Sujet Précédent Sujet Suivant

Virus "antivirus trigger"

Fermé
lulu06250 Messages postés 6 Date d'inscription dimanche 11 janvier 2009 Statut Membre Dernière intervention 12 janvier 2009 - 11 janv. 2009 à 16:12
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 29 janv. 2009 à 19:05
Bonjour,

Je ne m'y connais pas beaucoup en informatique et j'ai besoin de votre aide!!!
En fait j'ai attrapé le virus "antivirus trigger".
Depuis que j'ai ce virus je n'arrive ni à me connecter à internet ni à installer "bit defender"
(qui apparement est un bon antivirus).
Je n'arrivais pas à le supprimer donc je me suis mise en mode sans échec et grace
à "smit fraud fix" j'ai enfin réussi!
Je croyais que mon problème était résolu mais ça n'a rien changé à part que
je ne reçois plus les fenetres intempestives de ce faux antivirus!!
Alors il y a peut etre autre chose?
Je ne sais plus quoi faire!!! :(
A voir également:

46 réponses

Précédent
Réponse 21 / 46
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
14 janv. 2009 à 15:12
ok il faut absolument que tu vires tes cracks! sinon l'infection bagle revient!!!


______________


Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir


--> Double clic sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisi l option 2 (Suppression)


/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"

/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !

-------> ensuite post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides

__________________________



télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau

sous le nom de antibagle. Fais le avant que le fichier ne soit enregistré sur le bureau]

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

________________________


colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
0
Réponse 22 / 46
lulu06250
14 janv. 2009 à 17:21
----------------- FindyKill V4.711 ------------------

* User : Lucie - PC-DE-LUCIE
* executed from : C:\Program Files\FindyKill
* Update on 05/01/09 par Chiquitine29
* Start at 16:49:57 the 14/01/2009
* Windows Vista - Internet Explorer 7.0.6000.16764


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\runonce.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\Windows


»»»» Supression files in C:\Windows\Prefetch


»»»» Supression files in C:\Windows\system32

Deleted ! - C:\Windows\system32\mdelk.exe
Deleted ! - C:\Windows\system32\wintems.exe
Deleted ! - C:\Windows\system32\ban_list.txt

»»»» Supression files in C:\Windows\system32\drivers

Deleted ! - C:\Windows\system32\drivers\srosa.sys
Deleted ! - C:\Windows\system32\drivers\srosa2.sys
Deleted ! - C:\Windows\system32\drivers\winfilse.exe
Deleted ! - "C:\Windows\system32\drivers\downld"

»»»» Supression files in C:\Users\Lucie\AppData\Roaming

Deleted ! - "C:\Users\Lucie\AppData\Roaming\m\flec006.exe"
Deleted ! - "C:\Users\Lucie\AppData\Roaming\m\list.oct"
Deleted ! - "C:\Users\Lucie\AppData\Roaming\m\data.oct"
Deleted ! - "C:\Users\Lucie\AppData\Roaming\m\srvlist.oct"
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\642-381 Practice Exam Testing Engine Software 1.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\A.M.L. - Source Code
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\ABC Amber Audio Converter 1.03.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Agglomerator - Share your web searches 1.1.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\AGIsBuilder 1.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Alldj Video Converter 4.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\AllegroSurf 8.1.0.5.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Ancient Temple Ruins - Animated Screensaver 5.11.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\AniFX 1.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\antivir_workstation_win7u_en_h.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\ASP.Net reference.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Asset Organizer Pro 2.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Backup Magic 1.6.7.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Business Restructuring Expert 1.7.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\C to Z 2.1 Beta.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\CapsLock 1.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Capturix GPS ActiveX SDK 1.5.51.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Carlos Santana 1.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Charming Waterfalls Screensaver 1.1.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Chilkat Ruby XML Library 5.1.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Church Office Manager 2.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Comic iPhone Icons.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Conceal Blemishes 1.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Coral Island Screen Saver 5.07.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\csv2map 2.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\CutFile 1.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Data Exchange for Siemens S45 and ME45 2.67.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\DealBook 360 2.8.727.9.26.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\DivX Converter 6.6.1 Beta 1.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\DPSM - Tropical Fish ScreenSaver 1.7.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Drafts-Keeper 1.1.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\DRAW-iT 3.2c.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\DVD Flick 1.3.0.4.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Dynamic IP Update Service 2.5.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Eastsea Sound Recorder 3.10.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Easy Contacts 123 2.1.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Easy PDF Publisher 2.5.2.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\eAutoRun 1.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Elecard MPEG-4 Codec Pack 1.0.80324.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Encaps2sms 0.9.1.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\English Test by Music 2.0.0.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\EOL 1.1 build 100.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Eraser 5.87 Beta 1.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Excel Import Multiple Web Sites Software 7.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Exploring matter with Neutrons 1.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Faith Hill Screensaver1.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Googol+ 1.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Grisoft AVG Antivirus Pro v7.0.261 Full - SN.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Hands.On.Mobile.Call.Of.Duty.3.240x320.v1.0.1.S60v3.J2ME.Retail-BiNPDA.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\HotPad 1.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\HSL SMSClient 1.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\HTML to PDF Converter 2.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Hubi's MIDI LoopBack Device 2.6 Alpha.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\IE Favorites -Tools 1.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\iMars 2007.2.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\InternetPlayer 1.102.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\JMRun 1.2.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Kalimages PRO 1.0.12.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Karpesky.Antivirus.+.llaves.By[SEDG]KǩttǮN.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Keygen.Bitdefender.9.Internet.Security.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Kid3 0.9.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\LaunchTab 2.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Little Genius 2.2.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\LottoWin 1.1.6.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Maxion RegRestore 5.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\McAfee.VirusScan.8.0i.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Metro 95.1 FM Radio Player 1.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Moire 1.1.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\MP3 CD Maker 2.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\MP3Fox 4.10.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\MxCalc SE - Pocket PC Calculator 3.1.1.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Nitobi Combobox ASP.NET 3.2.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\NOD.32.antivirus.ver.7.ITA.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Novell GroupWise to Exchange 8.06.01.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\OMMs 1.5.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\pacth.traduzione.italiana.kaspersky.antivirus.6.0.39.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Party-Pod Pro 5.0.1.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\PayPunch Professional 7.2.170.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Photo Enote (Enot) 1.03.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Pipeline 0.6.0.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Pixia 4.3d.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\PixShow 7.8.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Presentation Wizard 2.0a.58.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\ProfPDF Information Manager 1.1.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Quick File Renamer 2.1.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\RemoteTray 1.10.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\SamePlace 0.9.1.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Samplitude Music Studio 14.02.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\School Alarm 1.00.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\ScreenCorder 5.0.55.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Sim Max Scanner Editor 4.8.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Small Operation Center 1.2 b051106.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\SnapTimePro 2.1.1.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\SPEEDATA 2.3.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Split Images Into Multiple Files & Create HTML Tables Software 7.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\SSL Diagnostics 1.1.34.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Sublight 0.9.9.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Subliminal Messages Organizer 1.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Sudoku Widget 2.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\SuperCopier 2 Beta 1.9.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\swNSX 1.48.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Symantec.pcAnywhere.v10.5.Corporate.Edition.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\syncOtunes 0.95.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Team@Work Standard edition 1.0.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\The Business Store 2.5.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\The Pusher 1.0.5.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\The Unscrambler 9.6.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\TOAD for DB2 UDB 4.0.0.880.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\TransPad 2.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\TreeSize Professional 5.1.2.433.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Tropical Birds ScreenSaver 1.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\TVicPort 4.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\UML Pad 2.1.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Virtual Singer 3.2.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Voicer 2.5.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\WAKE UP!!! Clock 1.1.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Weather Desktop 6.3.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Web Downloader 1.0.8.7.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\WeiserWare Screen Saver Manager 1.03.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Win32 APIDOS 1.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\WTY-ProcMon 1.00.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\X-Fusions Internet Explorer Search Toolbar 2.0.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\XSL to XSLT Converter 1.1.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Zeadoo Limited 1.0.1.zip
Deleted ! - C:\Users\Lucie\AppData\Roaming\m\shared\Zipfer 1.2.1.zip
Deleted ! - "C:\Users\Lucie\AppData\Roaming\m\shared"
Deleted ! - "C:\Users\Lucie\AppData\Roaming\m"
Deleted ! - "C:\Users\Lucie\AppData\Roaming\hidires\flec003.exe"
Deleted ! - "C:\Users\Lucie\AppData\Roaming\hidires"

