Sujet Précédent Sujet Suivant

Publicité

Fermé
nico4510 Messages postés 232 Date d'inscription vendredi 18 août 2006 Statut Membre Dernière intervention 2 juillet 2014 - 14 juin 2011 à 20:37
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 - 15 juin 2011 à 19:49
Bonjour,

bonjour à tous, depuis quelques temps quand je suis sur mozilla firefox, des pages de pub apparaissent.
j'ai fait un scan avec hijackthis voici le rapport
merci d'avance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:34:58, on 14/06/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Nicolas\AppData\Roaming\PCtuto\UpdatePCTuto\autoupdater.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Windows\PLFSetI.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\PCTuto\pctuto.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\DartyBoxTHD_v1\NetGear\AssistantDB\AssistantDB_Netgear.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Convesoft\Orion\Messenger.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\ehome\ehmsas.exe
C:\Users\Nicolas\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=1208&m=aspire_7730g
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=1208&m=aspire_7730g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\prxtbmyB2.dll
R3 - URLSearchHook: Softonic_France Toolbar - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\prxtbSof0.dll
R3 - URLSearchHook: WhiteSmoke_Tools Toolbar - {51fcf544-34e1-47e6-b661-fbc5280c2e74} - C:\Program Files\WhiteSmoke_Tools\prxtbWhit.dll (file missing)
R3 - URLSearchHook: (no name) - {ef79f67a-6ad7-4715-a0f8-932fca442023} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PCTBHO - {293A63F7-C3B6-423a-9845-901AC0A7EE6E} - C:\Program Files\PCTuto\pctutoBHO.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Softonic_France - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\prxtbSof0.dll
O2 - BHO: WhiteSmoke_Tools - {51fcf544-34e1-47e6-b661-fbc5280c2e74} - C:\Program Files\WhiteSmoke_Tools\prxtbWhit.dll (file missing)
O2 - BHO: BHO Project - {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - C:\Program Files\Object\bho_project.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: OfferBox - {703740c1-0f1a-4cec-a4df-d78db0158477} - C:\Program Files\OfferBox\extensions-3.2.3747.107\offerbox_air_iexplorer.dll (file missing)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: myBabylon English - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\prxtbmyB2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\prxtbmyB2.dll
O3 - Toolbar: Softonic_France Toolbar - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\prxtbSof0.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: WhiteSmoke_Tools Toolbar - {51fcf544-34e1-47e6-b661-fbc5280c2e74} - C:\Program Files\WhiteSmoke_Tools\prxtbWhit.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Facemoi] c:\Facemoi\facemoi.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [PCTuto] "C:\Program Files\PCTuto\pctuto.exe"
O4 - HKLM\..\RunOnce: [autoupdater] C:\Users\Nicolas\AppData\Roaming\PCtuto\UpdatePCTuto\autoupdater.exe -runonce
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WahOO] "C:\Users\Nicolas\AppData\Local\WahOO\WahOO.exe" silent
O4 - HKCU\..\Run: [Facemoi] C:\Facemoi\facemoi.exe
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Assistant DartyBox] C:\Program Files\DartyBoxTHD_v1\NetGear\AssistantDB\AssistantDB_Netgear.exe -m
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Bouygues Telecom Mes services en un clic.lnk = C:\Program Files\Bouygues Telecom Mes services en un clic\Bouygues Telecom Mes services en un clic.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Orion.lnk = C:\Program Files\Convesoft\Orion\Messenger.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

14 réponses

Réponse 1 / 14
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
Modifié par juju666 le 14/06/2011 à 20:39
Hello

/!\ Ne pas utiliser ce logiciel en dehors du cadre de cette désinfection : DANGEREUX /!\

▶ /!\ IMPORTANT /!\
Désactive ton Antivirus, antispyware et Pare feu avant le scan avec Combofix :
https://forum.pcastuces.com/default.asp
https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
_______________________________________________________________

▶ Fais un clic droit sur le lien ci dessous, choisi "Enregistrer la cible du lien sous", comme destination : ton Bureau, change son nom (ton_pseudo.exe par exemple) :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

▶ Double-clique sur ComboFix.exe
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter

▶ ▶ SI TU ES SOUS WINDOWS XP, SURTOUT INSTALLES LA CONSOLE DE RÉCUPÉRATION [Si tu travailles avec Vista ou seven ne tiens pas compte de cet avertissement]
▶ ▶ Ne touche à rien (souris, clavier) tant que le scan n''est pas terminé, car tu risques de planter ton PC

▶ En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
▶ Une fois le scan achevé, un rapport va s''afficher : Poste son contenu
▶ ▶ /!\ Réactive la protection en temps réel de ton antivirus avant de te reconnecter à Internet. /!\

