A voir également:
- Virus dans boite mail msn
- Se connecter à ma boite hotmail - Guide
- Yahoo mail - Guide
- Boîte mail française gratuite - Guide
- Boite mail saturée - Guide
- Msn - Télécharger - Messagerie
100 réponses
Elément(s) analysé(s): 169187
Temps écoulé: 37 minute(s), 1 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
D:\film\Codec\Divx 5.0\DAMN_DivX50_kg.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
Temps écoulé: 37 minute(s), 1 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
D:\film\Codec\Divx 5.0\DAMN_DivX50_kg.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
Utilisateur anonyme
22 juin 2010 à 15:43
22 juin 2010 à 15:43
essaie de nouveau pour voir s'il y a encore le message en question !
Utilisateur anonyme
22 juin 2010 à 17:04
22 juin 2010 à 17:04
► Télécharges ComboFix à partir de ce lien et enregistres le sur ton bureau :
https://forum.pcastuces.com/combofix_renomme_au_telechargement-f31s22.htm
ou ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
A lire
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Avant d'utiliser ComboFix :
► Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\INSTALLES LA CONSOLE DE RECUPERATION
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
► Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
► Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
https://forum.pcastuces.com/combofix_renomme_au_telechargement-f31s22.htm
ou ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
A lire
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Avant d'utiliser ComboFix :
► Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\INSTALLES LA CONSOLE DE RECUPERATION
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
► Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
► Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
22 juin 2010 à 18:48
22 juin 2010 à 18:48
? Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
j'ai redemarrer mon pc et le message et revenu par contre je n'ai pas de fichier .txt de combofix
de plus a la fin de l'analyse le pc a redemarrer et aucun fichier,txt est apparu
de plus a la fin de l'analyse le pc a redemarrer et aucun fichier,txt est apparu
Utilisateur anonyme
Modifié par Electricien 69 le 22/06/2010 à 18:55
Modifié par Electricien 69 le 22/06/2010 à 18:55
regarde depuis le poste de travail, il doit se trouver à la raçine C :
Utilisateur anonyme
22 juin 2010 à 19:30
22 juin 2010 à 19:30
ok,
repasse un autre rsit :
https://forums.commentcamarche.net/forum/affich-18223512-virus-dans-boite-mail-msn?full#4
repasse un autre rsit :
https://forums.commentcamarche.net/forum/affich-18223512-virus-dans-boite-mail-msn?full#4
Logfile of random's system information tool 1.07 (written by random/random)
Run by niko at 2010-06-22 19:55:11
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 1 GB (7%) free of 20 GB
Total RAM: 511 MB (43% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:55:45, on 22/06/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINNT\system32\FsUsbExService.Exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\WINNT\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\niko\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\niko.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.codecguide.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINNT\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: FsUsbExService - Teruten - C:\WINNT\system32\FsUsbExService.Exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINNT\system32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINNT\system32\mnmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINNT\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINNT\System32\SCardSvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINNT\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINNT\system32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINNT\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINNT\system32\wbem\wmiapsrv.exe
Run by niko at 2010-06-22 19:55:11
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 1 GB (7%) free of 20 GB
Total RAM: 511 MB (43% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:55:45, on 22/06/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINNT\system32\FsUsbExService.Exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\WINNT\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\niko\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\niko.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.codecguide.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINNT\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: FsUsbExService - Teruten - C:\WINNT\system32\FsUsbExService.Exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINNT\system32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINNT\system32\mnmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINNT\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINNT\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINNT\System32\SCardSvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINNT\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINNT\system32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINNT\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINNT\system32\wbem\wmiapsrv.exe
info.txt logfile of random's system information tool 1.06 2009-05-03 20:46:32
======Uninstall list======
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
Ad-Aware SE Personal-->C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 10 ActiveX-->C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINNT\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.8 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70800000002}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
HijackThis 2.0.2-->"C:\Documents and Settings\niko\Bureau\HijackThis.exe" /uninstall
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
K-Lite Codec Pack 4.7.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Language Pack for Ad-aware 6-->\LANGUA~1\UNWISE.EXE \LANGUA~1\INSTALL.LOG
Language pack for Ad-Aware SE-->C:\PROGRA~1\LAVASOFT\AD-AWA~1\PLUGINS\LANGS\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\PLUGINS\LANGS\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mise à jour de sécurité pour Windows XP (KB921883)-->"C:\WINNT\$NtUninstallKB921883$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero Suite-->C:\Program Files\Fichiers communs\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Pinnacle PCTV-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C02ED4F-46B0-4E9E-87F7-47AEBA4031C8}\Setup.exe" -l0x40c -L0x40c UNINSTALL
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\Setup.exe" -l0x40c REMOVE
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
WinFast(R) Display Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44BAC2DD-0574-4047-B736-A7687401C1CD}\setup.exe"
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: AntiVir Desktop
======System event log======
Computer Name: 7315258013F3446
Event Code: 6011
Message: Le nom NetBIOS et le nom de l'hôte DNS de cet ordinateur ont été modifiés de MACHINENAME vers 7315258013F3446.
Record Number: 5
Source Name: EventLog
Time Written: 20090502101911.000000+120
Event Type: Informations
User:
Computer Name: MACHINENAME
Event Code: 2
Message: Pendant la validation de \Device\Serial1 en tant que port série, une FIFO a été détectée. La FIFO sera utilisée.
Record Number: 4
Source Name: Serial
Time Written: 20090502121521.000000+120
Event Type: Informations
User:
Computer Name: MACHINENAME
Event Code: 2
Message: Pendant la validation de \Device\Serial0 en tant que port série, une FIFO a été détectée. La FIFO sera utilisée.
Record Number: 3
Source Name: Serial
Time Written: 20090502121521.000000+120
Event Type: Informations
User:
Computer Name: MACHINENAME
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.
Record Number: 2
Source Name: EventLog
Time Written: 20090502121500.000000+120
Event Type: Informations
User:
Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Uniprocessor Free.
