Publicité
Fermé
nico4510
Messages postés
232
Date d'inscription
vendredi 18 août 2006
Statut
Membre
Dernière intervention
2 juillet 2014
-
14 juin 2011 à 20:37
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 - 15 juin 2011 à 19:49
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 - 15 juin 2011 à 19:49
A voir également:
- Publicité
- Les bloqueurs de publicité ne sont pas autorisés sur youtube - Guide
- Youtube sans publicité - Guide
- Netflix avec publicité avis - Guide
- Supprimer publicité - Guide
- Bloqueur de publicité m6 - Forum Windows 10
14 réponses
juju666
Messages postés
35446
Date d'inscription
jeudi 18 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
21 avril 2024
4 795
Modifié par juju666 le 14/06/2011 à 20:39
Modifié par juju666 le 14/06/2011 à 20:39
Hello
/!\ Ne pas utiliser ce logiciel en dehors du cadre de cette désinfection : DANGEREUX /!\
▶ /!\ IMPORTANT /!\
Désactive ton Antivirus, antispyware et Pare feu avant le scan avec Combofix :
https://forum.pcastuces.com/default.asp
https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
_______________________________________________________________
▶ Fais un clic droit sur le lien ci dessous, choisi "Enregistrer la cible du lien sous", comme destination : ton Bureau, change son nom (ton_pseudo.exe par exemple) :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
▶ Double-clique sur ComboFix.exe
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter
▶ ▶ SI TU ES SOUS WINDOWS XP, SURTOUT INSTALLES LA CONSOLE DE RÉCUPÉRATION [Si tu travailles avec Vista ou seven ne tiens pas compte de cet avertissement]
▶ ▶ Ne touche à rien (souris, clavier) tant que le scan n''est pas terminé, car tu risques de planter ton PC
▶ En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
▶ Une fois le scan achevé, un rapport va s''afficher : Poste son contenu
▶ ▶ /!\ Réactive la protection en temps réel de ton antivirus avant de te reconnecter à Internet. /!\
Notes:
-> Le rapport se trouve également là : C:\ComboFix.txt
-> tutoriel combofix
.::. Contributeur Sécurité .::.
/!\ Ne pas utiliser ce logiciel en dehors du cadre de cette désinfection : DANGEREUX /!\
▶ /!\ IMPORTANT /!\
Désactive ton Antivirus, antispyware et Pare feu avant le scan avec Combofix :
https://forum.pcastuces.com/default.asp
https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
_______________________________________________________________
▶ Fais un clic droit sur le lien ci dessous, choisi "Enregistrer la cible du lien sous", comme destination : ton Bureau, change son nom (ton_pseudo.exe par exemple) :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
▶ Double-clique sur ComboFix.exe
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter
▶ ▶ SI TU ES SOUS WINDOWS XP, SURTOUT INSTALLES LA CONSOLE DE RÉCUPÉRATION [Si tu travailles avec Vista ou seven ne tiens pas compte de cet avertissement]
▶ ▶ Ne touche à rien (souris, clavier) tant que le scan n''est pas terminé, car tu risques de planter ton PC
▶ En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
▶ Une fois le scan achevé, un rapport va s''afficher : Poste son contenu
▶ ▶ /!\ Réactive la protection en temps réel de ton antivirus avant de te reconnecter à Internet. /!\
Notes:
-> Le rapport se trouve également là : C:\ComboFix.txt
-> tutoriel combofix
.::. Contributeur Sécurité .::.
nico4510
Messages postés
232
Date d'inscription
vendredi 18 août 2006
Statut
Membre
Dernière intervention
2 juillet 2014
2
14 juin 2011 à 21:14
14 juin 2011 à 21:14
ComboFix 11-06-14.01 - Nicolas 14/06/2011 20:51:18.1.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3066.806 [GMT 2:00]
Lancé depuis: c:\users\Nicolas\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Object\bhO_project.dll
c:\users\Nicolas\AppData\Local\Temp\9b93aee4-5d0f-43c6-98ae-ec0b1e7534ab\CliSecureRT.dll
c:\users\Nicolas\AppData\Roaming\.#
c:\users\Nicolas\AppData\Roaming\OfferBox
c:\users\Nicolas\AppData\Roaming\OfferBox\config.dat
c:\users\Nicolas\AppData\Roaming\OfferBox\config.xml
c:\windows\system32\muzapp.exe
c:\windows\system32\system32
c:\windows\system32\system32\3DAudio.ax
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MaJUtilLib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCaller.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\MetaStore2.dll
c:\windows\system32\system32\Microsoft.Synchronization.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
c:\windows\system32\system32\Synchronization2.dll
D:\install.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-05-14 au 2011-06-14 ))))))))))))))))))))))))))))))))))))
.
.
2011-06-14 18:58 . 2011-06-14 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-14 15:39 . 2011-06-14 15:39 -------- d-----w- c:\program files\ZHPDiag
2011-06-14 15:34 . 2011-06-14 15:34 -------- d-----w- c:\program files\Trend Micro
2011-06-14 05:20 . 2011-06-14 05:21 -------- d-----w- c:\users\Nicolas\AppData\Local\{B2FC03C6-0322-431D-8C63-E8AB6C73C03B}
2011-06-13 06:53 . 2011-06-13 06:53 -------- d-----w- c:\users\Nicolas\AppData\Local\{75E8C6D1-BB65-475C-8A19-64BEF497457E}
2011-06-11 05:45 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{897454AE-38A0-44D0-B99B-AD563CA2D2CD}\mpengine.dll
2011-06-11 05:41 . 2011-06-11 05:41 -------- d-----w- c:\users\Nicolas\AppData\Local\{2EF22CAF-E638-4DB6-B51D-5AF8C12B8E65}
2011-06-10 12:16 . 2011-06-11 06:26 -------- d-----w- c:\users\Nicolas\AppData\Roaming\BitTorrent
2011-06-10 12:14 . 2011-06-10 12:14 -------- d-----w- c:\users\Nicolas\AppData\Roaming\PCtuto
2011-06-10 12:14 . 2011-06-10 12:14 -------- d-----w- c:\program files\PCTuto
2011-06-10 12:14 . 2011-06-10 12:14 -------- d-----w- c:\users\Nicolas\AppData\Local\PCTuto
2011-06-10 12:14 . 2011-06-14 18:57 -------- d-----w- c:\program files\Object
2011-06-10 05:40 . 2011-06-10 05:40 -------- d-----w- c:\users\Nicolas\AppData\Local\{B4651C3D-DAAD-432F-90AF-063E8D405056}
2011-06-09 05:35 . 2011-06-09 05:35 -------- d-----w- c:\users\Nicolas\AppData\Local\{FEEAF97C-C3F7-4B5A-B2A3-2F26B68B5CE2}
2011-06-08 05:18 . 2011-06-08 05:18 -------- d-----w- c:\users\Nicolas\AppData\Local\{E3EED080-7C4A-4022-B544-9D7EDDD189E9}
2011-06-07 12:53 . 2011-06-07 12:53 -------- d-----w- c:\users\Nicolas\AppData\Roaming\DartyBox THD
2011-06-07 11:29 . 2011-06-07 11:29 -------- d-----w- c:\users\Nicolas\AppData\Roaming\DartyBoxTHD
2011-06-07 11:28 . 2011-06-07 11:28 -------- d-----w- c:\program files\DartyBoxTHD_v1
2011-06-07 11:14 . 2011-06-07 11:14 -------- d-----w- c:\program files\Citrix
2011-06-07 11:14 . 2011-06-07 11:28 -------- d-----w- c:\program files\CD_DartyBox_THD
2011-06-06 18:20 . 2011-06-06 18:21 -------- d-----w- c:\users\Nicolas\AppData\Local\{674321FF-B3F2-49F0-9AA3-18B0FAA463AA}
2011-06-05 06:43 . 2011-06-05 06:43 -------- d-----w- c:\users\Nicolas\AppData\Local\{EAF6870C-1EE2-4DF6-81F4-282BC3D509E5}
2011-06-03 06:05 . 2011-06-03 06:06 -------- d-----w- c:\users\Nicolas\AppData\Local\{98318E40-8627-4B97-8CFA-AC34551F53A7}
2011-06-02 06:36 . 2011-06-02 06:37 -------- d-----w- c:\users\Nicolas\AppData\Local\{1D2DAFAA-5E33-4B07-88BE-1E63D70CDACB}
2011-06-01 06:33 . 2011-06-01 06:33 -------- d-----w- c:\users\Nicolas\AppData\Local\{5C6B9D86-7B09-4B76-B0F4-08BA0B800A26}
2011-05-31 05:38 . 2011-05-31 05:38 -------- d-----w- c:\users\Nicolas\AppData\Local\{7FC71FBB-1D14-49A4-81DC-E88F64A91D72}
2011-05-30 05:33 . 2011-05-30 05:33 -------- d-----w- c:\users\Nicolas\AppData\Local\{5822F469-62CF-4A5D-9E06-D8C912054D32}
2011-05-29 07:34 . 2011-05-29 07:34 -------- d-----w- c:\users\Nicolas\AppData\Local\{31A31D8D-1594-47EA-A4DF-7F03CEE7DE58}
2011-05-28 06:54 . 2011-05-28 06:54 -------- d-----w- c:\users\Nicolas\AppData\Local\{3A4AAD4D-4991-4CDC-9EFD-9E0148401E63}
2011-05-27 05:39 . 2011-05-27 05:39 -------- d-----w- c:\users\Nicolas\AppData\Local\{97F9DE4C-2BFA-44D5-B44D-050608AA037E}
2011-05-26 05:21 . 2011-05-26 05:21 -------- d-----w- c:\users\Nicolas\AppData\Local\{448F4FBD-A1E4-429D-ACAD-CEC90E594ABF}
2011-05-24 05:19 . 2011-05-24 05:19 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-24 05:17 . 2011-05-24 05:17 -------- d-----w- c:\users\Nicolas\AppData\Local\{EC58A04E-FA05-48B8-B6BD-42986D8A6F8C}
2011-05-23 16:17 . 2011-05-24 05:17 -------- d-----w- c:\users\Nicolas\AppData\Roaming\WhiteSmoke
2011-05-23 11:40 . 2011-05-23 11:40 -------- d-----w- c:\users\Nicolas\AppData\Local\{8082A705-967E-47CE-A67E-17CAC7312FA1}
2011-05-21 20:06 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-21 20:06 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-21 20:06 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-21 20:06 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-21 20:06 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-21 20:06 . 2011-05-10 11:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-21 20:06 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-21 20:06 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-21 20:00 . 2011-05-21 20:01 -------- d-----w- c:\users\Nicolas\AppData\Local\{EC9657B4-470D-4AAB-9DE8-0191A12A68C0}