»»»» Supression files in C:\Users\Lucie\AppData\Local\Temp


»»»» Supression files in C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\27JDYRYM\b64_2[1].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\27JDYRYM\b64_5[1].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\89QGHQ1P\b64[1].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\89QGHQ1P\b64_2[1].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\89QGHQ1P\b64_2[2].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\89QGHQ1P\b64_3[1].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\89QGHQ1P\b64_5[1].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\89QGHQ1P\b64_5[2].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\89QGHQ1P\ffl[1].htm
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\89QGHQ1P\ffl[2].htm
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\89QGHQ1P\ffl[3].htm
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\89QGHQ1P\mxd[1].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\IPIU7PDM\ffl[1].htm
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\NF0QUZ5Z\b64[1].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\NF0QUZ5Z\ffl[1].htm
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\NF0QUZ5Z\ffl[2].htm
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\NF0QUZ5Z\file[1].txt
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\NF0QUZ5Z\mxd[2].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\RAF0UD1A\mxd[1].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\RAF0UD1A\mxd[2].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\SGC7T2EC\ffl[2].htm
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\SGC7T2EC\mxd[1].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\0B5ADURP\b64_2[1].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\0B5ADURP\ffl[1].htm
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\3CA4LOAX\b64[1].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\3CA4LOAX\b64_2[1].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\3CA4LOAX\b64_3[1].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\3CA4LOAX\ffl[1].htm
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\3CA4LOAX\ffl[2].htm
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\3CA4LOAX\mxd[1].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\3CA4LOAX\mxd[2].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\FFV1EWWE\b64[1].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\FFV1EWWE\b64_3[1].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\FFV1EWWE\b64_5[1].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\FFV1EWWE\ffl[3].htm
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\FFV1EWWE\file[1].txt
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\FFV1EWWE\mxd[1].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\FFV1EWWE\mxd[2].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\FFV1EWWE\mxd[3].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\FFV1EWWE\mxd[4].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\IOBSNDSX\b64_2[1].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\IOBSNDSX\b64_5[1].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\IOBSNDSX\ffl[1].htm
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\IOBSNDSX\ffl[3].htm
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\IOBSNDSX\ffl[4].htm
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\IOBSNDSX\ffl[5].htm
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\IOBSNDSX\ffl[6].htm
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\IOBSNDSX\mxd[1].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\IOBSNDSX\mxd[2].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\IOBSNDSX\mxd[3].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\VKCNFAQ2\b64[1].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\VKCNFAQ2\b64[2].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\VKCNFAQ2\b64[3].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\VKCNFAQ2\ffl[1].htm
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\VKCNFAQ2\ffl[3].htm
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\VKCNFAQ2\ffl[4].htm
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\VKCNFAQ2\file[1].txt
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\VKCNFAQ2\mxd[1].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\VKCNFAQ2\mxd[2].jpg
Deleted ! - C:\Users\Lucie\Local Settings\Temporary Internet Files\Content.IE5\VKCNFAQ2\mxd[3].jpg

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_CURRENT_USER\Software\MuleAppData
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe
Deleted ! - HKEY_USERS\S-1-5-21-491465651-3313389990-2482465319-1000\Software\Local AppWizard-Generated Applications\msnmsgr
Deleted ! - HKEY_USERS\S-1-5-21-491465651-3313389990-2482465319-1000\Software\Local AppWizard-Generated Applications\winfilse
Deleted ! - HKEY_USERS\S-1-5-21-491465651-3313389990-2482465319-1000\Software\MuleAppData

--------------- [ States / Restarting of services ] ----------------



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Wlansvc - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

WinDefend - Type of startup = 2

-> UAC is Enable

--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe
D: - Lecteur fixe

+- deleting files :


--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Other Infections ] ----------------


Références de comparaison Bagle MD5 :

113ac36b77630a2f67dd6cb7844406a4 C:\Windows\system32\mdelk.exe
113ac36b77630a2f67dd6cb7844406a4 C:\Windows\system32\wintems.exe
87690d3ff30a0b969035bbb18d0df7fa C:\Windows\system32\drivers\winfilse.exe
113ac36b77630a2f67dd6cb7844406a4 C:\Qoobox\Quarantine\C\Windows\System32\mdelk.exe.vir
113ac36b77630a2f67dd6cb7844406a4 C:\Qoobox\Quarantine\C\Windows\System32\wintems.exe.vir
87690d3ff30a0b969035bbb18d0df7fa C:\Qoobox\Quarantine\C\Windows\System32\drivers\winfilse.exe.vir

Suspect ! - 87690d3ff30a0b969035bbb18d0df7fa C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
Suspect ! - 87690d3ff30a0b969035bbb18d0df7fa C:\Program Files\Windows Live\Messenger\msnmsgr.exe
Suspect ! - d2904a406818fa96078549972e01e66b C:\Users\Lucie\Downloads\eMule\Incoming\run.exe

--------------- [ Searching Cracks / Keygen ] ----------------

C:\Users\Lucie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeLL me More\tell me more espagnol crack(no cd).exe
C:\Users\Lucie\Downloads\eMule\Incoming\(POST) bit defender plus v.10 serial+cracks.txt
C:\Users\Lucie\Downloads\eMule\Incoming\crack.nfo
C:\Users\Lucie\Downloads\eMule\Incoming\Desperate Housewives - crack et serial ! tout est ok !(motpass).rar
C:\Users\Lucie\Downloads\eMule\Incoming\Nero Vision Express 3.0.1.4 + crack.rar
C:\Users\Lucie\Downloads\eMule\Incoming\tell-me-more-performance-v9-2008-espagnol--10-niveaux--[-full---crack---serial-].zip
C:\Users\Lucie\Downloads\eMule\Incoming\grossiste\A VOIR FABULEUX astuces Liste Grossiste Codes Allopass Complet [allopass.crack.site.comment.dvix.Sel 2 Mer.By.Flaviman].rtf
C:\Users\Lucie\Downloads\eMule\Incoming\jeux\Jeux pc\Monopoly Deluxe + Crack Francais.rar
C:\Users\Lucie\Downloads\eMule\Incoming\jeux\Jeux pc\Trivial Pursuit Dejante(Fr seulemt-1 CD suffit)_Serial+crack_Instal facile par Casanis.rar
C:\Users\Lucie\Downloads\eMule\Incoming\jeux\Jeux pc\Trivial Pursuit Genus Deluxe Fr Cracked By Shen.rar
C:\Users\Lucie\Downloads\eMule\Incoming\PC-TAP\Crack


---------------- ! End of report ! ------------------
0
Réponse 23 / 46
lulu06250
14 janv. 2009 à 17:32
ComboFix 09-01-11.04 - Lucie 2009-01-14 17:28:27.5 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.3070.2134 [GMT 1:00]
Lancé depuis: c:\users\Lucie\Desktop\Antibagle.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
c:\windows\system32\drivers\downld

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-14 au 2009-01-14 ))))))))))))))))))))))))))))))))))))
.

