Mon CPU se fait dévorer depuis quelques jours

[SyLvErFoX]

Vous avez énormément de "toolbars" selon votre log de HijackThis... C'est pourquoi je vous avais dit d'éliminer les 01, et 02, par contre vous en avez d'autre en 03 et 04, dont celui mentionné par rikwar qui apparait en 04... Les 01 et 02 vous pouvez les éliminer tous, les 03 et 04 faudra les trier car certains sont bons...

Un bon ménage serait de mise dans votre ordi, mais, nulle besoin de formater pour ça, un simple coup d'œil à votre log de HijackThis nous permet de voir que votre ordi est surchargé de merdes qui la ralentissent tous... Commencez par virer tous les BHO et les toolbars après on vous indiquera la suite des choses si votre ordi rame encore... La patience est une vertue!!

[FHADE]

Mille mercis de votre soutient...

D'accord, je repasse HijackThis

Pardonne-moi Sylverfox, je n'avais pas vu ton commentaire... C'est bizarre, c'est tou de même récent ce drainage de CPU.

[FHADE]

Bon ok, je scan avec HijackThis, je fixe les R1 R0, O2, et si je refait un scan, ils sont de retour. ???

Pour ce qui est des O1, je un message d'erreur à chacun qui va comme suit:

An unexpected error has occured at procedure:
modMain_FixOther1item(sItem=O1 - Hosts: 216.98.48.53 127.0.0.1) Error #75 - Erreur dans le chemin d'accès

Windows version: Windows NT 6.01.3505
MSIE version: 9.11.9600.16518
HijackThis version: 2.0.4

Merci de votre patience, vous en avez beaucoup plus que moi.

Frank

[rikwar]

infection lps peuetre

télécharger combofix ici(cliquer sur le rectangle bleu) le metre a jours et faite un scane >>> http://www.bleepingcomputer.com/download/combofix/

p.s désactiver AVG pour faire le scane avec combofix

[SyLvErFoX]

Bon ok, je scan avec HijackThis, je fixe les R1 R0, O2, et si je refait un scan, ils sont de retour. ???

Pour ce qui est des O1, je un message d'erreur à chacun qui va comme suit:

An unexpected error has occured at procedure:
modMain_FixOther1item(sItem=O1 - Hosts: 216.98.48.53 127.0.0.1) Error #75 - Erreur dans le chemin d'accès

Windows version: Windows NT 6.01.3505
MSIE version: 9.11.9600.16518
HijackThis version: 2.0.4

Merci de votre patience, vous en avez beaucoup plus que moi.

Frank

Oui, c'est normal, y en a qui reviennent mais ceux-là sont créés par Windows alors ils sont corrects...

Vous devriez télécharger revo uninstaller et flusher de votre ordi tous ce dont vous ne vous servez pas ça aiderait:

http://www.fileparade.com/listing/12240 ... MwodgzYAKQ

[FHADE]

Revo Uninstall: C'était déjà fait

Je ne comprends pas comment mettre à jour Combofix... Je n'ai accès à aucun menu.

Et pour ce qui est des O1 qui m'indiquent une message d'erreur? C'est p-e à cause que c'est sur Steam? Je me sert de Steam avec mes autres jeux.

Merci,

Frank

[FHADE]

voici le résultat du scan obtenu avec combofix:

ComboFix 14-02-24.02 - Francois 2014-03-02 14:59:03.1.3 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.5173 [GMT -5:00]
Lancé depuis: c:\users\Francois\Downloads\ComboFix.exe
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- Mode FONCTIONNALITES REDUITES -
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\users\Francois\AppData\Local\Temp\_MEI38002\_ctypes.pyd
c:\users\Francois\AppData\Local\Temp\_MEI38002\_elementtree.pyd
c:\users\Francois\AppData\Local\Temp\_MEI38002\_hashlib.pyd
c:\users\Francois\AppData\Local\Temp\_MEI38002\_multiprocessing.pyd
c:\users\Francois\AppData\Local\Temp\_MEI38002\_socket.pyd
c:\users\Francois\AppData\Local\Temp\_MEI38002\_ssl.pyd
c:\users\Francois\AppData\Local\Temp\_MEI38002\pyexpat.pyd
c:\users\Francois\AppData\Local\Temp\_MEI38002\pysqlite2._sqlite.pyd
c:\users\Francois\AppData\Local\Temp\_MEI38002\python27.dll
c:\users\Francois\AppData\Local\Temp\_MEI38002\pythoncom27.dll
c:\users\Francois\AppData\Local\Temp\_MEI38002\PyWinTypes27.dll
c:\users\Francois\AppData\Local\Temp\_MEI38002\select.pyd
c:\users\Francois\AppData\Local\Temp\_MEI38002\unicodedata.pyd
c:\users\Francois\AppData\Local\Temp\_MEI38002\win32api.pyd
c:\users\Francois\AppData\Local\Temp\_MEI38002\win32com.shell.shell.pyd
c:\users\Francois\AppData\Local\Temp\_MEI38002\win32crypt.pyd
c:\users\Francois\AppData\Local\Temp\_MEI38002\win32event.pyd
c:\users\Francois\AppData\Local\Temp\_MEI38002\win32file.pyd
c:\users\Francois\AppData\Local\Temp\_MEI38002\win32inet.pyd
c:\users\Francois\AppData\Local\Temp\_MEI38002\win32pdh.pyd
c:\users\Francois\AppData\Local\Temp\_MEI38002\win32pipe.pyd
c:\users\Francois\AppData\Local\Temp\_MEI38002\win32process.pyd
c:\users\Francois\AppData\Local\Temp\_MEI38002\win32profile.pyd
c:\users\Francois\AppData\Local\Temp\_MEI38002\win32security.pyd
c:\users\Francois\AppData\Local\Temp\_MEI38002\win32ts.pyd
c:\users\Francois\AppData\Local\Temp\_MEI38002\windows._lib_cacheinvalidation.pyd
c:\users\Francois\AppData\Local\Temp\_MEI38002\wx._controls_.pyd
c:\users\Francois\AppData\Local\Temp\_MEI38002\wx._core_.pyd
c:\users\Francois\AppData\Local\Temp\_MEI38002\wx._gdi_.pyd
c:\users\Francois\AppData\Local\Temp\_MEI38002\wx._html2.pyd
c:\users\Francois\AppData\Local\Temp\_MEI38002\wx._misc_.pyd
c:\users\Francois\AppData\Local\Temp\_MEI38002\wx._windows_.pyd
c:\users\Francois\AppData\Local\Temp\_MEI38002\wx._wizard.pyd
c:\users\Francois\AppData\Local\Temp\_MEI38002\wxbase294u_net_vc90.dll
c:\users\Francois\AppData\Local\Temp\_MEI38002\wxbase294u_vc90.dll
c:\users\Francois\AppData\Local\Temp\_MEI38002\wxmsw294u_adv_vc90.dll
c:\users\Francois\AppData\Local\Temp\_MEI38002\wxmsw294u_core_vc90.dll
c:\users\Francois\AppData\Local\Temp\_MEI38002\wxmsw294u_html_vc90.dll
c:\users\Francois\AppData\Local\Temp\_MEI38002\wxmsw294u_webview_vc90.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2014-02-02 au 2014-03-02 ))))))))))))))))))))))))))))))))))))
.
.
2014-03-02 20:02 . 2014-03-02 20:02 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-03-02 20:02 . 2014-03-02 20:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-02 19:56 . 2014-03-02 19:56 -------- d-----w- C:\AdwCleaner
2014-02-28 17:36 . 2014-02-28 17:36 -------- d-----w- c:\users\Francois\AppData\Roaming\GlarySoft
2014-02-28 17:36 . 2014-02-17 08:40 117024 ----a-w- c:\windows\system32\BootDefrag.exe
2014-02-28 17:36 . 2014-02-17 08:36 17088 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
2014-02-28 17:36 . 2014-03-02 20:13 -------- d-----w- c:\program files (x86)\Glary Utilities 4
2014-02-27 17:18 . 2014-02-27 17:18 388096 ----a-r- c:\users\Francois\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-02-27 17:18 . 2014-02-27 17:18 -------- d-----w- c:\program files (x86)\Trend Micro
2014-02-26 14:22 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-02-26 14:22 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-02-26 12:25 . 2014-02-26 12:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-26 12:25 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-25 00:03 . 2014-02-25 00:03 -------- d-----w- c:\programdata\ATI