2011-05-21 06:43 . 2011-05-21 06:43 -------- d-----w- c:\users\Nicolas\AppData\Local\{2BB19A13-E25D-4B8B-87C0-7BB7A172C54D}
2011-05-19 17:00 . 2011-05-19 17:00 -------- d-----w- c:\users\Nicolas\AppData\Local\{A285F88B-D419-45EC-8E4C-0EACCE36F55C}
2011-05-18 05:15 . 2011-05-18 05:15 -------- d-----w- c:\users\Nicolas\AppData\Local\{A2F659EF-4CDE-4E7B-BE7C-1BBC151AABFB}
2011-05-18 05:14 . 2011-06-12 07:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-17 06:14 . 2011-05-17 06:14 -------- d-----w- c:\users\Nicolas\AppData\Local\{CD50994F-9C5E-4D9F-AB92-E53CB7CF7718}
2011-05-17 05:12 . 2011-05-17 05:13 -------- d-----w- c:\users\Nicolas\AppData\Local\{4979C30D-1ACF-4DF8-AE6D-544AC331590D}
2011-05-16 05:15 . 2011-05-16 05:15 -------- d-----w- c:\users\Nicolas\AppData\Local\{B3D4ECAD-9AD7-4A5A-AEA3-7156CB70873B}
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-13 18:54 . 2011-04-13 18:54 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-13 18:54 . 2011-04-13 18:54 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-13 18:54 . 2011-04-13 18:54 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-13 18:54 . 2011-04-13 18:54 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-13 18:54 . 2011-04-13 18:54 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-13 18:54 . 2011-04-13 18:54 367104 ----a-w- c:\windows\system32\html.iec
2011-04-13 18:54 . 2011-04-13 18:54 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-13 18:54 . 2011-04-13 18:54 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-13 18:54 . 2011-04-13 18:54 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-13 18:54 . 2011-04-13 18:54 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-13 18:54 . 2011-04-13 18:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-13 18:54 . 2011-04-13 18:54 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-13 18:54 . 2011-04-13 18:54 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-13 18:54 . 2011-04-13 18:54 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-13 18:54 . 2011-04-13 18:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-13 18:54 . 2011-04-13 18:54 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-13 18:54 . 2011-04-13 18:54 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-13 18:54 . 2011-04-13 18:54 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-13 18:54 . 2011-04-13 18:54 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-13 18:54 . 2011-04-13 18:54 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-13 18:54 . 2011-04-13 18:54 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-14 16:47 . 2011-05-01 07:15 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-12-14 10:31 . 2009-12-14 10:31 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\prxtbmyB2.dll" [2011-01-17 175912]
"{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Softonic_France\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2011-01-17 14:54 175912 ----a-w- c:\program files\myBabylon_English\prxtbmyB2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\prxtbmyB2.dll" [2011-01-17 175912]
"{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France\prxtbSof0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\prxtbmyB2.dll" [2011-01-17 175912]
"{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}"= "c:\program files\Softonic_France\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 22:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-06 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-05-11 934800]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-05-11 3373968]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-05-11 19856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-18 15146376]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
"Assistant DartyBox"="c:\program files\DartyBoxTHD_v1\NetGear\AssistantDB\AssistantDB_Netgear.exe" [2010-03-04 3452416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-07 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-07 92704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-14 30192]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-17 122368]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"PCTuto"="c:\program files\PCTuto\pctuto.exe" [2011-04-14 982656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"autoupdater"="c:\users\Nicolas\AppData\Roaming\PCtuto\UpdatePCTuto\autoupdater.exe" [2011-04-14 663168]
.
c:\users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Bouygues Telecom Mes services en un clic.lnk - c:\program files\Bouygues Telecom Mes services en un clic\Bouygues Telecom Mes services en un clic.exe [N/A]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
Orion.lnk - c:\program files\Convesoft\Orion\Messenger.exe [2008-4-7 4685824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-06-07 11:14 10536 ----a-w- c:\program files\Citrix\GoToAssist\508\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 135664]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-01-29 20032]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-14 30192]
R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\DRIVERS\optousb.sys [2006-10-18 18560]
R3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\DRIVERS\optovcm.sys [2006-10-19 25344]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-04-27 98560]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-04-27 14848]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-04-27 123648]
R3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\DRIVERS\ssceserd.sys [2010-04-27 100352]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-26 217088]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-10-25 36640]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-21 81296]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-08-07 44064]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'
.
2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 10:57]
.
2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 10:57]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://neufportail.fr/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: consoclicker.com\www
TCP: DhcpNameServer = 89.2.0.1 89.2.0.2
FF - ProfilePath - c:\users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\h9stcmq5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849852&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHELINS SUPPRIMES - - - -
.
URLSearchHooks-{51fcf544-34e1-47e6-b661-fbc5280c2e74} - c:\program files\WhiteSmoke_Tools\prxtbWhit.dll
URLSearchHooks-{ef79f67a-6ad7-4715-a0f8-932fca442023} - (no file)
BHO-{51fcf544-34e1-47e6-b661-fbc5280c2e74} - c:\program files\WhiteSmoke_Tools\prxtbWhit.dll
BHO-{703740c1-0f1a-4cec-a4df-d78db0158477} - c:\program files\OfferBox\extensions-3.2.3747.107\offerbox_air_iexplorer.dll
Toolbar-{51fcf544-34e1-47e6-b661-fbc5280c2e74} - c:\program files\WhiteSmoke_Tools\prxtbWhit.dll
HKCU-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-WahOO - c:\users\Nicolas\AppData\Local\WahOO\WahOO.exe
HKCU-Run-Facemoi - c:\facemoi\facemoi.exe
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-Facemoi - c:\facemoi\facemoi.exe
AddRemove-AVerMedia A310 (MiniCard, DVB-T) - c:\program files\AVerMedia\AVerMedia A310 (MiniCard
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background?
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(1236)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2011-06-14 21:09:48 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-06-14 19:09
.
Avant-CF: 26 412 740 608 octets libres
Après-CF: 26 259 546 112 octets libres
.
- - End Of File - - A4DB734AD001144FF06752670A0ED629
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3066.806 [GMT 2:00]
Lancé depuis: c:\users\Nicolas\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Object\bhO_project.dll
c:\users\Nicolas\AppData\Local\Temp\9b93aee4-5d0f-43c6-98ae-ec0b1e7534ab\CliSecureRT.dll
c:\users\Nicolas\AppData\Roaming\.#
c:\users\Nicolas\AppData\Roaming\OfferBox
c:\users\Nicolas\AppData\Roaming\OfferBox\config.dat
c:\users\Nicolas\AppData\Roaming\OfferBox\config.xml
c:\windows\system32\muzapp.exe
c:\windows\system32\system32
c:\windows\system32\system32\3DAudio.ax
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MaJUtilLib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCaller.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\MetaStore2.dll
c:\windows\system32\system32\Microsoft.Synchronization.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
c:\windows\system32\system32\Synchronization2.dll
D:\install.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-05-14 au 2011-06-14 ))))))))))))))))))))))))))))))))))))
.
.