Notes:
-> Le rapport se trouve également là : C:\ComboFix.txt
-> tutoriel combofix
.::. Contributeur Sécurité .::.
0
Réponse 2 / 14
nico4510 Messages postés 232 Date d'inscription vendredi 18 août 2006 Statut Membre Dernière intervention 2 juillet 2014 2
14 juin 2011 à 21:14
ComboFix 11-06-14.01 - Nicolas 14/06/2011 20:51:18.1.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3066.806 [GMT 2:00]
Lancé depuis: c:\users\Nicolas\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Object\bhO_project.dll
c:\users\Nicolas\AppData\Local\Temp\9b93aee4-5d0f-43c6-98ae-ec0b1e7534ab\CliSecureRT.dll
c:\users\Nicolas\AppData\Roaming\.#
c:\users\Nicolas\AppData\Roaming\OfferBox
c:\users\Nicolas\AppData\Roaming\OfferBox\config.dat
c:\users\Nicolas\AppData\Roaming\OfferBox\config.xml
c:\windows\system32\muzapp.exe
c:\windows\system32\system32
c:\windows\system32\system32\3DAudio.ax
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MaJUtilLib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCaller.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\MetaStore2.dll
c:\windows\system32\system32\Microsoft.Synchronization.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
c:\windows\system32\system32\Synchronization2.dll
D:\install.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-05-14 au 2011-06-14 ))))))))))))))))))))))))))))))))))))
.
.
2011-06-14 18:58 . 2011-06-14 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-14 15:39 . 2011-06-14 15:39 -------- d-----w- c:\program files\ZHPDiag
2011-06-14 15:34 . 2011-06-14 15:34 -------- d-----w- c:\program files\Trend Micro
2011-06-14 05:20 . 2011-06-14 05:21 -------- d-----w- c:\users\Nicolas\AppData\Local\{B2FC03C6-0322-431D-8C63-E8AB6C73C03B}
2011-06-13 06:53 . 2011-06-13 06:53 -------- d-----w- c:\users\Nicolas\AppData\Local\{75E8C6D1-BB65-475C-8A19-64BEF497457E}
2011-06-11 05:45 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{897454AE-38A0-44D0-B99B-AD563CA2D2CD}\mpengine.dll
2011-06-11 05:41 . 2011-06-11 05:41 -------- d-----w- c:\users\Nicolas\AppData\Local\{2EF22CAF-E638-4DB6-B51D-5AF8C12B8E65}
2011-06-10 12:16 . 2011-06-11 06:26 -------- d-----w- c:\users\Nicolas\AppData\Roaming\BitTorrent
2011-06-10 12:14 . 2011-06-10 12:14 -------- d-----w- c:\users\Nicolas\AppData\Roaming\PCtuto
2011-06-10 12:14 . 2011-06-10 12:14 -------- d-----w- c:\program files\PCTuto
2011-06-10 12:14 . 2011-06-10 12:14 -------- d-----w- c:\users\Nicolas\AppData\Local\PCTuto
2011-06-10 12:14 . 2011-06-14 18:57 -------- d-----w- c:\program files\Object
2011-06-10 05:40 . 2011-06-10 05:40 -------- d-----w- c:\users\Nicolas\AppData\Local\{B4651C3D-DAAD-432F-90AF-063E8D405056}
2011-06-09 05:35 . 2011-06-09 05:35 -------- d-----w- c:\users\Nicolas\AppData\Local\{FEEAF97C-C3F7-4B5A-B2A3-2F26B68B5CE2}
2011-06-08 05:18 . 2011-06-08 05:18 -------- d-----w- c:\users\Nicolas\AppData\Local\{E3EED080-7C4A-4022-B544-9D7EDDD189E9}
2011-06-07 12:53 . 2011-06-07 12:53 -------- d-----w- c:\users\Nicolas\AppData\Roaming\DartyBox THD
2011-06-07 11:29 . 2011-06-07 11:29 -------- d-----w- c:\users\Nicolas\AppData\Roaming\DartyBoxTHD
2011-06-07 11:28 . 2011-06-07 11:28 -------- d-----w- c:\program files\DartyBoxTHD_v1
2011-06-07 11:14 . 2011-06-07 11:14 -------- d-----w- c:\program files\Citrix
2011-06-07 11:14 . 2011-06-07 11:28 -------- d-----w- c:\program files\CD_DartyBox_THD
2011-06-06 18:20 . 2011-06-06 18:21 -------- d-----w- c:\users\Nicolas\AppData\Local\{674321FF-B3F2-49F0-9AA3-18B0FAA463AA}
2011-06-05 06:43 . 2011-06-05 06:43 -------- d-----w- c:\users\Nicolas\AppData\Local\{EAF6870C-1EE2-4DF6-81F4-282BC3D509E5}
2011-06-03 06:05 . 2011-06-03 06:06 -------- d-----w- c:\users\Nicolas\AppData\Local\{98318E40-8627-4B97-8CFA-AC34551F53A7}
2011-06-02 06:36 . 2011-06-02 06:37 -------- d-----w- c:\users\Nicolas\AppData\Local\{1D2DAFAA-5E33-4B07-88BE-1E63D70CDACB}
2011-06-01 06:33 . 2011-06-01 06:33 -------- d-----w- c:\users\Nicolas\AppData\Local\{5C6B9D86-7B09-4B76-B0F4-08BA0B800A26}
2011-05-31 05:38 . 2011-05-31 05:38 -------- d-----w- c:\users\Nicolas\AppData\Local\{7FC71FBB-1D14-49A4-81DC-E88F64A91D72}
2011-05-30 05:33 . 2011-05-30 05:33 -------- d-----w- c:\users\Nicolas\AppData\Local\{5822F469-62CF-4A5D-9E06-D8C912054D32}
2011-05-29 07:34 . 2011-05-29 07:34 -------- d-----w- c:\users\Nicolas\AppData\Local\{31A31D8D-1594-47EA-A4DF-7F03CEE7DE58}
2011-05-28 06:54 . 2011-05-28 06:54 -------- d-----w- c:\users\Nicolas\AppData\Local\{3A4AAD4D-4991-4CDC-9EFD-9E0148401E63}
2011-05-27 05:39 . 2011-05-27 05:39 -------- d-----w- c:\users\Nicolas\AppData\Local\{97F9DE4C-2BFA-44D5-B44D-050608AA037E}
2011-05-26 05:21 . 2011-05-26 05:21 -------- d-----w- c:\users\Nicolas\AppData\Local\{448F4FBD-A1E4-429D-ACAD-CEC90E594ABF}
2011-05-24 05:19 . 2011-05-24 05:19 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-24 05:17 . 2011-05-24 05:17 -------- d-----w- c:\users\Nicolas\AppData\Local\{EC58A04E-FA05-48B8-B6BD-42986D8A6F8C}
2011-05-23 16:17 . 2011-05-24 05:17 -------- d-----w- c:\users\Nicolas\AppData\Roaming\WhiteSmoke
2011-05-23 11:40 . 2011-05-23 11:40 -------- d-----w- c:\users\Nicolas\AppData\Local\{8082A705-967E-47CE-A67E-17CAC7312FA1}
2011-05-21 20:06 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-21 20:06 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-21 20:06 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-21 20:06 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-21 20:06 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-21 20:06 . 2011-05-10 11:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-21 20:06 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-21 20:06 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-21 20:00 . 2011-05-21 20:01 -------- d-----w- c:\users\Nicolas\AppData\Local\{EC9657B4-470D-4AAB-9DE8-0191A12A68C0}
2011-05-21 06:43 . 2011-05-21 06:43 -------- d-----w- c:\users\Nicolas\AppData\Local\{2BB19A13-E25D-4B8B-87C0-7BB7A172C54D}
2011-05-19 17:00 . 2011-05-19 17:00 -------- d-----w- c:\users\Nicolas\AppData\Local\{A285F88B-D419-45EC-8E4C-0EACCE36F55C}
2011-05-18 05:15 . 2011-05-18 05:15 -------- d-----w- c:\users\Nicolas\AppData\Local\{A2F659EF-4CDE-4E7B-BE7C-1BBC151AABFB}
2011-05-18 05:14 . 2011-06-12 07:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-17 06:14 . 2011-05-17 06:14 -------- d-----w- c:\users\Nicolas\AppData\Local\{CD50994F-9C5E-4D9F-AB92-E53CB7CF7718}
2011-05-17 05:12 . 2011-05-17 05:13 -------- d-----w- c:\users\Nicolas\AppData\Local\{4979C30D-1ACF-4DF8-AE6D-544AC331590D}
2011-05-16 05:15 . 2011-05-16 05:15 -------- d-----w- c:\users\Nicolas\AppData\Local\{B3D4ECAD-9AD7-4A5A-AEA3-7156CB70873B}
