Antivir
Gelfar
Messages postés
52
Statut
Membre
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Voila mon soucis : je vien de télécharger Antivir/ avira et jai fait un scan mais plein de pages s'ouvre en me disant qu'il ya des virus mais kan je met supprimer et OK les pages s'ouvre tout de suite apré.
C'est normal ??
Cordialment
Voila mon soucis : je vien de télécharger Antivir/ avira et jai fait un scan mais plein de pages s'ouvre en me disant qu'il ya des virus mais kan je met supprimer et OK les pages s'ouvre tout de suite apré.
C'est normal ??
Cordialment
A voir également:
- Antivir
- Antivir - Télécharger - Antivirus & Antimalwares
- Avira Free Security - Télécharger - Antivirus & Antimalwares
- Aide probleme antispyware qui me fait buger.. - Forum Virus
- Fenetres intempestives souvrent avec "antivir - Forum Virus
- Avira antivir ✓ - Forum Antivirus
57 réponses
Logfile of random's system information tool 1.05 (written by random/random)
Run by moumou at 2009-01-06 22:52:20
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 119 GB (52%) free of 230 GB
Total RAM: 1022 MB (18% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:53:01, on 06/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\vVX3000.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\moumou\Downloads\RSIT.exe
C:\Program Files\trend micro\moumou.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: OFFICE One Startup v7.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Public\Pictures\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Public\Pictures\PartyPoker\RunApp.exe
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - https://www.epson.eu/support/
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin9.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Run by moumou at 2009-01-06 22:52:20
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 119 GB (52%) free of 230 GB
Total RAM: 1022 MB (18% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:53:01, on 06/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\vVX3000.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\moumou\Downloads\RSIT.exe
C:\Program Files\trend micro\moumou.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: OFFICE One Startup v7.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Public\Pictures\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Public\Pictures\PartyPoker\RunApp.exe
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - https://www.epson.eu/support/
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin9.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
tu as gardé norton??? il ne faut qu'un seul antivirus sur un ordi!
vire norton
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
ou alors antivir si tu paye norton
_________________
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
__________________
Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
/!\ Déconnectes toi et fermes toutes applications en cours
● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
vire norton
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
ou alors antivir si tu paye norton
_________________
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
__________________
Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
/!\ Déconnectes toi et fermes toutes applications en cours
● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : moumou ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:224 Go (Free:116 Go)
D:\ (USB)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 07/01/2009|12:53 )
[ UAC => 1 ]
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\AskSBar
C:\Program Files\AskSBar\bar
C:\Program Files\AskSBar\SrchAstt
C:\Program Files\AskSBar\bar\1.bin
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL
C:\Program Files\AskSBar\SrchAstt\1.bin
C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.google.com/?gws_rd=ssl"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
"Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?gws_rd=ssl"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
--------------------\\ Recherche d'autres infections
--------------------\\ ROOTKIT !!
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys]
--------------------\\ ROGUES ..
C:\Users\moumou\AppData\Roaming\VirusRemover2008
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\SecureExpertCleaner
C:\PROGRA~1\SecureExpertCleaner
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\SecureExpertCleaner
C:\PROGRA~1\SecureExpertCleaner
[ UAC => 1 ]
1 - "C:\ToolBar SD\TB_1.txt" - 07/01/2009|12:54 - Option : [1]
-----------\\ Fin du rapport a 12:54:09,66
Voila le raport
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : moumou ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:224 Go (Free:116 Go)
D:\ (USB)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 07/01/2009|12:53 )
[ UAC => 1 ]
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\AskSBar
C:\Program Files\AskSBar\bar
C:\Program Files\AskSBar\SrchAstt
C:\Program Files\AskSBar\bar\1.bin
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL
C:\Program Files\AskSBar\SrchAstt\1.bin
C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.google.com/?gws_rd=ssl"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
"Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?gws_rd=ssl"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
--------------------\\ Recherche d'autres infections
--------------------\\ ROOTKIT !!
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys]
--------------------\\ ROGUES ..
C:\Users\moumou\AppData\Roaming\VirusRemover2008
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\SecureExpertCleaner
C:\PROGRA~1\SecureExpertCleaner
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\SecureExpertCleaner
C:\PROGRA~1\SecureExpertCleaner
[ UAC => 1 ]
1 - "C:\ToolBar SD\TB_1.txt" - 07/01/2009|12:54 - Option : [1]
-----------\\ Fin du rapport a 12:54:09,66
Voila le raport
Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau . Ce lien est une erreur .... il me dise que c'est erreure
refais tools bar sd puis choisi l'option 2 et colle le rapport
ensuite pour ad remover ici
http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
ensuite pour ad remover ici
http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : moumou ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:224 Go (Free:116 Go)
D:\ (USB)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 07/01/2009|13:20 )
[ UAC => 1 ]
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\AskSBar\bar
Supprime! - C:\Program Files\AskSBar\SrchAstt
Supprime! - C:\Program Files\AskSBar
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.google.com/?gws_rd=ssl"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
"Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
--------------------\\ Recherche d'autres infections
--------------------\\ ROOTKIT !!
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys]
--------------------\\ ROGUES ..
