Virus bloquant tous les exe
smushynumnum
Messages postés
10
Statut
Membre
-
Destrio5 Messages postés 99820 Statut Modérateur -
Destrio5 Messages postés 99820 Statut Modérateur -
Bonjour,
Bonjour je sais qu'il y a pas mal de personne qui ont eux ce virus et qu'ils ont ecrit à ce propos, mais je ne comprend pas avec tout ces rapports hyjax (quelque chose comme ca). Bon voila ce qui arrive tous mes fichiers .exe sont inutilisables un virus les arrêtes quand je double click dessus et mon anti virus aussi. Quand je l'ouvre pendant quelque secondes je peut voir LEXPPS.exe a été bloqué, mais immédiatement apres il se ferme. Je ne sais pas si le virus est le fichier que j'ai nommé ou simplement un fichier .exe quelquonque, mais voila c'est tout ce que je sais. (si cela peut aider j'ai le "Gestionnaire de Sécurité Sympatico" comme anti virus.
Merci pour vos réponses
Bonjour je sais qu'il y a pas mal de personne qui ont eux ce virus et qu'ils ont ecrit à ce propos, mais je ne comprend pas avec tout ces rapports hyjax (quelque chose comme ca). Bon voila ce qui arrive tous mes fichiers .exe sont inutilisables un virus les arrêtes quand je double click dessus et mon anti virus aussi. Quand je l'ouvre pendant quelque secondes je peut voir LEXPPS.exe a été bloqué, mais immédiatement apres il se ferme. Je ne sais pas si le virus est le fichier que j'ai nommé ou simplement un fichier .exe quelquonque, mais voila c'est tout ce que je sais. (si cela peut aider j'ai le "Gestionnaire de Sécurité Sympatico" comme anti virus.
Merci pour vos réponses
A voir également:
- Virus bloquant tous les exe
- .Exe - Télécharger - Divers Utilitaires
- Virus mcafee - Accueil - Piratage
- Svchost exe - Guide
- Winrar exe - Télécharger - Compression & Décompression
- Bat to exe - Télécharger - Édition & Programmation
18 réponses
regrun démarre normalement immédiatement après l'installation,donc,si tu peux l'installer,tu n'aurra pas a l'exécuter manuellement.mais pour le désinstaller proprement après,il faut suivre certaines étapes.https://www.greatissoftware.com/regrunplat.zip
et attention a ce que tu efface.fais une recherche ou demande.mème si il trouve un objet 100% bad 0% good
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Désolé pour long laps de temps.
Et pour le rapport hyjack quand j'esseai de l'ouvrir sa me dit que je n'ai pas l'autorisation de le faire
Et pour le rapport hyjack quand j'esseai de l'ouvrir sa me dit que je n'ai pas l'autorisation de le faire
--> Télécharge FindyKill (par Chiquitine29) sur ton bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
--> Lance l'installation avec les paramètres par defaut
--> Double-clique sur le raccourci FindyKill sur ton bureau
--> Au menu principal, choisis l'option 1 (Recherche)
--> Poste le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
--> Lance l'installation avec les paramètres par defaut
--> Double-clique sur le raccourci FindyKill sur ton bureau
--> Au menu principal, choisis l'option 1 (Recherche)
--> Poste le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix\Combofix.txt
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix\Combofix.txt
j'ai aussi downloader avg et il détecte plusieurs chose, mais quand je click éléminer les menaces sa dit que c'est invalide
j'ai finalement reussi a faire le scan et sa me donne cela
C:\Program Files\INSTALL.LOG
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-11 au 2008-10-11 ))))))))))))))))))))))))))))))))))))
.
2008-10-10 21:03 . 2008-10-10 22:53 <REP> d--h----- C:\$AVG8.VAULT$
2008-10-10 20:32 . 2008-10-10 20:33 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-10-10 20:32 . 2008-10-10 20:32 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-10 20:32 . 2008-10-10 20:32 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-10 20:32 . 2008-10-10 20:32 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-10-10 20:31 . 2008-10-10 20:31 <REP> d-------- C:\Program Files\AVG
2008-10-10 20:31 . 2008-10-10 20:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-09 21:39 . 2008-10-09 21:39 <REP> d-------- C:\Documents and Settings\Danielle\Application Data\Teleca
2008-10-09 21:08 . 2008-10-09 21:08 <REP> d-------- C:\Documents and Settings\Samuel\Application Data\Teleca
2008-10-09 21:07 . 2008-10-09 21:07 <REP> d-------- C:\Documents and Settings\Josua\Application Data\Teleca
2008-10-08 14:49 . 2008-10-08 16:08 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-10-06 21:32 . 2008-10-06 21:32 <REP> d-------- C:\Program Files\iPod
2008-10-06 21:32 . 2008-10-06 21:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-06 21:22 . 2008-10-06 21:22 <REP> d-------- C:\Program Files\Bonjour
2008-10-04 14:19 . 2008-10-04 14:26 <REP> d-------- C:\Program Files\WowCartographe
2008-09-29 21:07 . 2008-09-29 21:07 261 --a------ C:\WINDOWS\WPE PRO.INI
2008-09-29 17:27 . 2008-09-29 17:27 <REP> d-------- C:\Program Files\Kibisoft
2008-09-28 20:57 . 2008-09-28 20:57 <REP> d-------- C:\Documents and Settings\Denis\Application Data\Windows Search
2008-09-19 12:44 . 2008-09-19 12:44 <REP> d-------- C:\Logs
2008-09-11 17:45 . 2008-09-11 17:45 <REP> d-------- C:\Documents and Settings\Denis\Application Data\rockbox.org
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-10 02:04 --------- d-----w C:\Documents and Settings\Danielle\Application Data\Bell
2008-10-10 01:29 --------- d-----w C:\Documents and Settings\Josua\Application Data\Bell
2008-10-10 01:19 --------- d-----w C:\Program Files\World of Warcraft
2008-10-10 00:35 --------- d-----w C:\Program Files\Warcraft III
2008-10-09 00:59 --------- d-----w C:\Program Files\Team Alligator
2008-10-07 01:45 --------- d-----w C:\Program Files\Apple Software Update
2008-10-07 01:32 --------- d-----w C:\Program Files\iTunes
2008-10-07 01:30 --------- d-----w C:\Program Files\QuickTime
2008-10-07 01:30 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-10-03 23:11 --------- d-----w C:\Documents and Settings\Denis\Application Data\Vso
2008-09-30 01:44 --------- d-----w C:\Documents and Settings\Denis\Application Data\uTorrent
2008-09-28 19:20 --------- d-----w C:\Program Files\LimeWire.18
2008-08-29 14:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-25 15:30 --------- d-----w C:\Program Files\Google
2008-08-24 21:25 --------- d-----w C:\Program Files\Java
2008-08-21 14:51 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-17 20:20 --------- d-----w C:\Documents and Settings\Denis\Application Data\Teleca
2008-08-17 20:18 --------- d-----w C:\Program Files\Sony Ericsson