2009-01-14 02:04 . 2008-12-12 02:53 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-01-14 02:02 . 2008-10-22 00:31 2,048 --a------ c:\windows\System32\tzres.dll
2009-01-14 00:45 . 2009-01-14 00:47 <REP> d-------- C:\Hijackthis
2009-01-14 00:33 . 2009-01-14 00:33 <REP> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-13 16:08 . 2009-01-13 16:08 <REP> d-------- c:\program files\Trend Micro
2009-01-13 15:32 . 2009-01-13 15:32 0 --a------ c:\windows\win.ini
2009-01-13 14:51 . 2009-01-13 14:51 <REP> d-------- c:\windows\System32\Kaspersky Lab
2009-01-12 17:57 . 2009-01-12 17:57 343,392,249 --a------ c:\windows\MEMORY.DMP
2009-01-12 17:12 . 2009-01-14 15:50 69 --a------ c:\windows\NeroDigital.ini
2009-01-12 13:48 . 2008-06-23 02:52 2,855,424 --a------ c:\windows\System32\mf.dll
2009-01-12 13:48 . 2008-06-23 02:52 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2009-01-12 13:48 . 2008-06-23 02:52 98,816 --a------ c:\windows\System32\mfps.dll
2009-01-12 13:48 . 2008-06-23 02:52 94,720 --a------ c:\windows\System32\logagent.exe
2009-01-12 13:48 . 2008-06-23 02:52 52,736 --a------ c:\windows\System32\rrinstaller.exe
2009-01-12 13:48 . 2008-06-23 02:52 24,576 --a------ c:\windows\System32\mfpmp.exe
2009-01-12 13:48 . 2008-06-22 23:34 2,048 --a------ c:\windows\System32\mferror.dll
2009-01-12 12:29 . 2009-01-14 17:09 <REP> d-------- c:\program files\FindyKill
2009-01-11 19:05 . 2009-01-11 19:05 <REP> d-------- c:\users\Lucie\AppData\Roaming\Malwarebytes
2009-01-11 19:05 . 2009-01-11 19:05 <REP> d-------- c:\users\All Users\Malwarebytes
2009-01-11 19:05 . 2009-01-11 19:05 <REP> d-------- c:\programdata\Malwarebytes
2009-01-11 19:05 . 2009-01-11 19:10 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-11 19:05 . 2009-01-04 18:38 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-11 19:05 . 2009-01-04 18:38 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-30 18:17 . 2008-12-30 18:20 <REP> d--h----- c:\windows\msdownld.tmp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 01:09 174 --sha-w c:\program files\desktop.ini
2009-01-14 01:05 --------- d-----w c:\program files\Windows Mail
2009-01-13 14:32 --------- d-----w c:\program files\BitDefender
2009-01-13 00:54 --------- d-----w c:\program files\DAEMON Tools Lite
2008-11-30 16:24 --------- d---a-w c:\programdata\TEMP
2008-11-01 03:33 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:33 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:33 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:33 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:33 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 03:33 1,687,040 ----a-w c:\windows\System32\gameux.dll
2008-10-31 23:38 4,247,552 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-31 23:23 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-10-29 06:20 2,923,520 ----a-w c:\windows\explorer.exe
2008-10-22 14:45 21,248 ----a-w c:\windows\Help\OEM\scripts\HPScript.exe
2008-10-22 03:43 95,232 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll
2008-10-22 03:43 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-22 03:43 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll
2008-10-21 05:16 297,472 ----a-w c:\windows\System32\gdi32.dll
2008-10-21 05:16 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-16 04:40 826,368 ----a-w c:\windows\System32\wininet.dll
2008-10-16 04:40 56,320 ----a-w c:\windows\System32\iesetup.dll
2008-10-16 04:40 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-05-12 02:04 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-02-28 20:19 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-02-28 20:19 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-02-28 20:19 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-02-28 20:19 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-02-28 20:19 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-13_ 1.56.35.75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-11 01:01:10 65,536 ----a-r c:\windows\Installer\{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}\_30113DE266A8_443A_A6B0_3DC98697B0DB.exe
+ 2009-01-14 01:00:06 65,536 ----a-r c:\windows\Installer\{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}\_30113DE266A8_443A_A6B0_3DC98697B0DB.exe
- 2008-09-11 01:01:09 65,536 ----a-r c:\windows\Installer\{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}\_6DF36F952F03_4D8B_8F27_6EBBF01EA476.exe
+ 2009-01-14 01:00:06 65,536 ----a-r c:\windows\Installer\{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}\_6DF36F952F03_4D8B_8F27_6EBBF01EA476.exe
- 2008-09-11 01:01:09 184,320 ----a-r c:\windows\Installer\{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}\_A5AC17ADC9FC_483E_BECB_C92E71F01A48.exe
+ 2009-01-14 01:00:06 184,320 ----a-r c:\windows\Installer\{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}\_A5AC17ADC9FC_483E_BECB_C92E71F01A48.exe
- 2008-09-11 01:01:09 65,536 ----a-r c:\windows\Installer\{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}\_E1162A70C607_43DE_9F42_B6251572BE19.exe
+ 2009-01-14 01:00:06 65,536 ----a-r c:\windows\Installer\{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}\_E1162A70C607_43DE_9F42_B6251572BE19.exe
- 2008-09-11 01:01:09 17,534 ----a-r c:\windows\Installer\{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}\gtngstrtd.exe
+ 2009-01-14 01:00:06 17,534 ----a-r c:\windows\Installer\{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}\gtngstrtd.exe
- 2008-09-11 01:01:09 4,710 ----a-r c:\windows\Installer\{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}\Win2Kico.exe
+ 2009-01-14 01:00:06 4,710 ----a-r c:\windows\Installer\{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}\Win2Kico.exe
- 2008-09-11 01:01:09 4,710 ----a-r c:\windows\Installer\{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}\WSBico.exe
+ 2009-01-14 01:00:06 4,710 ----a-r c:\windows\Installer\{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}\WSBico.exe
+ 2009-01-14 15:49:49 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-01-14 15:49:49 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-01-13 00:53:37 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-14 15:51:14 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-14 15:51:14 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-07-10 01:08:52 1,016,865 -c--a-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2009-01-14 01:09:41 1,016,865 -c--a-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
- 2009-01-13 00:53:37 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-14 15:53:33 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-14 15:53:33 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-07-16 04:09:30 18,944 ----a-w c:\windows\servicing\GC32\tzupd.exe
+ 2008-10-22 03:43:38 18,944 ----a-w c:\windows\servicing\GC32\tzupd.exe
- 2009-01-08 14:30:52 12,436,872 ----a-w c:\windows\SoftwareDistribution\Download\Install\mpas-fe.exe
- 2008-10-02 03:49:01 124,928 ----a-w c:\windows\System32\advpack.dll
+ 2008-10-16 04:40:33 124,928 ----a-w c:\windows\System32\advpack.dll
- 2009-01-13 00:52:05 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-14 16:24:30 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-13 00:52:05 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-14 16:24:30 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-13 00:52:05 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-14 16:24:30 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-02 03:49:02 347,136 ----a-w c:\windows\System32\dxtmsft.dll
+ 2008-10-16 04:40:34 347,136 ----a-w c:\windows\System32\dxtmsft.dll
- 2008-10-02 03:49:02 214,528 ----a-w c:\windows\System32\dxtrans.dll
+ 2008-10-16 04:40:34 214,528 ----a-w c:\windows\System32\dxtrans.dll
- 2008-10-02 03:49:02 63,488 ----a-w c:\windows\System32\icardie.dll
+ 2008-10-16 04:40:34 63,488 ----a-w c:\windows\System32\icardie.dll
- 2008-10-02 03:48:32 70,656 ----a-w c:\windows\System32\ie4uinit.exe
+ 2008-10-16 04:40:06 70,656 ----a-w c:\windows\System32\ie4uinit.exe
- 2008-10-02 03:49:02 383,488 ----a-w c:\windows\System32\ieapfltr.dll
+ 2008-10-16 04:40:34 383,488 ----a-w c:\windows\System32\ieapfltr.dll
- 2008-10-02 03:49:02 6,066,176 ----a-w c:\windows\System32\ieframe.dll
+ 2008-10-16 04:40:34 6,066,176 ----a-w c:\windows\System32\ieframe.dll
- 2008-10-02 03:49:02 44,544 ----a-w c:\windows\System32\iernonce.dll
+ 2008-10-16 04:40:34 44,544 ----a-w c:\windows\System32\iernonce.dll
- 2008-10-02 03:49:02 267,776 ----a-w c:\windows\System32\iertutil.dll
+ 2008-10-16 04:40:34 267,776 ----a-w c:\windows\System32\iertutil.dll
- 2008-10-02 03:49:02 180,736 ----a-w c:\windows\System32\ieui.dll
+ 2008-10-16 04:40:34 180,736 ----a-w c:\windows\System32\ieui.dll
- 2008-10-02 03:49:02 27,648 ----a-w c:\windows\System32\jsproxy.dll
+ 2008-10-16 04:40:35 27,648 ----a-w c:\windows\System32\jsproxy.dll
+ 2005-05-16 18:34:48 213,048 ----a-w c:\windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2008-08-13 14:03:26 65,536 ----a-w c:\windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2008-08-13 14:03:26 798,720 ----a-w c:\windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2003-09-04 13:14:28 94,208 ----a-w c:\windows\System32\Macromed\Flash\GetFlash.exe
- 2008-10-02 03:49:06 64,512 ----a-w c:\windows\System32\migration\WininetPlugin.dll
+ 2008-10-16 04:40:37 64,512 ----a-w c:\windows\System32\migration\WininetPlugin.dll
- 2008-10-02 03:49:03 3,593,216 ----a-w c:\windows\System32\mshtml.dll
+ 2008-12-12 05:45:18 3,593,216 ----a-w c:\windows\System32\mshtml.dll
- 2008-10-02 03:49:03 477,696 ----a-w c:\windows\System32\mshtmled.dll
+ 2008-10-16 04:40:35 477,696 ----a-w c:\windows\System32\mshtmled.dll
- 2008-10-02 03:49:04 671,232 ----a-w c:\windows\System32\mstime.dll
+ 2008-10-16 04:40:36 671,232 ----a-w c:\windows\System32\mstime.dll
- 2008-11-14 09:16:25 103,726 ----a-w c:\windows\System32\perfc009.dat
+ 2009-01-14 15:57:14 103,726 ----a-w c:\windows\System32\perfc009.dat
- 2008-11-14 09:16:25 117,366 ----a-w c:\windows\System32\perfc00C.dat
+ 2009-01-14 15:57:14 117,366 ----a-w c:\windows\System32\perfc00C.dat
- 2008-11-14 09:16:25 609,944 ----a-w c:\windows\System32\perfh009.dat
+ 2009-01-14 15:57:14 609,944 ----a-w c:\windows\System32\perfh009.dat
- 2008-11-14 09:16:25 690,594 ----a-w c:\windows\System32\perfh00C.dat
+ 2009-01-14 15:57:14 690,594 ----a-w c:\windows\System32\perfh00C.dat
- 2008-10-02 03:49:05 44,544 ----a-w c:\windows\System32\pngfilt.dll
+ 2008-10-16 04:40:37 44,544 ----a-w c:\windows\System32\pngfilt.dll
- 2008-04-24 04:51:39 11,315,712 ----a-w c:\windows\System32\shell32.dll
+ 2008-11-06 12:57:06 11,315,712 ----a-w c:\windows\System32\shell32.dll
- 2009-01-12 14:00:37 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-01-14 01:09:42 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-10-02 03:49:06 1,159,680 ----a-w c:\windows\System32\urlmon.dll