C:\Users\moumou\AppData\Roaming\VirusRemover2008
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\SecureExpertCleaner
C:\PROGRA~1\SecureExpertCleaner
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\SecureExpertCleaner
C:\PROGRA~1\SecureExpertCleaner
[ UAC => 1 ]
1 - "C:\ToolBar SD\TB_1.txt" - 07/01/2009|12:54 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 07/01/2009|13:21 - Option : [2]
-----------\\ Fin du rapport a 13:21:31,93
Option 2 : supprimer
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : moumou ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:224 Go (Free:116 Go)
D:\ (USB)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 07/01/2009|13:20 )
[ UAC => 1 ]
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\AskSBar\bar
Supprime! - C:\Program Files\AskSBar\SrchAstt
Supprime! - C:\Program Files\AskSBar
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.google.com/?gws_rd=ssl"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
"Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
--------------------\\ Recherche d'autres infections
--------------------\\ ROOTKIT !!
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys]
--------------------\\ ROGUES ..
C:\Users\moumou\AppData\Roaming\VirusRemover2008
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\SecureExpertCleaner
C:\PROGRA~1\SecureExpertCleaner
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\SecureExpertCleaner
C:\PROGRA~1\SecureExpertCleaner
[ UAC => 1 ]
1 - "C:\ToolBar SD\TB_1.txt" - 07/01/2009|12:54 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 07/01/2009|13:21 - Option : [2]
-----------\\ Fin du rapport a 13:21:31,93
Option 2 : supprimer
télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)
:processus
explorer.exe
:services
TDSSserv
:reg
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys]
:files
C:\Users\moumou\AppData\Roaming\VirusRemover2008
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\SecureExpertCleaner
C:\PROGRA~1\SecureExpertCleaner
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\SecureExpertCleaner
C:\PROGRA~1\SecureExpertCleaner
:commands
[purity]
[emptytemp]
[start explorer]
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
_______________
scan avec malwarebyte après mise a jour et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)
:processus
explorer.exe
:services
TDSSserv
:reg
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys]
:files
C:\Users\moumou\AppData\Roaming\VirusRemover2008
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\SecureExpertCleaner
C:\PROGRA~1\SecureExpertCleaner
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\SecureExpertCleaner
C:\PROGRA~1\SecureExpertCleaner
:commands
[purity]
[emptytemp]
[start explorer]
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
_______________
scan avec malwarebyte après mise a jour et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Error: Unable to interpret <processus > in the current context!
Error: Unable to interpret <explorer.exe > in the current context!
========== SERVICES/DRIVERS ==========
Unable to stop service TDSSserv .
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS\\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys\\ not found.
========== FILES ==========
C:\Users\moumou\AppData\Roaming\VirusRemover2008\Logs moved successfully.
C:\Users\moumou\AppData\Roaming\VirusRemover2008 moved successfully.
File/Folder C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\SecureExpertCleaner not found.
Folder move failed. C:\PROGRA~1\SecureExpertCleaner\Microsoft.VC80.CRT scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\SecureExpertCleaner\Download scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\SecureExpertCleaner scheduled to be moved on reboot.
File/Folder C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\SecureExpertCleaner not found.
Folder move failed. C:\PROGRA~1\SecureExpertCleaner\Microsoft.VC80.CRT scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\SecureExpertCleaner\Download scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\SecureExpertCleaner scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\Users\moumou\AppData\Local\Temp\IadHide4.dll scheduled to be deleted on reboot.
File delete failed. C:\Users\moumou\AppData\Local\Temp\~DF4F8F.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\moumou\AppData\Local\Temp\~DF4F98.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\moumou\AppData\Local\Temp\~DF5871.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\moumou\AppData\Local\Temp\~DF58F1.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01072009_135512
Files moved on Reboot...
Folder move failed. C:\PROGRA~1\SecureExpertCleaner\Microsoft.VC80.CRT scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\SecureExpertCleaner\Download scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\SecureExpertCleaner\Microsoft.VC80.CRT scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\SecureExpertCleaner\Download scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\SecureExpertCleaner scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Users\moumou\AppData\Local\Temp\IadHide4.dll
C:\Users\moumou\AppData\Local\Temp\IadHide4.dll NOT unregistered.
C:\Users\moumou\AppData\Local\Temp\IadHide4.dll moved successfully.
File C:\Users\moumou\AppData\Local\Temp\~DF4F8F.tmp not found!
File C:\Users\moumou\AppData\Local\Temp\~DF4F98.tmp not found!
File C:\Users\moumou\AppData\Local\Temp\~DF5871.tmp not found!
File C:\Users\moumou\AppData\Local\Temp\~DF58F1.tmp not found!
Error: Unable to interpret <explorer.exe > in the current context!
========== SERVICES/DRIVERS ==========
Unable to stop service TDSSserv .
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS\\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys\\ not found.
========== FILES ==========
C:\Users\moumou\AppData\Roaming\VirusRemover2008\Logs moved successfully.
C:\Users\moumou\AppData\Roaming\VirusRemover2008 moved successfully.
File/Folder C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\SecureExpertCleaner not found.
Folder move failed. C:\PROGRA~1\SecureExpertCleaner\Microsoft.VC80.CRT scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\SecureExpertCleaner\Download scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\SecureExpertCleaner scheduled to be moved on reboot.
File/Folder C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\SecureExpertCleaner not found.
Folder move failed. C:\PROGRA~1\SecureExpertCleaner\Microsoft.VC80.CRT scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\SecureExpertCleaner\Download scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\SecureExpertCleaner scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\Users\moumou\AppData\Local\Temp\IadHide4.dll scheduled to be deleted on reboot.
