utilities 5\Initialize.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Heure de fin: 2015-07-18 13:14:41 - La machine a redémarré
ComboFix-quarantined-files.txt 2015-07-18 11:14
.
Avant-CF: 127 940 874 240 octets libres
Après-CF: 126 701 948 928 octets libres
.
- - End Of File - - A35B6CEB24F22DE00E19290498DF161C