2008-08-17 20:18 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-08-17 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2008-08-17 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-08-17 20:15 6,176 ----a-w C:\WINDOWS\system32\drivers\w810cm.sys
2008-08-14 01:02 --------- d-----w C:\Program Files\Windows Desktop Search
2008-08-14 01:02 --------- d-----w C:\Documents and Settings\Denis\Application Data\Windows Desktop Search
2008-08-14 00:35 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-08-14 00:34 --------- d-----w C:\Program Files\InterActual
2008-08-14 00:33 --------- d-----w C:\Program Files\eBay
2008-08-13 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-08-12 19:53 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-08-12 19:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-11 02:04 --------- d-----w C:\Program Files\Fichiers communs\Scanner
2008-08-11 01:52 --------- d-----w C:\Program Files\Personal Vault
2008-08-11 01:51 --------- d-----w C:\Program Files\Fichiers communs\Authentium
2008-08-11 01:50 --------- d-----w C:\Program Files\Raxco
2008-08-11 01:50 --------- d-----w C:\Program Files\CA
2008-08-11 01:50 --------- d-----w C:\Program Files\Bell
2008-08-11 01:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Raxco
2008-08-11 01:49 --------- d-----w C:\Program Files\InstallShield Installation Information
2008-08-11 01:49 --------- d-----w C:\Documents and Settings\Denis\Application Data\Bell
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 765,182 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-06-05 01:05 25,352 ----a-w C:\Documents and Settings\Denis\Application Data\GDIPFONTCACHEV1.DAT
2008-05-26 00:18 553,590 ----a-w C:\Program Files\Tour_de_France_2007.kmz
2008-05-26 00:17 11,289 ----a-w C:\Program Files\Les_21_merveilles_du_monde.kml
2007-02-06 01:26 47,360 ----a-w C:\Documents and Settings\Denis\Application Data\pcouffin.sys
2007-02-06 01:26 268,030 ----a-w C:\Documents and Settings\Denis\Application Data\ezpinst.exe
2006-01-21 21:32 7,425,284 ----a-w C:\Program Files\IKÉA-Kitchen.EXE
2008-05-10 17:57 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008051020080511\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-24 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 292610]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-10 1234712]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Recherche accélérée.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Recherche accélérée.lnk
backup=C:\WINDOWS\pss\Microsoft Recherche accélérée.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\-FreedomNeedsReboot]
--a------ 2008-03-10 12:33 191740 C:\Program Files\Bell\Gestionnaire de securite\zkrunoncer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 217860 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-10-01 12:57 292610 C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellCanada_McciTrayApp]
--a------ 2007-10-09 10:45 1108732 C:\Program Files\BellCanada\McciTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-13 22:33 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire de sécurité Sympatico]
--a------ 2008-10-10 21:03 305664 C:\Program Files\Bell\Gestionnaire de securite\RPS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-08-13 21:29 2016514 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 2005-04-05 14:19 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 227066 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 2005-04-05 14:22 94208 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-01-26 11:46 231166 c:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
-ra------ 2005-04-05 14:23 114688 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopupLexical]
--a------ 2008-02-04 18:25 2868994 C:\Program Files\Cordial\PopupLexical.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
--a------ 2000-08-16 14:08 36864 C:\WINDOWS\system32\spool\drivers\w32x86\2\printray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
--a------ 2008-07-08 16:41 3008254 C:\Program Files\Registry Mechanic\RegMech.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 325380 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-11-03 09:59 382214 C:\Program Files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
--a------ 2004-07-20 19:18 268034 C:\WINDOWS\Dit.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-03-24 21:20 255740 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\Program Files\Combat Arms\CombatArms.exe"= C:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Program Files\Combat Arms\Engine.exe"= C:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\\Program Files\\Combat Arms\\NMService.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-10 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-10 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-10 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-10 76040]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-04-22 98488]
R2 VaultClientUpgrade;Personal Vault Upgrade Service;C:\Program Files\Personal Vault\VaultClientUpgrade.exe [2008-03-07 53248]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-08-12 17408]
S3 jatmlano;jatmlano;C:\DOCUME~1\Denis\LOCALS~1\Temp\jatmlano.sys [ ]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-05-28 19712]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [ ]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-05-28 18304]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [ ]
S3 Radialpoint Security Services;Gestionnaire de sécurité Sympatico;C:\Program Files\Bell\Gestionnaire de securite\RpsSecurityAware.exe [2008-03-10 246012]
S3 UsbCmxp;Scientific Atlanta DPX2100 USB Cable Modem;C:\WINDOWS\system32\DRIVERS\sacmxp.sys [2003-04-18 14336]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f80cefe2-d1ba-11db-940c-0013d3212369}]
\Shell\AutoRun\command - setupSNK.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
2008-10-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-76123866075391035265679519048137 - C:\Program Files\av9\av9.exe
MSConfigStartUp-DAEMON Tools Lite - C:\Program Files\DAEMON Tools Lite\daemon.exe
MSConfigStartUp-eBayToolbar - C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
MSConfigStartUp-ieupdate - C:\WINDOWS\system32\ieupdates.exe
MSConfigStartUp-SSA - C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://sympatico.msn.ca/defaultf.aspx
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
C:\Program Files\INSTALL.LOG
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-11 au 2008-10-11 ))))))))))))))))))))))))))))))))))))
.