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-13 18:54 . 2011-04-13 18:54 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-13 18:54 . 2011-04-13 18:54 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-13 18:54 . 2011-04-13 18:54 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-13 18:54 . 2011-04-13 18:54 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-13 18:54 . 2011-04-13 18:54 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-13 18:54 . 2011-04-13 18:54 367104 ----a-w- c:\windows\system32\html.iec
2011-04-13 18:54 . 2011-04-13 18:54 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-13 18:54 . 2011-04-13 18:54 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-13 18:54 . 2011-04-13 18:54 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-13 18:54 . 2011-04-13 18:54 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-13 18:54 . 2011-04-13 18:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-13 18:54 . 2011-04-13 18:54 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-13 18:54 . 2011-04-13 18:54 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-13 18:54 . 2011-04-13 18:54 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-13 18:54 . 2011-04-13 18:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-13 18:54 . 2011-04-13 18:54 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-13 18:54 . 2011-04-13 18:54 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-13 18:54 . 2011-04-13 18:54 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-13 18:54 . 2011-04-13 18:54 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-13 18:54 . 2011-04-13 18:54 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-13 18:54 . 2011-04-13 18:54 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-14 16:47 . 2011-05-01 07:15 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-12-14 10:31 . 2009-12-14 10:31 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\prxtbmyB2.dll" [2011-01-17 175912]
"{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Softonic_France\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2011-01-17 14:54 175912 ----a-w- c:\program files\myBabylon_English\prxtbmyB2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\prxtbmyB2.dll" [2011-01-17 175912]
"{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France\prxtbSof0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\prxtbmyB2.dll" [2011-01-17 175912]
"{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}"= "c:\program files\Softonic_France\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 22:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-06 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-05-11 934800]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-05-11 3373968]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-05-11 19856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-18 15146376]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
"Assistant DartyBox"="c:\program files\DartyBoxTHD_v1\NetGear\AssistantDB\AssistantDB_Netgear.exe" [2010-03-04 3452416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-07 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-07 92704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-14 30192]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-17 122368]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"PCTuto"="c:\program files\PCTuto\pctuto.exe" [2011-04-14 982656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"autoupdater"="c:\users\Nicolas\AppData\Roaming\PCtuto\UpdatePCTuto\autoupdater.exe" [2011-04-14 663168]
.
c:\users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Bouygues Telecom Mes services en un clic.lnk - c:\program files\Bouygues Telecom Mes services en un clic\Bouygues Telecom Mes services en un clic.exe [N/A]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
Orion.lnk - c:\program files\Convesoft\Orion\Messenger.exe [2008-4-7 4685824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-06-07 11:14 10536 ----a-w- c:\program files\Citrix\GoToAssist\508\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 135664]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-01-29 20032]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-14 30192]
R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\DRIVERS\optousb.sys [2006-10-18 18560]
R3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\DRIVERS\optovcm.sys [2006-10-19 25344]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-04-27 98560]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-04-27 14848]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-04-27 123648]
R3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\DRIVERS\ssceserd.sys [2010-04-27 100352]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-26 217088]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-10-25 36640]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-21 81296]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-08-07 44064]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'
.
2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 10:57]
.
2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 10:57]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://neufportail.fr/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: consoclicker.com\www
TCP: DhcpNameServer = 89.2.0.1 89.2.0.2
FF - ProfilePath - c:\users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\h9stcmq5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849852&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHELINS SUPPRIMES - - - -
.
URLSearchHooks-{51fcf544-34e1-47e6-b661-fbc5280c2e74} - c:\program files\WhiteSmoke_Tools\prxtbWhit.dll
URLSearchHooks-{ef79f67a-6ad7-4715-a0f8-932fca442023} - (no file)
BHO-{51fcf544-34e1-47e6-b661-fbc5280c2e74} - c:\program files\WhiteSmoke_Tools\prxtbWhit.dll
BHO-{703740c1-0f1a-4cec-a4df-d78db0158477} - c:\program files\OfferBox\extensions-3.2.3747.107\offerbox_air_iexplorer.dll
Toolbar-{51fcf544-34e1-47e6-b661-fbc5280c2e74} - c:\program files\WhiteSmoke_Tools\prxtbWhit.dll
HKCU-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-WahOO - c:\users\Nicolas\AppData\Local\WahOO\WahOO.exe
HKCU-Run-Facemoi - c:\facemoi\facemoi.exe
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-Facemoi - c:\facemoi\facemoi.exe
AddRemove-AVerMedia A310 (MiniCard, DVB-T) - c:\program files\AVerMedia\AVerMedia A310 (MiniCard
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background?
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(1236)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2011-06-14 21:09:48 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-06-14 19:09
.
Avant-CF: 26 412 740 608 octets libres
Après-CF: 26 259 546 112 octets libres
.
- - End Of File - - A4DB734AD001144FF06752670A0ED629
0
Réponse 3 / 14
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
14 juin 2011 à 21:27
▶ ▶ DÉSACTIVE TES PROTECTIONS DURANT LA PROCÉDURE