File delete failed. C:\Users\moumou\AppData\Local\Temp\~DF4F8F.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\moumou\AppData\Local\Temp\~DF4F98.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\moumou\AppData\Local\Temp\~DF5871.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\moumou\AppData\Local\Temp\~DF58F1.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01072009_135512
Files moved on Reboot...
Folder move failed. C:\PROGRA~1\SecureExpertCleaner\Microsoft.VC80.CRT scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\SecureExpertCleaner\Download scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\SecureExpertCleaner\Microsoft.VC80.CRT scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\SecureExpertCleaner\Download scheduled to be moved on reboot.
Folder move failed. C:\PROGRA~1\SecureExpertCleaner scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Users\moumou\AppData\Local\Temp\IadHide4.dll
C:\Users\moumou\AppData\Local\Temp\IadHide4.dll NOT unregistered.
C:\Users\moumou\AppData\Local\Temp\IadHide4.dll moved successfully.
File C:\Users\moumou\AppData\Local\Temp\~DF4F8F.tmp not found!
File C:\Users\moumou\AppData\Local\Temp\~DF4F98.tmp not found!
File C:\Users\moumou\AppData\Local\Temp\~DF5871.tmp not found!
File C:\Users\moumou\AppData\Local\Temp\~DF58F1.tmp not found!
Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\Users\moumou\AppData\Roaming\VirusRemover2008
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\SecureExpertCleaner
C:\PROGRA~1\SecureExpertCleaner
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\SecureExpertCleaner
C:\PROGRA~1\SecureExpertCleaner
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys]
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\Users\moumou\AppData\Roaming\VirusRemover2008
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\SecureExpertCleaner
C:\PROGRA~1\SecureExpertCleaner
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\SecureExpertCleaner
C:\PROGRA~1\SecureExpertCleaner
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys]
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
ComboFix 09-01-07.01 - moumou 2009-01-07 20:29:56.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1022.210 [GMT 1:00]
Lancé depuis: c:\users\moumou\Downloads\ComboFix.exe
Commutateurs utilisés :: c:\users\moumou\Desktop\CFscript.docx
* Un nouveau point de restauration a été créé
* Resident AV is active
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-07 au 2009-01-07 ))))))))))))))))))))))))))))))))))))
.
2009-01-07 14:03 . 2009-01-07 14:03 <REP> d-------- c:\users\moumou\AppData\Roaming\Malwarebytes
2009-01-07 14:02 . 2009-01-07 14:02 <REP> d-------- c:\users\All Users\Malwarebytes
2009-01-07 14:02 . 2009-01-07 14:02 <REP> d-------- c:\programdata\Malwarebytes
2009-01-07 14:02 . 2009-01-07 14:03 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-07 14:02 . 2009-01-04 18:38 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-07 14:02 . 2009-01-04 18:38 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-07 13:55 . 2009-01-07 13:55 <REP> d-------- C:\_OTMoveIt
2009-01-07 13:25 . 2009-01-07 13:25 <REP> d-------- c:\program files\Ad-remover
2009-01-07 12:52 . 2009-01-07 13:21 <REP> d-------- C:\ToolBar SD
2009-01-06 19:40 . 2009-01-06 22:52 <REP> d-------- c:\program files\trend micro
2009-01-06 19:39 . 2009-01-06 19:41 <REP> d-------- C:\rsit
2009-01-04 19:17 . 2009-01-04 19:17 165,376 --a------ c:\users\moumou\muQGKTEOA.exe
2009-01-04 19:11 . 2009-01-04 19:11 325,120 --a------ c:\users\moumou\2GDyUgpMZu.exe
2009-01-04 17:10 . 2009-01-04 17:10 <REP> d-------- c:\users\All Users\Avira
2009-01-04 17:10 . 2009-01-04 17:10 <REP> d-------- c:\programdata\Avira
2009-01-04 17:10 . 2009-01-04 17:10 <REP> d-------- c:\program files\Avira
2008-12-31 11:56 . 2008-12-31 11:54 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-29 22:46 . 2009-01-04 17:30 <REP> d-------- c:\users\moumou\AppData\Roaming\Twain
2008-12-29 02:24 . 2008-12-29 02:24 <REP> d-------- c:\windows\System32\R
2008-12-29 02:24 . 2008-12-29 02:24 2 --a------ C:\753337677
2008-12-29 02:23 . 2009-01-06 20:14 <REP> d-------- c:\windows\System32\whSLD02
2008-12-29 02:23 . 2008-12-29 02:24 <REP> d-------- c:\temp\REX81
2008-12-29 02:23 . 2009-01-06 21:50 <REP> d-------- C:\Temp
2008-12-26 19:41 . 2008-12-26 19:41 <REP> d-------- c:\users\All Users\Yahoo! Companion
2008-12-26 19:41 . 2008-12-26 19:41 <REP> d-------- c:\programdata\Yahoo! Companion
2008-12-26 15:37 . 2008-12-26 15:44 <REP> d-------- c:\program files\Veoh Networks
2008-12-21 12:50 . 2008-12-21 12:50 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-12-17 12:01 . 2008-12-21 10:55 <REP> d--h----- c:\windows\msdownld.tmp
2008-12-17 00:02 . 2008-12-17 00:02 <REP> d-------- c:\program files\Microsoft Silverlight
2008-12-11 15:51 . 2008-12-11 15:51 <REP> d-------- c:\program files\Alwil Software
2008-12-11 15:34 . 2008-12-11 15:34 <REP> d-------- c:\users\moumou\AppData\Roaming\PeerNetworking
2008-12-10 18:08 . 2008-12-10 18:08 16 --a------ c:\windows\System32\coh.cache
2008-12-10 12:56 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-10 11:31 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-10 11:31 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-10 11:31 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-10 11:30 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe
2008-12-10 11:30 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-10 11:30 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-10 11:30 . 2008-10-16 05:47 827,392 --a------ c:\windows\System32\wininet.dll
2008-12-10 11:30 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-09 22:45 . 2008-12-10 12:07 <REP> d-------- C:\vcs5BGEffects
2008-12-09 22:44 . 2008-12-09 22:48 <REP> d-------- C:\vcs5core
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 11:46 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-04 16:31 --------- d-----w c:\program files\SecureExpertCleaner
2009-01-03 15:26 --------- d-----w c:\users\moumou\AppData\Roaming\Skype
2008-12-31 10:53 --------- d-----w c:\program files\Java
2008-12-29 22:05 --------- d-----w c:\users\moumou\AppData\Roaming\FrostWire
2008-12-27 20:39 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-26 14:47 --------- d-----w c:\program files\Yahoo!