2008-10-10 21:03 . 2008-10-10 22:53 <REP> d--h----- C:\$AVG8.VAULT$
2008-10-10 20:32 . 2008-10-10 20:33 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-10-10 20:32 . 2008-10-10 20:32 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-10 20:32 . 2008-10-10 20:32 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-10 20:32 . 2008-10-10 20:32 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-10-10 20:31 . 2008-10-10 20:31 <REP> d-------- C:\Program Files\AVG
2008-10-10 20:31 . 2008-10-10 20:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-09 21:39 . 2008-10-09 21:39 <REP> d-------- C:\Documents and Settings\Danielle\Application Data\Teleca
2008-10-09 21:08 . 2008-10-09 21:08 <REP> d-------- C:\Documents and Settings\Samuel\Application Data\Teleca
2008-10-09 21:07 . 2008-10-09 21:07 <REP> d-------- C:\Documents and Settings\Josua\Application Data\Teleca
2008-10-08 14:49 . 2008-10-08 16:08 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-10-06 21:32 . 2008-10-06 21:32 <REP> d-------- C:\Program Files\iPod
2008-10-06 21:32 . 2008-10-06 21:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-06 21:22 . 2008-10-06 21:22 <REP> d-------- C:\Program Files\Bonjour
2008-10-04 14:19 . 2008-10-04 14:26 <REP> d-------- C:\Program Files\WowCartographe
2008-09-29 21:07 . 2008-09-29 21:07 261 --a------ C:\WINDOWS\WPE PRO.INI
2008-09-29 17:27 . 2008-09-29 17:27 <REP> d-------- C:\Program Files\Kibisoft
2008-09-28 20:57 . 2008-09-28 20:57 <REP> d-------- C:\Documents and Settings\Denis\Application Data\Windows Search
2008-09-19 12:44 . 2008-09-19 12:44 <REP> d-------- C:\Logs
2008-09-11 17:45 . 2008-09-11 17:45 <REP> d-------- C:\Documents and Settings\Denis\Application Data\rockbox.org
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-10 02:04 --------- d-----w C:\Documents and Settings\Danielle\Application Data\Bell
2008-10-10 01:29 --------- d-----w C:\Documents and Settings\Josua\Application Data\Bell
2008-10-10 01:19 --------- d-----w C:\Program Files\World of Warcraft
2008-10-10 00:35 --------- d-----w C:\Program Files\Warcraft III
2008-10-09 00:59 --------- d-----w C:\Program Files\Team Alligator
2008-10-07 01:45 --------- d-----w C:\Program Files\Apple Software Update
2008-10-07 01:32 --------- d-----w C:\Program Files\iTunes
2008-10-07 01:30 --------- d-----w C:\Program Files\QuickTime
2008-10-07 01:30 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-10-03 23:11 --------- d-----w C:\Documents and Settings\Denis\Application Data\Vso
2008-09-30 01:44 --------- d-----w C:\Documents and Settings\Denis\Application Data\uTorrent
2008-09-28 19:20 --------- d-----w C:\Program Files\LimeWire.18
2008-08-29 14:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-25 15:30 --------- d-----w C:\Program Files\Google
2008-08-24 21:25 --------- d-----w C:\Program Files\Java
2008-08-21 14:51 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-17 20:20 --------- d-----w C:\Documents and Settings\Denis\Application Data\Teleca
2008-08-17 20:18 --------- d-----w C:\Program Files\Sony Ericsson
2008-08-17 20:18 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-08-17 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2008-08-17 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-08-17 20:15 6,176 ----a-w C:\WINDOWS\system32\drivers\w810cm.sys
2008-08-14 01:02 --------- d-----w C:\Program Files\Windows Desktop Search
2008-08-14 01:02 --------- d-----w C:\Documents and Settings\Denis\Application Data\Windows Desktop Search
2008-08-14 00:35 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-08-14 00:34 --------- d-----w C:\Program Files\InterActual
2008-08-14 00:33 --------- d-----w C:\Program Files\eBay
2008-08-13 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-08-12 19:53 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-08-12 19:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-11 02:04 --------- d-----w C:\Program Files\Fichiers communs\Scanner
2008-08-11 01:52 --------- d-----w C:\Program Files\Personal Vault
2008-08-11 01:51 --------- d-----w C:\Program Files\Fichiers communs\Authentium
2008-08-11 01:50 --------- d-----w C:\Program Files\Raxco
2008-08-11 01:50 --------- d-----w C:\Program Files\CA
2008-08-11 01:50 --------- d-----w C:\Program Files\Bell
2008-08-11 01:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Raxco
2008-08-11 01:49 --------- d-----w C:\Program Files\InstallShield Installation Information
2008-08-11 01:49 --------- d-----w C:\Documents and Settings\Denis\Application Data\Bell
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 765,182 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-06-05 01:05 25,352 ----a-w C:\Documents and Settings\Denis\Application Data\GDIPFONTCACHEV1.DAT
2008-05-26 00:18 553,590 ----a-w C:\Program Files\Tour_de_France_2007.kmz
2008-05-26 00:17 11,289 ----a-w C:\Program Files\Les_21_merveilles_du_monde.kml
2007-02-06 01:26 47,360 ----a-w C:\Documents and Settings\Denis\Application Data\pcouffin.sys
2007-02-06 01:26 268,030 ----a-w C:\Documents and Settings\Denis\Application Data\ezpinst.exe
2006-01-21 21:32 7,425,284 ----a-w C:\Program Files\IKÉA-Kitchen.EXE
2008-05-10 17:57 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008051020080511\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-24 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 292610]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-10 1234712]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Recherche accélérée.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Recherche accélérée.lnk
backup=C:\WINDOWS\pss\Microsoft Recherche accélérée.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\-FreedomNeedsReboot]
--a------ 2008-03-10 12:33 191740 C:\Program Files\Bell\Gestionnaire de securite\zkrunoncer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 217860 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-10-01 12:57 292610 C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellCanada_McciTrayApp]
--a------ 2007-10-09 10:45 1108732 C:\Program Files\BellCanada\McciTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-13 22:33 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire de sécurité Sympatico]
--a------ 2008-10-10 21:03 305664 C:\Program Files\Bell\Gestionnaire de securite\RPS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-08-13 21:29 2016514 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 2005-04-05 14:19 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 227066 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 2005-04-05 14:22 94208 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-01-26 11:46 231166 c:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
-ra------ 2005-04-05 14:23 114688 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopupLexical]
--a------ 2008-02-04 18:25 2868994 C:\Program Files\Cordial\PopupLexical.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
--a------ 2000-08-16 14:08 36864 C:\WINDOWS\system32\spool\drivers\w32x86\2\printray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
--a------ 2008-07-08 16:41 3008254 C:\Program Files\Registry Mechanic\RegMech.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 325380 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-11-03 09:59 382214 C:\Program Files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
--a------ 2004-07-20 19:18 268034 C:\WINDOWS\Dit.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-03-24 21:20 255740 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\Program Files\Combat Arms\CombatArms.exe"= C:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Program Files\Combat Arms\Engine.exe"= C:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\\Program Files\\Combat Arms\\NMService.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-10 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-10 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-10 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-10 76040]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-04-22 98488]
R2 VaultClientUpgrade;Personal Vault Upgrade Service;C:\Program Files\Personal Vault\VaultClientUpgrade.exe [2008-03-07 53248]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-08-12 17408]
S3 jatmlano;jatmlano;C:\DOCUME~1\Denis\LOCALS~1\Temp\jatmlano.sys [ ]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-05-28 19712]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [ ]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-05-28 18304]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [ ]
S3 Radialpoint Security Services;Gestionnaire de sécurité Sympatico;C:\Program Files\Bell\Gestionnaire de securite\RpsSecurityAware.exe [2008-03-10 246012]
S3 UsbCmxp;Scientific Atlanta DPX2100 USB Cable Modem;C:\WINDOWS\system32\DRIVERS\sacmxp.sys [2003-04-18 14336]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f80cefe2-d1ba-11db-940c-0013d3212369}]
\Shell\AutoRun\command - setupSNK.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
2008-10-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-76123866075391035265679519048137 - C:\Program Files\av9\av9.exe
MSConfigStartUp-DAEMON Tools Lite - C:\Program Files\DAEMON Tools Lite\daemon.exe
MSConfigStartUp-eBayToolbar - C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
MSConfigStartUp-ieupdate - C:\WINDOWS\system32\ieupdates.exe
MSConfigStartUp-SSA - C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://sympatico.msn.ca/defaultf.aspx
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
j'ai finalement reussi a faire le scan et sa me donne cela
C:\Program Files\INSTALL.LOG
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-11 au 2008-10-11 ))))))))))))))))))))))))))))))))))))
.