▶ ▶ SCRIPT PERSONNALISE A CET ORDINATEUR, NE PAS REPRODUIRE : DANGEREUX !!!!

▶ Créé un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes : 

KillAll::

Folder::
c:\users\Nicolas\AppData\Roaming\PCtuto    
c:\program files\PCTuto    
c:\users\Nicolas\AppData\Local\PCTuto    
c:\users\Nicolas\AppData\Roaming\WhiteSmoke  
c:\program files\SweetIM
c:\program files\myBabylon_English
c:\program files\Softonic_France
c:\program files\ConduitEngine
c:\program files\McAfee Security Scan

File::
c:\windows\system32\ConduitEngine.tmp    
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]  
"{EEE6C35D-6118-11DC-9C72-001320C79847}"=-
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"=-
"{4daac69c-cba7-45e2-9bc8-1044483d3352}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]   
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]   
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]   
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]    
[-HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]   
[-HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]    
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]  
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-  
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"=- 
"{4daac69c-cba7-45e2-9bc8-1044483d3352}"=- 
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] 
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]   
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]  
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] 
[-HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]  
[-HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]  
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]  
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] 
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-  
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"=-
"{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}"= -
[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]   
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]     
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] 
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]   
[-HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[-HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}] 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"SweetIM"=-
"PCTuto"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"autoupdater"=-

FireFox::
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849852&SearchSource=3&q={searchTerms}    
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q=   
FF - user.js: yahoo.homepage.dontask - true      

Reboot::


▶ Enregistre ce fichier sous le nom CFScript

▶ Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript-2.gif

▶ Combofix se lance, laisse toi guider..

▶ Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c''est normal!
Ne touche à rien tant que le scan n''est pas terminé.
▶ Une fois le scan achevé, un rapport va s''afficher: poste son contenu, en précisant où en sont tes soucis