2014-02-25 00:03 . 2014-02-25 00:03 -------- d-----w- c:\program files (x86)\AMD AVT
2014-02-25 00:03 . 2014-02-25 00:03 -------- d-----w- c:\program files (x86)\AMD APP
2014-02-25 00:03 . 2014-02-25 00:03 -------- d-----w- c:\program files\Common Files\ATI Technologies
2014-02-25 00:03 . 2014-02-25 00:03 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2014-02-25 00:00 . 2014-02-25 00:00 -------- d-----w- c:\program files (x86)\ATI Technologies
2014-02-24 23:59 . 2014-02-25 00:02 -------- d-----w- c:\program files\ATI Technologies
2014-02-22 00:37 . 2014-02-27 18:07 -------- d-----w- c:\users\Francois\AppData\Roaming\Raptr
2014-02-22 00:37 . 2014-02-27 18:05 -------- d-----w- c:\program files (x86)\Raptr
2014-02-21 16:27 . 2014-02-21 16:27 -------- d-----w- c:\program files\ATI
2014-02-19 21:02 . 2014-02-19 21:02 -------- d-----w- c:\users\Francois\AppData\Local\Facebook
2014-02-16 05:00 . 2013-10-02 01:10 44544 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2014-02-16 05:00 . 2013-10-02 04:51 3584 ----a-w- c:\windows\system32\drivers\fr-FR\tsusbflt.sys.mui
2014-02-16 05:00 . 2013-10-02 04:38 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2014-02-16 05:00 . 2013-10-02 02:11 13824 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-16 05:00 . 2013-10-02 02:08 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-16 05:00 . 2013-10-02 02:22 56832 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2014-02-16 05:00 . 2013-10-02 01:48 18944 ----a-w- c:\windows\system32\wksprtPS.dll
2014-02-16 05:00 . 2013-10-02 01:29 62976 ----a-w- c:\windows\system32\tsgqec.dll
2014-02-16 05:00 . 2013-10-02 00:14 17920 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2014-02-16 05:00 . 2013-10-01 23:58 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll
2014-02-16 04:59 . 2013-10-02 01:48 56832 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2014-02-16 04:59 . 2013-10-02 00:15 1057280 ----a-w- c:\windows\system32\rdvidcrl.dll
2014-02-16 04:59 . 2013-10-02 00:14 50176 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2014-02-16 04:59 . 2013-10-02 00:08 83968 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-02-16 04:59 . 2013-10-02 00:01 420864 ----a-w- c:\windows\system32\wksprt.exe
2014-02-16 04:59 . 2013-10-01 23:31 1147392 ----a-w- c:\windows\system32\mstsc.exe
2014-02-16 04:59 . 2013-10-01 23:08 855552 ----a-w- c:\windows\SysWow64\rdvidcrl.dll
2014-02-16 04:59 . 2013-10-01 22:34 1068544 ----a-w- c:\windows\SysWow64\mstsc.exe
2014-02-16 04:59 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-02-16 04:59 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-02-16 01:10 . 2014-02-16 01:10 -------- d-----w- c:\users\Francois\AppData\Roaming\library_dir
2014-02-13 13:44 . 2014-02-13 13:44 138152 ----a-w- c:\windows\SysWow64\drivers\AnyDVD.sys
2014-02-13 13:44 . 2014-02-13 13:44 138152 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2014-02-12 19:19 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-12 19:19 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-12 17:28 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-10 18:45 . 2014-02-10 18:45 97176 ----a-w- c:\windows\SysWow64\ElbyCDIO.dll
2014-02-02 22:13 . 2014-02-02 22:14 6288 ----a-w- c:\windows\system32\cc_20140202_171354.reg
2014-02-01 02:24 . 2014-02-01 02:24 -------- d-----w- c:\program files\iPod
2014-02-01 02:24 . 2014-02-01 02:24 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-01 02:24 . 2014-02-01 02:24 -------- d-----w- c:\program files\iTunes
2014-02-01 02:24 . 2014-02-01 02:24 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-02 05:57 . 2012-12-01 19:13 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-03-02 00:39 . 2012-04-25 17:56 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-03-02 00:39 . 2012-04-25 17:28 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-02-20 21:45 . 2012-04-25 02:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-20 21:45 . 2012-04-25 02:16 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-15 23:33 . 2012-12-01 19:13 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-02-15 05:31 . 2012-04-24 23:20 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-02-13 14:35 . 2013-04-30 23:13 35640 ----a-w- c:\windows\system32\TURegOpt.exe