2008-10-10 21:03 . 2008-10-10 22:53 <REP> d--h----- C:\$AVG8.VAULT$
2008-10-10 20:32 . 2008-10-10 20:33 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-10-10 20:32 . 2008-10-10 20:32 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-10 20:32 . 2008-10-10 20:32 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-10 20:32 . 2008-10-10 20:32 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-10-10 20:31 . 2008-10-10 20:31 <REP> d-------- C:\Program Files\AVG
2008-10-10 20:31 . 2008-10-10 20:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-09 21:39 . 2008-10-09 21:39 <REP> d-------- C:\Documents and Settings\Danielle\Application Data\Teleca
2008-10-09 21:08 . 2008-10-09 21:08 <REP> d-------- C:\Documents and Settings\Samuel\Application Data\Teleca
2008-10-09 21:07 . 2008-10-09 21:07 <REP> d-------- C:\Documents and Settings\Josua\Application Data\Teleca
2008-10-08 14:49 . 2008-10-08 16:08 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-10-06 21:32 . 2008-10-06 21:32 <REP> d-------- C:\Program Files\iPod
2008-10-06 21:32 . 2008-10-06 21:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-06 21:22 . 2008-10-06 21:22 <REP> d-------- C:\Program Files\Bonjour
2008-10-04 14:19 . 2008-10-04 14:26 <REP> d-------- C:\Program Files\WowCartographe
2008-09-29 21:07 . 2008-09-29 21:07 261 --a------ C:\WINDOWS\WPE PRO.INI
2008-09-29 17:27 . 2008-09-29 17:27 <REP> d-------- C:\Program Files\Kibisoft
2008-09-28 20:57 . 2008-09-28 20:57 <REP> d-------- C:\Documents and Settings\Denis\Application Data\Windows Search
2008-09-19 12:44 . 2008-09-19 12:44 <REP> d-------- C:\Logs
2008-09-11 17:45 . 2008-09-11 17:45 <REP> d-------- C:\Documents and Settings\Denis\Application Data\rockbox.org
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-10 02:04 --------- d-----w C:\Documents and Settings\Danielle\Application Data\Bell
2008-10-10 01:29 --------- d-----w C:\Documents and Settings\Josua\Application Data\Bell
2008-10-10 01:19 --------- d-----w C:\Program Files\World of Warcraft
2008-10-10 00:35 --------- d-----w C:\Program Files\Warcraft III
2008-10-09 00:59 --------- d-----w C:\Program Files\Team Alligator
2008-10-07 01:45 --------- d-----w C:\Program Files\Apple Software Update
2008-10-07 01:32 --------- d-----w C:\Program Files\iTunes
2008-10-07 01:30 --------- d-----w C:\Program Files\QuickTime
2008-10-07 01:30 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-10-03 23:11 --------- d-----w C:\Documents and Settings\Denis\Application Data\Vso
2008-09-30 01:44 --------- d-----w C:\Documents and Settings\Denis\Application Data\uTorrent
2008-09-28 19:20 --------- d-----w C:\Program Files\LimeWire.18
2008-08-29 14:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-25 15:30 --------- d-----w C:\Program Files\Google
2008-08-24 21:25 --------- d-----w C:\Program Files\Java
2008-08-21 14:51 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-17 20:20 --------- d-----w C:\Documents and Settings\Denis\Application Data\Teleca
2008-08-17 20:18 --------- d-----w C:\Program Files\Sony Ericsson
2008-08-17 20:18 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-08-17 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2008-08-17 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-08-17 20:15 6,176 ----a-w C:\WINDOWS\system32\drivers\w810cm.sys
2008-08-14 01:02 --------- d-----w C:\Program Files\Windows Desktop Search
2008-08-14 01:02 --------- d-----w C:\Documents and Settings\Denis\Application Data\Windows Desktop Search
2008-08-14 00:35 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-08-14 00:34 --------- d-----w C:\Program Files\InterActual
2008-08-14 00:33 --------- d-----w C:\Program Files\eBay
2008-08-13 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-08-12 19:53 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-08-12 19:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-11 02:04 --------- d-----w C:\Program Files\Fichiers communs\Scanner
2008-08-11 01:52 --------- d-----w C:\Program Files\Personal Vault
2008-08-11 01:51 --------- d-----w C:\Program Files\Fichiers communs\Authentium
2008-08-11 01:50 --------- d-----w C:\Program Files\Raxco
2008-08-11 01:50 --------- d-----w C:\Program Files\CA
2008-08-11 01:50 --------- d-----w C:\Program Files\Bell
2008-08-11 01:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Raxco
2008-08-11 01:49 --------- d-----w C:\Program Files\InstallShield Installation Information
2008-08-11 01:49 --------- d-----w C:\Documents and Settings\Denis\Application Data\Bell
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 765,182 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-06-05 01:05 25,352 ----a-w C:\Documents and Settings\Denis\Application Data\GDIPFONTCACHEV1.DAT
2008-05-26 00:18 553,590 ----a-w C:\Program Files\Tour_de_France_2007.kmz
2008-05-26 00:17 11,289 ----a-w C:\Program Files\Les_21_merveilles_du_monde.kml
2007-02-06 01:26 47,360 ----a-w C:\Documents and Settings\Denis\Application Data\pcouffin.sys
2007-02-06 01:26 268,030 ----a-w C:\Documents and Settings\Denis\Application Data\ezpinst.exe
2006-01-21 21:32 7,425,284 ----a-w C:\Program Files\IKÉA-Kitchen.EXE
2008-05-10 17:57 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008051020080511\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-24 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 292610]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-10 1234712]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Recherche accélérée.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Recherche accélérée.lnk
backup=C:\WINDOWS\pss\Microsoft Recherche accélérée.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\-FreedomNeedsReboot]
--a------ 2008-03-10 12:33 191740 C:\Program Files\Bell\Gestionnaire de securite\zkrunoncer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 217860 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-10-01 12:57 292610 C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellCanada_McciTrayApp]
--a------ 2007-10-09 10:45 1108732 C:\Program Files\BellCanada\McciTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-13 22:33 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire de sécurité Sympatico]
--a------ 2008-10-10 21:03 305664 C:\Program Files\Bell\Gestionnaire de securite\RPS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-08-13 21:29 2016514 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 2005-04-05 14:19 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 227066 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 2005-04-05 14:22 94208 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-01-26 11:46 231166 c:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
-ra------ 2005-04-05 14:23 114688 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopupLexical]
--a------ 2008-02-04 18:25 2868994 C:\Program Files\Cordial\PopupLexical.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
--a------ 2000-08-16 14:08 36864 C:\WINDOWS\system32\spool\drivers\w32x86\2\printray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
--a------ 2008-07-08 16:41 3008254 C:\Program Files\Registry Mechanic\RegMech.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 325380 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-11-03 09:59 382214 C:\Program Files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
--a------ 2004-07-20 19:18 268034 C:\WINDOWS\Dit.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-03-24 21:20 255740 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\Program Files\Combat Arms\CombatArms.exe"= C:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Program Files\Combat Arms\Engine.exe"= C:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\\Program Files\\Combat Arms\\NMService.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-10 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-10 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-10 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-10 76040]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-04-22 98488]
R2 VaultClientUpgrade;Personal Vault Upgrade Service;C:\Program Files\Personal Vault\VaultClientUpgrade.exe [2008-03-07 53248]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-08-12 17408]
S3 jatmlano;jatmlano;C:\DOCUME~1\Denis\LOCALS~1\Temp\jatmlano.sys [ ]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-05-28 19712]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [ ]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-05-28 18304]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [ ]
S3 Radialpoint Security Services;Gestionnaire de sécurité Sympatico;C:\Program Files\Bell\Gestionnaire de securite\RpsSecurityAware.exe [2008-03-10 246012]
S3 UsbCmxp;Scientific Atlanta DPX2100 USB Cable Modem;C:\WINDOWS\system32\DRIVERS\sacmxp.sys [2003-04-18 14336]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f80cefe2-d1ba-11db-940c-0013d3212369}]
\Shell\AutoRun\command - setupSNK.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
2008-10-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-76123866075391035265679519048137 - C:\Program Files\av9\av9.exe
MSConfigStartUp-DAEMON Tools Lite - C:\Program Files\DAEMON Tools Lite\daemon.exe
MSConfigStartUp-eBayToolbar - C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
MSConfigStartUp-ieupdate - C:\WINDOWS\system32\ieupdates.exe
MSConfigStartUp-SSA - C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://sympatico.msn.ca/defaultf.aspx
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
C:\Program Files\INSTALL.LOG
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-11 au 2008-10-11 ))))))))))))))))))))))))))))))))))))
.