▶ Si le fichier ne s''ouvre pas, il se trouve ici > C:\ComboFix.txt
0
Réponse 4 / 14
nico4510 Messages postés 232 Date d'inscription vendredi 18 août 2006 Statut Membre Dernière intervention 2 juillet 2014 2
15 juin 2011 à 08:57
ComboFix 11-06-14.01 - Nicolas 15/06/2011 8:35.2.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3066.1896 [GMT 2:00]
Lancé depuis: c:\users\Nicolas\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Nicolas\Desktop\CFScript.htm
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\ConduitEngine.tmp"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ConduitEngine
c:\program files\ConduitEngine\appContextMenu.xml
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\ConduitEngine\ConduitEngineHelper.exe
c:\program files\ConduitEngine\ConduitEngineUninstall.exe
c:\program files\ConduitEngine\engineContextMenu.xml
c:\program files\ConduitEngine\EngineSettings.json
c:\program files\ConduitEngine\INSTALL.LOG
c:\program files\ConduitEngine\prxConduitEngine.dll
c:\program files\ConduitEngine\toolbar.cfg
c:\program files\McAfee Security Scan
c:\program files\McAfee Security Scan\2.0.181\AVScanComponent.dll
c:\program files\McAfee Security Scan\2.0.181\AVScanner.ini
c:\program files\McAfee Security Scan\2.0.181\avvclean.dat
c:\program files\McAfee Security Scan\2.0.181\avvnames.dat
c:\program files\McAfee Security Scan\2.0.181\avvscan.dat
c:\program files\McAfee Security Scan\2.0.181\config.dat
c:\program files\McAfee Security Scan\2.0.181\ftconfig.ini
c:\program files\McAfee Security Scan\2.0.181\McAfee.ico
c:\program files\McAfee Security Scan\2.0.181\mcbrwsr2.dll
c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe
c:\program files\McAfee Security Scan\2.0.181\MCCompHostConfig.ini
c:\program files\McAfee Security Scan\2.0.181\mcscan32.dll
c:\program files\McAfee Security Scan\2.0.181\mcuicnt.exe
c:\program files\McAfee Security Scan\2.0.181\McUpdater.dll
c:\program files\McAfee Security Scan\2.0.181\sa_cache_sqlite.dll
c:\program files\McAfee Security Scan\2.0.181\sa_http_win32.dll
c:\program files\McAfee Security Scan\2.0.181\sa_mbl.dll
c:\program files\McAfee Security Scan\2.0.181\sa_store_sqlite.dll
c:\program files\McAfee Security Scan\2.0.181\sacore.db
c:\program files\McAfee Security Scan\2.0.181\sacore.dll
c:\program files\McAfee Security Scan\2.0.181\sacoredata\uds_filetypes.txt
c:\program files\McAfee Security Scan\2.0.181\sacoredata\uds_hosting.txt
c:\program files\McAfee Security Scan\2.0.181\sacoredata\uds_tlds.txt
c:\program files\McAfee Security Scan\2.0.181\SecurityScanner.dll
c:\program files\McAfee Security Scan\2.0.181\SecurityScanner_LD.dll
c:\program files\McAfee Security Scan\2.0.181\sqlite3.dll
c:\program files\McAfee Security Scan\2.0.181\SSCustom_LD.dll
c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe
c:\program files\McAfee Security Scan\2.0.181\WebInfoScanner.dll
c:\program files\McAfee Security Scan\2.0.181\WMIScanner.dll
c:\program files\McAfee Security Scan\uninstall.exe
c:\program files\myBabylon_English
c:\program files\myBabylon_English\INSTALL.LOG
c:\program files\myBabylon_English\myBabylon_EnglishToolbarHelper.exe
c:\program files\myBabylon_English\myBabylon_EnglishToolbarHelper1.exe
c:\program files\myBabylon_English\prxtbmyB2.dll
c:\program files\myBabylon_English\tbmyB0.dll
c:\program files\myBabylon_English\tbmyB1.dll
c:\program files\myBabylon_English\tbmyB2.dll
c:\program files\myBabylon_English\tbmyBa.dll
c:\program files\myBabylon_English\toolbar.cfg
c:\program files\myBabylon_English\uninstall.exe
c:\program files\myBabylon_English\UNWISE.EXE
c:\program files\PCTuto
c:\program files\PCTuto\confmedia.cyp
c:\program files\PCTuto\pctuto.exe
c:\program files\PCTuto\pctutoBHO.dll
c:\program files\PCTuto\tuto_avast_scan.exe
c:\program files\PCTuto\unins000.dat
c:\program files\PCTuto\unins000.exe
c:\program files\PCTuto\unins001.dat
c:\program files\PCTuto\unins001.exe
c:\program files\Softonic_France
c:\program files\Softonic_France\GottenAppsContextMenu.xml
c:\program files\Softonic_France\INSTALL.LOG
c:\program files\Softonic_France\OtherAppsContextMenu.xml
c:\program files\Softonic_France\prxtbSof0.dll
c:\program files\Softonic_France\SharedAppsContextMenu.xml
c:\program files\Softonic_France\Softonic_FranceToolbarHelper.exe
c:\program files\Softonic_France\Softonic_FranceToolbarHelper1.exe
c:\program files\Softonic_France\tbSof0.dll
c:\program files\Softonic_France\tbSof1.dll
c:\program files\Softonic_France\tbSoft.dll
c:\program files\Softonic_France\toolbar.cfg
c:\program files\Softonic_France\ToolbarContextMenu.xml
c:\program files\Softonic_France\uninstall.exe
c:\program files\Softonic_France\UNWISE.EXE
c:\program files\Softonic_France\UNWISE.INI
c:\program files\SweetIM
c:\program files\SweetIM\Messenger\default.xml
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files\SweetIM\Messenger\mgAIMAuto.dll
c:\program files\SweetIM\Messenger\mgAIMMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgArchive.dll
c:\program files\SweetIM\Messenger\mgcommon.dll
c:\program files\SweetIM\Messenger\mgcommunication.dll
c:\program files\SweetIM\Messenger\mgconfig.dll
c:\program files\SweetIM\Messenger\mgFlashPlayer.dll
c:\program files\SweetIM\Messenger\mghooking.dll
c:\program files\SweetIM\Messenger\mgICQAuto.dll
c:\program files\SweetIM\Messenger\mgICQMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgIEPlayer.dll
c:\program files\SweetIM\Messenger\mglogger.dll
c:\program files\SweetIM\Messenger\mgMediaPlayer.dll
c:\program files\SweetIM\Messenger\mgMsnAuto.dll
c:\program files\SweetIM\Messenger\mgMsnMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgsimcommon.dll
c:\program files\SweetIM\Messenger\mgSweetIM.dll
c:\program files\SweetIM\Messenger\mgUpdateSupport.dll
c:\program files\SweetIM\Messenger\mgxml_wrapper.dll
c:\program files\SweetIM\Messenger\mgYahooAuto.dll
c:\program files\SweetIM\Messenger\mgYahooMessengerAdapter.dll
c:\program files\SweetIM\Messenger\msvcp71.dll
c:\program files\SweetIM\Messenger\msvcr71.dll
c:\program files\SweetIM\Messenger\resources\images\AudibleButton.png
c:\program files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
c:\program files\SweetIM\Messenger\resources\images\EmoticonButton.png
c:\program files\SweetIM\Messenger\resources\images\GamesButton.png
c:\program files\SweetIM\Messenger\resources\images\NudgeButton.png
c:\program files\SweetIM\Messenger\resources\images\SoundFxButton.png
c:\program files\SweetIM\Messenger\resources\images\WinksButton.png