2011-06-14 18:58 . 2011-06-14 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-14 15:39 . 2011-06-14 15:39 -------- d-----w- c:\program files\ZHPDiag
2011-06-14 15:34 . 2011-06-14 15:34 -------- d-----w- c:\program files\Trend Micro
2011-06-14 05:20 . 2011-06-14 05:21 -------- d-----w- c:\users\Nicolas\AppData\Local\{B2FC03C6-0322-431D-8C63-E8AB6C73C03B}
2011-06-13 06:53 . 2011-06-13 06:53 -------- d-----w- c:\users\Nicolas\AppData\Local\{75E8C6D1-BB65-475C-8A19-64BEF497457E}
2011-06-11 05:45 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{897454AE-38A0-44D0-B99B-AD563CA2D2CD}\mpengine.dll
2011-06-11 05:41 . 2011-06-11 05:41 -------- d-----w- c:\users\Nicolas\AppData\Local\{2EF22CAF-E638-4DB6-B51D-5AF8C12B8E65}
2011-06-10 12:16 . 2011-06-11 06:26 -------- d-----w- c:\users\Nicolas\AppData\Roaming\BitTorrent
2011-06-10 12:14 . 2011-06-10 12:14 -------- d-----w- c:\users\Nicolas\AppData\Roaming\PCtuto
2011-06-10 12:14 . 2011-06-10 12:14 -------- d-----w- c:\program files\PCTuto
2011-06-10 12:14 . 2011-06-10 12:14 -------- d-----w- c:\users\Nicolas\AppData\Local\PCTuto
2011-06-10 12:14 . 2011-06-14 18:57 -------- d-----w- c:\program files\Object
2011-06-10 05:40 . 2011-06-10 05:40 -------- d-----w- c:\users\Nicolas\AppData\Local\{B4651C3D-DAAD-432F-90AF-063E8D405056}
2011-06-09 05:35 . 2011-06-09 05:35 -------- d-----w- c:\users\Nicolas\AppData\Local\{FEEAF97C-C3F7-4B5A-B2A3-2F26B68B5CE2}
2011-06-08 05:18 . 2011-06-08 05:18 -------- d-----w- c:\users\Nicolas\AppData\Local\{E3EED080-7C4A-4022-B544-9D7EDDD189E9}
2011-06-07 12:53 . 2011-06-07 12:53 -------- d-----w- c:\users\Nicolas\AppData\Roaming\DartyBox THD
2011-06-07 11:29 . 2011-06-07 11:29 -------- d-----w- c:\users\Nicolas\AppData\Roaming\DartyBoxTHD
2011-06-07 11:28 . 2011-06-07 11:28 -------- d-----w- c:\program files\DartyBoxTHD_v1
2011-06-07 11:14 . 2011-06-07 11:14 -------- d-----w- c:\program files\Citrix
2011-06-07 11:14 . 2011-06-07 11:28 -------- d-----w- c:\program files\CD_DartyBox_THD
2011-06-06 18:20 . 2011-06-06 18:21 -------- d-----w- c:\users\Nicolas\AppData\Local\{674321FF-B3F2-49F0-9AA3-18B0FAA463AA}
2011-06-05 06:43 . 2011-06-05 06:43 -------- d-----w- c:\users\Nicolas\AppData\Local\{EAF6870C-1EE2-4DF6-81F4-282BC3D509E5}
2011-06-03 06:05 . 2011-06-03 06:06 -------- d-----w- c:\users\Nicolas\AppData\Local\{98318E40-8627-4B97-8CFA-AC34551F53A7}
2011-06-02 06:36 . 2011-06-02 06:37 -------- d-----w- c:\users\Nicolas\AppData\Local\{1D2DAFAA-5E33-4B07-88BE-1E63D70CDACB}
2011-06-01 06:33 . 2011-06-01 06:33 -------- d-----w- c:\users\Nicolas\AppData\Local\{5C6B9D86-7B09-4B76-B0F4-08BA0B800A26}
2011-05-31 05:38 . 2011-05-31 05:38 -------- d-----w- c:\users\Nicolas\AppData\Local\{7FC71FBB-1D14-49A4-81DC-E88F64A91D72}
2011-05-30 05:33 . 2011-05-30 05:33 -------- d-----w- c:\users\Nicolas\AppData\Local\{5822F469-62CF-4A5D-9E06-D8C912054D32}
2011-05-29 07:34 . 2011-05-29 07:34 -------- d-----w- c:\users\Nicolas\AppData\Local\{31A31D8D-1594-47EA-A4DF-7F03CEE7DE58}
2011-05-28 06:54 . 2011-05-28 06:54 -------- d-----w- c:\users\Nicolas\AppData\Local\{3A4AAD4D-4991-4CDC-9EFD-9E0148401E63}
2011-05-27 05:39 . 2011-05-27 05:39 -------- d-----w- c:\users\Nicolas\AppData\Local\{97F9DE4C-2BFA-44D5-B44D-050608AA037E}
2011-05-26 05:21 . 2011-05-26 05:21 -------- d-----w- c:\users\Nicolas\AppData\Local\{448F4FBD-A1E4-429D-ACAD-CEC90E594ABF}
2011-05-24 05:19 . 2011-05-24 05:19 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-24 05:17 . 2011-05-24 05:17 -------- d-----w- c:\users\Nicolas\AppData\Local\{EC58A04E-FA05-48B8-B6BD-42986D8A6F8C}
2011-05-23 16:17 . 2011-05-24 05:17 -------- d-----w- c:\users\Nicolas\AppData\Roaming\WhiteSmoke
2011-05-23 11:40 . 2011-05-23 11:40 -------- d-----w- c:\users\Nicolas\AppData\Local\{8082A705-967E-47CE-A67E-17CAC7312FA1}
2011-05-21 20:06 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-21 20:06 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-21 20:06 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-21 20:06 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-21 20:06 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-21 20:06 . 2011-05-10 11:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-21 20:06 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-21 20:06 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-21 20:00 . 2011-05-21 20:01 -------- d-----w- c:\users\Nicolas\AppData\Local\{EC9657B4-470D-4AAB-9DE8-0191A12A68C0}
2011-05-21 06:43 . 2011-05-21 06:43 -------- d-----w- c:\users\Nicolas\AppData\Local\{2BB19A13-E25D-4B8B-87C0-7BB7A172C54D}
2011-05-19 17:00 . 2011-05-19 17:00 -------- d-----w- c:\users\Nicolas\AppData\Local\{A285F88B-D419-45EC-8E4C-0EACCE36F55C}
2011-05-18 05:15 . 2011-05-18 05:15 -------- d-----w- c:\users\Nicolas\AppData\Local\{A2F659EF-4CDE-4E7B-BE7C-1BBC151AABFB}
2011-05-18 05:14 . 2011-06-12 07:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-17 06:14 . 2011-05-17 06:14 -------- d-----w- c:\users\Nicolas\AppData\Local\{CD50994F-9C5E-4D9F-AB92-E53CB7CF7718}
2011-05-17 05:12 . 2011-05-17 05:13 -------- d-----w- c:\users\Nicolas\AppData\Local\{4979C30D-1ACF-4DF8-AE6D-544AC331590D}
2011-05-16 05:15 . 2011-05-16 05:15 -------- d-----w- c:\users\Nicolas\AppData\Local\{B3D4ECAD-9AD7-4A5A-AEA3-7156CB70873B}
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-13 18:54 . 2011-04-13 18:54 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-13 18:54 . 2011-04-13 18:54 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-13 18:54 . 2011-04-13 18:54 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-13 18:54 . 2011-04-13 18:54 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-13 18:54 . 2011-04-13 18:54 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-13 18:54 . 2011-04-13 18:54 367104 ----a-w- c:\windows\system32\html.iec
2011-04-13 18:54 . 2011-04-13 18:54 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-13 18:54 . 2011-04-13 18:54 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-13 18:54 . 2011-04-13 18:54 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-13 18:54 . 2011-04-13 18:54 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-13 18:54 . 2011-04-13 18:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-13 18:54 . 2011-04-13 18:54 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-13 18:54 . 2011-04-13 18:54 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-13 18:54 . 2011-04-13 18:54 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-13 18:54 . 2011-04-13 18:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-13 18:54 . 2011-04-13 18:54 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-13 18:54 . 2011-04-13 18:54 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-13 18:54 . 2011-04-13 18:54 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-13 18:54 . 2011-04-13 18:54 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-13 18:54 . 2011-04-13 18:54 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-13 18:54 . 2011-04-13 18:54 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-14 16:47 . 2011-05-01 07:15 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-12-14 10:31 . 2009-12-14 10:31 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\prxtbmyB2.dll" [2011-01-17 175912]
"{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Softonic_France\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2011-01-17 14:54 175912 ----a-w- c:\program files\myBabylon_English\prxtbmyB2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\prxtbmyB2.dll" [2011-01-17 175912]
"{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France\prxtbSof0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\prxtbmyB2.dll" [2011-01-17 175912]
"{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}"= "c:\program files\Softonic_France\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 22:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-06 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-05-11 934800]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-05-11 3373968]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-05-11 19856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-18 15146376]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
"Assistant DartyBox"="c:\program files\DartyBoxTHD_v1\NetGear\AssistantDB\AssistantDB_Netgear.exe" [2010-03-04 3452416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-07 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-07 92704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-14 30192]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-17 122368]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"PCTuto"="c:\program files\PCTuto\pctuto.exe" [2011-04-14 982656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"autoupdater"="c:\users\Nicolas\AppData\Roaming\PCtuto\UpdatePCTuto\autoupdater.exe" [2011-04-14 663168]
.
c:\users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Bouygues Telecom Mes services en un clic.lnk - c:\program files\Bouygues Telecom Mes services en un clic\Bouygues Telecom Mes services en un clic.exe [N/A]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
Orion.lnk - c:\program files\Convesoft\Orion\Messenger.exe [2008-4-7 4685824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-06-07 11:14 10536 ----a-w- c:\program files\Citrix\GoToAssist\508\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 135664]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-01-29 20032]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-14 30192]
R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\DRIVERS\optousb.sys [2006-10-18 18560]
R3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\DRIVERS\optovcm.sys [2006-10-19 25344]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-04-27 98560]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-04-27 14848]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-04-27 123648]
R3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\DRIVERS\ssceserd.sys [2010-04-27 100352]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-26 217088]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-10-25 36640]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-21 81296]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-08-07 44064]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'
.
2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 10:57]
.
2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 10:57]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://neufportail.fr/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: consoclicker.com\www
TCP: DhcpNameServer = 89.2.0.1 89.2.0.2
FF - ProfilePath - c:\users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\h9stcmq5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849852&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHELINS SUPPRIMES - - - -
.
URLSearchHooks-{51fcf544-34e1-47e6-b661-fbc5280c2e74} - c:\program files\WhiteSmoke_Tools\prxtbWhit.dll
URLSearchHooks-{ef79f67a-6ad7-4715-a0f8-932fca442023} - (no file)
BHO-{51fcf544-34e1-47e6-b661-fbc5280c2e74} - c:\program files\WhiteSmoke_Tools\prxtbWhit.dll
BHO-{703740c1-0f1a-4cec-a4df-d78db0158477} - c:\program files\OfferBox\extensions-3.2.3747.107\offerbox_air_iexplorer.dll
Toolbar-{51fcf544-34e1-47e6-b661-fbc5280c2e74} - c:\program files\WhiteSmoke_Tools\prxtbWhit.dll
HKCU-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-WahOO - c:\users\Nicolas\AppData\Local\WahOO\WahOO.exe
HKCU-Run-Facemoi - c:\facemoi\facemoi.exe
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-Facemoi - c:\facemoi\facemoi.exe
AddRemove-AVerMedia A310 (MiniCard, DVB-T) - c:\program files\AVerMedia\AVerMedia A310 (MiniCard
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background?
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(1236)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2011-06-14 21:09:48 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-06-14 19:09
.
Avant-CF: 26 412 740 608 octets libres
Après-CF: 26 259 546 112 octets libres
.
- - End Of File - - A4DB734AD001144FF06752670A0ED629
juju666
Messages postés
35446
Date d'inscription
jeudi 18 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
21 avril 2024
4 795
14 juin 2011 à 21:27
14 juin 2011 à 21:27
▶ ▶ DÉSACTIVE TES PROTECTIONS DURANT LA PROCÉDURE
▶ ▶ SCRIPT PERSONNALISE A CET ORDINATEUR, NE PAS REPRODUIRE : DANGEREUX !!!!
▶ Créé un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
▶ Enregistre ce fichier sous le nom CFScript
▶ Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript-2.gif
▶ Combofix se lance, laisse toi guider..
▶ Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c''est normal!