2008-12-21 09:55 --------- d-----w c:\program files\Google
2008-12-17 12:39 --------- d---a-w c:\programdata\TEMP
2008-12-16 22:55 --------- d-----w c:\programdata\NVIDIA
2008-12-14 17:00 --------- d-----w c:\program files\Norton Security Scan
2008-12-10 21:52 --------- d-----w c:\program files\MUSICMATCH
2008-12-10 12:01 --------- d-----w c:\program files\Windows Mail
2008-12-10 11:59 --------- d-----w c:\programdata\Microsoft Help
2008-12-09 20:54 --------- d-----w c:\users\moumou\AppData\Roaming\vlc
2008-12-05 20:08 81,920 ------r c:\windows\bwUnin-6.1.4.61-8876480L.exe
2008-12-05 20:08 --------- d-----w c:\program files\Logitech
2008-12-05 20:06 28,256 ----a-w c:\windows\system32\drivers\MxlW2k.sys
2008-12-05 19:56 --------- d-----w c:\program files\Common Files\Logitech
2008-12-04 23:20 --------- d-----w c:\program files\adslTV
2008-12-01 13:27 --------- d-----w c:\program files\DivX
2008-11-20 18:20 --------- d-----w c:\program files\Microsoft LifeCam
2008-11-16 13:03 --------- d-----w c:\program files\MSECache
2008-11-10 23:37 --------- d-----w c:\program files\Steam
2008-11-10 15:04 --------- d-----w c:\program files\Common Files\Steam
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-06-16 16:34 174 --sha-w c:\program files\desktop.ini
2008-04-04 09:53 147,456 ----a-w c:\users\moumou\vbzip10.dll
2008-06-02 10:33 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-02 10:33 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-02 10:33 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((( snapshot@2009-01-06_21.58.15,33 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-06 15:56:45 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-01-07 19:10:02 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-01-06 15:56:45 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-01-07 19:10:02 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-01-06 20:56:57 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-01-07 19:26:36 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-01-07 19:26:36 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-01-06 20:56:50 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-01-07 19:12:56 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-01-07 19:12:56 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-01-06 16:20:36 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-07 19:12:19 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-06 16:20:36 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-07 19:12:19 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-06 16:20:36 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-07 19:12:19 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-06 20:49:07 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-01-07 19:28:21 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-01-07 19:28:21 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2009-01-06 15:59:41 11,926 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4073989499-1215347695-4157578253-1002_UserData.bin
+ 2009-01-07 19:12:16 12,006 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4073989499-1215347695-4157578253-1002_UserData.bin
- 2009-01-06 15:59:39 68,750 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-07 19:12:16 68,902 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-01-06 15:59:07 84,648 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-07 12:59:29 85,438 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 1092152]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Neuf Media Center"="c:\program files\Neuf\Media Center\MediaCenter.exe" [2007-10-15 1025264]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-12-05 16384]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-12-16 3528440]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-05-15 3644464]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-31 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2003-12-01 892928]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 c:\windows\RtHDVCpl.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 c:\windows\LOGI_MWX.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-12-05 169472]
OFFICE One Startup v7.lnk - c:\program files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe [2007-01-17 713728]
Outil de mise … jour Google.lnk - c:\program files\Google\Google Updater\GoogleUpdater.exe [2007-07-04 124912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{8EC4C8BA-F475-4DDD-8D02-DCAD76551D8F}c:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{DB3F2C3E-3C2F-48A7-8C8C-3F254A61F663}c:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"{C6AB9EE6-BFE1-4F6C-804E-20C1566101A2}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{834ABA85-0223-4A54-BEAE-1C5C902FFBCD}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"TCP Query User{CDDB00FA-EC3E-44E3-BF1A-3EF05FF262E7}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{785F4FE4-A77B-4A31-AE71-4A9732DC6E01}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{8D0BC55A-40FD-4DD2-912E-42633E517B5D}"= UDP:c:\program files\Neuf\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player Neuf Cegetel)
"{CE72642D-19FC-4BC5-9FB8-F4476742C6C8}"= TCP:c:\program files\Neuf\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player Neuf Cegetel)
"TCP Query User{A0CFCBEA-9B2B-44D8-BF24-0624123DF50F}c:\\program files\\live-player\\live-player.exe"= UDP:c:\program files\live-player\live-player.exe:Live-Player
"UDP Query User{6971A278-7140-4F39-9160-6D2AC00BCFC6}c:\\program files\\live-player\\live-player.exe"= TCP:c:\program files\live-player\live-player.exe:Live-Player