c:\program files\SweetIM\Messenger\SweetIM.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\default.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mghooking.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mglogger.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\about.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dating.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\find.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\games.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\glitter.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\help.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\highlight.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\locales.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\music.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\news.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\options.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\photos.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\shopping.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\version.txt
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\web-search.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png
c:\users\Nicolas\AppData\Local\PCTuto
c:\users\Nicolas\AppData\Local\PCTuto\PCTuto\confmedia.cyp
c:\users\Nicolas\AppData\Local\PCTuto\PCTuto\pctuto_confMedia.cyp
c:\users\Nicolas\AppData\Local\PCTuto\PCTuto\user.cyp
c:\users\Nicolas\AppData\Local\PCTuto\PCTuto\user_profil.cyp
c:\users\Nicolas\AppData\Roaming\PCtuto
c:\users\Nicolas\AppData\Roaming\PCtuto\UpdatePCTuto\autoupdater.exe
c:\users\Nicolas\AppData\Roaming\PCtuto\UpdatePCTuto\help_config.cyp
c:\users\Nicolas\AppData\Roaming\PCtuto\UpdatePCTuto\shared.cyp
c:\users\Nicolas\AppData\Roaming\PCtuto\UpdatePCTuto\unins000.dat
c:\users\Nicolas\AppData\Roaming\PCtuto\UpdatePCTuto\unins000.exe
c:\users\Nicolas\AppData\Roaming\PCtuto\UpdatePCTuto\UpdatePCTuto.exe
c:\users\Nicolas\AppData\Roaming\PCtuto\UpdatePCTuto\user_config.cyp
c:\users\Nicolas\AppData\Roaming\PCtuto\UpdatePCTuto\user_profil.cyp
c:\users\Nicolas\AppData\Roaming\WhiteSmoke
c:\users\Nicolas\AppData\Roaming\WhiteSmoke\stat.log
c:\windows\system32\ConduitEngine.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_McComponentHostService
-------\Service_McComponentHostService
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-05-15 au 2011-06-15 ))))))))))))))))))))))))))))))))))))
.
.
2011-06-14 15:39 . 2011-06-14 15:39 -------- d-----w- c:\program files\ZHPDiag
2011-06-14 15:34 . 2011-06-14 15:34 -------- d-----w- c:\program files\Trend Micro
2011-06-14 05:20 . 2011-06-14 05:21 -------- d-----w- c:\users\Nicolas\AppData\Local\{B2FC03C6-0322-431D-8C63-E8AB6C73C03B}
2011-06-13 06:53 . 2011-06-13 06:53 -------- d-----w- c:\users\Nicolas\AppData\Local\{75E8C6D1-BB65-475C-8A19-64BEF497457E}
2011-06-11 05:45 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{897454AE-38A0-44D0-B99B-AD563CA2D2CD}\mpengine.dll
2011-06-11 05:41 . 2011-06-11 05:41 -------- d-----w- c:\users\Nicolas\AppData\Local\{2EF22CAF-E638-4DB6-B51D-5AF8C12B8E65}
2011-06-10 12:16 . 2011-06-11 06:26 -------- d-----w- c:\users\Nicolas\AppData\Roaming\BitTorrent
2011-06-10 12:14 . 2011-06-14 18:57 -------- d-----w- c:\program files\Object
2011-06-10 05:40 . 2011-06-10 05:40 -------- d-----w- c:\users\Nicolas\AppData\Local\{B4651C3D-DAAD-432F-90AF-063E8D405056}
2011-06-09 05:35 . 2011-06-09 05:35 -------- d-----w- c:\users\Nicolas\AppData\Local\{FEEAF97C-C3F7-4B5A-B2A3-2F26B68B5CE2}
2011-06-08 05:18 . 2011-06-08 05:18 -------- d-----w- c:\users\Nicolas\AppData\Local\{E3EED080-7C4A-4022-B544-9D7EDDD189E9}
2011-06-07 12:53 . 2011-06-07 12:53 -------- d-----w- c:\users\Nicolas\AppData\Roaming\DartyBox THD
2011-06-07 11:29 . 2011-06-07 11:29 -------- d-----w- c:\users\Nicolas\AppData\Roaming\DartyBoxTHD
2011-06-07 11:28 . 2011-06-07 11:28 -------- d-----w- c:\program files\DartyBoxTHD_v1
2011-06-07 11:14 . 2011-06-07 11:14 -------- d-----w- c:\program files\Citrix
2011-06-07 11:14 . 2011-06-07 11:28 -------- d-----w- c:\program files\CD_DartyBox_THD
2011-06-06 18:20 . 2011-06-06 18:21 -------- d-----w- c:\users\Nicolas\AppData\Local\{674321FF-B3F2-49F0-9AA3-18B0FAA463AA}
2011-06-05 06:43 . 2011-06-05 06:43 -------- d-----w- c:\users\Nicolas\AppData\Local\{EAF6870C-1EE2-4DF6-81F4-282BC3D509E5}
2011-06-03 06:05 . 2011-06-03 06:06 -------- d-----w- c:\users\Nicolas\AppData\Local\{98318E40-8627-4B97-8CFA-AC34551F53A7}
2011-06-02 06:36 . 2011-06-02 06:37 -------- d-----w- c:\users\Nicolas\AppData\Local\{1D2DAFAA-5E33-4B07-88BE-1E63D70CDACB}
2011-06-01 06:33 . 2011-06-01 06:33 -------- d-----w- c:\users\Nicolas\AppData\Local\{5C6B9D86-7B09-4B76-B0F4-08BA0B800A26}
2011-05-31 05:38 . 2011-05-31 05:38 -------- d-----w- c:\users\Nicolas\AppData\Local\{7FC71FBB-1D14-49A4-81DC-E88F64A91D72}
2011-05-30 05:33 . 2011-05-30 05:33 -------- d-----w- c:\users\Nicolas\AppData\Local\{5822F469-62CF-4A5D-9E06-D8C912054D32}
2011-05-29 07:34 . 2011-05-29 07:34 -------- d-----w- c:\users\Nicolas\AppData\Local\{31A31D8D-1594-47EA-A4DF-7F03CEE7DE58}
2011-05-28 06:54 . 2011-05-28 06:54 -------- d-----w- c:\users\Nicolas\AppData\Local\{3A4AAD4D-4991-4CDC-9EFD-9E0148401E63}
2011-05-27 05:39 . 2011-05-27 05:39 -------- d-----w- c:\users\Nicolas\AppData\Local\{97F9DE4C-2BFA-44D5-B44D-050608AA037E}
2011-05-26 05:21 . 2011-05-26 05:21 -------- d-----w- c:\users\Nicolas\AppData\Local\{448F4FBD-A1E4-429D-ACAD-CEC90E594ABF}
2011-05-24 05:17 . 2011-05-24 05:17 -------- d-----w- c:\users\Nicolas\AppData\Local\{EC58A04E-FA05-48B8-B6BD-42986D8A6F8C}
2011-05-23 11:40 . 2011-05-23 11:40 -------- d-----w- c:\users\Nicolas\AppData\Local\{8082A705-967E-47CE-A67E-17CAC7312FA1}
2011-05-21 20:06 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-21 20:06 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-21 20:06 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-21 20:06 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-21 20:06 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-21 20:06 . 2011-05-10 11:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-21 20:06 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-21 20:06 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-21 20:00 . 2011-05-21 20:01 -------- d-----w- c:\users\Nicolas\AppData\Local\{EC9657B4-470D-4AAB-9DE8-0191A12A68C0}
2011-05-21 06:43 . 2011-05-21 06:43 -------- d-----w- c:\users\Nicolas\AppData\Local\{2BB19A13-E25D-4B8B-87C0-7BB7A172C54D}
2011-05-19 17:00 . 2011-05-19 17:00 -------- d-----w- c:\users\Nicolas\AppData\Local\{A285F88B-D419-45EC-8E4C-0EACCE36F55C}
2011-05-18 05:15 . 2011-05-18 05:15 -------- d-----w- c:\users\Nicolas\AppData\Local\{A2F659EF-4CDE-4E7B-BE7C-1BBC151AABFB}