Ne touche à rien tant que le scan n''est pas terminé.
▶ Une fois le scan achevé, un rapport va s''afficher: poste son contenu, en précisant où en sont tes soucis
▶ Si le fichier ne s''ouvre pas, il se trouve ici > C:\ComboFix.txt
▶ ▶ SCRIPT PERSONNALISE A CET ORDINATEUR, NE PAS REPRODUIRE : DANGEREUX !!!!
▶ Créé un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
KillAll:: Folder:: c:\users\Nicolas\AppData\Roaming\PCtuto c:\program files\PCTuto c:\users\Nicolas\AppData\Local\PCTuto c:\users\Nicolas\AppData\Roaming\WhiteSmoke c:\program files\SweetIM c:\program files\myBabylon_English c:\program files\Softonic_France c:\program files\ConduitEngine c:\program files\McAfee Security Scan File:: c:\windows\system32\ConduitEngine.tmp Registry:: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{EEE6C35D-6118-11DC-9C72-001320C79847}"=- "{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"=- "{4daac69c-cba7-45e2-9bc8-1044483d3352}"=- [-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}] [-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] [-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}] [-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook] [-HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] [-HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"=- "{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"=- "{4daac69c-cba7-45e2-9bc8-1044483d3352}"=- "{30F9B915-B755-4826-820B-08FBA6BD249D}"=- [-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] [-HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] [-HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}] [-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"=- "{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"=- "{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}"= - [-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] [-HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] [-HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SweetIM"=- "PCTuto"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "autoupdater"=- FireFox:: FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849852&SearchSource=3&q={searchTerms} FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q= FF - user.js: yahoo.homepage.dontask - true Reboot::
▶ Enregistre ce fichier sous le nom CFScript
▶ Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript-2.gif
▶ Combofix se lance, laisse toi guider..
▶ Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c''est normal!
Ne touche à rien tant que le scan n''est pas terminé.
▶ Une fois le scan achevé, un rapport va s''afficher: poste son contenu, en précisant où en sont tes soucis
▶ Si le fichier ne s''ouvre pas, il se trouve ici > C:\ComboFix.txt
nico4510
Messages postés
232
Date d'inscription
vendredi 18 août 2006
Statut
Membre
Dernière intervention
2 juillet 2014
2
15 juin 2011 à 08:57
15 juin 2011 à 08:57
ComboFix 11-06-14.01 - Nicolas 15/06/2011 8:35.2.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3066.1896 [GMT 2:00]
Lancé depuis: c:\users\Nicolas\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Nicolas\Desktop\CFScript.htm
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\ConduitEngine.tmp"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ConduitEngine
c:\program files\ConduitEngine\appContextMenu.xml
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\ConduitEngine\ConduitEngineHelper.exe
c:\program files\ConduitEngine\ConduitEngineUninstall.exe
c:\program files\ConduitEngine\engineContextMenu.xml
c:\program files\ConduitEngine\EngineSettings.json
c:\program files\ConduitEngine\INSTALL.LOG
c:\program files\ConduitEngine\prxConduitEngine.dll
c:\program files\ConduitEngine\toolbar.cfg
c:\program files\McAfee Security Scan
c:\program files\McAfee Security Scan\2.0.181\AVScanComponent.dll
c:\program files\McAfee Security Scan\2.0.181\AVScanner.ini
c:\program files\McAfee Security Scan\2.0.181\avvclean.dat
c:\program files\McAfee Security Scan\2.0.181\avvnames.dat
c:\program files\McAfee Security Scan\2.0.181\avvscan.dat
c:\program files\McAfee Security Scan\2.0.181\config.dat
c:\program files\McAfee Security Scan\2.0.181\ftconfig.ini
c:\program files\McAfee Security Scan\2.0.181\McAfee.ico
c:\program files\McAfee Security Scan\2.0.181\mcbrwsr2.dll
c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe
c:\program files\McAfee Security Scan\2.0.181\MCCompHostConfig.ini
c:\program files\McAfee Security Scan\2.0.181\mcscan32.dll
c:\program files\McAfee Security Scan\2.0.181\mcuicnt.exe
c:\program files\McAfee Security Scan\2.0.181\McUpdater.dll
c:\program files\McAfee Security Scan\2.0.181\sa_cache_sqlite.dll
c:\program files\McAfee Security Scan\2.0.181\sa_http_win32.dll
c:\program files\McAfee Security Scan\2.0.181\sa_mbl.dll
c:\program files\McAfee Security Scan\2.0.181\sa_store_sqlite.dll
c:\program files\McAfee Security Scan\2.0.181\sacore.db
c:\program files\McAfee Security Scan\2.0.181\sacore.dll
c:\program files\McAfee Security Scan\2.0.181\sacoredata\uds_filetypes.txt
c:\program files\McAfee Security Scan\2.0.181\sacoredata\uds_hosting.txt
c:\program files\McAfee Security Scan\2.0.181\sacoredata\uds_tlds.txt
c:\program files\McAfee Security Scan\2.0.181\SecurityScanner.dll
c:\program files\McAfee Security Scan\2.0.181\SecurityScanner_LD.dll
c:\program files\McAfee Security Scan\2.0.181\sqlite3.dll
c:\program files\McAfee Security Scan\2.0.181\SSCustom_LD.dll
c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe
c:\program files\McAfee Security Scan\2.0.181\WebInfoScanner.dll
c:\program files\McAfee Security Scan\2.0.181\WMIScanner.dll
c:\program files\McAfee Security Scan\uninstall.exe
c:\program files\myBabylon_English
c:\program files\myBabylon_English\INSTALL.LOG
c:\program files\myBabylon_English\myBabylon_EnglishToolbarHelper.exe
c:\program files\myBabylon_English\myBabylon_EnglishToolbarHelper1.exe
c:\program files\myBabylon_English\prxtbmyB2.dll
c:\program files\myBabylon_English\tbmyB0.dll
c:\program files\myBabylon_English\tbmyB1.dll
c:\program files\myBabylon_English\tbmyB2.dll
c:\program files\myBabylon_English\tbmyBa.dll
c:\program files\myBabylon_English\toolbar.cfg
c:\program files\myBabylon_English\uninstall.exe
c:\program files\myBabylon_English\UNWISE.EXE
c:\program files\PCTuto
c:\program files\PCTuto\confmedia.cyp
c:\program files\PCTuto\pctuto.exe
c:\program files\PCTuto\pctutoBHO.dll
c:\program files\PCTuto\tuto_avast_scan.exe
c:\program files\PCTuto\unins000.dat
c:\program files\PCTuto\unins000.exe
c:\program files\PCTuto\unins001.dat
c:\program files\PCTuto\unins001.exe
c:\program files\Softonic_France
c:\program files\Softonic_France\GottenAppsContextMenu.xml
c:\program files\Softonic_France\INSTALL.LOG
c:\program files\Softonic_France\OtherAppsContextMenu.xml
c:\program files\Softonic_France\prxtbSof0.dll
c:\program files\Softonic_France\SharedAppsContextMenu.xml
c:\program files\Softonic_France\Softonic_FranceToolbarHelper.exe
c:\program files\Softonic_France\Softonic_FranceToolbarHelper1.exe
c:\program files\Softonic_France\tbSof0.dll
c:\program files\Softonic_France\tbSof1.dll
c:\program files\Softonic_France\tbSoft.dll
c:\program files\Softonic_France\toolbar.cfg
c:\program files\Softonic_France\ToolbarContextMenu.xml
c:\program files\Softonic_France\uninstall.exe
c:\program files\Softonic_France\UNWISE.EXE
c:\program files\Softonic_France\UNWISE.INI
c:\program files\SweetIM
c:\program files\SweetIM\Messenger\default.xml
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files\SweetIM\Messenger\mgAIMAuto.dll
c:\program files\SweetIM\Messenger\mgAIMMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgArchive.dll
c:\program files\SweetIM\Messenger\mgcommon.dll
c:\program files\SweetIM\Messenger\mgcommunication.dll
c:\program files\SweetIM\Messenger\mgconfig.dll
c:\program files\SweetIM\Messenger\mgFlashPlayer.dll
c:\program files\SweetIM\Messenger\mghooking.dll
c:\program files\SweetIM\Messenger\mgICQAuto.dll
c:\program files\SweetIM\Messenger\mgICQMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgIEPlayer.dll
c:\program files\SweetIM\Messenger\mglogger.dll
c:\program files\SweetIM\Messenger\mgMediaPlayer.dll
c:\program files\SweetIM\Messenger\mgMsnAuto.dll
c:\program files\SweetIM\Messenger\mgMsnMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgsimcommon.dll
c:\program files\SweetIM\Messenger\mgSweetIM.dll
c:\program files\SweetIM\Messenger\mgUpdateSupport.dll
c:\program files\SweetIM\Messenger\mgxml_wrapper.dll
c:\program files\SweetIM\Messenger\mgYahooAuto.dll
c:\program files\SweetIM\Messenger\mgYahooMessengerAdapter.dll
c:\program files\SweetIM\Messenger\msvcp71.dll
c:\program files\SweetIM\Messenger\msvcr71.dll
c:\program files\SweetIM\Messenger\resources\images\AudibleButton.png
c:\program files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
c:\program files\SweetIM\Messenger\resources\images\EmoticonButton.png
c:\program files\SweetIM\Messenger\resources\images\GamesButton.png
c:\program files\SweetIM\Messenger\resources\images\NudgeButton.png
c:\program files\SweetIM\Messenger\resources\images\SoundFxButton.png
c:\program files\SweetIM\Messenger\resources\images\WinksButton.png
c:\program files\SweetIM\Messenger\SweetIM.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\default.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mghooking.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mglogger.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\about.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dating.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\find.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\games.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\glitter.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\help.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\highlight.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\locales.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\music.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\news.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\options.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\photos.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\shopping.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\version.txt
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\web-search.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png
c:\users\Nicolas\AppData\Local\PCTuto
c:\users\Nicolas\AppData\Local\PCTuto\PCTuto\confmedia.cyp
c:\users\Nicolas\AppData\Local\PCTuto\PCTuto\pctuto_confMedia.cyp
c:\users\Nicolas\AppData\Local\PCTuto\PCTuto\user.cyp
c:\users\Nicolas\AppData\Local\PCTuto\PCTuto\user_profil.cyp
c:\users\Nicolas\AppData\Roaming\PCtuto
c:\users\Nicolas\AppData\Roaming\PCtuto\UpdatePCTuto\autoupdater.exe
c:\users\Nicolas\AppData\Roaming\PCtuto\UpdatePCTuto\help_config.cyp
c:\users\Nicolas\AppData\Roaming\PCtuto\UpdatePCTuto\shared.cyp
c:\users\Nicolas\AppData\Roaming\PCtuto\UpdatePCTuto\unins000.dat
c:\users\Nicolas\AppData\Roaming\PCtuto\UpdatePCTuto\unins000.exe
c:\users\Nicolas\AppData\Roaming\PCtuto\UpdatePCTuto\UpdatePCTuto.exe
c:\users\Nicolas\AppData\Roaming\PCtuto\UpdatePCTuto\user_config.cyp
c:\users\Nicolas\AppData\Roaming\PCtuto\UpdatePCTuto\user_profil.cyp
c:\users\Nicolas\AppData\Roaming\WhiteSmoke
c:\users\Nicolas\AppData\Roaming\WhiteSmoke\stat.log
c:\windows\system32\ConduitEngine.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_McComponentHostService
-------\Service_McComponentHostService
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-05-15 au 2011-06-15 ))))))))))))))))))))))))))))))))))))
.