Record Number: 1
Source Name: EventLog
Time Written: 20090502121500.000000+120
Event Type: Informations
User:
=====Application event log=====
Computer Name: 7315258013F3446
Event Code: 103
Message: wuaueng.dll (2152) SUS20ClientDataStore: Le moteur de base de données a arrêté une instance (0).
Record Number: 142
Source Name: ESENT
Time Written: 20090503170237.000000+120
Event Type: Informations
User:
Computer Name: 7315258013F3446
Event Code: 102
Message: wuaueng.dll (2152) SUS20ClientDataStore: Le moteur de base de données a démarré une nouvelle instance (0).
Record Number: 141
Source Name: ESENT
Time Written: 20090503165736.000000+120
Event Type: Informations
User:
Computer Name: 7315258013F3446
Event Code: 100
Message: wuauclt (2152) Le moteur de base de données 5.01.2600.2180 est démarré.
Record Number: 140
Source Name: ESENT
Time Written: 20090503165736.000000+120
Event Type: Informations
User:
Computer Name: 7315258013F3446
Event Code: 4096
Message: Le service AntiVir a bien démarré!
Record Number: 139
Source Name: Avira AntiVir
Time Written: 20090503165656.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: 7315258013F3446
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 138
Source Name: SecurityCenter
Time Written: 20090503165651.000000+120
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0602
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
======Uninstall list======
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
Ad-Aware SE Personal-->C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 10 ActiveX-->C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINNT\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.8 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70800000002}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
HijackThis 2.0.2-->"C:\Documents and Settings\niko\Bureau\HijackThis.exe" /uninstall
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
K-Lite Codec Pack 4.7.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Language Pack for Ad-aware 6-->\LANGUA~1\UNWISE.EXE \LANGUA~1\INSTALL.LOG
Language pack for Ad-Aware SE-->C:\PROGRA~1\LAVASOFT\AD-AWA~1\PLUGINS\LANGS\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\PLUGINS\LANGS\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mise à jour de sécurité pour Windows XP (KB921883)-->"C:\WINNT\$NtUninstallKB921883$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero Suite-->C:\Program Files\Fichiers communs\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Pinnacle PCTV-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C02ED4F-46B0-4E9E-87F7-47AEBA4031C8}\Setup.exe" -l0x40c -L0x40c UNINSTALL
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\Setup.exe" -l0x40c REMOVE
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
WinFast(R) Display Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44BAC2DD-0574-4047-B736-A7687401C1CD}\setup.exe"
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: AntiVir Desktop
======System event log======
Computer Name: 7315258013F3446
Event Code: 6011
Message: Le nom NetBIOS et le nom de l'hôte DNS de cet ordinateur ont été modifiés de MACHINENAME vers 7315258013F3446.
Record Number: 5
Source Name: EventLog
Time Written: 20090502101911.000000+120
Event Type: Informations
User:
Computer Name: MACHINENAME
Event Code: 2
Message: Pendant la validation de \Device\Serial1 en tant que port série, une FIFO a été détectée. La FIFO sera utilisée.
Record Number: 4
Source Name: Serial
Time Written: 20090502121521.000000+120
Event Type: Informations
User:
Computer Name: MACHINENAME
Event Code: 2
Message: Pendant la validation de \Device\Serial0 en tant que port série, une FIFO a été détectée. La FIFO sera utilisée.
Record Number: 3
Source Name: Serial
Time Written: 20090502121521.000000+120
Event Type: Informations
User:
Computer Name: MACHINENAME
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.
Record Number: 2
Source Name: EventLog
Time Written: 20090502121500.000000+120
Event Type: Informations
User:
Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Uniprocessor Free.
Record Number: 1
Source Name: EventLog
Time Written: 20090502121500.000000+120
Event Type: Informations
User:
=====Application event log=====
Computer Name: 7315258013F3446
Event Code: 103
Message: wuaueng.dll (2152) SUS20ClientDataStore: Le moteur de base de données a arrêté une instance (0).
Record Number: 142
Source Name: ESENT
Time Written: 20090503170237.000000+120
Event Type: Informations
User:
Computer Name: 7315258013F3446
Event Code: 102
Message: wuaueng.dll (2152) SUS20ClientDataStore: Le moteur de base de données a démarré une nouvelle instance (0).
Record Number: 141
Source Name: ESENT
Time Written: 20090503165736.000000+120
Event Type: Informations
User:
Computer Name: 7315258013F3446
Event Code: 100
Message: wuauclt (2152) Le moteur de base de données 5.01.2600.2180 est démarré.
Record Number: 140
Source Name: ESENT
Time Written: 20090503165736.000000+120
Event Type: Informations
User:
Computer Name: 7315258013F3446
Event Code: 4096
Message: Le service AntiVir a bien démarré!
Record Number: 139
Source Name: Avira AntiVir
Time Written: 20090503165656.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: 7315258013F3446
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 138
Source Name: SecurityCenter
Time Written: 20090503165651.000000+120
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0602
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
Utilisateur anonyme
Modifié par Electricien 69 le 22/06/2010 à 20:35
Modifié par Electricien 69 le 22/06/2010 à 20:35
supprime combofix sur ton pc, rételecharge le, change son nom, puis relance le
ComboFix 10-06-22.03 - niko 23/06/2010 11:34:10.4.1 - FAT32x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.511.309 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\niko\Mes documents\Téléchargements\zob.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-05-23 au 2010-06-23 ))))))))))))))))))))))))))))))))))))
.