2011-05-18 05:14 . 2011-06-12 07:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-17 06:14 . 2011-05-17 06:14 -------- d-----w- c:\users\Nicolas\AppData\Local\{CD50994F-9C5E-4D9F-AB92-E53CB7CF7718}
2011-05-17 05:12 . 2011-05-17 05:13 -------- d-----w- c:\users\Nicolas\AppData\Local\{4979C30D-1ACF-4DF8-AE6D-544AC331590D}
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-13 18:54 . 2011-04-13 18:54 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-13 18:54 . 2011-04-13 18:54 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-13 18:54 . 2011-04-13 18:54 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-13 18:54 . 2011-04-13 18:54 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-13 18:54 . 2011-04-13 18:54 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-13 18:54 . 2011-04-13 18:54 367104 ----a-w- c:\windows\system32\html.iec
2011-04-13 18:54 . 2011-04-13 18:54 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-13 18:54 . 2011-04-13 18:54 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-13 18:54 . 2011-04-13 18:54 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-13 18:54 . 2011-04-13 18:54 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-13 18:54 . 2011-04-13 18:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-13 18:54 . 2011-04-13 18:54 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-13 18:54 . 2011-04-13 18:54 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-13 18:54 . 2011-04-13 18:54 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-13 18:54 . 2011-04-13 18:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-13 18:54 . 2011-04-13 18:54 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-13 18:54 . 2011-04-13 18:54 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-13 18:54 . 2011-04-13 18:54 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-13 18:54 . 2011-04-13 18:54 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-13 18:54 . 2011-04-13 18:54 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-13 18:54 . 2011-04-13 18:54 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-14 16:47 . 2011-05-01 07:15 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-12-14 10:31 . 2009-12-14 10:31 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 22:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-06 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-05-11 934800]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-05-11 3373968]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-05-11 19856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-18 15146376]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
"Assistant DartyBox"="c:\program files\DartyBoxTHD_v1\NetGear\AssistantDB\AssistantDB_Netgear.exe" [2010-03-04 3452416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-07 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-07 92704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-14 30192]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-17 122368]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
c:\users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Bouygues Telecom Mes services en un clic.lnk - c:\program files\Bouygues Telecom Mes services en un clic\Bouygues Telecom Mes services en un clic.exe [N/A]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
Orion.lnk - c:\program files\Convesoft\Orion\Messenger.exe [2008-4-7 4685824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-06-07 11:14 10536 ----a-w- c:\program files\Citrix\GoToAssist\508\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 135664]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-01-29 20032]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-14 30192]
R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 135664]
R3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\DRIVERS\optousb.sys [2006-10-18 18560]
R3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\DRIVERS\optovcm.sys [2006-10-19 25344]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-04-27 98560]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-04-27 14848]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-04-27 123648]
R3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\DRIVERS\ssceserd.sys [2010-04-27 100352]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-26 217088]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-10-25 36640]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-21 81296]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-08-07 44064]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'
.
2011-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 10:57]
.
2011-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 10:57]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://neufportail.fr/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: consoclicker.com\www
TCP: DhcpNameServer = 89.2.0.1 89.2.0.2
FF - ProfilePath - c:\users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\h9stcmq5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849852&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHELINS SUPPRIMES - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
BHO-{4daac69c-cba7-45e2-9bc8-1044483d3352} - (no file)
BHO-{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
AddRemove-myBabylon_English Toolbar - c:\program files\myBabylon_English\uninstall.exe
AddRemove-PCTuto Avast_is1 - c:\program files\PCTuto\unins001.exe
AddRemove-PCTuto_is1 - c:\program files\PCTuto\unins000.exe
AddRemove-Softonic_France Toolbar - c:\program files\Softonic_France\uninstall.exe
AddRemove-UpdatePCTuto_is1 - c:\users\Nicolas\AppData\Roaming\PCtuto\UpdatePCTuto\unins000.exe
.
.
.
**************************************************************************
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(5940)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Heure de fin: 2011-06-15 08:52:43 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-06-15 06:52
ComboFix2.txt 2011-06-14 19:09
.
Avant-CF: 26 715 664 384 octets libres
Après-CF: 26 345 635 840 octets libres
.
- - End Of File - - D75596AE732D425299B64B70CDFECC8F
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 14
nico4510 Messages postés 232 Date d'inscription vendredi 18 août 2006 Statut Membre Dernière intervention 2 juillet 2014 2
15 juin 2011 à 09:23
il n'y a aucun changement
0
Réponse 6 / 14
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
15 juin 2011 à 12:16
bonjour
car ça ne sera pas fini tant que je ne te l'aurai pas dit !