+ 2008-10-16 04:40:37 1,160,192 ----a-w c:\windows\System32\urlmon.dll
- 2009-01-13 00:50:05 10,688 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-491465651-3313389990-2482465319-1000_UserData.bin
+ 2009-01-14 15:51:41 11,526 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-491465651-3313389990-2482465319-1000_UserData.bin
- 2009-01-13 00:50:04 64,230 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-14 15:51:41 65,074 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-01-13 00:49:57 41,758 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-14 15:51:35 42,632 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 12:35:57 2,433,536 ----a-w c:\windows\System32\WMVCORE.DLL
+ 2008-06-23 01:52:51 2,433,536 ----a-w c:\windows\System32\WMVCORE.DLL
- 2009-01-12 12:48:49 160,279,587 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2009-01-14 01:04:10 162,700,863 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-11-01 03:33:48 28,672 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16772_none_7fd1ee2663d3b893\Apphlpdm.dll
+ 2008-11-01 03:24:17 28,672 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.20949_none_8082fea17cd2b312\Apphlpdm.dll
+ 2008-11-01 03:44:34 28,672 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18165_none_81c5fd9660ef7998\Apphlpdm.dll
+ 2008-10-31 03:35:04 28,672 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22299_none_82332bc57a21d291\Apphlpdm.dll
+ 2008-10-31 23:23:42 2,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16772_none_09f24c89f55cce48\AcRes.dll
+ 2008-10-31 23:23:36 2,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20949_none_0aa35d050e5bc8c7\AcRes.dll
+ 2008-10-31 01:05:22 2,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22299_none_0c538a290baae846\AcRes.dll
+ 2008-11-01 03:33:48 2,144,256 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16772_none_09f44d1df55b00f6\AcGenral.dll
+ 2008-11-01 03:24:15 2,144,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.20949_none_0aa55d990e59fb75\AcGenral.dll
+ 2008-11-01 03:44:34 2,154,496 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18165_none_0be85c8df276c1fb\AcGenral.dll
+ 2008-10-31 03:35:04 2,154,496 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22299_none_0c558abd0ba91af4\AcGenral.dll
+ 2008-11-01 03:33:48 449,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16772_none_09f54d67f55a1a4d\AcSpecfc.dll
+ 2008-11-01 03:24:15 450,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.20949_none_0aa65de30e5914cc\AcSpecfc.dll
+ 2008-11-01 03:44:34 460,288 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18165_none_0be95cd7f275db52\AcSpecfc.dll
+ 2008-10-31 03:35:04 460,288 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22299_none_0c568b070ba8344b\AcSpecfc.dll
+ 2008-11-01 03:33:48 537,600 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16772_none_09f64db1f55933a4\AcLayers.dll
+ 2008-11-01 03:33:48 173,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16772_none_09f64db1f55933a4\AcXtrnal.dll
+ 2008-11-01 03:24:15 537,600 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20949_none_0aa75e2d0e582e23\AcLayers.dll
+ 2008-11-01 03:24:15 173,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20949_none_0aa75e2d0e582e23\AcXtrnal.dll
+ 2008-11-01 03:44:34 541,696 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18165_none_0bea5d21f274f4a9\AcLayers.dll
+ 2008-11-01 03:44:34 173,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18165_none_0bea5d21f274f4a9\AcXtrnal.dll
+ 2008-10-31 03:35:04 541,696 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22299_none_0c578b510ba74da2\AcLayers.dll
+ 2008-10-31 03:35:04 173,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22299_none_0c578b510ba74da2\AcXtrnal.dll
+ 2008-10-16 04:40:33 124,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16764_none_a9a84a59f5d70728\advpack.dll
+ 2008-10-16 04:19:25 124,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20937_none_aa5559ad0ed99c4b\advpack.dll
+ 2008-10-29 06:20:29 2,923,520 ----a-w c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
+ 2008-10-28 02:15:02 2,923,520 ----a-w c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
+ 2008-10-29 06:29:41 2,927,104 ----a-w c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
+ 2008-10-30 03:59:17 2,927,616 ----a-w c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
+ 2008-11-01 03:33:49 1,687,040 ----a-w c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16772_none_3fd0636ec44d63f6\gameux.dll
+ 2008-10-31 23:38:08 4,247,552 ----a-w c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16772_none_3fd0636ec44d63f6\GameUXLegacyGDFs.dll
+ 2008-11-01 03:25:02 1,686,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20949_none_408173e9dd4c5e75\gameux.dll
+ 2008-10-31 23:38:11 4,247,552 ----a-w c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20949_none_408173e9dd4c5e75\GameUXLegacyGDFs.dll
+ 2008-11-01 01:21:40 4,240,384 ----a-w c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18165_none_41c472dec16924fb\GameUXLegacyGDFs.dll
+ 2008-10-31 03:35:06 1,696,256 ----a-w c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22299_none_4231a10dda9b7df4\gameux.dll
+ 2008-10-31 01:17:43 4,240,384 ----a-w c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22299_none_4231a10dda9b7df4\GameUXLegacyGDFs.dll
+ 2008-10-21 05:16:20 297,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.16766_none_575d8f704c563751\gdi32.dll
+ 2008-10-21 05:07:18 297,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.20940_none_57f6cc3d65690456\gdi32.dll
+ 2008-10-21 05:25:18 296,960 ----a-w c:\windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.18159_none_59519ee04971f856\gdi32.dll
+ 2008-10-21 05:21:43 297,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.22291_none_59a7f9ab62b73d2c\gdi32.dll
+ 2008-10-16 04:40:37 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16764_none_eba35409166fed27\pngfilt.dll
+ 2008-10-16 04:23:20 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20937_none_ec50635c2f72824a\pngfilt.dll
+ 2008-10-16 04:40:37 1,160,192 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16764_none_b2bffcbbd9d0648b\urlmon.dll
+ 2008-10-16 04:23:50 1,163,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20937_none_b36d0c0ef2d2f9ae\urlmon.dll
+ 2008-10-16 04:47:34 1,166,336 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18157_none_b4b40c2bd6ec2590\urlmon.dll
+ 2008-10-16 04:38:28 1,166,848 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22288_none_b51e397cf0213284\urlmon.dll
+ 2008-10-16 04:40:36 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16764_none_dea28b847f7923fa\mstime.dll
+ 2008-10-16 04:22:03 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20937_none_df4f9ad7987bb91d\mstime.dll
+ 2008-10-16 04:47:32 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18157_none_e0969af47c94e4ff\mstime.dll
+ 2008-10-16 04:38:25 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22288_none_e100c84595c9f1f3\mstime.dll
+ 2008-10-21 23:31:22 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16767_none_13273c340c95d620\tzres.dll
+ 2008-10-22 03:43:38 18,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16767_none_13273c340c95d620\tzupd.exe
+ 2008-10-21 23:30:56 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.20941_none_13c0790125a8a325\tzres.dll
+ 2008-10-22 01:13:26 18,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.20941_none_13c0790125a8a325\tzupd.exe
+ 2008-10-22 01:22:11 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18160_none_150678d409c2b5b0\tzres.dll
+ 2008-01-19 07:33:33 18,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18160_none_150678d409c2b5b0\tzupd.exe
+ 2008-10-22 01:04:22 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22292_none_1571a66f22f6dbfb\tzres.dll
+ 2008-10-22 03:34:43 18,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22292_none_1571a66f22f6dbfb\tzupd.exe
+ 2008-10-16 04:40:35 27,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16764_none_ffc5d85da4d98b1e\jsproxy.dll
+ 2008-10-16 04:40:37 826,368 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16764_none_ffc5d85da4d98b1e\wininet.dll
+ 2008-10-16 04:40:37 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16764_none_ffc5d85da4d98b1e\WininetPlugin.dll
+ 2008-10-16 04:20:49 27,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20937_none_0072e7b0bddc2041\jsproxy.dll
+ 2008-10-16 04:24:00 827,904 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20937_none_0072e7b0bddc2041\wininet.dll
+ 2008-10-16 04:24:00 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20937_none_0072e7b0bddc2041\WininetPlugin.dll
+ 2008-10-16 04:47:30 28,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18157_none_01b9e7cda1f54c23\jsproxy.dll
+ 2008-10-16 04:47:35 827,392 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18157_none_01b9e7cda1f54c23\wininet.dll
+ 2008-10-16 04:38:24 28,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22288_none_0224151ebb2a5917\jsproxy.dll
+ 2008-10-16 04:38:28 827,904 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22288_none_0224151ebb2a5917\wininet.dll
+ 2008-10-16 04:38:28 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22288_none_0224151ebb2a5917\WininetPlugin.dll
+ 2008-10-16 04:40:34 383,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16764_none_f96efb376ec50571\ieapfltr.dll
+ 2008-10-16 04:20:23 380,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20937_none_fa1c0a8a87c79a94\ieapfltr.dll
+ 2008-10-16 04:40:34 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16764_none_95a333ef84aa8b9f\dxtmsft.dll
+ 2008-10-16 04:40:34 214,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16764_none_95a333ef84aa8b9f\dxtrans.dll
+ 2008-10-16 04:20:03 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20937_none_965043429dad20c2\dxtmsft.dll
+ 2008-10-16 04:20:03 214,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20937_none_965043429dad20c2\dxtrans.dll
+ 2008-10-16 04:40:35 477,696 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16764_none_4605ce47466b3e2c\mshtmled.dll
+ 2008-10-16 04:21:41 477,696 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20937_none_46b2dd9a5f6dd34f\mshtmled.dll
+ 2008-10-16 04:40:35 3,593,216 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16764_none_111ff77c252ff454\mshtml.dll
+ 2008-12-12 05:45:18 3,593,216 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16788_none_110e58cc253c9192\mshtml.dll
+ 2008-10-16 04:21:40 3,595,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20937_none_11cd06cf3e328977\mshtml.dll
+ 2008-12-12 05:40:02 3,594,752 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20973_none_119dc5f73e5693df\mshtml.dll
+ 2008-10-16 04:47:30 3,578,880 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18157_none_131406ec224bb559\mshtml.dll