2014-02-13 14:35 . 2013-11-07 02:13 36664 ----a-w- c:\windows\system32\uxtuneup.dll
2014-02-13 14:35 . 2013-11-07 02:13 30008 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2014-02-13 14:35 . 2013-04-30 23:13 26936 ----a-w- c:\windows\system32\authuitu.dll
2014-02-13 14:35 . 2013-04-30 23:13 22328 ----a-w- c:\windows\SysWow64\authuitu.dll
2014-01-30 02:23 . 2014-01-30 02:23 192746 ----a-w- c:\windows\system32\cc_20140129_212311.reg
2014-01-08 20:54 . 2014-01-30 02:29 121856 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2013-12-24 15:40 . 2014-01-30 02:29 21184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-12-19 02:09 . 2014-01-20 18:40 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1D9C1749-118F-4111-9598-A36476426D18}]
2012-09-25 16:52 383488 ----a-w- c:\program files (x86)\Swiki_IE\ScriptHost.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{DC6B8925-0118-48E8-AC93-DAA12A8D43B2}"
[HKEY_CLASSES_ROOT\CLSID\{DC6B8925-0118-48E8-AC93-DAA12A8D43B2}]
2012-04-09 20:27 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 20:27 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2014-02-27 109784]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-01-30 21822128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2014-02-04 2552856]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-30 642304]
"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-01-22 4962320]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"agentantidote64.exe"="c:\program files (x86)\Druide\Antidote 7\Programmes64\agentantidote64.exe" [2013-06-14 83968]
"agentantidote.exe"="c:\program files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe" [2013-06-14 947712]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2014-02-27 109784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT]
start AMD Accelerated Video Transcoding device initialization [X]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe"
"HPUsageTracking"="c:\program files (x86)\Hewlett-Packard\HP UT\bin\hppusg.exe" "c:\program files (x86)\Hewlett-Packard\HP UT\"
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 hcwE5bda;Hauppauge Siena Video Capture;c:\windows\system32\drivers\hcwE5bda.sys;c:\windows\SYSNATIVE\drivers\hcwE5bda.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys;c:\windows\SYSNATIVE\DRIVERS\lvpopf64.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 MUSTechVIDCAP;ADS DVD XPRESS DX2;c:\windows\system32\drivers\musgostrm.sys;c:\windows\SYSNATIVE\drivers\musgostrm.sys [x]
R3 pmkbdfltr;PenMount Keyboard Device Filter Driver;c:\windows\system32\DRIVERS\pmkbdfltr.sys;c:\windows\SYSNATIVE\DRIVERS\pmkbdfltr.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%; [x]
R3 SaiH0464;SaiH0464;c:\windows\system32\DRIVERS\SaiH0464.sys;c:\windows\SYSNATIVE\DRIVERS\SaiH0464.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub; [x]
R3 VGPU;VGPU; [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 HcwDevCentralService;HcwDevCentralService;c:\progra~2\HAUPPA~2\DEVICE~1\HCWDEV~1.EXE;c:\progra~2\HAUPPA~2\DEVICE~1\HCWDEV~1.EXE [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [x]
S2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [x]
S2 avgfws;Pare-feu AVG;c:\program files (x86)\AVG\AVG2014\avgfws.exe;c:\program files (x86)\AVG\AVG2014\avgfws.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 200(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-22 04:23 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2014-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 21:45]
.
2014-03-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2328760863-2484785997-430912446-1000Core.job
- c:\users\Francois\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-19 21:02]