================

aucun changement ??? heu je peux t'assurer que si ^^

Nous allons effectuer un diagnostic de ton PC:
Télécharge ZHPDiag sur ton bureau :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
ou :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html
ou :
ftp://zebulon.fr/ZHPDiag2.exe

▶ Laisse toi guider lors de l''installation,coche "Ajouter une icône sur le bureau" et décoche la case "Exécuter ZHPDiag"

/!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu''Administrateur »

▶ Clique sur l''icône représentant une loupe (« Lancer le diagnostic »)
▶ Enregistre le rapport sur ton Bureau à l''aide de l''icône représentant une disquette
▶ Héberge le rapport ZHPDiag.txt sur un des sites ci dessous, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :
http://pjjoint.malekal.com/

Si indispo:
http://www.cijoint.fr/
ou :
http://ww38.toofiles.com/fr/documents-upload.html
ou :
https://www.cjoint.com/
ou :
https://www.casimages.com/

▶ Tuto zhpdiag :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html


Hébergement de rapport sur pjjoint.malekal.com

▶ Rends toi sur pjjoint.malekal.com
▶ Clique sur le bouton Parcourir
▶ Sélectionne le fichier que tu veux heberger et clique sur Ouvrir
▶ Clique sur le bouton Envoyer
▶ Un message de confirmation s''affiche (L''upload a réussi ! - Le lien à transmettre à vos correspondant pour visualiser le fichier est : https://pjjoint.malekal.com/files.php?id=df5ea299241015 Copie le lien dans ta prochaine réponse.
0
Réponse 7 / 14
nico4510 Messages postés 232 Date d'inscription vendredi 18 août 2006 Statut Membre Dernière intervention 2 juillet 2014 2
15 juin 2011 à 13:49
https://www.cjoint.com/?AFpnWZ8ozYG
0
Réponse 8 / 14
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
15 juin 2011 à 14:02
Heu tu m'as fais zhpscan là

tu dois simplement lancer zhpdiag, cliquer sur la loupe
puis aux 100% tu le ferme
héberger le rapport zhpdiag.txt et me transmettre le lien
0
Réponse 9 / 14
nico4510 Messages postés 232 Date d'inscription vendredi 18 août 2006 Statut Membre Dernière intervention 2 juillet 2014 2
15 juin 2011 à 14:05
j'enregistre comme tu me dis mais je n'arrive pas a trouver le rapport ni sur le bureau ni dans mes documents
0
Réponse 10 / 14
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
15 juin 2011 à 14:12
et dans C:\Program Files\ZHPDiag, y'a pas ZHPDiag.txt ?
0
Réponse 11 / 14
nico4510 Messages postés 232 Date d'inscription vendredi 18 août 2006 Statut Membre Dernière intervention 2 juillet 2014 2
15 juin 2011 à 14:27
non
0
Réponse 12 / 14
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
15 juin 2011 à 14:34
▶ Télécharge SEAF (de C_XX) sur ton Bureau.
▶ Lance SEAF
▶ Dans les options, règle "Calculer le checksum" sur "MD5" puis coche "Informations supplémentaires" et "Chercher également dans le Registre"
▶ Tape ZHPDiag.txt dans le champs de recherche, clique sur "Lancer la recherche" et patiente.
▶ Poste dans ta prochaine réponse le rapport qui apparait à la fin de la recherche.
0
Réponse 13 / 14
nico4510 Messages postés 232 Date d'inscription vendredi 18 août 2006 Statut Membre Dernière intervention 2 juillet 2014 2
15 juin 2011 à 15:19
1. ========================= SEAF 1.0.1.0 - C_XX
2.
3. Commencé à: 14:38:37 le 15/06/2011
4.
5. Valeur(s) recherchée(s):
6. ZHPDiag.txt
7.
8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
9.
10. (!) --- Informations supplémentaires
11. (!) --- Recherche registre
12.
13. ====== Fichier(s) ======
14.
15. Aucun fichier trouvé
16.
17.
18. ====== Entrée(s) du registre ======
19.
20.
21. [HKU\S-1-5-21-1370253079-1288337213-2897969654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs]
22. "0"="ZHPDiag.txt" (REG_BINARY)
23.
24. [HKU\S-1-5-21-1370253079-1288337213-2897969654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.Txt]
25. "0"="ZHPDiag.txt" (REG_BINARY)
26.
27. =========================
28.
29. Fin à: 14:45:33 le 15/06/2011
30. 513196 Éléments analysés
31.
32. =========================
33. E.O.F
0
Réponse 14 / 14
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 795
15 juin 2011 à 19:49
en effet ....

▶ Télécharge OTL sur ton bureau.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu''administrateur)

▶ Lance-le
▶ Sous Personnalisation, copie-colle ce qu''il y a dans le cadre ci-dessous : 
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\*.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
CREATERESTOREPOINT
nslookup www.google.fr /c

▶ Clique sur le bouton Analyse.
▶ Quand le scan est fini, tu auras 2 rapports : OTL et extras. utilise le site http://pjjoint.malekal.com/ pour envoyer les rapports.
Donnes les liens pjjoint ici ensuite pour pouvoir être consultés.
0

Discussions similaires

Message "Un bloqueur de publicité empêche la lecture..."
pistouri -
pistouri -

0 réponse
M6 Replay désactiver le bloqueur de publicité
katydel88 -
Mathieu -

14 réponses
comment desactiver un bloqueur de pub
amour10 -
MPMP10 -

4 réponses
retrouver les factures des posts sponsorisés
Carotte -
bubblytattoo -

11 réponses
Problème promotion Instagram
Seeysoon -
Ben -

22 réponses