2010-06-22 19:12:04 . 2010-06-22 19:12:06 -------- d-----w- C:\Documents and Settings\niko\Application Data\Apple Computer
2010-06-22 19:11:37 . 2008-04-17 10:12:54 107368 ----a-w- C:\WINNT\system32\GEARAspi.dll
2010-06-22 19:11:36 . 2009-05-18 11:17:00 26600 ----a-w- C:\WINNT\system32\drivers\GEARAspiWDM.sys
2010-06-22 19:10:28 . 2010-06-22 19:10:30 -------- d-----w- C:\Program Files\iPod
2010-06-22 19:10:13 . 2010-06-22 19:10:14 -------- d-----w- C:\Program Files\iTunes
2010-06-22 19:10:13 . 2010-06-22 19:10:14 -------- d-----w- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-22 19:09:00 . 2010-06-22 19:09:02 -------- d-----w- C:\Program Files\QuickTime
2010-06-22 19:08:58 . 2010-06-22 19:09:00 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-06-22 19:08:44 . 2010-06-22 19:08:46 -------- d-----w- C:\Documents and Settings\niko\Local Settings\Application Data\Apple
2010-06-22 19:08:40 . 2010-06-22 19:08:42 -------- d-----w- C:\Program Files\Apple Software Update
2010-06-22 19:08:10 . 2010-06-22 19:08:12 -------- d-----w- C:\Program Files\Bonjour
2010-06-22 19:07:54 . 2010-06-22 19:07:56 -------- d-----w- C:\Program Files\Fichiers communs\Apple
2010-06-22 19:07:54 . 2010-06-22 19:07:56 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Apple
2010-06-22 19:07:28 . 2010-06-22 19:07:30 -------- d-----w- C:\Documents and Settings\niko\Local Settings\Application Data\Apple Computer
2010-06-22 17:02:28 . 2010-06-22 17:02:28 -------- d-----w- C:\FOUND.005
2010-06-22 10:57:10 . 2010-06-22 10:57:12 -------- d-----w- C:\_OTM
2010-06-21 19:33:15 . 2010-06-21 19:33:16 863113 ----a-w- C:\UsbFix_Upload_Me_7315258013F3446.zip
2010-06-21 18:33:35 . 2010-06-21 18:33:36 -------- d-----w- C:\UsbFix
2010-06-21 17:05:45 . 2010-06-21 17:05:46 -------- d-----w- C:\Program Files\trend micro
2010-06-20 10:29:07 . 2010-04-29 13:39:38 38224 ----a-w- C:\WINNT\system32\drivers\mbamswissarmy.sys
2010-06-20 10:29:04 . 2010-06-20 10:29:06 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-20 10:29:04 . 2010-04-29 13:39:26 20952 ----a-w- C:\WINNT\system32\drivers\mbam.sys
2010-06-20 09:20:48 . 2010-06-20 09:20:50 -------- d-----w- C:\WINNT\system32\wbem\Repository
2010-06-17 09:30:40 . 2010-06-17 09:30:42 -------- d-----w- C:\MSNCleaner
2010-06-15 18:01:34 . 2010-06-15 18:01:34 72504 ----a-w- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-02 16:58:17 . 2010-06-02 16:58:18 -------- d-----w- C:\Program Files\JDownloader
2010-06-02 14:12:25 . 2010-06-02 14:12:26 -------- d-----w- C:\Program Files\Direct MIDI to MP3 Converter
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 14:35:16 . 2010-05-18 14:35:16 91424 ----a-w- C:\WINNT\system32\dnssd.dll
2010-05-18 14:35:16 . 2010-05-18 14:35:16 75040 ----a-w- C:\WINNT\system32\jdns_sd.dll
2010-05-18 14:35:16 . 2010-05-18 14:35:16 197920 ----a-w- C:\WINNT\system32\dnssdX.dll
2010-05-18 14:35:16 . 2010-05-18 14:35:16 107808 ----a-w- C:\WINNT\system32\dns-sd.exe
2010-05-05 14:37:00 . 2010-05-05 14:36:58 -------- d-----w- C:\Program Files\midi2mp3
2010-05-05 14:27:50 . 2010-05-05 14:27:48 -------- d-----w- C:\Program Files\Audacity
2010-04-24 14:42:18 . 2010-04-24 14:42:16 -------- d-----w- C:\Program Files\Avira
2010-04-24 14:42:18 . 2010-04-24 14:42:16 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Avira
2010-03-29 09:37:36 . 2009-11-24 19:02:02 79488 ----a-w- C:\Documents and Settings\niko\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-06-22_16.24.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-23 09:01:30 . 2010-06-23 09:01:32 16384 C:\WINNT\Temp\Perflib_Perfdata_784.dat
+ 2010-06-22 19:08:33 . 2010-04-19 18:47:42 41984 C:\WINNT\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\usbaapl.sys
+ 2010-06-22 19:08:35 . 2010-04-19 18:29:20 18432 C:\WINNT\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\netaapl.sys
+ 2010-06-22 19:11:36 . 2009-05-18 11:17:00 26600 C:\WINNT\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
+ 2010-06-22 19:08:45 . 2010-06-22 19:08:46 27136 C:\WINNT\Installer\{C41300B9-185D-475E-BFEC-39EF732F19B1}\AppleSoftwareUpdateIco.exe
+ 2010-06-22 19:11:37 . 2008-04-17 10:12:54 107368 C:\WINNT\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
+ 2010-06-22 19:08:06 . 2010-06-22 19:08:08 807424 C:\WINNT\Installer\7419c3.msi
+ 2010-06-22 19:12:09 . 2010-06-22 19:12:10 372736 C:\WINNT\Installer\{7AB3A249-FB81-416B-917A-A2A10E74C503}\iTunesIco.exe
+ 2010-06-22 19:08:33 . 2010-04-19 18:47:44 3062048 C:\WINNT\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\usbaaplrc.dll
+ 2010-06-22 19:08:35 . 2010-04-19 18:29:22 1461992 C:\WINNT\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\wdfcoinstaller01009.dll
+ 2010-06-22 19:12:07 . 2010-06-22 19:12:10 4820480 C:\WINNT\Installer\7419e5.msi
+ 2010-06-22 19:09:27 . 2010-06-22 19:09:32 9472000 C:\WINNT\Installer\7419e1.msi
+ 2010-06-22 19:08:44 . 2010-06-22 19:08:46 1554944 C:\WINNT\Installer\7419da.msi
+ 2010-06-22 19:08:37 . 2010-06-22 19:08:38 3089408 C:\WINNT\Installer\7419d3.msi
+ 2010-06-22 19:08:14 . 2010-06-22 19:08:16 1984000 C:\WINNT\Installer\7419cc.msi
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-07-15 07:18:48 102400]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 12:28:38 1961984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-07-22 18:42:24 148888]