.
2011-06-14 15:39 . 2011-06-14 15:39 -------- d-----w- c:\program files\ZHPDiag
2011-06-14 15:34 . 2011-06-14 15:34 -------- d-----w- c:\program files\Trend Micro
2011-06-14 05:20 . 2011-06-14 05:21 -------- d-----w- c:\users\Nicolas\AppData\Local\{B2FC03C6-0322-431D-8C63-E8AB6C73C03B}
2011-06-13 06:53 . 2011-06-13 06:53 -------- d-----w- c:\users\Nicolas\AppData\Local\{75E8C6D1-BB65-475C-8A19-64BEF497457E}
2011-06-11 05:45 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{897454AE-38A0-44D0-B99B-AD563CA2D2CD}\mpengine.dll
2011-06-11 05:41 . 2011-06-11 05:41 -------- d-----w- c:\users\Nicolas\AppData\Local\{2EF22CAF-E638-4DB6-B51D-5AF8C12B8E65}
2011-06-10 12:16 . 2011-06-11 06:26 -------- d-----w- c:\users\Nicolas\AppData\Roaming\BitTorrent
2011-06-10 12:14 . 2011-06-14 18:57 -------- d-----w- c:\program files\Object
2011-06-10 05:40 . 2011-06-10 05:40 -------- d-----w- c:\users\Nicolas\AppData\Local\{B4651C3D-DAAD-432F-90AF-063E8D405056}
2011-06-09 05:35 . 2011-06-09 05:35 -------- d-----w- c:\users\Nicolas\AppData\Local\{FEEAF97C-C3F7-4B5A-B2A3-2F26B68B5CE2}
2011-06-08 05:18 . 2011-06-08 05:18 -------- d-----w- c:\users\Nicolas\AppData\Local\{E3EED080-7C4A-4022-B544-9D7EDDD189E9}
2011-06-07 12:53 . 2011-06-07 12:53 -------- d-----w- c:\users\Nicolas\AppData\Roaming\DartyBox THD
2011-06-07 11:29 . 2011-06-07 11:29 -------- d-----w- c:\users\Nicolas\AppData\Roaming\DartyBoxTHD
2011-06-07 11:28 . 2011-06-07 11:28 -------- d-----w- c:\program files\DartyBoxTHD_v1
2011-06-07 11:14 . 2011-06-07 11:14 -------- d-----w- c:\program files\Citrix
2011-06-07 11:14 . 2011-06-07 11:28 -------- d-----w- c:\program files\CD_DartyBox_THD
2011-06-06 18:20 . 2011-06-06 18:21 -------- d-----w- c:\users\Nicolas\AppData\Local\{674321FF-B3F2-49F0-9AA3-18B0FAA463AA}
2011-06-05 06:43 . 2011-06-05 06:43 -------- d-----w- c:\users\Nicolas\AppData\Local\{EAF6870C-1EE2-4DF6-81F4-282BC3D509E5}
2011-06-03 06:05 . 2011-06-03 06:06 -------- d-----w- c:\users\Nicolas\AppData\Local\{98318E40-8627-4B97-8CFA-AC34551F53A7}
2011-06-02 06:36 . 2011-06-02 06:37 -------- d-----w- c:\users\Nicolas\AppData\Local\{1D2DAFAA-5E33-4B07-88BE-1E63D70CDACB}
2011-06-01 06:33 . 2011-06-01 06:33 -------- d-----w- c:\users\Nicolas\AppData\Local\{5C6B9D86-7B09-4B76-B0F4-08BA0B800A26}
2011-05-31 05:38 . 2011-05-31 05:38 -------- d-----w- c:\users\Nicolas\AppData\Local\{7FC71FBB-1D14-49A4-81DC-E88F64A91D72}
2011-05-30 05:33 . 2011-05-30 05:33 -------- d-----w- c:\users\Nicolas\AppData\Local\{5822F469-62CF-4A5D-9E06-D8C912054D32}
2011-05-29 07:34 . 2011-05-29 07:34 -------- d-----w- c:\users\Nicolas\AppData\Local\{31A31D8D-1594-47EA-A4DF-7F03CEE7DE58}
2011-05-28 06:54 . 2011-05-28 06:54 -------- d-----w- c:\users\Nicolas\AppData\Local\{3A4AAD4D-4991-4CDC-9EFD-9E0148401E63}
2011-05-27 05:39 . 2011-05-27 05:39 -------- d-----w- c:\users\Nicolas\AppData\Local\{97F9DE4C-2BFA-44D5-B44D-050608AA037E}
2011-05-26 05:21 . 2011-05-26 05:21 -------- d-----w- c:\users\Nicolas\AppData\Local\{448F4FBD-A1E4-429D-ACAD-CEC90E594ABF}
2011-05-24 05:17 . 2011-05-24 05:17 -------- d-----w- c:\users\Nicolas\AppData\Local\{EC58A04E-FA05-48B8-B6BD-42986D8A6F8C}
2011-05-23 11:40 . 2011-05-23 11:40 -------- d-----w- c:\users\Nicolas\AppData\Local\{8082A705-967E-47CE-A67E-17CAC7312FA1}
2011-05-21 20:06 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-21 20:06 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-21 20:06 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-21 20:06 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-21 20:06 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-21 20:06 . 2011-05-10 11:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-21 20:06 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-21 20:06 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-21 20:00 . 2011-05-21 20:01 -------- d-----w- c:\users\Nicolas\AppData\Local\{EC9657B4-470D-4AAB-9DE8-0191A12A68C0}
2011-05-21 06:43 . 2011-05-21 06:43 -------- d-----w- c:\users\Nicolas\AppData\Local\{2BB19A13-E25D-4B8B-87C0-7BB7A172C54D}
2011-05-19 17:00 . 2011-05-19 17:00 -------- d-----w- c:\users\Nicolas\AppData\Local\{A285F88B-D419-45EC-8E4C-0EACCE36F55C}
2011-05-18 05:15 . 2011-05-18 05:15 -------- d-----w- c:\users\Nicolas\AppData\Local\{A2F659EF-4CDE-4E7B-BE7C-1BBC151AABFB}
2011-05-18 05:14 . 2011-06-12 07:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-17 06:14 . 2011-05-17 06:14 -------- d-----w- c:\users\Nicolas\AppData\Local\{CD50994F-9C5E-4D9F-AB92-E53CB7CF7718}
2011-05-17 05:12 . 2011-05-17 05:13 -------- d-----w- c:\users\Nicolas\AppData\Local\{4979C30D-1ACF-4DF8-AE6D-544AC331590D}
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-13 18:54 . 2011-04-13 18:54 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-13 18:54 . 2011-04-13 18:54 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-13 18:54 . 2011-04-13 18:54 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-13 18:54 . 2011-04-13 18:54 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-13 18:54 . 2011-04-13 18:54 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-13 18:54 . 2011-04-13 18:54 367104 ----a-w- c:\windows\system32\html.iec
2011-04-13 18:54 . 2011-04-13 18:54 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-13 18:54 . 2011-04-13 18:54 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-13 18:54 . 2011-04-13 18:54 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-13 18:54 . 2011-04-13 18:54 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-13 18:54 . 2011-04-13 18:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-13 18:54 . 2011-04-13 18:54 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-13 18:54 . 2011-04-13 18:54 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-13 18:54 . 2011-04-13 18:54 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-13 18:54 . 2011-04-13 18:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-13 18:54 . 2011-04-13 18:54 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-13 18:54 . 2011-04-13 18:54 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-13 18:54 . 2011-04-13 18:54 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-13 18:54 . 2011-04-13 18:54 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-13 18:54 . 2011-04-13 18:54 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-13 18:54 . 2011-04-13 18:54 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-14 16:47 . 2011-05-01 07:15 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-12-14 10:31 . 2009-12-14 10:31 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 22:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-06 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-05-11 934800]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-05-11 3373968]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-05-11 19856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-18 15146376]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
"Assistant DartyBox"="c:\program files\DartyBoxTHD_v1\NetGear\AssistantDB\AssistantDB_Netgear.exe" [2010-03-04 3452416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-07 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-07 92704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-14 30192]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-17 122368]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
c:\users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Bouygues Telecom Mes services en un clic.lnk - c:\program files\Bouygues Telecom Mes services en un clic\Bouygues Telecom Mes services en un clic.exe [N/A]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
Orion.lnk - c:\program files\Convesoft\Orion\Messenger.exe [2008-4-7 4685824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-06-07 11:14 10536 ----a-w- c:\program files\Citrix\GoToAssist\508\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 135664]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-01-29 20032]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-14 30192]
R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 135664]
R3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\DRIVERS\optousb.sys [2006-10-18 18560]
R3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\DRIVERS\optovcm.sys [2006-10-19 25344]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-04-27 98560]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-04-27 14848]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-04-27 123648]
R3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\DRIVERS\ssceserd.sys [2010-04-27 100352]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-26 217088]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-10-25 36640]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-21 81296]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-08-07 44064]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'
.