"TCP Query User{C8DEFCC7-2113-456E-AE80-9ADA237B5155}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\backweb-8876480.exe"= UDP:c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe:backWeb-8876480
"UDP Query User{0E28C5D7-91BC-49B1-BE83-8EE8D53B6ECC}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\backweb-8876480.exe"= TCP:c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe:backWeb-8876480
"TCP Query User{A7421F1A-AAF1-4924-96FC-8095541EA9C0}c:\\program files\\frostwire\\frostwire.exe"= UDP:c:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{F1EC980F-978B-485F-84BB-9DDFFFEFEB39}c:\\program files\\frostwire\\frostwire.exe"= TCP:c:\program files\frostwire\frostwire.exe:FrostWire
"TCP Query User{54818B88-F092-4E99-AB20-CC443F5E8D51}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Packard Bell - Skype
"UDP Query User{EF185D52-9E34-4880-BF88-FC45D78A820D}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Packard Bell - Skype
"TCP Query User{AACB4816-0E2E-412B-891E-EF22AAAF908E}c:\\program files\\microsoft lifecam\\lifecam.exe"= UDP:c:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
"UDP Query User{3865A8F2-296A-489A-BD09-5156C8A1EDE9}c:\\program files\\microsoft lifecam\\lifecam.exe"= TCP:c:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
"{346E6DA5-FA3B-4FC3-AB93-9392160E3D8A}"= UDP:c:\users\moumou\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{3C7865B5-AD1B-457B-BBF5-AEFBF87F0BA6}"= TCP:c:\users\moumou\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [2007-04-03 1131136]
R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [2007-01-17 13976]
S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\System32\drivers\3xHybrid.sys [2007-01-18 816512]
--- Other Services/Drivers In Memory ---
*Deregistered* - MBAMSwissArmy
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\AutoRun\command - J:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20f961f5-2c9a-11dd-818e-00038a000015}]
\shell\AutoRun\command - J:\LaunchU3.exe
.
Contenu du dossier 'Tâches planifiées'
2009-01-07 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-11-21 17:38]
2009-01-07 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2006-11-21 17:34]
2007-12-09 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com
mWindow Title =
uInternet Settings,ProxyOverride = *.local;localhost
FF - ProfilePath - c:\users\moumou\AppData\Roaming\Mozilla\Firefox\Profiles\5tzfkijj.default\
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("network.protocol-handler.warn-external.veoh", false);
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 20:35:02
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(2708)
c:\users\moumou\AppData\Local\Temp\IadHide4.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
.
Heure de fin: 2009-01-07 20:38:39
ComboFix-quarantined-files.txt 2009-01-07 19:38:35
ComboFix2.txt 2009-01-06 20:59:58
Avant-CF: 124,035,801,088 octets libres
Après-CF: 123,996,307,456 octets libres
238 --- E O F --- 2009-01-06 16:05:39
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1022.210 [GMT 1:00]
Lancé depuis: c:\users\moumou\Downloads\ComboFix.exe
Commutateurs utilisés :: c:\users\moumou\Desktop\CFscript.docx
* Un nouveau point de restauration a été créé
* Resident AV is active
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-07 au 2009-01-07 ))))))))))))))))))))))))))))))))))))
.
2009-01-07 14:03 . 2009-01-07 14:03 <REP> d-------- c:\users\moumou\AppData\Roaming\Malwarebytes
2009-01-07 14:02 . 2009-01-07 14:02 <REP> d-------- c:\users\All Users\Malwarebytes
2009-01-07 14:02 . 2009-01-07 14:02 <REP> d-------- c:\programdata\Malwarebytes
2009-01-07 14:02 . 2009-01-07 14:03 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-07 14:02 . 2009-01-04 18:38 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-07 14:02 . 2009-01-04 18:38 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-07 13:55 . 2009-01-07 13:55 <REP> d-------- C:\_OTMoveIt
2009-01-07 13:25 . 2009-01-07 13:25 <REP> d-------- c:\program files\Ad-remover
2009-01-07 12:52 . 2009-01-07 13:21 <REP> d-------- C:\ToolBar SD
2009-01-06 19:40 . 2009-01-06 22:52 <REP> d-------- c:\program files\trend micro
2009-01-06 19:39 . 2009-01-06 19:41 <REP> d-------- C:\rsit
2009-01-04 19:17 . 2009-01-04 19:17 165,376 --a------ c:\users\moumou\muQGKTEOA.exe
2009-01-04 19:11 . 2009-01-04 19:11 325,120 --a------ c:\users\moumou\2GDyUgpMZu.exe
2009-01-04 17:10 . 2009-01-04 17:10 <REP> d-------- c:\users\All Users\Avira
2009-01-04 17:10 . 2009-01-04 17:10 <REP> d-------- c:\programdata\Avira
2009-01-04 17:10 . 2009-01-04 17:10 <REP> d-------- c:\program files\Avira
2008-12-31 11:56 . 2008-12-31 11:54 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-29 22:46 . 2009-01-04 17:30 <REP> d-------- c:\users\moumou\AppData\Roaming\Twain
2008-12-29 02:24 . 2008-12-29 02:24 <REP> d-------- c:\windows\System32\R
2008-12-29 02:24 . 2008-12-29 02:24 2 --a------ C:\753337677
2008-12-29 02:23 . 2009-01-06 20:14 <REP> d-------- c:\windows\System32\whSLD02
2008-12-29 02:23 . 2008-12-29 02:24 <REP> d-------- c:\temp\REX81
2008-12-29 02:23 . 2009-01-06 21:50 <REP> d-------- C:\Temp
2008-12-26 19:41 . 2008-12-26 19:41 <REP> d-------- c:\users\All Users\Yahoo! Companion
2008-12-26 19:41 . 2008-12-26 19:41 <REP> d-------- c:\programdata\Yahoo! Companion
2008-12-26 15:37 . 2008-12-26 15:44 <REP> d-------- c:\program files\Veoh Networks
2008-12-21 12:50 . 2008-12-21 12:50 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-12-17 12:01 . 2008-12-21 10:55 <REP> d--h----- c:\windows\msdownld.tmp