"nwiz"="nwiz.exe" [2002-07-30 21:50:00 372736]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [2001-07-09 09:50:42 155648]
"NPSStartup"="" [BU]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 21:20:50 57344]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 10:08:12 209153]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-03-18 20:16:10 421888]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-06-15 14:33:44 141624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINNT\system32\CTFMON.EXE" [2004-08-19 12:09:52 15360]
C:\Documents and Settings\All Users\Menu D'marrer\Programmes\D'marrage\
Pinnacle Scheduler.lnk - C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2009-5-2 237568]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\Java\\JRE6\\BIN\\javaw.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;C:\Program Files\Avira\AntiVir Desktop\sched.exe [24/04/2010 16:42:17 108289]
R2 FsUsbExService;FsUsbExService;C:\WINNT\system32\FsUsbExService.Exe [05/01/2010 15:09:24 233472]
R2 nvTUNEP;nVidia WDM TVTuner;C:\WINNT\system32\drivers\NVTUNEP.SYS [01/11/2009 21:08:44 15968]
R2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINNT\system32\drivers\NVTVSND.SYS [01/11/2009 21:08:44 45216]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINNT\system32\FsUsbExDisk.Sys [05/01/2010 15:09:24 36608]
R3 pctvvbi;PCTVVBI;C:\WINNT\system32\drivers\pctvvbi.sys [02/05/2009 11:35:50 6400]
S0 NVDual;NVDual;C:\WINNT\system32\DRIVERS\nvDual.sys --> C:\WINNT\system32\DRIVERS\nvDual.sys [?]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
uInternet Connection Wizard,ShellNext = hxxp://www.codecguide.com/
uInternet Settings,ProxyOverride = local;*.local
IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - C:\Documents and Settings\niko\Application Data\Mozilla\Firefox\Profiles\fdvdmexj.default\
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - trueC:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.511.309 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\niko\Mes documents\Téléchargements\zob.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-05-23 au 2010-06-23 ))))))))))))))))))))))))))))))))))))
.
2010-06-22 19:12:04 . 2010-06-22 19:12:06 -------- d-----w- C:\Documents and Settings\niko\Application Data\Apple Computer
2010-06-22 19:11:37 . 2008-04-17 10:12:54 107368 ----a-w- C:\WINNT\system32\GEARAspi.dll
2010-06-22 19:11:36 . 2009-05-18 11:17:00 26600 ----a-w- C:\WINNT\system32\drivers\GEARAspiWDM.sys
2010-06-22 19:10:28 . 2010-06-22 19:10:30 -------- d-----w- C:\Program Files\iPod
2010-06-22 19:10:13 . 2010-06-22 19:10:14 -------- d-----w- C:\Program Files\iTunes
2010-06-22 19:10:13 . 2010-06-22 19:10:14 -------- d-----w- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-22 19:09:00 . 2010-06-22 19:09:02 -------- d-----w- C:\Program Files\QuickTime
2010-06-22 19:08:58 . 2010-06-22 19:09:00 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-06-22 19:08:44 . 2010-06-22 19:08:46 -------- d-----w- C:\Documents and Settings\niko\Local Settings\Application Data\Apple
2010-06-22 19:08:40 . 2010-06-22 19:08:42 -------- d-----w- C:\Program Files\Apple Software Update
2010-06-22 19:08:10 . 2010-06-22 19:08:12 -------- d-----w- C:\Program Files\Bonjour
2010-06-22 19:07:54 . 2010-06-22 19:07:56 -------- d-----w- C:\Program Files\Fichiers communs\Apple
2010-06-22 19:07:54 . 2010-06-22 19:07:56 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Apple
2010-06-22 19:07:28 . 2010-06-22 19:07:30 -------- d-----w- C:\Documents and Settings\niko\Local Settings\Application Data\Apple Computer
2010-06-22 17:02:28 . 2010-06-22 17:02:28 -------- d-----w- C:\FOUND.005
2010-06-22 10:57:10 . 2010-06-22 10:57:12 -------- d-----w- C:\_OTM
2010-06-21 19:33:15 . 2010-06-21 19:33:16 863113 ----a-w- C:\UsbFix_Upload_Me_7315258013F3446.zip
2010-06-21 18:33:35 . 2010-06-21 18:33:36 -------- d-----w- C:\UsbFix
2010-06-21 17:05:45 . 2010-06-21 17:05:46 -------- d-----w- C:\Program Files\trend micro
2010-06-20 10:29:07 . 2010-04-29 13:39:38 38224 ----a-w- C:\WINNT\system32\drivers\mbamswissarmy.sys
2010-06-20 10:29:04 . 2010-06-20 10:29:06 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-20 10:29:04 . 2010-04-29 13:39:26 20952 ----a-w- C:\WINNT\system32\drivers\mbam.sys
2010-06-20 09:20:48 . 2010-06-20 09:20:50 -------- d-----w- C:\WINNT\system32\wbem\Repository
2010-06-17 09:30:40 . 2010-06-17 09:30:42 -------- d-----w- C:\MSNCleaner
2010-06-15 18:01:34 . 2010-06-15 18:01:34 72504 ----a-w- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-02 16:58:17 . 2010-06-02 16:58:18 -------- d-----w- C:\Program Files\JDownloader
2010-06-02 14:12:25 . 2010-06-02 14:12:26 -------- d-----w- C:\Program Files\Direct MIDI to MP3 Converter
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 14:35:16 . 2010-05-18 14:35:16 91424 ----a-w- C:\WINNT\system32\dnssd.dll
2010-05-18 14:35:16 . 2010-05-18 14:35:16 75040 ----a-w- C:\WINNT\system32\jdns_sd.dll
2010-05-18 14:35:16 . 2010-05-18 14:35:16 197920 ----a-w- C:\WINNT\system32\dnssdX.dll
2010-05-18 14:35:16 . 2010-05-18 14:35:16 107808 ----a-w- C:\WINNT\system32\dns-sd.exe
2010-05-05 14:37:00 . 2010-05-05 14:36:58 -------- d-----w- C:\Program Files\midi2mp3
2010-05-05 14:27:50 . 2010-05-05 14:27:48 -------- d-----w- C:\Program Files\Audacity