2011-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 10:57]
.
2011-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 10:57]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://neufportail.fr/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: consoclicker.com\www
TCP: DhcpNameServer = 89.2.0.1 89.2.0.2
FF - ProfilePath - c:\users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\h9stcmq5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849852&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHELINS SUPPRIMES - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
BHO-{4daac69c-cba7-45e2-9bc8-1044483d3352} - (no file)
BHO-{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
AddRemove-myBabylon_English Toolbar - c:\program files\myBabylon_English\uninstall.exe
AddRemove-PCTuto Avast_is1 - c:\program files\PCTuto\unins001.exe
AddRemove-PCTuto_is1 - c:\program files\PCTuto\unins000.exe
AddRemove-Softonic_France Toolbar - c:\program files\Softonic_France\uninstall.exe
AddRemove-UpdatePCTuto_is1 - c:\users\Nicolas\AppData\Roaming\PCtuto\UpdatePCTuto\unins000.exe
.
.
.
**************************************************************************
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(5940)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Heure de fin: 2011-06-15 08:52:43 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-06-15 06:52
ComboFix2.txt 2011-06-14 19:09
.
Avant-CF: 26 715 664 384 octets libres
Après-CF: 26 345 635 840 octets libres
.
- - End Of File - - D75596AE732D425299B64B70CDFECC8F
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3066.1896 [GMT 2:00]
Lancé depuis: c:\users\Nicolas\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Nicolas\Desktop\CFScript.htm
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\ConduitEngine.tmp"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ConduitEngine
c:\program files\ConduitEngine\appContextMenu.xml
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\ConduitEngine\ConduitEngineHelper.exe
c:\program files\ConduitEngine\ConduitEngineUninstall.exe
c:\program files\ConduitEngine\engineContextMenu.xml
c:\program files\ConduitEngine\EngineSettings.json
c:\program files\ConduitEngine\INSTALL.LOG
c:\program files\ConduitEngine\prxConduitEngine.dll
c:\program files\ConduitEngine\toolbar.cfg
c:\program files\McAfee Security Scan
c:\program files\McAfee Security Scan\2.0.181\AVScanComponent.dll
c:\program files\McAfee Security Scan\2.0.181\AVScanner.ini
c:\program files\McAfee Security Scan\2.0.181\avvclean.dat
c:\program files\McAfee Security Scan\2.0.181\avvnames.dat
c:\program files\McAfee Security Scan\2.0.181\avvscan.dat
c:\program files\McAfee Security Scan\2.0.181\config.dat
c:\program files\McAfee Security Scan\2.0.181\ftconfig.ini
c:\program files\McAfee Security Scan\2.0.181\McAfee.ico
c:\program files\McAfee Security Scan\2.0.181\mcbrwsr2.dll
c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe
c:\program files\McAfee Security Scan\2.0.181\MCCompHostConfig.ini
c:\program files\McAfee Security Scan\2.0.181\mcscan32.dll
c:\program files\McAfee Security Scan\2.0.181\mcuicnt.exe
c:\program files\McAfee Security Scan\2.0.181\McUpdater.dll
c:\program files\McAfee Security Scan\2.0.181\sa_cache_sqlite.dll
c:\program files\McAfee Security Scan\2.0.181\sa_http_win32.dll
c:\program files\McAfee Security Scan\2.0.181\sa_mbl.dll
c:\program files\McAfee Security Scan\2.0.181\sa_store_sqlite.dll
c:\program files\McAfee Security Scan\2.0.181\sacore.db
c:\program files\McAfee Security Scan\2.0.181\sacore.dll
c:\program files\McAfee Security Scan\2.0.181\sacoredata\uds_filetypes.txt
c:\program files\McAfee Security Scan\2.0.181\sacoredata\uds_hosting.txt
c:\program files\McAfee Security Scan\2.0.181\sacoredata\uds_tlds.txt
c:\program files\McAfee Security Scan\2.0.181\SecurityScanner.dll
c:\program files\McAfee Security Scan\2.0.181\SecurityScanner_LD.dll
c:\program files\McAfee Security Scan\2.0.181\sqlite3.dll
c:\program files\McAfee Security Scan\2.0.181\SSCustom_LD.dll
c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe
c:\program files\McAfee Security Scan\2.0.181\WebInfoScanner.dll
c:\program files\McAfee Security Scan\2.0.181\WMIScanner.dll
c:\program files\McAfee Security Scan\uninstall.exe
c:\program files\myBabylon_English
c:\program files\myBabylon_English\INSTALL.LOG
c:\program files\myBabylon_English\myBabylon_EnglishToolbarHelper.exe
c:\program files\myBabylon_English\myBabylon_EnglishToolbarHelper1.exe
c:\program files\myBabylon_English\prxtbmyB2.dll
c:\program files\myBabylon_English\tbmyB0.dll
c:\program files\myBabylon_English\tbmyB1.dll
c:\program files\myBabylon_English\tbmyB2.dll
c:\program files\myBabylon_English\tbmyBa.dll
c:\program files\myBabylon_English\toolbar.cfg
c:\program files\myBabylon_English\uninstall.exe
c:\program files\myBabylon_English\UNWISE.EXE
c:\program files\PCTuto
c:\program files\PCTuto\confmedia.cyp
c:\program files\PCTuto\pctuto.exe
c:\program files\PCTuto\pctutoBHO.dll
c:\program files\PCTuto\tuto_avast_scan.exe
c:\program files\PCTuto\unins000.dat
c:\program files\PCTuto\unins000.exe
c:\program files\PCTuto\unins001.dat
c:\program files\PCTuto\unins001.exe
c:\program files\Softonic_France
c:\program files\Softonic_France\GottenAppsContextMenu.xml
c:\program files\Softonic_France\INSTALL.LOG
c:\program files\Softonic_France\OtherAppsContextMenu.xml
c:\program files\Softonic_France\prxtbSof0.dll
c:\program files\Softonic_France\SharedAppsContextMenu.xml
c:\program files\Softonic_France\Softonic_FranceToolbarHelper.exe
c:\program files\Softonic_France\Softonic_FranceToolbarHelper1.exe
c:\program files\Softonic_France\tbSof0.dll
c:\program files\Softonic_France\tbSof1.dll
c:\program files\Softonic_France\tbSoft.dll
c:\program files\Softonic_France\toolbar.cfg
c:\program files\Softonic_France\ToolbarContextMenu.xml
c:\program files\Softonic_France\uninstall.exe
c:\program files\Softonic_France\UNWISE.EXE
c:\program files\Softonic_France\UNWISE.INI
c:\program files\SweetIM
c:\program files\SweetIM\Messenger\default.xml
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files\SweetIM\Messenger\mgAIMAuto.dll
c:\program files\SweetIM\Messenger\mgAIMMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgArchive.dll
c:\program files\SweetIM\Messenger\mgcommon.dll
c:\program files\SweetIM\Messenger\mgcommunication.dll
c:\program files\SweetIM\Messenger\mgconfig.dll
c:\program files\SweetIM\Messenger\mgFlashPlayer.dll
c:\program files\SweetIM\Messenger\mghooking.dll
c:\program files\SweetIM\Messenger\mgICQAuto.dll
c:\program files\SweetIM\Messenger\mgICQMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgIEPlayer.dll
c:\program files\SweetIM\Messenger\mglogger.dll
c:\program files\SweetIM\Messenger\mgMediaPlayer.dll
c:\program files\SweetIM\Messenger\mgMsnAuto.dll
c:\program files\SweetIM\Messenger\mgMsnMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgsimcommon.dll
c:\program files\SweetIM\Messenger\mgSweetIM.dll
c:\program files\SweetIM\Messenger\mgUpdateSupport.dll
c:\program files\SweetIM\Messenger\mgxml_wrapper.dll
c:\program files\SweetIM\Messenger\mgYahooAuto.dll
c:\program files\SweetIM\Messenger\mgYahooMessengerAdapter.dll
c:\program files\SweetIM\Messenger\msvcp71.dll
c:\program files\SweetIM\Messenger\msvcr71.dll
c:\program files\SweetIM\Messenger\resources\images\AudibleButton.png
c:\program files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
c:\program files\SweetIM\Messenger\resources\images\EmoticonButton.png
c:\program files\SweetIM\Messenger\resources\images\GamesButton.png
c:\program files\SweetIM\Messenger\resources\images\NudgeButton.png
c:\program files\SweetIM\Messenger\resources\images\SoundFxButton.png
c:\program files\SweetIM\Messenger\resources\images\WinksButton.png
c:\program files\SweetIM\Messenger\SweetIM.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\default.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mghooking.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mglogger.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\about.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dating.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\find.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\games.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\glitter.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\help.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\highlight.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\locales.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\music.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\news.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\options.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\photos.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\shopping.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\version.txt
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\web-search.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png
c:\users\Nicolas\AppData\Local\PCTuto
c:\users\Nicolas\AppData\Local\PCTuto\PCTuto\confmedia.cyp
c:\users\Nicolas\AppData\Local\PCTuto\PCTuto\pctuto_confMedia.cyp
c:\users\Nicolas\AppData\Local\PCTuto\PCTuto\user.cyp
c:\users\Nicolas\AppData\Local\PCTuto\PCTuto\user_profil.cyp
c:\users\Nicolas\AppData\Roaming\PCtuto
c:\users\Nicolas\AppData\Roaming\PCtuto\UpdatePCTuto\autoupdater.exe
c:\users\Nicolas\AppData\Roaming\PCtuto\UpdatePCTuto\help_config.cyp
c:\users\Nicolas\AppData\Roaming\PCtuto\UpdatePCTuto\shared.cyp
c:\users\Nicolas\AppData\Roaming\PCtuto\UpdatePCTuto\unins000.dat
c:\users\Nicolas\AppData\Roaming\PCtuto\UpdatePCTuto\unins000.exe
c:\users\Nicolas\AppData\Roaming\PCtuto\UpdatePCTuto\UpdatePCTuto.exe
c:\users\Nicolas\AppData\Roaming\PCtuto\UpdatePCTuto\user_config.cyp
c:\users\Nicolas\AppData\Roaming\PCtuto\UpdatePCTuto\user_profil.cyp
c:\users\Nicolas\AppData\Roaming\WhiteSmoke
c:\users\Nicolas\AppData\Roaming\WhiteSmoke\stat.log
c:\windows\system32\ConduitEngine.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_McComponentHostService
-------\Service_McComponentHostService
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-05-15 au 2011-06-15 ))))))))))))))))))))))))))))))))))))
.