2008-12-17 00:02 . 2008-12-17 00:02 <REP> d-------- c:\program files\Microsoft Silverlight
2008-12-11 15:51 . 2008-12-11 15:51 <REP> d-------- c:\program files\Alwil Software
2008-12-11 15:34 . 2008-12-11 15:34 <REP> d-------- c:\users\moumou\AppData\Roaming\PeerNetworking
2008-12-10 18:08 . 2008-12-10 18:08 16 --a------ c:\windows\System32\coh.cache
2008-12-10 12:56 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-10 11:31 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-10 11:31 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-10 11:31 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-10 11:30 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe
2008-12-10 11:30 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-10 11:30 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-10 11:30 . 2008-10-16 05:47 827,392 --a------ c:\windows\System32\wininet.dll
2008-12-10 11:30 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-09 22:45 . 2008-12-10 12:07 <REP> d-------- C:\vcs5BGEffects
2008-12-09 22:44 . 2008-12-09 22:48 <REP> d-------- C:\vcs5core
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 11:46 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-04 16:31 --------- d-----w c:\program files\SecureExpertCleaner
2009-01-03 15:26 --------- d-----w c:\users\moumou\AppData\Roaming\Skype
2008-12-31 10:53 --------- d-----w c:\program files\Java
2008-12-29 22:05 --------- d-----w c:\users\moumou\AppData\Roaming\FrostWire
2008-12-27 20:39 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-26 14:47 --------- d-----w c:\program files\Yahoo!
2008-12-21 09:55 --------- d-----w c:\program files\Google
2008-12-17 12:39 --------- d---a-w c:\programdata\TEMP
2008-12-16 22:55 --------- d-----w c:\programdata\NVIDIA
2008-12-14 17:00 --------- d-----w c:\program files\Norton Security Scan
2008-12-10 21:52 --------- d-----w c:\program files\MUSICMATCH
2008-12-10 12:01 --------- d-----w c:\program files\Windows Mail
2008-12-10 11:59 --------- d-----w c:\programdata\Microsoft Help
2008-12-09 20:54 --------- d-----w c:\users\moumou\AppData\Roaming\vlc
2008-12-05 20:08 81,920 ------r c:\windows\bwUnin-6.1.4.61-8876480L.exe
2008-12-05 20:08 --------- d-----w c:\program files\Logitech
2008-12-05 20:06 28,256 ----a-w c:\windows\system32\drivers\MxlW2k.sys
2008-12-05 19:56 --------- d-----w c:\program files\Common Files\Logitech
2008-12-04 23:20 --------- d-----w c:\program files\adslTV
2008-12-01 13:27 --------- d-----w c:\program files\DivX
2008-11-20 18:20 --------- d-----w c:\program files\Microsoft LifeCam
2008-11-16 13:03 --------- d-----w c:\program files\MSECache
2008-11-10 23:37 --------- d-----w c:\program files\Steam
2008-11-10 15:04 --------- d-----w c:\program files\Common Files\Steam
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-06-16 16:34 174 --sha-w c:\program files\desktop.ini
2008-04-04 09:53 147,456 ----a-w c:\users\moumou\vbzip10.dll
2008-06-02 10:33 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-02 10:33 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-02 10:33 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((( snapshot@2009-01-06_21.58.15,33 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-06 15:56:45 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-01-07 19:10:02 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-01-06 15:56:45 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-01-07 19:10:02 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-01-06 20:56:57 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-01-07 19:26:36 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-01-07 19:26:36 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-01-06 20:56:50 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-01-07 19:12:56 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-01-07 19:12:56 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-01-06 16:20:36 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-07 19:12:19 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-06 16:20:36 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-07 19:12:19 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-06 16:20:36 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-07 19:12:19 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-06 20:49:07 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-01-07 19:28:21 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-01-07 19:28:21 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2009-01-06 15:59:41 11,926 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4073989499-1215347695-4157578253-1002_UserData.bin
+ 2009-01-07 19:12:16 12,006 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4073989499-1215347695-4157578253-1002_UserData.bin
- 2009-01-06 15:59:39 68,750 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-07 19:12:16 68,902 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-01-06 15:59:07 84,648 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-07 12:59:29 85,438 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 1092152]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Neuf Media Center"="c:\program files\Neuf\Media Center\MediaCenter.exe" [2007-10-15 1025264]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-12-05 16384]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-12-16 3528440]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-05-15 3644464]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-31 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2003-12-01 892928]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 c:\windows\RtHDVCpl.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 c:\windows\LOGI_MWX.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-12-05 169472]