2008-10-10 21:03 . 2008-10-10 22:53 <REP> d--h----- C:\$AVG8.VAULT$
2008-10-10 20:32 . 2008-10-10 20:33 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-10-10 20:32 . 2008-10-10 20:32 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-10 20:32 . 2008-10-10 20:32 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-10 20:32 . 2008-10-10 20:32 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-10-10 20:31 . 2008-10-10 20:31 <REP> d-------- C:\Program Files\AVG
2008-10-10 20:31 . 2008-10-10 20:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-09 21:39 . 2008-10-09 21:39 <REP> d-------- C:\Documents and Settings\Danielle\Application Data\Teleca
2008-10-09 21:08 . 2008-10-09 21:08 <REP> d-------- C:\Documents and Settings\Samuel\Application Data\Teleca
2008-10-09 21:07 . 2008-10-09 21:07 <REP> d-------- C:\Documents and Settings\Josua\Application Data\Teleca
2008-10-08 14:49 . 2008-10-08 16:08 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-10-06 21:32 . 2008-10-06 21:32 <REP> d-------- C:\Program Files\iPod
2008-10-06 21:32 . 2008-10-06 21:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-06 21:22 . 2008-10-06 21:22 <REP> d-------- C:\Program Files\Bonjour
2008-10-04 14:19 . 2008-10-04 14:26 <REP> d-------- C:\Program Files\WowCartographe
2008-09-29 21:07 . 2008-09-29 21:07 261 --a------ C:\WINDOWS\WPE PRO.INI
2008-09-29 17:27 . 2008-09-29 17:27 <REP> d-------- C:\Program Files\Kibisoft
2008-09-28 20:57 . 2008-09-28 20:57 <REP> d-------- C:\Documents and Settings\Denis\Application Data\Windows Search
2008-09-19 12:44 . 2008-09-19 12:44 <REP> d-------- C:\Logs
2008-09-11 17:45 . 2008-09-11 17:45 <REP> d-------- C:\Documents and Settings\Denis\Application Data\rockbox.org
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-10 02:04 --------- d-----w C:\Documents and Settings\Danielle\Application Data\Bell
2008-10-10 01:29 --------- d-----w C:\Documents and Settings\Josua\Application Data\Bell
2008-10-10 01:19 --------- d-----w C:\Program Files\World of Warcraft
2008-10-10 00:35 --------- d-----w C:\Program Files\Warcraft III
2008-10-09 00:59 --------- d-----w C:\Program Files\Team Alligator
2008-10-07 01:45 --------- d-----w C:\Program Files\Apple Software Update
2008-10-07 01:32 --------- d-----w C:\Program Files\iTunes
2008-10-07 01:30 --------- d-----w C:\Program Files\QuickTime
2008-10-07 01:30 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-10-03 23:11 --------- d-----w C:\Documents and Settings\Denis\Application Data\Vso
2008-09-30 01:44 --------- d-----w C:\Documents and Settings\Denis\Application Data\uTorrent
2008-09-28 19:20 --------- d-----w C:\Program Files\LimeWire.18
2008-08-29 14:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-25 15:30 --------- d-----w C:\Program Files\Google
2008-08-24 21:25 --------- d-----w C:\Program Files\Java
2008-08-21 14:51 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-17 20:20 --------- d-----w C:\Documents and Settings\Denis\Application Data\Teleca
2008-08-17 20:18 --------- d-----w C:\Program Files\Sony Ericsson
2008-08-17 20:18 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-08-17 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2008-08-17 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-08-17 20:15 6,176 ----a-w C:\WINDOWS\system32\drivers\w810cm.sys
2008-08-14 01:02 --------- d-----w C:\Program Files\Windows Desktop Search
2008-08-14 01:02 --------- d-----w C:\Documents and Settings\Denis\Application Data\Windows Desktop Search
2008-08-14 00:35 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-08-14 00:34 --------- d-----w C:\Program Files\InterActual
2008-08-14 00:33 --------- d-----w C:\Program Files\eBay
2008-08-13 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-08-12 19:53 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-08-12 19:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-11 02:04 --------- d-----w C:\Program Files\Fichiers communs\Scanner
2008-08-11 01:52 --------- d-----w C:\Program Files\Personal Vault
2008-08-11 01:51 --------- d-----w C:\Program Files\Fichiers communs\Authentium
2008-08-11 01:50 --------- d-----w C:\Program Files\Raxco
2008-08-11 01:50 --------- d-----w C:\Program Files\CA
2008-08-11 01:50 --------- d-----w C:\Program Files\Bell
2008-08-11 01:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Raxco
2008-08-11 01:49 --------- d-----w C:\Program Files\InstallShield Installation Information
2008-08-11 01:49 --------- d-----w C:\Documents and Settings\Denis\Application Data\Bell
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 765,182 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-06-05 01:05 25,352 ----a-w C:\Documents and Settings\Denis\Application Data\GDIPFONTCACHEV1.DAT
2008-05-26 00:18 553,590 ----a-w C:\Program Files\Tour_de_France_2007.kmz
2008-05-26 00:17 11,289 ----a-w C:\Program Files\Les_21_merveilles_du_monde.kml
2007-02-06 01:26 47,360 ----a-w C:\Documents and Settings\Denis\Application Data\pcouffin.sys
2007-02-06 01:26 268,030 ----a-w C:\Documents and Settings\Denis\Application Data\ezpinst.exe
2006-01-21 21:32 7,425,284 ----a-w C:\Program Files\IKÉA-Kitchen.EXE
2008-05-10 17:57 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008051020080511\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-24 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 292610]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-10 1234712]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Recherche accélérée.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Recherche accélérée.lnk
backup=C:\WINDOWS\pss\Microsoft Recherche accélérée.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\-FreedomNeedsReboot]
--a------ 2008-03-10 12:33 191740 C:\Program Files\Bell\Gestionnaire de securite\zkrunoncer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 217860 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-10-01 12:57 292610 C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellCanada_McciTrayApp]
--a------ 2007-10-09 10:45 1108732 C:\Program Files\BellCanada\McciTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-13 22:33 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire de sécurité Sympatico]
--a------ 2008-10-10 21:03 305664 C:\Program Files\Bell\Gestionnaire de securite\RPS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-08-13 21:29 2016514 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 2005-04-05 14:19 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 227066 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 2005-04-05 14:22 94208 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-01-26 11:46 231166 c:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
-ra------ 2005-04-05 14:23 114688 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopupLexical]
--a------ 2008-02-04 18:25 2868994 C:\Program Files\Cordial\PopupLexical.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
--a------ 2000-08-16 14:08 36864 C:\WINDOWS\system32\spool\drivers\w32x86\2\printray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
--a------ 2008-07-08 16:41 3008254 C:\Program Files\Registry Mechanic\RegMech.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 325380 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-11-03 09:59 382214 C:\Program Files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