.
2011-06-14 15:39 . 2011-06-14 15:39 -------- d-----w- c:\program files\ZHPDiag
2011-06-14 15:34 . 2011-06-14 15:34 -------- d-----w- c:\program files\Trend Micro
2011-06-14 05:20 . 2011-06-14 05:21 -------- d-----w- c:\users\Nicolas\AppData\Local\{B2FC03C6-0322-431D-8C63-E8AB6C73C03B}
2011-06-13 06:53 . 2011-06-13 06:53 -------- d-----w- c:\users\Nicolas\AppData\Local\{75E8C6D1-BB65-475C-8A19-64BEF497457E}
2011-06-11 05:45 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{897454AE-38A0-44D0-B99B-AD563CA2D2CD}\mpengine.dll
2011-06-11 05:41 . 2011-06-11 05:41 -------- d-----w- c:\users\Nicolas\AppData\Local\{2EF22CAF-E638-4DB6-B51D-5AF8C12B8E65}
2011-06-10 12:16 . 2011-06-11 06:26 -------- d-----w- c:\users\Nicolas\AppData\Roaming\BitTorrent
2011-06-10 12:14 . 2011-06-14 18:57 -------- d-----w- c:\program files\Object
2011-06-10 05:40 . 2011-06-10 05:40 -------- d-----w- c:\users\Nicolas\AppData\Local\{B4651C3D-DAAD-432F-90AF-063E8D405056}
2011-06-09 05:35 . 2011-06-09 05:35 -------- d-----w- c:\users\Nicolas\AppData\Local\{FEEAF97C-C3F7-4B5A-B2A3-2F26B68B5CE2}
2011-06-08 05:18 . 2011-06-08 05:18 -------- d-----w- c:\users\Nicolas\AppData\Local\{E3EED080-7C4A-4022-B544-9D7EDDD189E9}
2011-06-07 12:53 . 2011-06-07 12:53 -------- d-----w- c:\users\Nicolas\AppData\Roaming\DartyBox THD
2011-06-07 11:29 . 2011-06-07 11:29 -------- d-----w- c:\users\Nicolas\AppData\Roaming\DartyBoxTHD
2011-06-07 11:28 . 2011-06-07 11:28 -------- d-----w- c:\program files\DartyBoxTHD_v1
2011-06-07 11:14 . 2011-06-07 11:14 -------- d-----w- c:\program files\Citrix
2011-06-07 11:14 . 2011-06-07 11:28 -------- d-----w- c:\program files\CD_DartyBox_THD
2011-06-06 18:20 . 2011-06-06 18:21 -------- d-----w- c:\users\Nicolas\AppData\Local\{674321FF-B3F2-49F0-9AA3-18B0FAA463AA}
2011-06-05 06:43 . 2011-06-05 06:43 -------- d-----w- c:\users\Nicolas\AppData\Local\{EAF6870C-1EE2-4DF6-81F4-282BC3D509E5}
2011-06-03 06:05 . 2011-06-03 06:06 -------- d-----w- c:\users\Nicolas\AppData\Local\{98318E40-8627-4B97-8CFA-AC34551F53A7}
2011-06-02 06:36 . 2011-06-02 06:37 -------- d-----w- c:\users\Nicolas\AppData\Local\{1D2DAFAA-5E33-4B07-88BE-1E63D70CDACB}
2011-06-01 06:33 . 2011-06-01 06:33 -------- d-----w- c:\users\Nicolas\AppData\Local\{5C6B9D86-7B09-4B76-B0F4-08BA0B800A26}
2011-05-31 05:38 . 2011-05-31 05:38 -------- d-----w- c:\users\Nicolas\AppData\Local\{7FC71FBB-1D14-49A4-81DC-E88F64A91D72}
2011-05-30 05:33 . 2011-05-30 05:33 -------- d-----w- c:\users\Nicolas\AppData\Local\{5822F469-62CF-4A5D-9E06-D8C912054D32}
2011-05-29 07:34 . 2011-05-29 07:34 -------- d-----w- c:\users\Nicolas\AppData\Local\{31A31D8D-1594-47EA-A4DF-7F03CEE7DE58}
2011-05-28 06:54 . 2011-05-28 06:54 -------- d-----w- c:\users\Nicolas\AppData\Local\{3A4AAD4D-4991-4CDC-9EFD-9E0148401E63}
2011-05-27 05:39 . 2011-05-27 05:39 -------- d-----w- c:\users\Nicolas\AppData\Local\{97F9DE4C-2BFA-44D5-B44D-050608AA037E}
2011-05-26 05:21 . 2011-05-26 05:21 -------- d-----w- c:\users\Nicolas\AppData\Local\{448F4FBD-A1E4-429D-ACAD-CEC90E594ABF}
2011-05-24 05:17 . 2011-05-24 05:17 -------- d-----w- c:\users\Nicolas\AppData\Local\{EC58A04E-FA05-48B8-B6BD-42986D8A6F8C}
2011-05-23 11:40 . 2011-05-23 11:40 -------- d-----w- c:\users\Nicolas\AppData\Local\{8082A705-967E-47CE-A67E-17CAC7312FA1}
2011-05-21 20:06 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-21 20:06 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-21 20:06 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-21 20:06 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-21 20:06 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-21 20:06 . 2011-05-10 11:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-21 20:06 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-21 20:06 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-21 20:00 . 2011-05-21 20:01 -------- d-----w- c:\users\Nicolas\AppData\Local\{EC9657B4-470D-4AAB-9DE8-0191A12A68C0}
2011-05-21 06:43 . 2011-05-21 06:43 -------- d-----w- c:\users\Nicolas\AppData\Local\{2BB19A13-E25D-4B8B-87C0-7BB7A172C54D}
2011-05-19 17:00 . 2011-05-19 17:00 -------- d-----w- c:\users\Nicolas\AppData\Local\{A285F88B-D419-45EC-8E4C-0EACCE36F55C}
2011-05-18 05:15 . 2011-05-18 05:15 -------- d-----w- c:\users\Nicolas\AppData\Local\{A2F659EF-4CDE-4E7B-BE7C-1BBC151AABFB}
2011-05-18 05:14 . 2011-06-12 07:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-17 06:14 . 2011-05-17 06:14 -------- d-----w- c:\users\Nicolas\AppData\Local\{CD50994F-9C5E-4D9F-AB92-E53CB7CF7718}
2011-05-17 05:12 . 2011-05-17 05:13 -------- d-----w- c:\users\Nicolas\AppData\Local\{4979C30D-1ACF-4DF8-AE6D-544AC331590D}
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-13 18:54 . 2011-04-13 18:54 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-13 18:54 . 2011-04-13 18:54 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-13 18:54 . 2011-04-13 18:54 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-13 18:54 . 2011-04-13 18:54 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-13 18:54 . 2011-04-13 18:54 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-13 18:54 . 2011-04-13 18:54 367104 ----a-w- c:\windows\system32\html.iec
2011-04-13 18:54 . 2011-04-13 18:54 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-13 18:54 . 2011-04-13 18:54 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-13 18:54 . 2011-04-13 18:54 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-13 18:54 . 2011-04-13 18:54 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-13 18:54 . 2011-04-13 18:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-13 18:54 . 2011-04-13 18:54 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-13 18:54 . 2011-04-13 18:54 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-13 18:54 . 2011-04-13 18:54 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-13 18:54 . 2011-04-13 18:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-13 18:54 . 2011-04-13 18:54 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-13 18:54 . 2011-04-13 18:54 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-13 18:54 . 2011-04-13 18:54 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-13 18:54 . 2011-04-13 18:54 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-13 18:54 . 2011-04-13 18:54 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-13 18:54 . 2011-04-13 18:54 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-14 16:47 . 2011-05-01 07:15 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-12-14 10:31 . 2009-12-14 10:31 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 22:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-06 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-05-11 934800]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-05-11 3373968]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-05-11 19856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-18 15146376]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
"Assistant DartyBox"="c:\program files\DartyBoxTHD_v1\NetGear\AssistantDB\AssistantDB_Netgear.exe" [2010-03-04 3452416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-07 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-07 92704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-14 30192]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-17 122368]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
c:\users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Bouygues Telecom Mes services en un clic.lnk - c:\program files\Bouygues Telecom Mes services en un clic\Bouygues Telecom Mes services en un clic.exe [N/A]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
Orion.lnk - c:\program files\Convesoft\Orion\Messenger.exe [2008-4-7 4685824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-06-07 11:14 10536 ----a-w- c:\program files\Citrix\GoToAssist\508\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 135664]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-01-29 20032]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-14 30192]
R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 135664]
R3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\DRIVERS\optousb.sys [2006-10-18 18560]
R3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\DRIVERS\optovcm.sys [2006-10-19 25344]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-04-27 98560]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-04-27 14848]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-04-27 123648]
R3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\DRIVERS\ssceserd.sys [2010-04-27 100352]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-26 217088]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-10-25 36640]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-21 81296]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-08-07 44064]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'
.
2011-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 10:57]
.
2011-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 10:57]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://neufportail.fr/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: consoclicker.com\www
TCP: DhcpNameServer = 89.2.0.1 89.2.0.2
FF - ProfilePath - c:\users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\h9stcmq5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849852&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHELINS SUPPRIMES - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
BHO-{4daac69c-cba7-45e2-9bc8-1044483d3352} - (no file)
BHO-{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
AddRemove-myBabylon_English Toolbar - c:\program files\myBabylon_English\uninstall.exe
AddRemove-PCTuto Avast_is1 - c:\program files\PCTuto\unins001.exe
AddRemove-PCTuto_is1 - c:\program files\PCTuto\unins000.exe
AddRemove-Softonic_France Toolbar - c:\program files\Softonic_France\uninstall.exe
AddRemove-UpdatePCTuto_is1 - c:\users\Nicolas\AppData\Roaming\PCtuto\UpdatePCTuto\unins000.exe
.