OFFICE One Startup v7.lnk - c:\program files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe [2007-01-17 713728]
Outil de mise … jour Google.lnk - c:\program files\Google\Google Updater\GoogleUpdater.exe [2007-07-04 124912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{8EC4C8BA-F475-4DDD-8D02-DCAD76551D8F}c:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{DB3F2C3E-3C2F-48A7-8C8C-3F254A61F663}c:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"{C6AB9EE6-BFE1-4F6C-804E-20C1566101A2}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{834ABA85-0223-4A54-BEAE-1C5C902FFBCD}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"TCP Query User{CDDB00FA-EC3E-44E3-BF1A-3EF05FF262E7}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{785F4FE4-A77B-4A31-AE71-4A9732DC6E01}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{8D0BC55A-40FD-4DD2-912E-42633E517B5D}"= UDP:c:\program files\Neuf\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player Neuf Cegetel)
"{CE72642D-19FC-4BC5-9FB8-F4476742C6C8}"= TCP:c:\program files\Neuf\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player Neuf Cegetel)
"TCP Query User{A0CFCBEA-9B2B-44D8-BF24-0624123DF50F}c:\\program files\\live-player\\live-player.exe"= UDP:c:\program files\live-player\live-player.exe:Live-Player
"UDP Query User{6971A278-7140-4F39-9160-6D2AC00BCFC6}c:\\program files\\live-player\\live-player.exe"= TCP:c:\program files\live-player\live-player.exe:Live-Player
"TCP Query User{C8DEFCC7-2113-456E-AE80-9ADA237B5155}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\backweb-8876480.exe"= UDP:c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe:backWeb-8876480
"UDP Query User{0E28C5D7-91BC-49B1-BE83-8EE8D53B6ECC}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\backweb-8876480.exe"= TCP:c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe:backWeb-8876480
"TCP Query User{A7421F1A-AAF1-4924-96FC-8095541EA9C0}c:\\program files\\frostwire\\frostwire.exe"= UDP:c:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{F1EC980F-978B-485F-84BB-9DDFFFEFEB39}c:\\program files\\frostwire\\frostwire.exe"= TCP:c:\program files\frostwire\frostwire.exe:FrostWire
"TCP Query User{54818B88-F092-4E99-AB20-CC443F5E8D51}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Packard Bell - Skype
"UDP Query User{EF185D52-9E34-4880-BF88-FC45D78A820D}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Packard Bell - Skype
"TCP Query User{AACB4816-0E2E-412B-891E-EF22AAAF908E}c:\\program files\\microsoft lifecam\\lifecam.exe"= UDP:c:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
"UDP Query User{3865A8F2-296A-489A-BD09-5156C8A1EDE9}c:\\program files\\microsoft lifecam\\lifecam.exe"= TCP:c:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
"{346E6DA5-FA3B-4FC3-AB93-9392160E3D8A}"= UDP:c:\users\moumou\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{3C7865B5-AD1B-457B-BBF5-AEFBF87F0BA6}"= TCP:c:\users\moumou\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [2007-04-03 1131136]
R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [2007-01-17 13976]
S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\System32\drivers\3xHybrid.sys [2007-01-18 816512]
--- Other Services/Drivers In Memory ---
*Deregistered* - MBAMSwissArmy
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\AutoRun\command - J:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20f961f5-2c9a-11dd-818e-00038a000015}]
\shell\AutoRun\command - J:\LaunchU3.exe
.
Contenu du dossier 'Tâches planifiées'
2009-01-07 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-11-21 17:38]
2009-01-07 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2006-11-21 17:34]
2007-12-09 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com
mWindow Title =
uInternet Settings,ProxyOverride = *.local;localhost
FF - ProfilePath - c:\users\moumou\AppData\Roaming\Mozilla\Firefox\Profiles\5tzfkijj.default\
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("network.protocol-handler.warn-external.veoh", false);
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 20:35:02
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(2708)
c:\users\moumou\AppData\Local\Temp\IadHide4.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
.
Heure de fin: 2009-01-07 20:38:39
ComboFix-quarantined-files.txt 2009-01-07 19:38:35
ComboFix2.txt 2009-01-06 20:59:58
Avant-CF: 124,035,801,088 octets libres
Après-CF: 123,996,307,456 octets libres
238 --- E O F --- 2009-01-06 16:05:39
Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1627
Windows 6.0.6001 Service Pack 1
07/01/2009 21:53:53
mbam-log-2009-01-07 (21-53-47).txt
Type de recherche: Examen rapide
Eléments examinés: 51378
Temps écoulé: 5 minute(s), 45 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 17
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3p_usecfr_is1 (Rogue.SecureExpertCleaner) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Casino King (Adware.Casino) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Casino King (Adware.Casino) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\xdsfass (Trojan.FakeAlert) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\SecureExpertCleaner (Rogue.SecureExpertCleaner) -> No action taken.
C:\Program Files\SecureExpertCleaner\Download (Rogue.SecureExpertCleaner) -> No action taken.