.
2014-03-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2328760863-2484785997-430912446-1000UA.job
- c:\users\Francois\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-19 21:02]
.
2014-03-02 c:\windows\Tasks\GlaryInitialize 4.job
- c:\program files (x86)\Glary Utilities 4\Initialize.exe [2014-02-12 08:23]
.
2014-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-28 00:20]
.
2014-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-28 00:20]
.
2014-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2328760863-2484785997-430912446-1000Core.job
- c:\users\Francois\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-10 23:29]
.
2014-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2328760863-2484785997-430912446-1000UA.job
- c:\users\Francois\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-10 23:29]
.
2013-01-21 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-20 16:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{DC6B8925-0118-48E8-AC93-DAA12A8D43B2}"
[HKEY_CLASSES_ROOT\CLSID\{DC6B8925-0118-48E8-AC93-DAA12A8D43B2}]
2012-04-09 20:27 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 20:27 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 194560]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2009-06-03 357888]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-08-01 8290584]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Barre RoboForm - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Enregistrer les formulaires - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Personnaliser le menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: Remplir les formulaires - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
FF - ProfilePath - c:\users\Francois\AppData\Roaming\Mozilla\Firefox\Profiles\afel3s47.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311875&CUI=UN46391926875252473&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - SweetTunes Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311875&SearchSource=2&CUI=UN46391926875252473&UM=2&q=
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
MSConfigStartUp-NBAgent - c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{DEDAF650-12B8-48f5-A843-BBA100716106} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_moh.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
"{724D43A0-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,ce,40,5e,
76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}"=hex:51,66,7a,6c,4c,1d,38,12,8b,c7,39,
ea,82,fe,a8,0b,f7,bf,ff,e1,a6,74,f5,13
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
"{1D9C1749-118F-4111-9598-A36476426D18}"=hex:51,66,7a,6c,4c,1d,38,12,27,14,8f,
19,bd,5f,7f,04,ea,8e,e0,24,73,1c,29,0c
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{5FF49FE8-B332-4CB9-B102-FB6951629E55}"=hex:51,66,7a,6c,4c,1d,38,12,86,9c,e7,
5b,00,fd,d7,09,ce,14,b8,29,54,3c,da,41
"{724D43A9-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,c7,40,5e,
76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}"=hex:51,66,7a,6c,4c,1d,38,12,ac,35,59,
8e,07,4b,42,08,c2,2b,0a,2c,b2,b0,92,f7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{DEDAF650-12B8-48F5-A843-BBA100716106}"=hex:51,66,7a,6c,4c,1d,38,12,3e,f5,c9,
da,8a,5c,9b,0d,d7,55,f8,e1,05,2f,25,12
.
[HKEY_USERS\S-1-5-21-2328760863-2484785997-430912446-1000\Software\SecuROM\License information*]
"datasecu"=hex:94,4a,60,a1,36,e6,07,b5,6b,6f,0e,6e,db,36,fd,9b,2c,48,82,6a,83,
7b,7f,e7,c5,dd,d1,7d,b5,45,a9,87,eb,52,86,d7,e4,34,d8,d3,56,cd,53,0d,d4,df,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
c:\program files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files (x86)\Glary Utilities 4\Integrator.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Heure de fin: 2014-03-02 15:17:37 - La machine a redémarré
ComboFix-quarantined-files.txt 2014-03-02 20:17
.
Avant-CF: 159 190 941 696 bytes free
Après-CF: 159 430 979 584 bytes free
.
- - End Of File - - 1FAB79CA89C385669CE73A5E25507BE7
A36C5E4F47E84449FF07ED3517B43A31