.
.
**************************************************************************
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(5940)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Heure de fin: 2011-06-15 08:52:43 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-06-15 06:52
ComboFix2.txt 2011-06-14 19:09
.
Avant-CF: 26 715 664 384 octets libres
Après-CF: 26 345 635 840 octets libres
.
- - End Of File - - D75596AE732D425299B64B70CDFECC8F
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
nico4510
Messages postés
232
Date d'inscription
vendredi 18 août 2006
Statut
Membre
Dernière intervention
2 juillet 2014
2
15 juin 2011 à 09:23
15 juin 2011 à 09:23
il n'y a aucun changement
juju666
Messages postés
35446
Date d'inscription
jeudi 18 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
21 avril 2024
4 795
15 juin 2011 à 12:16
15 juin 2011 à 12:16
bonjour
car ça ne sera pas fini tant que je ne te l'aurai pas dit !
================
aucun changement ??? heu je peux t'assurer que si ^^
Nous allons effectuer un diagnostic de ton PC:
▶ Télécharge ZHPDiag sur ton bureau :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
ou :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html
ou :
ftp://zebulon.fr/ZHPDiag2.exe
▶ Laisse toi guider lors de l''installation,coche "Ajouter une icône sur le bureau" et décoche la case "Exécuter ZHPDiag"
/!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu''Administrateur »
▶ Clique sur l''icône représentant une loupe (« Lancer le diagnostic »)
▶ Enregistre le rapport sur ton Bureau à l''aide de l''icône représentant une disquette
▶ Héberge le rapport ZHPDiag.txt sur un des sites ci dessous, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :
http://pjjoint.malekal.com/
Si indispo:
http://www.cijoint.fr/
ou :
http://ww38.toofiles.com/fr/documents-upload.html
ou :
https://www.cjoint.com/
ou :
https://www.casimages.com/
▶ Tuto zhpdiag :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Hébergement de rapport sur pjjoint.malekal.com
▶ Rends toi sur pjjoint.malekal.com
▶ Clique sur le bouton Parcourir
▶ Sélectionne le fichier que tu veux heberger et clique sur Ouvrir
▶ Clique sur le bouton Envoyer
▶ Un message de confirmation s''affiche (L''upload a réussi ! - Le lien à transmettre à vos correspondant pour visualiser le fichier est : https://pjjoint.malekal.com/files.php?id=df5ea299241015 Copie le lien dans ta prochaine réponse.
car ça ne sera pas fini tant que je ne te l'aurai pas dit !
================
aucun changement ??? heu je peux t'assurer que si ^^
Nous allons effectuer un diagnostic de ton PC:
▶ Télécharge ZHPDiag sur ton bureau :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
ou :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html
ou :
ftp://zebulon.fr/ZHPDiag2.exe
▶ Laisse toi guider lors de l''installation,coche "Ajouter une icône sur le bureau" et décoche la case "Exécuter ZHPDiag"
/!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu''Administrateur »
▶ Clique sur l''icône représentant une loupe (« Lancer le diagnostic »)
▶ Enregistre le rapport sur ton Bureau à l''aide de l''icône représentant une disquette
▶ Héberge le rapport ZHPDiag.txt sur un des sites ci dessous, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :
http://pjjoint.malekal.com/
Si indispo:
http://www.cijoint.fr/
ou :
http://ww38.toofiles.com/fr/documents-upload.html
ou :
https://www.cjoint.com/
ou :
https://www.casimages.com/
▶ Tuto zhpdiag :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Hébergement de rapport sur pjjoint.malekal.com
▶ Rends toi sur pjjoint.malekal.com
▶ Clique sur le bouton Parcourir
▶ Sélectionne le fichier que tu veux heberger et clique sur Ouvrir
▶ Clique sur le bouton Envoyer
▶ Un message de confirmation s''affiche (L''upload a réussi ! - Le lien à transmettre à vos correspondant pour visualiser le fichier est : https://pjjoint.malekal.com/files.php?id=df5ea299241015 Copie le lien dans ta prochaine réponse.
nico4510
Messages postés
232
Date d'inscription
vendredi 18 août 2006
Statut
Membre
Dernière intervention
2 juillet 2014
2
15 juin 2011 à 13:49
15 juin 2011 à 13:49
juju666
Messages postés
35446
Date d'inscription
jeudi 18 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
21 avril 2024
4 795
15 juin 2011 à 14:02
15 juin 2011 à 14:02
Heu tu m'as fais zhpscan là
tu dois simplement lancer zhpdiag, cliquer sur la loupe
puis aux 100% tu le ferme
héberger le rapport zhpdiag.txt et me transmettre le lien
tu dois simplement lancer zhpdiag, cliquer sur la loupe
puis aux 100% tu le ferme
héberger le rapport zhpdiag.txt et me transmettre le lien
nico4510
Messages postés
232
Date d'inscription
vendredi 18 août 2006
Statut
Membre
Dernière intervention
2 juillet 2014
2
15 juin 2011 à 14:05
15 juin 2011 à 14:05
j'enregistre comme tu me dis mais je n'arrive pas a trouver le rapport ni sur le bureau ni dans mes documents
juju666
Messages postés
35446
Date d'inscription
jeudi 18 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
21 avril 2024
4 795
15 juin 2011 à 14:12
15 juin 2011 à 14:12
et dans C:\Program Files\ZHPDiag, y'a pas ZHPDiag.txt ?
nico4510
Messages postés
232
Date d'inscription
vendredi 18 août 2006
Statut
Membre
Dernière intervention
2 juillet 2014
2
15 juin 2011 à 14:27
15 juin 2011 à 14:27
non
juju666
Messages postés
35446
Date d'inscription
jeudi 18 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
21 avril 2024
4 795
15 juin 2011 à 14:34
15 juin 2011 à 14:34
▶ Télécharge SEAF (de C_XX) sur ton Bureau.
▶ Lance SEAF
▶ Dans les options, règle "Calculer le checksum" sur "MD5" puis coche "Informations supplémentaires" et "Chercher également dans le Registre"
▶ Tape ZHPDiag.txt dans le champs de recherche, clique sur "Lancer la recherche" et patiente.
▶ Poste dans ta prochaine réponse le rapport qui apparait à la fin de la recherche.
▶ Lance SEAF
▶ Dans les options, règle "Calculer le checksum" sur "MD5" puis coche "Informations supplémentaires" et "Chercher également dans le Registre"
▶ Tape ZHPDiag.txt dans le champs de recherche, clique sur "Lancer la recherche" et patiente.
▶ Poste dans ta prochaine réponse le rapport qui apparait à la fin de la recherche.
nico4510
Messages postés
232
Date d'inscription
vendredi 18 août 2006
Statut
Membre
Dernière intervention
2 juillet 2014
2
15 juin 2011 à 15:19
15 juin 2011 à 15:19
1. ========================= SEAF 1.0.1.0 - C_XX
2.
3. Commencé à: 14:38:37 le 15/06/2011
4.
5. Valeur(s) recherchée(s):
6. ZHPDiag.txt
7.
8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
9.
10. (!) --- Informations supplémentaires
11. (!) --- Recherche registre
12.
13. ====== Fichier(s) ======
14.
15. Aucun fichier trouvé
16.
17.
18. ====== Entrée(s) du registre ======
19.
20.
21. [HKU\S-1-5-21-1370253079-1288337213-2897969654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs]
22. "0"="ZHPDiag.txt" (REG_BINARY)
23.
24. [HKU\S-1-5-21-1370253079-1288337213-2897969654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.Txt]
25. "0"="ZHPDiag.txt" (REG_BINARY)
26.
27. =========================
28.
29. Fin à: 14:45:33 le 15/06/2011
30. 513196 Éléments analysés
31.
32. =========================
33. E.O.F
2.
3. Commencé à: 14:38:37 le 15/06/2011
4.
5. Valeur(s) recherchée(s):
6. ZHPDiag.txt
7.
8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
9.
10. (!) --- Informations supplémentaires
11. (!) --- Recherche registre
12.
13. ====== Fichier(s) ======
14.
15. Aucun fichier trouvé
16.
17.
18. ====== Entrée(s) du registre ======
19.
20.
21. [HKU\S-1-5-21-1370253079-1288337213-2897969654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs]
22. "0"="ZHPDiag.txt" (REG_BINARY)
23.
24. [HKU\S-1-5-21-1370253079-1288337213-2897969654-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.Txt]
25. "0"="ZHPDiag.txt" (REG_BINARY)
26.
27. =========================
28.
29. Fin à: 14:45:33 le 15/06/2011
30. 513196 Éléments analysés
31.
32. =========================
33. E.O.F
juju666
Messages postés
35446
Date d'inscription
jeudi 18 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
21 avril 2024
4 795
15 juin 2011 à 19:49
15 juin 2011 à 19:49
en effet ....
▶ Télécharge OTL sur ton bureau.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu''administrateur)
▶ Lance-le
▶ Sous Personnalisation, copie-colle ce qu''il y a dans le cadre ci-dessous :
▶ Clique sur le bouton Analyse.
▶ Quand le scan est fini, tu auras 2 rapports : OTL et extras. utilise le site http://pjjoint.malekal.com/ pour envoyer les rapports.
Donnes les liens pjjoint ici ensuite pour pouvoir être consultés.
▶ Télécharge OTL sur ton bureau.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu''administrateur)
▶ Lance-le
▶ Sous Personnalisation, copie-colle ce qu''il y a dans le cadre ci-dessous :
netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %temp%\*.exe /s %SYSTEMDRIVE%\*.exe %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav /md5start explorer.exe winlogon.exe wininit.exe /md5stop CREATERESTOREPOINT nslookup www.google.fr /c
▶ Clique sur le bouton Analyse.
▶ Quand le scan est fini, tu auras 2 rapports : OTL et extras. utilise le site http://pjjoint.malekal.com/ pour envoyer les rapports.
Donnes les liens pjjoint ici ensuite pour pouvoir être consultés.