2010-04-24 14:42:18 . 2010-04-24 14:42:16 -------- d-----w- C:\Program Files\Avira
2010-04-24 14:42:18 . 2010-04-24 14:42:16 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Avira
2010-03-29 09:37:36 . 2009-11-24 19:02:02 79488 ----a-w- C:\Documents and Settings\niko\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-06-22_16.24.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-23 09:01:30 . 2010-06-23 09:01:32 16384 C:\WINNT\Temp\Perflib_Perfdata_784.dat
+ 2010-06-22 19:08:33 . 2010-04-19 18:47:42 41984 C:\WINNT\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\usbaapl.sys
+ 2010-06-22 19:08:35 . 2010-04-19 18:29:20 18432 C:\WINNT\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\netaapl.sys
+ 2010-06-22 19:11:36 . 2009-05-18 11:17:00 26600 C:\WINNT\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
+ 2010-06-22 19:08:45 . 2010-06-22 19:08:46 27136 C:\WINNT\Installer\{C41300B9-185D-475E-BFEC-39EF732F19B1}\AppleSoftwareUpdateIco.exe
+ 2010-06-22 19:11:37 . 2008-04-17 10:12:54 107368 C:\WINNT\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
+ 2010-06-22 19:08:06 . 2010-06-22 19:08:08 807424 C:\WINNT\Installer\7419c3.msi
+ 2010-06-22 19:12:09 . 2010-06-22 19:12:10 372736 C:\WINNT\Installer\{7AB3A249-FB81-416B-917A-A2A10E74C503}\iTunesIco.exe
+ 2010-06-22 19:08:33 . 2010-04-19 18:47:44 3062048 C:\WINNT\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\usbaaplrc.dll
+ 2010-06-22 19:08:35 . 2010-04-19 18:29:22 1461992 C:\WINNT\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\wdfcoinstaller01009.dll
+ 2010-06-22 19:12:07 . 2010-06-22 19:12:10 4820480 C:\WINNT\Installer\7419e5.msi
+ 2010-06-22 19:09:27 . 2010-06-22 19:09:32 9472000 C:\WINNT\Installer\7419e1.msi
+ 2010-06-22 19:08:44 . 2010-06-22 19:08:46 1554944 C:\WINNT\Installer\7419da.msi
+ 2010-06-22 19:08:37 . 2010-06-22 19:08:38 3089408 C:\WINNT\Installer\7419d3.msi
+ 2010-06-22 19:08:14 . 2010-06-22 19:08:16 1984000 C:\WINNT\Installer\7419cc.msi
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-07-15 07:18:48 102400]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 12:28:38 1961984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-07-22 18:42:24 148888]
"nwiz"="nwiz.exe" [2002-07-30 21:50:00 372736]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [2001-07-09 09:50:42 155648]
"NPSStartup"="" [BU]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 21:20:50 57344]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 10:08:12 209153]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-03-18 20:16:10 421888]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-06-15 14:33:44 141624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINNT\system32\CTFMON.EXE" [2004-08-19 12:09:52 15360]
C:\Documents and Settings\All Users\Menu D'marrer\Programmes\D'marrage\
Pinnacle Scheduler.lnk - C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2009-5-2 237568]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\Java\\JRE6\\BIN\\javaw.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;C:\Program Files\Avira\AntiVir Desktop\sched.exe [24/04/2010 16:42:17 108289]
R2 FsUsbExService;FsUsbExService;C:\WINNT\system32\FsUsbExService.Exe [05/01/2010 15:09:24 233472]
R2 nvTUNEP;nVidia WDM TVTuner;C:\WINNT\system32\drivers\NVTUNEP.SYS [01/11/2009 21:08:44 15968]
R2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINNT\system32\drivers\NVTVSND.SYS [01/11/2009 21:08:44 45216]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINNT\system32\FsUsbExDisk.Sys [05/01/2010 15:09:24 36608]
R3 pctvvbi;PCTVVBI;C:\WINNT\system32\drivers\pctvvbi.sys [02/05/2009 11:35:50 6400]
S0 NVDual;NVDual;C:\WINNT\system32\DRIVERS\nvDual.sys --> C:\WINNT\system32\DRIVERS\nvDual.sys [?]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
uInternet Connection Wizard,ShellNext = hxxp://www.codecguide.com/
uInternet Settings,ProxyOverride = local;*.local
IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - C:\Documents and Settings\niko\Application Data\Mozilla\Firefox\Profiles\fdvdmexj.default\
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - trueC:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
Utilisateur anonyme
23 juin 2010 à 15:16
23 juin 2010 à 15:16
bonjour,
le rapport de combofix n'est pas complet !
peux tu le reposter STP ?
le rapport de combofix n'est pas complet !
peux tu le reposter STP ?
Utilisateur anonyme
Modifié par Electricien 69 le 23/06/2010 à 17:45
Modifié par Electricien 69 le 23/06/2010 à 17:45
il manque juste la fin du rapport, ouvre le et copie moi le retant du rapport, c'est important :-)
Utilisateur anonyme
23 juin 2010 à 20:44
23 juin 2010 à 20:44
relance combofix rénomé, puis laisse le travailler,
enregitre son rapport sur ton bureau, héberge son rapport sur cijoint, colle le lien fourni par cijount sur ton prochain message :-)
enregitre son rapport sur ton bureau, héberge son rapport sur cijoint, colle le lien fourni par cijount sur ton prochain message :-)
ComboFix 10-06-22.03 - niko 23/06/2010 21:28:21.5.1 - FAT32x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.511.295 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\niko\Mes documents\Téléchargements\zob.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-05-23 au 2010-06-23 ))))))))))))))))))))))))))))))))))))
.