C:\Program Files\SecureExpertCleaner\Microsoft.VC80.CRT (Rogue.SecureExpertCleaner) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SecureExpertCleaner (Rogue.SecureExpertCleaner) -> No action taken.
C:\ProgramData\SEC (Rogue.SecureExpertCleaner) -> No action taken.
Fichier(s) infecté(s):
C:\Windows\System32\WhoisCL.exe (Adware.BHO) -> No action taken.
C:\Program Files\SecureExpertCleaner\base.dat (Rogue.SecureExpertCleaner) -> No action taken.
C:\Program Files\SecureExpertCleaner\mfc80.dll (Rogue.SecureExpertCleaner) -> No action taken.
C:\Program Files\SecureExpertCleaner\Microsoft.VC80.MFC.manifest (Rogue.SecureExpertCleaner) -> No action taken.
C:\Program Files\SecureExpertCleaner\SEC.ico (Rogue.SecureExpertCleaner) -> No action taken.
C:\Program Files\SecureExpertCleaner\SEC.xml (Rogue.SecureExpertCleaner) -> No action taken.
C:\Program Files\SecureExpertCleaner\unins.ico (Rogue.SecureExpertCleaner) -> No action taken.
C:\Program Files\SecureExpertCleaner\unins000.dat (Rogue.SecureExpertCleaner) -> No action taken.
C:\Program Files\SecureExpertCleaner\unins000.exe (Rogue.SecureExpertCleaner) -> No action taken.
C:\Program Files\SecureExpertCleaner\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.SecureExpertCleaner) -> No action taken.
C:\Program Files\SecureExpertCleaner\Microsoft.VC80.CRT\msvcp80.dll (Rogue.SecureExpertCleaner) -> No action taken.
C:\Program Files\SecureExpertCleaner\Microsoft.VC80.CRT\msvcr80.dll (Rogue.SecureExpertCleaner) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SecureExpertCleaner\Launch SecureExpertCleaner.lnk (Rogue.SecureExpertCleaner) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SecureExpertCleaner\Uninstall SecureExpertCleaner.lnk (Rogue.SecureExpertCleaner) -> No action taken.
C:\ProgramData\SEC\schedule.dat (Rogue.SecureExpertCleaner) -> No action taken.
C:\endrecovery.log (Trojan.FakeAlert) -> No action taken.
C:\Program Files\EoRezo (Rogue.Eorezo) -> No action taken.
Version de la base de données: 1627
Windows 6.0.6001 Service Pack 1
07/01/2009 21:53:53
mbam-log-2009-01-07 (21-53-47).txt
Type de recherche: Examen rapide
Eléments examinés: 51378
Temps écoulé: 5 minute(s), 45 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 17
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3p_usecfr_is1 (Rogue.SecureExpertCleaner) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Casino King (Adware.Casino) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Casino King (Adware.Casino) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\xdsfass (Trojan.FakeAlert) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\SecureExpertCleaner (Rogue.SecureExpertCleaner) -> No action taken.
C:\Program Files\SecureExpertCleaner\Download (Rogue.SecureExpertCleaner) -> No action taken.
C:\Program Files\SecureExpertCleaner\Microsoft.VC80.CRT (Rogue.SecureExpertCleaner) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SecureExpertCleaner (Rogue.SecureExpertCleaner) -> No action taken.
C:\ProgramData\SEC (Rogue.SecureExpertCleaner) -> No action taken.
Fichier(s) infecté(s):
C:\Windows\System32\WhoisCL.exe (Adware.BHO) -> No action taken.
C:\Program Files\SecureExpertCleaner\base.dat (Rogue.SecureExpertCleaner) -> No action taken.
C:\Program Files\SecureExpertCleaner\mfc80.dll (Rogue.SecureExpertCleaner) -> No action taken.
C:\Program Files\SecureExpertCleaner\Microsoft.VC80.MFC.manifest (Rogue.SecureExpertCleaner) -> No action taken.
C:\Program Files\SecureExpertCleaner\SEC.ico (Rogue.SecureExpertCleaner) -> No action taken.
C:\Program Files\SecureExpertCleaner\SEC.xml (Rogue.SecureExpertCleaner) -> No action taken.
C:\Program Files\SecureExpertCleaner\unins.ico (Rogue.SecureExpertCleaner) -> No action taken.
C:\Program Files\SecureExpertCleaner\unins000.dat (Rogue.SecureExpertCleaner) -> No action taken.
C:\Program Files\SecureExpertCleaner\unins000.exe (Rogue.SecureExpertCleaner) -> No action taken.
C:\Program Files\SecureExpertCleaner\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.SecureExpertCleaner) -> No action taken.
C:\Program Files\SecureExpertCleaner\Microsoft.VC80.CRT\msvcp80.dll (Rogue.SecureExpertCleaner) -> No action taken.
C:\Program Files\SecureExpertCleaner\Microsoft.VC80.CRT\msvcr80.dll (Rogue.SecureExpertCleaner) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SecureExpertCleaner\Launch SecureExpertCleaner.lnk (Rogue.SecureExpertCleaner) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SecureExpertCleaner\Uninstall SecureExpertCleaner.lnk (Rogue.SecureExpertCleaner) -> No action taken.
C:\ProgramData\SEC\schedule.dat (Rogue.SecureExpertCleaner) -> No action taken.
C:\endrecovery.log (Trojan.FakeAlert) -> No action taken.
C:\Program Files\EoRezo (Rogue.Eorezo) -> No action taken.