+ 2008-12-12 05:52:52 3,578,880 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18183_none_12ef96002267a3d0\mshtml.dll
+ 2008-10-16 04:38:25 3,579,392 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22288_none_137e343d3b80c24d\mshtml.dll
+ 2008-12-12 05:47:44 3,579,392 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22328_none_13bf15ab3b5017ce\mshtml.dll
+ 2008-10-16 04:40:34 63,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16764_none_587864466744805d\icardie.dll
+ 2008-10-16 04:20:23 63,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20937_none_5925739980471580\icardie.dll
+ 2008-10-16 04:40:06 26,624 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_2d3ee4e91d04fa01\ieUnatt.exe
+ 2008-10-16 04:42:58 634,024 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_2d3ee4e91d04fa01\iexplore.exe
+ 2008-10-16 02:13:16 26,624 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20937_none_2debf43c36078f24\ieUnatt.exe
+ 2008-10-16 04:27:53 634,024 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20937_none_2debf43c36078f24\iexplore.exe
+ 2008-10-16 04:40:34 267,776 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16764_none_45808f398f8aa97b\iertutil.dll
+ 2008-10-16 04:40:37 134,144 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16764_none_45808f398f8aa97b\sqmapi.dll
+ 2008-10-16 04:20:24 267,776 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20937_none_462d9e8ca88d3e9e\iertutil.dll
+ 2008-10-16 04:23:41 134,144 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20937_none_462d9e8ca88d3e9e\sqmapi.dll
+ 2008-10-16 04:47:29 270,336 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18157_none_47749ea98ca66a80\iertutil.dll
+ 2008-10-16 04:38:24 270,848 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22288_none_47decbfaa5db7774\iertutil.dll
+ 2008-10-16 04:38:27 129,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22288_none_47decbfaa5db7774\sqmapi.dll
+ 2008-10-16 04:40:06 70,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16764_none_c3ad9a04617fc2a6\ie4uinit.exe
+ 2008-10-16 04:40:34 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16764_none_c3ad9a04617fc2a6\iernonce.dll
+ 2008-10-16 04:40:34 56,320 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16764_none_c3ad9a04617fc2a6\iesetup.dll
+ 2008-10-16 02:13:06 70,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20937_none_c45aa9577a8257c9\ie4uinit.exe
+ 2008-10-16 04:20:24 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20937_none_c45aa9577a8257c9\iernonce.dll
+ 2008-10-16 04:20:24 56,320 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20937_none_c45aa9577a8257c9\iesetup.dll
+ 2008-10-16 04:40:34 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16764_none_29d2b074682f9803\iebrshim.dll
+ 2008-11-01 03:33:49 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16772_none_29c5dff468398146\iebrshim.dll
+ 2008-10-16 04:20:23 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20937_none_2a7fbfc781322d26\iebrshim.dll
+ 2008-11-01 03:25:13 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20949_none_2a76f06f81387bc5\iebrshim.dll
+ 2008-11-01 03:44:36 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6001.18165_none_2bb9ef646555424b\iebrshim.dll
+ 2008-10-31 03:35:06 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6001.22299_none_2c271d937e879b44\iebrshim.dll
+ 2008-10-16 04:40:34 6,066,176 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16764_none_627f517fb1258281\ieframe.dll
+ 2008-10-16 04:40:34 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16764_none_627f517fb1258281\ieui.dll
+ 2008-10-16 04:20:24 6,068,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20937_none_632c60d2ca2817a4\ieframe.dll
+ 2008-10-16 04:20:24 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20937_none_632c60d2ca2817a4\ieui.dll
+ 2008-10-16 04:47:29 6,068,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18157_none_647360efae414386\ieframe.dll
+ 2008-10-16 04:38:24 6,069,760 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22288_none_64dd8e40c776507a\ieframe.dll
+ 2008-10-16 04:38:24 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22288_none_64dd8e40c776507a\ieui.dll
+ 2008-10-16 04:40:06 263,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16764_none_e678bdfe94a8d6b9\ieinstal.exe
+ 2008-10-16 02:13:30 263,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20937_none_e725cd51adab6bdc\ieinstal.exe
+ 2008-10-16 04:40:06 301,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16764_none_0b20f31ad723966b\ieuser.exe
+ 2008-10-16 02:13:32 301,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20937_none_0bce026df0262b8e\ieuser.exe
+ 2008-06-23 01:52:48 2,855,424 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16708_none_9a80f4cc0f93e171\mf.dll
+ 2008-06-22 22:34:28 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16708_none_9a80f4cc0f93e171\mferror.dll
+ 2008-06-23 01:52:18 24,576 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16708_none_9a80f4cc0f93e171\mfpmp.exe
+ 2008-06-23 01:52:48 98,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16708_none_9a80f4cc0f93e171\mfps.dll
+ 2008-06-23 01:52:29 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16708_none_9a80f4cc0f93e171\rrinstaller.exe
+ 2008-06-23 01:45:58 2,855,424 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.20864_none_9ac5b0e728e5c385\mf.dll
+ 2008-06-22 22:30:28 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.20864_none_9ac5b0e728e5c385\mferror.dll
+ 2008-06-22 23:56:54 24,576 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.20864_none_9ac5b0e728e5c385\mfpmp.exe
+ 2008-06-23 01:46:00 98,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.20864_none_9ac5b0e728e5c385\mfps.dll
+ 2008-06-22 23:56:20 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.20864_none_9ac5b0e728e5c385\rrinstaller.exe
+ 2008-06-23 01:59:25 2,868,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18096_none_9c03e1ac0d053e06\mf.dll
+ 2008-01-19 07:33:15 24,576 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18096_none_9c03e1ac0d053e06\mfpmp.exe
+ 2008-01-19 07:34:45 98,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18096_none_9c03e1ac0d053e06\mfps.dll
+ 2008-01-19 07:33:25 53,248 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18096_none_9c03e1ac0d053e06\rrinstaller.exe
+ 2008-06-23 01:41:40 2,868,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22208_none_9cf0d03d25d8122c\mf.dll
+ 2008-06-23 00:00:57 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22208_none_9cf0d03d25d8122c\mferror.dll
+ 2008-06-23 00:01:07 24,576 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22208_none_9cf0d03d25d8122c\mfpmp.exe
+ 2008-06-23 01:39:32 98,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22208_none_9cf0d03d25d8122c\mfps.dll
+ 2008-06-23 00:00:33 53,248 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22208_none_9cf0d03d25d8122c\rrinstaller.exe
+ 2008-06-23 01:52:15 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_6.0.6000.16708_none_e96251c7c4db0f0d\logagent.exe
+ 2008-06-22 23:58:14 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_6.0.6000.20864_none_e9a70de2de2cf121\logagent.exe
+ 2008-06-23 01:58:43 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_6.0.6001.18096_none_eae53ea7c24c6ba2\logagent.exe
+ 2008-06-23 00:02:10 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_6.0.6001.22208_none_ebd22d38db1f3fc8\logagent.exe
+ 2008-06-23 01:52:51 996,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmnetmgr_31bf3856ad364e35_6.0.6000.16708_none_4567bba6c17416fd\WMNetMgr.dll
+ 2008-06-23 01:49:03 996,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmnetmgr_31bf3856ad364e35_6.0.6000.20864_none_45ac77c1dac5f911\WMNetMgr.dll
+ 2008-06-23 01:59:26 996,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmnetmgr_31bf3856ad364e35_6.0.6001.18096_none_46eaa886bee57392\WMNetMgr.dll
+ 2008-06-23 01:42:23 996,864 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmnetmgr_31bf3856ad364e35_6.0.6001.22208_none_47d79717d7b847b8\WMNetMgr.dll
+ 2008-06-23 01:52:51 2,433,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.16708_none_0554495dd8a9b82d\WMVCORE.DLL
+ 2008-06-23 01:49:11 2,436,096 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.20864_none_05990578f1fb9a41\WMVCORE.DLL
+ 2008-06-23 01:59:25 2,386,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.18096_none_06d7363dd61b14c2\WMVCORE.DLL
+ 2008-06-23 01:41:43 2,386,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.22208_none_07c424ceeeede8e8\WMVCORE.DLL
+ 2008-11-11 23:21:19 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16776_none_f05c2fac6e871afe\OESpamFilter.dat
+ 2008-11-11 23:22:42 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20954_none_f0f96da187964d5f\OESpamFilter.dat
+ 2008-11-11 23:23:20 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18169_none_f2503f1c6ba2dc03\OESpamFilter.dat
+ 2008-11-11 23:23:01 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22307_none_f318bcc184919ea0\OESpamFilter.dat
+ 2008-11-06 12:57:06 11,315,712 ----a-w c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16774_none_69fb3fd2150a82e8\shell32.dll
+ 2008-11-06 12:59:14 11,320,832 ----a-w c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20951_none_6a977d7d2e1a9bf2\shell32.dll
+ 2008-11-06 13:14:25 11,580,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18167_none_6bef4f42122643ed\shell32.dll
+ 2008-11-06 12:59:27 11,582,976 ----a-w c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22303_none_6cb5cc532b16d3dc\shell32.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "c:\program files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll" [2008-04-03 265360]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-03-27 173368]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
2008-04-03 09:52 265360 --a------ c:\program files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-03-27 13:12 1164600 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "c:\program files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll" [2008-04-03 265360]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "c:\program files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll" [2008-04-03 265360]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-09 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-09 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-09 81920]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2007-12-06 1069920]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"KiweeHook"="c:\program files\Kiwee Toolbar2\1.5.131\kwtbaim.exe" [2008-04-03 56456]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 111928]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-12 29744]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-491465651-3313389990-2482465319-1000]
"EnableNotificationsRef"=dword:0000000b