2010-06-23 09:41:46 . 2010-06-23 09:41:46 -------- d-----w- C:\FOUND.000
2010-06-22 19:12:04 . 2010-06-22 19:12:06 -------- d-----w- C:\Documents and Settings\niko\Application Data\Apple Computer
2010-06-22 19:11:37 . 2008-04-17 10:12:54 107368 ----a-w- C:\WINNT\system32\GEARAspi.dll
2010-06-22 19:11:36 . 2009-05-18 11:17:00 26600 ----a-w- C:\WINNT\system32\drivers\GEARAspiWDM.sys
2010-06-22 19:10:28 . 2010-06-22 19:10:30 -------- d-----w- C:\Program Files\iPod
2010-06-22 19:10:13 . 2010-06-22 19:10:14 -------- d-----w- C:\Program Files\iTunes
2010-06-22 19:10:13 . 2010-06-22 19:10:14 -------- d-----w- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-22 19:09:00 . 2010-06-22 19:09:02 -------- d-----w- C:\Program Files\QuickTime
2010-06-22 19:08:58 . 2010-06-22 19:09:00 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-06-22 19:08:44 . 2010-06-22 19:08:46 -------- d-----w- C:\Documents and Settings\niko\Local Settings\Application Data\Apple
2010-06-22 19:08:40 . 2010-06-22 19:08:42 -------- d-----w- C:\Program Files\Apple Software Update
2010-06-22 19:08:10 . 2010-06-22 19:08:12 -------- d-----w- C:\Program Files\Bonjour
2010-06-22 19:07:54 . 2010-06-22 19:07:56 -------- d-----w- C:\Program Files\Fichiers communs\Apple
2010-06-22 19:07:54 . 2010-06-22 19:07:56 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Apple
2010-06-22 19:07:28 . 2010-06-22 19:07:30 -------- d-----w- C:\Documents and Settings\niko\Local Settings\Application Data\Apple Computer
2010-06-22 17:02:28 . 2010-06-22 17:02:28 -------- d-----w- C:\FOUND.005
2010-06-22 10:57:10 . 2010-06-22 10:57:12 -------- d-----w- C:\_OTM
2010-06-21 19:33:15 . 2010-06-21 19:33:16 863113 ----a-w- C:\UsbFix_Upload_Me_7315258013F3446.zip
2010-06-21 18:33:35 . 2010-06-21 18:33:36 -------- d-----w- C:\UsbFix
2010-06-21 17:05:45 . 2010-06-21 17:05:46 -------- d-----w- C:\Program Files\trend micro
2010-06-20 10:29:07 . 2010-04-29 13:39:38 38224 ----a-w- C:\WINNT\system32\drivers\mbamswissarmy.sys
2010-06-20 10:29:04 . 2010-06-20 10:29:06 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-20 10:29:04 . 2010-04-29 13:39:26 20952 ----a-w- C:\WINNT\system32\drivers\mbam.sys
2010-06-20 09:20:48 . 2010-06-20 09:20:50 -------- d-----w- C:\WINNT\system32\wbem\Repository
2010-06-17 09:30:40 . 2010-06-17 09:30:42 -------- d-----w- C:\MSNCleaner
2010-06-15 18:01:34 . 2010-06-15 18:01:34 72504 ----a-w- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-02 16:58:17 . 2010-06-02 16:58:18 -------- d-----w- C:\Program Files\JDownloader
2010-06-02 14:12:25 . 2010-06-02 14:12:26 -------- d-----w- C:\Program Files\Direct MIDI to MP3 Converter
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 14:35:16 . 2010-05-18 14:35:16 91424 ----a-w- C:\WINNT\system32\dnssd.dll
2010-05-18 14:35:16 . 2010-05-18 14:35:16 75040 ----a-w- C:\WINNT\system32\jdns_sd.dll
2010-05-18 14:35:16 . 2010-05-18 14:35:16 197920 ----a-w- C:\WINNT\system32\dnssdX.dll
2010-05-18 14:35:16 . 2010-05-18 14:35:16 107808 ----a-w- C:\WINNT\system32\dns-sd.exe
2010-05-05 14:37:00 . 2010-05-05 14:36:58 -------- d-----w- C:\Program Files\midi2mp3
2010-05-05 14:27:50 . 2010-05-05 14:27:48 -------- d-----w- C:\Program Files\Audacity
2010-03-29 09:37:36 . 2009-11-24 19:02:02 79488 ----a-w- C:\Documents and Settings\niko\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-06-22_16.24.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-23 09:42:35 . 2010-06-23 09:42:36 16384 C:\WINNT\Temp\Perflib_Perfdata_568.dat
+ 2010-06-22 19:08:33 . 2010-04-19 18:47:42 41984 C:\WINNT\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\usbaapl.sys
+ 2010-06-22 19:08:35 . 2010-04-19 18:29:20 18432 C:\WINNT\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\netaapl.sys
+ 2010-06-22 19:11:36 . 2009-05-18 11:17:00 26600 C:\WINNT\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
+ 2010-06-22 19:08:45 . 2010-06-22 19:08:46 27136 C:\WINNT\Installer\{C41300B9-185D-475E-BFEC-39EF732F19B1}\AppleSoftwareUpdateIco.exe
+ 2010-06-22 19:11:37 . 2008-04-17 10:12:54 107368 C:\WINNT\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
+ 2010-06-22 19:08:06 . 2010-06-22 19:08:08 807424 C:\WINNT\Installer\7419c3.msi
+ 2010-06-22 19:12:09 . 2010-06-22 19:12:10 372736 C:\WINNT\Installer\{7AB3A249-FB81-416B-917A-A2A10E74C503}\iTunesIco.exe
+ 2010-06-22 19:08:33 . 2010-04-19 18:47:44 3062048 C:\WINNT\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\usbaaplrc.dll
+ 2010-06-22 19:08:35 . 2010-04-19 18:29:22 1461992 C:\WINNT\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\wdfcoinstaller01009.dll
+ 2010-06-22 19:12:07 . 2010-06-22 19:12:10 4820480 C:\WINNT\Installer\7419e5.msi
+ 2010-06-22 19:09:27 . 2010-06-22 19:09:32 9472000 C:\WINNT\Installer\7419e1.msi
+ 2010-06-22 19:08:44 . 2010-06-22 19:08:46 1554944 C:\WINNT\Installer\7419da.msi
+ 2010-06-22 19:08:37 . 2010-06-22 19:08:38 3089408 C:\WINNT\Installer\7419d3.msi