--a------ 2004-07-20 19:18 268034 C:\WINDOWS\Dit.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-03-24 21:20 255740 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\Program Files\Combat Arms\CombatArms.exe"= C:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Program Files\Combat Arms\Engine.exe"= C:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\\Program Files\\Combat Arms\\NMService.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-10 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-10 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-10 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-10 76040]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-04-22 98488]
R2 VaultClientUpgrade;Personal Vault Upgrade Service;C:\Program Files\Personal Vault\VaultClientUpgrade.exe [2008-03-07 53248]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-08-12 17408]
S3 jatmlano;jatmlano;C:\DOCUME~1\Denis\LOCALS~1\Temp\jatmlano.sys [ ]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-05-28 19712]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [ ]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-05-28 18304]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [ ]
S3 Radialpoint Security Services;Gestionnaire de sécurité Sympatico;C:\Program Files\Bell\Gestionnaire de securite\RpsSecurityAware.exe [2008-03-10 246012]
S3 UsbCmxp;Scientific Atlanta DPX2100 USB Cable Modem;C:\WINDOWS\system32\DRIVERS\sacmxp.sys [2003-04-18 14336]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f80cefe2-d1ba-11db-940c-0013d3212369}]
\Shell\AutoRun\command - setupSNK.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
2008-10-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-76123866075391035265679519048137 - C:\Program Files\av9\av9.exe
MSConfigStartUp-DAEMON Tools Lite - C:\Program Files\DAEMON Tools Lite\daemon.exe
MSConfigStartUp-eBayToolbar - C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
MSConfigStartUp-ieupdate - C:\WINDOWS\system32\ieupdates.exe
MSConfigStartUp-SSA - C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://sympatico.msn.ca/defaultf.aspx
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
j'ai finalement reussi a faire le scan et sa me donne cela
C:\Program Files\INSTALL.LOG
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-11 au 2008-10-11 ))))))))))))))))))))))))))))))))))))
.
2008-10-10 21:03 . 2008-10-10 22:53 <REP> d--h----- C:\$AVG8.VAULT$
2008-10-10 20:32 . 2008-10-10 20:33 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-10-10 20:32 . 2008-10-10 20:32 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-10 20:32 . 2008-10-10 20:32 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-10 20:32 . 2008-10-10 20:32 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-10-10 20:31 . 2008-10-10 20:31 <REP> d-------- C:\Program Files\AVG
2008-10-10 20:31 . 2008-10-10 20:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-09 21:39 . 2008-10-09 21:39 <REP> d-------- C:\Documents and Settings\Danielle\Application Data\Teleca
2008-10-09 21:08 . 2008-10-09 21:08 <REP> d-------- C:\Documents and Settings\Samuel\Application Data\Teleca
2008-10-09 21:07 . 2008-10-09 21:07 <REP> d-------- C:\Documents and Settings\Josua\Application Data\Teleca
2008-10-08 14:49 . 2008-10-08 16:08 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-10-06 21:32 . 2008-10-06 21:32 <REP> d-------- C:\Program Files\iPod
2008-10-06 21:32 . 2008-10-06 21:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-06 21:22 . 2008-10-06 21:22 <REP> d-------- C:\Program Files\Bonjour
2008-10-04 14:19 . 2008-10-04 14:26 <REP> d-------- C:\Program Files\WowCartographe
2008-09-29 21:07 . 2008-09-29 21:07 261 --a------ C:\WINDOWS\WPE PRO.INI
2008-09-29 17:27 . 2008-09-29 17:27 <REP> d-------- C:\Program Files\Kibisoft
2008-09-28 20:57 . 2008-09-28 20:57 <REP> d-------- C:\Documents and Settings\Denis\Application Data\Windows Search
2008-09-19 12:44 . 2008-09-19 12:44 <REP> d-------- C:\Logs
2008-09-11 17:45 . 2008-09-11 17:45 <REP> d-------- C:\Documents and Settings\Denis\Application Data\rockbox.org
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-10 02:04 --------- d-----w C:\Documents and Settings\Danielle\Application Data\Bell
2008-10-10 01:29 --------- d-----w C:\Documents and Settings\Josua\Application Data\Bell
2008-10-10 01:19 --------- d-----w C:\Program Files\World of Warcraft
2008-10-10 00:35 --------- d-----w C:\Program Files\Warcraft III
2008-10-09 00:59 --------- d-----w C:\Program Files\Team Alligator
2008-10-07 01:45 --------- d-----w C:\Program Files\Apple Software Update
2008-10-07 01:32 --------- d-----w C:\Program Files\iTunes
2008-10-07 01:30 --------- d-----w C:\Program Files\QuickTime
2008-10-07 01:30 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-10-03 23:11 --------- d-----w C:\Documents and Settings\Denis\Application Data\Vso
2008-09-30 01:44 --------- d-----w C:\Documents and Settings\Denis\Application Data\uTorrent
2008-09-28 19:20 --------- d-----w C:\Program Files\LimeWire.18
2008-08-29 14:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-25 15:30 --------- d-----w C:\Program Files\Google
2008-08-24 21:25 --------- d-----w C:\Program Files\Java
2008-08-21 14:51 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-17 20:20 --------- d-----w C:\Documents and Settings\Denis\Application Data\Teleca
2008-08-17 20:18 --------- d-----w C:\Program Files\Sony Ericsson
2008-08-17 20:18 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-08-17 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2008-08-17 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-08-17 20:15 6,176 ----a-w C:\WINDOWS\system32\drivers\w810cm.sys
2008-08-14 01:02 --------- d-----w C:\Program Files\Windows Desktop Search
2008-08-14 01:02 --------- d-----w C:\Documents and Settings\Denis\Application Data\Windows Desktop Search
2008-08-14 00:35 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-08-14 00:34 --------- d-----w C:\Program Files\InterActual
2008-08-14 00:33 --------- d-----w C:\Program Files\eBay
2008-08-13 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-08-12 19:53 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-08-12 19:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-11 02:04 --------- d-----w C:\Program Files\Fichiers communs\Scanner
2008-08-11 01:52 --------- d-----w C:\Program Files\Personal Vault
2008-08-11 01:51 --------- d-----w C:\Program Files\Fichiers communs\Authentium
2008-08-11 01:50 --------- d-----w C:\Program Files\Raxco
2008-08-11 01:50 --------- d-----w C:\Program Files\CA
2008-08-11 01:50 --------- d-----w C:\Program Files\Bell
2008-08-11 01:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Raxco
2008-08-11 01:49 --------- d-----w C:\Program Files\InstallShield Installation Information
2008-08-11 01:49 --------- d-----w C:\Documents and Settings\Denis\Application Data\Bell
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 765,182 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-06-05 01:05 25,352 ----a-w C:\Documents and Settings\Denis\Application Data\GDIPFONTCACHEV1.DAT
2008-05-26 00:18 553,590 ----a-w C:\Program Files\Tour_de_France_2007.kmz
2008-05-26 00:17 11,289 ----a-w C:\Program Files\Les_21_merveilles_du_monde.kml
2007-02-06 01:26 47,360 ----a-w C:\Documents and Settings\Denis\Application Data\pcouffin.sys
2007-02-06 01:26 268,030 ----a-w C:\Documents and Settings\Denis\Application Data\ezpinst.exe
2006-01-21 21:32 7,425,284 ----a-w C:\Program Files\IKÉA-Kitchen.EXE
2008-05-10 17:57 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008051020080511\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-24 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 292610]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-10 1234712]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Recherche accélérée.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Recherche accélérée.lnk