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D4224847-3077-4636-9FD7-3264BB6C592A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{ADF2D612-AF53-4F5E-B13F-5D1FB5F4898A}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{0CA19D1F-BB8F-4D06-A799-B2D5AD0AC3E6}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{DDA9613B-FC64-4976-BFF8-C05C797A897E}"= UDP:c:\program files\eMule\emule.exe:eMule
"{CDEE7F01-B820-4154-B7FF-7043FFDA9843}"= TCP:c:\program files\eMule\emule.exe:eMule
"TCP Query User{52DFF08D-0849-4DED-871C-415B411A420D}c:\\program files\\goa\\gunbound\\gunbound.gme"= UDP:c:\program files\goa\gunbound\gunbound.gme:GunBound
"UDP Query User{F80A09A9-D554-4F5B-93DC-8FA0A4B51806}c:\\program files\\goa\\gunbound\\gunbound.gme"= TCP:c:\program files\goa\gunbound\gunbound.gme:GunBound
"TCP Query User{936525A4-F801-431A-A4A5-E43A80FB5F19}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{D33181E0-C1DB-48FB-A906-8041DA010081}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{39301DF4-EB0A-4F35-B430-3E65D3A27300}c:\\program files\\freeplayer\\vlc\\vlc.exe"= UDP:c:\program files\freeplayer\vlc\vlc.exe:VLC media player
"UDP Query User{874D5571-A30E-42D0-9254-6DD671FCDAE6}c:\\program files\\freeplayer\\vlc\\vlc.exe"= TCP:c:\program files\freeplayer\vlc\vlc.exe:VLC media player
"{72F6E230-D73B-45D3-9801-3F7FBCE6B6BC}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{74E1B2D0-6F44-4535-BDFA-0FFF81D4C40E}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{4ED259DC-E8F2-477A-AB88-B345441BA7E5}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{3E2DEFBA-B4F2-4AAE-94AD-67F881BFD5BF}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-12 29744]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{196ca5c4-af03-11dc-9b07-001bb9d83f67}]
\shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3e1a2d3-b45d-11dc-a65f-001bb9d83f67}]
\shell\AutoRun\command - J:\AUTOTMM.EXE Ver40
.
Contenu du dossier 'Tâches planifiées'