+ 2010-06-22 19:08:14 . 2010-06-22 19:08:16 1984000 C:\WINNT\Installer\7419cc.msi
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-07-15 07:18:48 102400]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 12:28:38 1961984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-07-22 18:42:24 148888]
"nwiz"="nwiz.exe" [2002-07-30 21:50:00 372736]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [2001-07-09 09:50:42 155648]
"NPSStartup"="" [BU]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 21:20:50 57344]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 10:08:12 209153]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-03-18 20:16:10 421888]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-06-15 14:33:44 141624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINNT\system32\CTFMON.EXE" [2004-08-19 12:09:52 15360]
C:\Documents and Settings\All Users\Menu D'marrer\Programmes\D'marrage\
Pinnacle Scheduler.lnk - C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2009-5-2 237568]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\Java\\JRE6\\BIN\\javaw.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;C:\Program Files\Avira\AntiVir Desktop\sched.exe [24/04/2010 16:42:17 108289]
R2 FsUsbExService;FsUsbExService;C:\WINNT\system32\FsUsbExService.Exe [05/01/2010 15:09:24 233472]
R2 nvTUNEP;nVidia WDM TVTuner;C:\WINNT\system32\drivers\NVTUNEP.SYS [01/11/2009 21:08:44 15968]
R2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINNT\system32\drivers\NVTVSND.SYS [01/11/2009 21:08:44 45216]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINNT\system32\FsUsbExDisk.Sys [05/01/2010 15:09:24 36608]
R3 pctvvbi;PCTVVBI;C:\WINNT\system32\drivers\pctvvbi.sys [02/05/2009 11:35:50 6400]
S0 NVDual;NVDual;C:\WINNT\system32\DRIVERS\nvDual.sys --> C:\WINNT\system32\DRIVERS\nvDual.sys [?]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - FSUSBEXDISK
.
.
------- Examen supplémentaire -------
.
mWindow Title =
uInternet Connection Wizard,ShellNext = hxxp://www.codecguide.com/
uInternet Settings,ProxyOverride = local;*.local
IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - C:\Documents and Settings\niko\Application Data\Mozilla\Firefox\Profiles\fdvdmexj.default\
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - trueC:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.511.295 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\niko\Mes documents\Téléchargements\zob.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-05-23 au 2010-06-23 ))))))))))))))))))))))))))))))))))))
.
2010-06-23 09:41:46 . 2010-06-23 09:41:46 -------- d-----w- C:\FOUND.000
2010-06-22 19:12:04 . 2010-06-22 19:12:06 -------- d-----w- C:\Documents and Settings\niko\Application Data\Apple Computer
2010-06-22 19:11:37 . 2008-04-17 10:12:54 107368 ----a-w- C:\WINNT\system32\GEARAspi.dll
2010-06-22 19:11:36 . 2009-05-18 11:17:00 26600 ----a-w- C:\WINNT\system32\drivers\GEARAspiWDM.sys
2010-06-22 19:10:28 . 2010-06-22 19:10:30 -------- d-----w- C:\Program Files\iPod
2010-06-22 19:10:13 . 2010-06-22 19:10:14 -------- d-----w- C:\Program Files\iTunes
2010-06-22 19:10:13 . 2010-06-22 19:10:14 -------- d-----w- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-22 19:09:00 . 2010-06-22 19:09:02 -------- d-----w- C:\Program Files\QuickTime
2010-06-22 19:08:58 . 2010-06-22 19:09:00 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-06-22 19:08:44 . 2010-06-22 19:08:46 -------- d-----w- C:\Documents and Settings\niko\Local Settings\Application Data\Apple
2010-06-22 19:08:40 . 2010-06-22 19:08:42 -------- d-----w- C:\Program Files\Apple Software Update
2010-06-22 19:08:10 . 2010-06-22 19:08:12 -------- d-----w- C:\Program Files\Bonjour
2010-06-22 19:07:54 . 2010-06-22 19:07:56 -------- d-----w- C:\Program Files\Fichiers communs\Apple
2010-06-22 19:07:54 . 2010-06-22 19:07:56 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Apple
2010-06-22 19:07:28 . 2010-06-22 19:07:30 -------- d-----w- C:\Documents and Settings\niko\Local Settings\Application Data\Apple Computer
2010-06-22 17:02:28 . 2010-06-22 17:02:28 -------- d-----w- C:\FOUND.005
2010-06-22 10:57:10 . 2010-06-22 10:57:12 -------- d-----w- C:\_OTM
2010-06-21 19:33:15 . 2010-06-21 19:33:16 863113 ----a-w- C:\UsbFix_Upload_Me_7315258013F3446.zip
2010-06-21 18:33:35 . 2010-06-21 18:33:36 -------- d-----w- C:\UsbFix
2010-06-21 17:05:45 . 2010-06-21 17:05:46 -------- d-----w- C:\Program Files\trend micro
2010-06-20 10:29:07 . 2010-04-29 13:39:38 38224 ----a-w- C:\WINNT\system32\drivers\mbamswissarmy.sys
2010-06-20 10:29:04 . 2010-06-20 10:29:06 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-20 10:29:04 . 2010-04-29 13:39:26 20952 ----a-w- C:\WINNT\system32\drivers\mbam.sys
2010-06-20 09:20:48 . 2010-06-20 09:20:50 -------- d-----w- C:\WINNT\system32\wbem\Repository
2010-06-17 09:30:40 . 2010-06-17 09:30:42 -------- d-----w- C:\MSNCleaner