backup=C:\WINDOWS\pss\Microsoft Recherche accélérée.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\-FreedomNeedsReboot]
--a------ 2008-03-10 12:33 191740 C:\Program Files\Bell\Gestionnaire de securite\zkrunoncer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 217860 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-10-01 12:57 292610 C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellCanada_McciTrayApp]
--a------ 2007-10-09 10:45 1108732 C:\Program Files\BellCanada\McciTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-13 22:33 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire de sécurité Sympatico]
--a------ 2008-10-10 21:03 305664 C:\Program Files\Bell\Gestionnaire de securite\RPS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-08-13 21:29 2016514 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 2005-04-05 14:19 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 227066 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 2005-04-05 14:22 94208 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-01-26 11:46 231166 c:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
-ra------ 2005-04-05 14:23 114688 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopupLexical]
--a------ 2008-02-04 18:25 2868994 C:\Program Files\Cordial\PopupLexical.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
--a------ 2000-08-16 14:08 36864 C:\WINDOWS\system32\spool\drivers\w32x86\2\printray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
--a------ 2008-07-08 16:41 3008254 C:\Program Files\Registry Mechanic\RegMech.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 325380 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-11-03 09:59 382214 C:\Program Files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
--a------ 2004-07-20 19:18 268034 C:\WINDOWS\Dit.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-03-24 21:20 255740 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\Program Files\Combat Arms\CombatArms.exe"= C:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Program Files\Combat Arms\Engine.exe"= C:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\\Program Files\\Combat Arms\\NMService.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-10 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-10 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-10 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-10 76040]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-04-22 98488]
R2 VaultClientUpgrade;Personal Vault Upgrade Service;C:\Program Files\Personal Vault\VaultClientUpgrade.exe [2008-03-07 53248]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-08-12 17408]
S3 jatmlano;jatmlano;C:\DOCUME~1\Denis\LOCALS~1\Temp\jatmlano.sys [ ]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-05-28 19712]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [ ]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-05-28 18304]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [ ]
S3 Radialpoint Security Services;Gestionnaire de sécurité Sympatico;C:\Program Files\Bell\Gestionnaire de securite\RpsSecurityAware.exe [2008-03-10 246012]
S3 UsbCmxp;Scientific Atlanta DPX2100 USB Cable Modem;C:\WINDOWS\system32\DRIVERS\sacmxp.sys [2003-04-18 14336]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f80cefe2-d1ba-11db-940c-0013d3212369}]
\Shell\AutoRun\command - setupSNK.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
2008-10-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-76123866075391035265679519048137 - C:\Program Files\av9\av9.exe
MSConfigStartUp-DAEMON Tools Lite - C:\Program Files\DAEMON Tools Lite\daemon.exe
MSConfigStartUp-eBayToolbar - C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
MSConfigStartUp-ieupdate - C:\WINDOWS\system32\ieupdates.exe
MSConfigStartUp-SSA - C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://sympatico.msn.ca/defaultf.aspx
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
C:\Program Files\INSTALL.LOG
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-11 au 2008-10-11 ))))))))))))))))))))))))))))))))))))
.
2008-10-10 21:03 . 2008-10-10 22:53 <REP> d--h----- C:\$AVG8.VAULT$
2008-10-10 20:32 . 2008-10-10 20:33 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-10-10 20:32 . 2008-10-10 20:32 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-10 20:32 . 2008-10-10 20:32 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-10 20:32 . 2008-10-10 20:32 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-10-10 20:31 . 2008-10-10 20:31 <REP> d-------- C:\Program Files\AVG
2008-10-10 20:31 . 2008-10-10 20:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-09 21:39 . 2008-10-09 21:39 <REP> d-------- C:\Documents and Settings\Danielle\Application Data\Teleca
2008-10-09 21:08 . 2008-10-09 21:08 <REP> d-------- C:\Documents and Settings\Samuel\Application Data\Teleca
2008-10-09 21:07 . 2008-10-09 21:07 <REP> d-------- C:\Documents and Settings\Josua\Application Data\Teleca
2008-10-08 14:49 . 2008-10-08 16:08 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-10-06 21:32 . 2008-10-06 21:32 <REP> d-------- C:\Program Files\iPod
2008-10-06 21:32 . 2008-10-06 21:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-06 21:22 . 2008-10-06 21:22 <REP> d-------- C:\Program Files\Bonjour
2008-10-04 14:19 . 2008-10-04 14:26 <REP> d-------- C:\Program Files\WowCartographe
2008-09-29 21:07 . 2008-09-29 21:07 261 --a------ C:\WINDOWS\WPE PRO.INI
2008-09-29 17:27 . 2008-09-29 17:27 <REP> d-------- C:\Program Files\Kibisoft
2008-09-28 20:57 . 2008-09-28 20:57 <REP> d-------- C:\Documents and Settings\Denis\Application Data\Windows Search
2008-09-19 12:44 . 2008-09-19 12:44 <REP> d-------- C:\Logs
2008-09-11 17:45 . 2008-09-11 17:45 <REP> d-------- C:\Documents and Settings\Denis\Application Data\rockbox.org
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-10 02:04 --------- d-----w C:\Documents and Settings\Danielle\Application Data\Bell
2008-10-10 01:29 --------- d-----w C:\Documents and Settings\Josua\Application Data\Bell
2008-10-10 01:19 --------- d-----w C:\Program Files\World of Warcraft
2008-10-10 00:35 --------- d-----w C:\Program Files\Warcraft III
2008-10-09 00:59 --------- d-----w C:\Program Files\Team Alligator
2008-10-07 01:45 --------- d-----w C:\Program Files\Apple Software Update
2008-10-07 01:32 --------- d-----w C:\Program Files\iTunes
2008-10-07 01:30 --------- d-----w C:\Program Files\QuickTime
2008-10-07 01:30 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-10-03 23:11 --------- d-----w C:\Documents and Settings\Denis\Application Data\Vso
2008-09-30 01:44 --------- d-----w C:\Documents and Settings\Denis\Application Data\uTorrent
2008-09-28 19:20 --------- d-----w C:\Program Files\LimeWire.18
2008-08-29 14:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-25 15:30 --------- d-----w C:\Program Files\Google
2008-08-24 21:25 --------- d-----w C:\Program Files\Java
2008-08-21 14:51 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-17 20:20 --------- d-----w C:\Documents and Settings\Denis\Application Data\Teleca
2008-08-17 20:18 --------- d-----w C:\Program Files\Sony Ericsson
2008-08-17 20:18 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-08-17 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2008-08-17 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-08-17 20:15 6,176 ----a-w C:\WINDOWS\system32\drivers\w810cm.sys