2009-01-13 c:\windows\Tasks\User_Feed_Synchronization-{A348B083-754D-4FEC-8FA5-0744A7E6643B}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 10:45]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe


.
------- Examen supplémentaire -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 17:29:35
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-01-14 17:31:01
ComboFix-quarantined-files.txt 2009-01-14 16:30:59
ComboFix2.txt 2009-01-14 00:51:19
ComboFix3.txt 2009-01-13 00:57:39

Avant-CF: 69 293 989 888 octets libres
Après-CF: 69,266,767,872 octets libres

495 --- E O F --- 2009-01-14 01:04:59
0
Réponse 24 / 46
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
14 janv. 2009 à 18:59
si tu laisses les cracks l'infection revient!


C:\Users\Lucie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeLL me More\tell me more espagnol crack(no cd).exe
C:\Users\Lucie\Downloads\eMule\Incoming\(POST) bit defender plus v.10 serial+cracks.txt
C:\Users\Lucie\Downloads\eMule\Incoming\crack.nfo
C:\Users\Lucie\Downloads\eMule\Incoming\Desperate Housewives - crack et serial ! tout est ok !(motpass).rar
C:\Users\Lucie\Downloads\eMule\Incoming\Nero Vision Express 3.0.1.4 + crack.rar
C:\Users\Lucie\Downloads\eMule\Incoming\tell-me-more-performance-v9-2008-espagnol--10-niveaux--[-full---crack---serial-].zip
C:\Users\Lucie\Downloads\eMule\Incoming\grossiste\A VOIR FABULEUX astuces Liste Grossiste Codes Allopass Complet [allopass.crack.site.comment.dvix.Sel 2 Mer.By.Flaviman].rtf
C:\Users\Lucie\Downloads\eMule\Incoming\jeux\Jeux pc\Monopoly Deluxe + Crack Francais.rar
C:\Users\Lucie\Downloads\eMule\Incoming\jeux\Jeux pc\Trivial Pursuit Dejante(Fr seulemt-1 CD suffit)_Serial+crack_Instal facile par Casanis.rar
C:\Users\Lucie\Downloads\eMule\Incoming\jeux\Jeux pc\Trivial Pursuit Genus Deluxe Fr Cracked By Shen.rar
C:\Users\Lucie\Downloads\eMule\Incoming\PC-TAP\Crack

_________________


télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :processes)


:processes
explorer.exe
:files
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Lucie\Downloads\eMule\Incoming\run.exe
c:\program files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
c:\program files\SweetIM
c:\program files\Search Settings
c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Kiwee Toolbar2\1.5.131\kwtbaim.exe
c:\program files\SweetIM\Messenger\SweetIM.exe
c:\program files\Kiwee Toolbar2
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"=-
"{EEE6C35D-6118-11DC-9C72-001320C79847}"=-
[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[-HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[-HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"=-
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[-HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[-HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"=-
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[-HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[-HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-
"KiweeHook"=-
"SweetIM"=-
:commands
[purity]
[emptytemp]
[start explorer]


clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.


_________________________________



colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 46
lulu06250
15 janv. 2009 à 02:23
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe not found.
C:\Program Files\Windows Live\Messenger\msnmsgr.exe moved successfully.
C:\Users\Lucie\Downloads\eMule\Incoming\run.exe moved successfully.
LoadLibrary failed for c:\program files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
c:\program files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll NOT unregistered.
c:\program files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll moved successfully.
c:\program files\SweetIM\Toolbars\Internet Explorer\resources moved successfully.
c:\program files\SweetIM\Toolbars\Internet Explorer\conf moved successfully.
c:\program files\SweetIM\Toolbars\Internet Explorer moved successfully.
c:\program files\SweetIM\Toolbars moved successfully.
c:\program files\SweetIM\Messenger\resources\images moved successfully.
c:\program files\SweetIM\Messenger\resources moved successfully.
c:\program files\SweetIM\Messenger moved successfully.
c:\program files\SweetIM moved successfully.
c:\program files\Search Settings\kb125\temp moved successfully.
c:\program files\Search Settings\kb125\res moved successfully.
c:\program files\Search Settings\kb125 moved successfully.
c:\program files\Search Settings moved successfully.
File/Folder c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
File/Folder c:\program files\Search Settings\SearchSettings.exe not found.
c:\program files\Kiwee Toolbar2\1.5.131\kwtbaim.exe moved successfully.
File/Folder c:\program files\SweetIM\Messenger\SweetIM.exe not found.
c:\program files\Kiwee Toolbar2\1.5.131 moved successfully.
c:\program files\Kiwee Toolbar2 moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1\\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar\\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1\\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\\ not found.
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1\\ not found.
Registry key HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar\\ not found.
Registry key HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3\\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\SWEETIE.SWEETIE\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser\\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1\\ not found.
Registry key HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar\\ not found.
Registry key HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3\\ not found.
Registry key HKEY_CLASSES_ROOT\SWEETIE.SWEETIE\\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\KiweeHook deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SweetIM deleted successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\MpCmdRun-71-421CFC91-A93E-42AB-A35C-F06F127FCC44.lock scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\MpCmdRun-71-53C9D589-6B66-4F30-9BAB-9A0193B0BAFC.lock scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\MpCmdRun.log scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01152009_021732

Files moved on Reboot...
File C:\Windows\temp\MpCmdRun-71-421CFC91-A93E-42AB-A35C-F06F127FCC44.lock not found!
File C:\Windows\temp\MpCmdRun-71-53C9D589-6B66-4F30-9BAB-9A0193B0BAFC.lock not found!
C:\Windows\temp\MpCmdRun.log moved successfully.
0
Réponse 26 / 46
lulu06250
15 janv. 2009 à 02:56
Je n'arrive pas à faire le scan.
J'ai essayé les 3 liens le scan se lance mais
se bloque a un certain niveau de la barre
de progression.
0
Réponse 27 / 46
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
15 janv. 2009 à 10:43
* Téléchargez ELIBAGLA en bas de cette page http://www.zonavirus.com/datos/descargas/95/elibagla.asp
* Clique sur le bouton Descargar Elibagla cela va télécharger le fichier, placez le sur votre bureau.
* Double-cliquez dessus pour l'ouvrir
* Assurez-vous que dans le menu déroulant Unidad, vous avez bien C:\
* Vérifiquez aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée
* Cliquez sur le bouton Explorar pour lancer l'analyse

Si, dans le rapport,elibaga tu vois un texte semblable à celui-ci

Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.24
a "virus@satinfo.es". Gracias;

envoie ce(s) fichier(s) (dans l'exemple C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.24 ) à l'adresse e-mail indiquée (virus@satinfo.es).


et ils mettront a jour elibaga dans les 48 heures ce qui permettra de virer le virus que tu as!!!

__________________________________________



télécharge bitdefender free et colle un rapport avec

https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/29063.html
0
Réponse 28 / 46
lulu06250
16 janv. 2009 à 01:46
Bonsoir!

J'ai exécuté Elibagla et j'ai eu le texte que vous m'avez demandé d'envoyer
à virus@satinfo.es j'attend leur réponse.
Puis j'étais entrain de réussir à installer Bitdefender mais aux trois quarts de
l'installation une fenetre s'ouvre en me disant: "Le service `BitDefender
Communicator' (XCOMM) n'a pas démarré.
Vérifiez si vous avez assez d'autorité pour démarrer les services système"
0
Réponse 29 / 46
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
16 janv. 2009 à 12:44
ok

bagle est coriace!

vire tes cracks sinon l'infection reviendra!