2010-06-15 18:01:34 . 2010-06-15 18:01:34 72504 ----a-w- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-02 16:58:17 . 2010-06-02 16:58:18 -------- d-----w- C:\Program Files\JDownloader
2010-06-02 14:12:25 . 2010-06-02 14:12:26 -------- d-----w- C:\Program Files\Direct MIDI to MP3 Converter
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 14:35:16 . 2010-05-18 14:35:16 91424 ----a-w- C:\WINNT\system32\dnssd.dll
2010-05-18 14:35:16 . 2010-05-18 14:35:16 75040 ----a-w- C:\WINNT\system32\jdns_sd.dll
2010-05-18 14:35:16 . 2010-05-18 14:35:16 197920 ----a-w- C:\WINNT\system32\dnssdX.dll
2010-05-18 14:35:16 . 2010-05-18 14:35:16 107808 ----a-w- C:\WINNT\system32\dns-sd.exe
2010-05-05 14:37:00 . 2010-05-05 14:36:58 -------- d-----w- C:\Program Files\midi2mp3
2010-05-05 14:27:50 . 2010-05-05 14:27:48 -------- d-----w- C:\Program Files\Audacity
2010-03-29 09:37:36 . 2009-11-24 19:02:02 79488 ----a-w- C:\Documents and Settings\niko\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-06-22_16.24.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-23 09:42:35 . 2010-06-23 09:42:36 16384 C:\WINNT\Temp\Perflib_Perfdata_568.dat
+ 2010-06-22 19:08:33 . 2010-04-19 18:47:42 41984 C:\WINNT\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\usbaapl.sys
+ 2010-06-22 19:08:35 . 2010-04-19 18:29:20 18432 C:\WINNT\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\netaapl.sys
+ 2010-06-22 19:11:36 . 2009-05-18 11:17:00 26600 C:\WINNT\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
+ 2010-06-22 19:08:45 . 2010-06-22 19:08:46 27136 C:\WINNT\Installer\{C41300B9-185D-475E-BFEC-39EF732F19B1}\AppleSoftwareUpdateIco.exe
+ 2010-06-22 19:11:37 . 2008-04-17 10:12:54 107368 C:\WINNT\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
+ 2010-06-22 19:08:06 . 2010-06-22 19:08:08 807424 C:\WINNT\Installer\7419c3.msi
+ 2010-06-22 19:12:09 . 2010-06-22 19:12:10 372736 C:\WINNT\Installer\{7AB3A249-FB81-416B-917A-A2A10E74C503}\iTunesIco.exe
+ 2010-06-22 19:08:33 . 2010-04-19 18:47:44 3062048 C:\WINNT\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\usbaaplrc.dll
+ 2010-06-22 19:08:35 . 2010-04-19 18:29:22 1461992 C:\WINNT\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\wdfcoinstaller01009.dll
+ 2010-06-22 19:12:07 . 2010-06-22 19:12:10 4820480 C:\WINNT\Installer\7419e5.msi
+ 2010-06-22 19:09:27 . 2010-06-22 19:09:32 9472000 C:\WINNT\Installer\7419e1.msi
+ 2010-06-22 19:08:44 . 2010-06-22 19:08:46 1554944 C:\WINNT\Installer\7419da.msi
+ 2010-06-22 19:08:37 . 2010-06-22 19:08:38 3089408 C:\WINNT\Installer\7419d3.msi
+ 2010-06-22 19:08:14 . 2010-06-22 19:08:16 1984000 C:\WINNT\Installer\7419cc.msi
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-07-15 07:18:48 102400]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-08-09 12:28:38 1961984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-07-22 18:42:24 148888]
"nwiz"="nwiz.exe" [2002-07-30 21:50:00 372736]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [2001-07-09 09:50:42 155648]
"NPSStartup"="" [BU]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 21:20:50 57344]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 10:08:12 209153]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-03-18 20:16:10 421888]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-06-15 14:33:44 141624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINNT\system32\CTFMON.EXE" [2004-08-19 12:09:52 15360]
C:\Documents and Settings\All Users\Menu D'marrer\Programmes\D'marrage\
Pinnacle Scheduler.lnk - C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2009-5-2 237568]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\Java\\JRE6\\BIN\\javaw.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;C:\Program Files\Avira\AntiVir Desktop\sched.exe [24/04/2010 16:42:17 108289]
R2 FsUsbExService;FsUsbExService;C:\WINNT\system32\FsUsbExService.Exe [05/01/2010 15:09:24 233472]
R2 nvTUNEP;nVidia WDM TVTuner;C:\WINNT\system32\drivers\NVTUNEP.SYS [01/11/2009 21:08:44 15968]
R2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINNT\system32\drivers\NVTVSND.SYS [01/11/2009 21:08:44 45216]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINNT\system32\FsUsbExDisk.Sys [05/01/2010 15:09:24 36608]
R3 pctvvbi;PCTVVBI;C:\WINNT\system32\drivers\pctvvbi.sys [02/05/2009 11:35:50 6400]
S0 NVDual;NVDual;C:\WINNT\system32\DRIVERS\nvDual.sys --> C:\WINNT\system32\DRIVERS\nvDual.sys [?]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - FSUSBEXDISK
.
.
------- Examen supplémentaire -------
.
mWindow Title =
uInternet Connection Wizard,ShellNext = hxxp://www.codecguide.com/
uInternet Settings,ProxyOverride = local;*.local
IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - C:\Documents and Settings\niko\Application Data\Mozilla\Firefox\Profiles\fdvdmexj.default\
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - trueC:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