2008-08-14 01:02 --------- d-----w C:\Program Files\Windows Desktop Search
2008-08-14 01:02 --------- d-----w C:\Documents and Settings\Denis\Application Data\Windows Desktop Search
2008-08-14 00:35 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-08-14 00:34 --------- d-----w C:\Program Files\InterActual
2008-08-14 00:33 --------- d-----w C:\Program Files\eBay
2008-08-13 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-08-12 19:53 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-08-12 19:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-11 02:04 --------- d-----w C:\Program Files\Fichiers communs\Scanner
2008-08-11 01:52 --------- d-----w C:\Program Files\Personal Vault
2008-08-11 01:51 --------- d-----w C:\Program Files\Fichiers communs\Authentium
2008-08-11 01:50 --------- d-----w C:\Program Files\Raxco
2008-08-11 01:50 --------- d-----w C:\Program Files\CA
2008-08-11 01:50 --------- d-----w C:\Program Files\Bell
2008-08-11 01:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Raxco
2008-08-11 01:49 --------- d-----w C:\Program Files\InstallShield Installation Information
2008-08-11 01:49 --------- d-----w C:\Documents and Settings\Denis\Application Data\Bell
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 765,182 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-06-05 01:05 25,352 ----a-w C:\Documents and Settings\Denis\Application Data\GDIPFONTCACHEV1.DAT
2008-05-26 00:18 553,590 ----a-w C:\Program Files\Tour_de_France_2007.kmz
2008-05-26 00:17 11,289 ----a-w C:\Program Files\Les_21_merveilles_du_monde.kml
2007-02-06 01:26 47,360 ----a-w C:\Documents and Settings\Denis\Application Data\pcouffin.sys
2007-02-06 01:26 268,030 ----a-w C:\Documents and Settings\Denis\Application Data\ezpinst.exe
2006-01-21 21:32 7,425,284 ----a-w C:\Program Files\IKÉA-Kitchen.EXE
2008-05-10 17:57 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008051020080511\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-24 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 292610]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-10 1234712]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Recherche accélérée.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Recherche accélérée.lnk
backup=C:\WINDOWS\pss\Microsoft Recherche accélérée.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\-FreedomNeedsReboot]
--a------ 2008-03-10 12:33 191740 C:\Program Files\Bell\Gestionnaire de securite\zkrunoncer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 217860 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-10-01 12:57 292610 C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellCanada_McciTrayApp]
--a------ 2007-10-09 10:45 1108732 C:\Program Files\BellCanada\McciTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-13 22:33 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire de sécurité Sympatico]
--a------ 2008-10-10 21:03 305664 C:\Program Files\Bell\Gestionnaire de securite\RPS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-08-13 21:29 2016514 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 2005-04-05 14:19 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 227066 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 2005-04-05 14:22 94208 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-01-26 11:46 231166 c:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
-ra------ 2005-04-05 14:23 114688 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopupLexical]
--a------ 2008-02-04 18:25 2868994 C:\Program Files\Cordial\PopupLexical.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
--a------ 2000-08-16 14:08 36864 C:\WINDOWS\system32\spool\drivers\w32x86\2\printray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
--a------ 2008-07-08 16:41 3008254 C:\Program Files\Registry Mechanic\RegMech.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 325380 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-11-03 09:59 382214 C:\Program Files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
--a------ 2004-07-20 19:18 268034 C:\WINDOWS\Dit.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-03-24 21:20 255740 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\Program Files\Combat Arms\CombatArms.exe"= C:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Program Files\Combat Arms\Engine.exe"= C:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\\Program Files\\Combat Arms\\NMService.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-10 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-10 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-10 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-10 76040]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-04-22 98488]
R2 VaultClientUpgrade;Personal Vault Upgrade Service;C:\Program Files\Personal Vault\VaultClientUpgrade.exe [2008-03-07 53248]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-08-12 17408]
S3 jatmlano;jatmlano;C:\DOCUME~1\Denis\LOCALS~1\Temp\jatmlano.sys [ ]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-05-28 19712]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [ ]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-05-28 18304]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [ ]
S3 Radialpoint Security Services;Gestionnaire de sécurité Sympatico;C:\Program Files\Bell\Gestionnaire de securite\RpsSecurityAware.exe [2008-03-10 246012]
S3 UsbCmxp;Scientific Atlanta DPX2100 USB Cable Modem;C:\WINDOWS\system32\DRIVERS\sacmxp.sys [2003-04-18 14336]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f80cefe2-d1ba-11db-940c-0013d3212369}]
\Shell\AutoRun\command - setupSNK.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
2008-10-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-76123866075391035265679519048137 - C:\Program Files\av9\av9.exe
MSConfigStartUp-DAEMON Tools Lite - C:\Program Files\DAEMON Tools Lite\daemon.exe
MSConfigStartUp-eBayToolbar - C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
MSConfigStartUp-ieupdate - C:\WINDOWS\system32\ieupdates.exe
MSConfigStartUp-SSA - C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://sympatico.msn.ca/defaultf.aspx
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
- Fais un scan en ligne ici https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr (Avec Internet Explorer)
- En bas à droite, clique sur Démarrer Online-scanner
- Dans la nouvelle fenêtre qui s'affiche, clique sur J'accepte
- Accepte les Contrôles ActiveX
- Choisis Poste de travail pour le scan.
- Celui-ci terminé, sauvegarde (Choisis fichier texte) et poste le rapport
- Pour t'aider à utiliser le scan en ligne :
https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId291566
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.
- Lis ceci en cas de problème d'installation du Contrôle ActiveX :
http://cybersecurite.xooit.com/t123-Les-controles-ActiveX.htm
- En bas à droite, clique sur Démarrer Online-scanner
- Dans la nouvelle fenêtre qui s'affiche, clique sur J'accepte
- Accepte les Contrôles ActiveX
- Choisis Poste de travail pour le scan.
- Celui-ci terminé, sauvegarde (Choisis fichier texte) et poste le rapport
- Pour t'aider à utiliser le scan en ligne :
https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId291566
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.
- Lis ceci en cas de problème d'installation du Contrôle ActiveX :
http://cybersecurite.xooit.com/t123-Les-controles-ActiveX.htm