______________

lance tool cleaner pour virer ce qui a été utilisé

http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner


et colles le rapport

__________________

vire ce qui est en quarantaine dans malwarebyte

___________________
vire ce qui est dans le dossier qoobox en allant dans poste de travail puis C

___________________

télécharge a nouveau combofix et colles un rapport avec

_____________________

puis colles un rapport avec findikyll (télécharges la derniere version ) et colles le rapport avec l'option 1


a plus
0
Réponse 30 / 46
lulu06250
17 janv. 2009 à 00:21
[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Infosat.txt: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\FindyKill: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FindyKill: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\FindyKill: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\FindyKill: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\Lucie\Desktop\OTMoveIt3.exe: trouvé !

---------------------------------
-->- Suppression:

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Infosat.txt: supprimé !
C:\Users\Lucie\Desktop\OTMoveIt3.exe: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\FindyKill: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FindyKill: supprimé !
0
Réponse 31 / 46
lulu06250
17 janv. 2009 à 00:57
ComboFix 09-01-11.04 - Lucie 2009-01-17 0:50:32.6 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.3070.2166 [GMT 1:00]
Lancé depuis: c:\users\Lucie\Desktop\Antibagle.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\hp\support\hpsysdrv.exe
C:\InfoSat.txt
c:\windows\system32\drivers\srosa.sys
c:\windows\system32\drivers\srosa2.sys
c:\windows\system32\drivers\winfilse.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SK9OU0S
-------\Legacy_SROSA
-------\Service_sK9Ou0s


((((((((((((((((((((((((((((( Fichiers créés du 2008-12-16 au 2009-01-16 ))))))))))))))))))))))))))))))))))))
.

2009-01-15 17:21 . 2009-01-17 00:48 <REP> d-------- C:\Muestras
2009-01-14 21:15 . 2008-12-16 04:14 290,304 --a------ c:\windows\System32\drivers\srv.sys
2009-01-14 17:35 . 2009-01-15 02:50 <REP> d-------- c:\windows\BDOSCAN8
2009-01-14 02:04 . 2008-12-12 02:53 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-01-14 02:02 . 2008-10-22 00:31 2,048 --a------ c:\windows\System32\tzres.dll
2009-01-14 00:33 . 2009-01-14 00:33 <REP> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-13 15:32 . 2009-01-13 15:32 0 --a------ c:\windows\win.ini
2009-01-13 14:51 . 2009-01-13 14:51 <REP> d-------- c:\windows\System32\Kaspersky Lab
2009-01-12 17:57 . 2009-01-12 17:57 343,392,249 --a------ c:\windows\MEMORY.DMP
2009-01-12 17:12 . 2009-01-16 20:17 69 --a------ c:\windows\NeroDigital.ini
2009-01-12 13:48 . 2008-06-23 02:52 2,855,424 --a------ c:\windows\System32\mf.dll
2009-01-12 13:48 . 2008-06-23 02:52 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2009-01-12 13:48 . 2008-06-23 02:52 98,816 --a------ c:\windows\System32\mfps.dll
2009-01-12 13:48 . 2008-06-23 02:52 94,720 --a------ c:\windows\System32\logagent.exe
2009-01-12 13:48 . 2008-06-23 02:52 52,736 --a------ c:\windows\System32\rrinstaller.exe
2009-01-12 13:48 . 2008-06-23 02:52 24,576 --a------ c:\windows\System32\mfpmp.exe
2009-01-12 13:48 . 2008-06-22 23:34 2,048 --a------ c:\windows\System32\mferror.dll
2009-01-11 19:05 . 2009-01-11 19:05 <REP> d-------- c:\users\Lucie\AppData\Roaming\Malwarebytes
2009-01-11 19:05 . 2009-01-11 19:05 <REP> d-------- c:\users\All Users\Malwarebytes
2009-01-11 19:05 . 2009-01-11 19:05 <REP> d-------- c:\progra~2\Malwarebytes
2008-12-30 18:17 . 2008-12-30 18:20 <REP> d--h----- c:\windows\msdownld.tmp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 20:07 --------- d-----w c:\program files\Google
2009-01-16 19:44 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-16 19:43 319,456 ----a-w c:\windows\DIFxAPI.dll
2009-01-16 19:34 --------- d-----w c:\program files\Common Files\muvee Technologies
2009-01-15 16:37 --------- d-----w c:\program files\Windows Mail
2009-01-14 01:09 174 --sha-w c:\program files\desktop.ini
2009-01-13 00:54 --------- d-----w c:\program files\DAEMON Tools Lite
2008-11-30 16:24 --------- d---a-w c:\progra~2\TEMP
2008-11-01 03:33 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:33 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:33 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:33 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-31 23:23 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-10-29 06:20 2,923,520 ----a-w c:\windows\explorer.exe
2008-10-22 14:45 21,248 ----a-w c:\windows\Help\OEM\scripts\HPScript.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
0
Réponse 32 / 46
lulu06250
17 janv. 2009 à 01:36
J'ai réinstallé Findy Kill, il se lance mais une fois que je tape 1
il me met en plusieures fois acces refusé et se referme aussitot.
0
Réponse 33 / 46
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
17 janv. 2009 à 13:51
vire completement findykill puis refais tools cleaner pour etre sûr

puis télécharge le a nouveau et recolle un rapport avec (option 1)


et essaye de faire un scan en ligne chez kaspersky ou bitdefender ou panda et colles un rapport
0
Réponse 34 / 46
lulu06250
18 janv. 2009 à 20:52
Bonsoir j'ai désinstallé Findy kill, effectué Toolscleaner qui trouve Findy kill
Et lorsque je fais supression il apparait erreur de supression!
J'ai quand meme télécharger Findy kill choisi l'option 1 puis il apparait Acces refusé
et la fenetre se ferme.
0
Réponse 35 / 46
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
18 janv. 2009 à 21:01
* Téléchargez ELIBAGLA en bas de cette page http://www.zonavirus.com/datos/descargas/95/elibagla.asp
* Clique sur le bouton Descargar Elibagla cela va télécharger le fichier, placez le sur votre bureau.
* Double-cliquez dessus pour l'ouvrir
* Assurez-vous que dans le menu déroulant Unidad, vous avez bien C:\
* Vérifiquez aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée
* Cliquez sur le bouton Explorar pour lancer l'analyse

Si, dans le rapport,elibaga tu vois un texte semblable à celui-ci

Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.24
a "virus@satinfo.es". Gracias;

envoie ce(s) fichier(s) (dans l'exemple C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.24 ) à l'adresse e-mail indiquée (virus@satinfo.es).


et ils mettront a jour elibaga dans les 48 heures ce qui permettra de virer le virus que tu as!!!

------------


colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
0
Réponse 36 / 46
lulu06250
20 janv. 2009 à 14:36
Bonjour! J'ai essayé bitdefender et kapersky mais aucun des 2
ne fonctionne ça me dit échec ou vous ne pouvez pas effectuer de scanner
0
Réponse 37 / 46
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
20 janv. 2009 à 14:48
lance tool cleaner pour virer ce qui a été utilisé

https://www.commentcamarche.net/telecharger/ 34055291 toolscleaner


et colles le rapport

____________________



Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
Réponse 38 / 46
lulu06250
22 janv. 2009 à 18:05
Bonjour! Toolscleaner trouve les fichiers et une fois que je met suppression ça me marque erreur suppression à coté de chaque fichier!
0
Réponse 39 / 46
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
22 janv. 2009 à 18:11
ok alors vire ce qui a ét&é utilisé manuellement

installe bitdefender free et colle un rapport avec:

https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/29063.html
0
Réponse 40 / 46
lulu06250
23 janv. 2009 à 00:54
Logfile of random's system information tool 1.05 (written by random/random)
Run by Lucie at 2009-01-23 00:51:28
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 119 GB (25%) free of 470 GB
Total RAM: 3070 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:51:37, on 23/01/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Windows\vVX3000.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Lucie\Desktop\RSIT.exe
C:\Program Files\trend micro\Lucie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Google Chrome "  Échec de l'analyse antivirus "
jmpower -
Coco71 -

15 réponses
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses