Sujet Précédent Sujet Suivant

Problème IE

thomas0785 Messages postés 179 Statut Membre -  
thomas0785 Messages postés 179 Statut Membre -
Bonjour,
Je vient vous parler de mon problème :

En effet, des page comme celles-ci apparaissent environ toutes les 5 minutes.

L'autre jour je me suis reveillé et il y avait 256 page IE

Je pense que cela est un virus

Une installation d'un certain " personal antivirus" c'est fait toute seule et avant sa j'avais un icone de blazon jaune avec des messages comme quoi mon PC etait infecté...
Il y avait une fenetre au premier plan que je pouvais pas enlever...
Il avait le theme de Windows 98..
Maintenant, aucun proccessus ne peut etre arreté et celui de IE prend 1.69 Go...
A voir également:
  • Problème IE
  • Ie tab - Télécharger - Outils pour navigateurs
  • Ie 11 - Télécharger - Navigateurs
  • Ie 8 - Télécharger - Navigateurs
  • Ie 9 - Télécharger - Navigateurs
  • Ie 10 - Télécharger - Navigateurs

60 réponses

Précédent
Réponse 41 / 60
thomas0785 Messages postés 179 Statut Membre
 
Désolé de te rederanger, mais le logiciel reste bloqué a l'etape36 ...
0
Réponse 42 / 60
thomas0785 Messages postés 179 Statut Membre
 
re. Fini!!
Voici le log.txt :
ComboFix 09-07-12.01 - famille lamiaud 13/07/2009 9:32.3.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2046.1327 [GMT 2:00]
Running from: c:\users\famille lamiaud\Desktop\Thomas0785.exe
Command switches used :: c:\users\famille lamiaud\Desktop\CFScript - Copie.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\famille lamiaud\AppData\Roaming\Bifrost"
.

((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 )))))))))))))))))))))))))))))))
.

2009-07-13 07:38 . 2009-07-13 07:40 -------- d-----w- c:\users\famille lamiaud\AppData\Local\temp
2009-07-12 15:54 . 2009-07-12 15:54 198064 ----a-w- c:\users\famille lamiaud\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2009-07-12 15:54 . 2009-07-13 07:40 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\DMCache
2009-07-12 15:54 . 2009-07-12 17:46 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\IDM
2009-07-12 15:54 . 2009-07-12 15:54 -------- d-----w- c:\program files\Internet Download Manager
2009-07-11 14:21 . 2009-07-12 14:17 -------- d-----w- C:\FindyKill
2009-07-10 12:58 . 2009-07-10 12:58 -------- d-----w- c:\windows\Sun
2009-07-10 12:40 . 2009-07-12 17:22 -------- d-----w- c:\windows\s
2009-07-10 12:40 . 2009-07-11 13:50 -------- d--h--w- c:\program files\installer
2009-07-10 10:44 . 2009-07-10 10:44 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\teamspeak2
2009-07-10 10:43 . 2009-07-10 10:44 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-07-08 16:42 . 2009-07-08 16:42 -------- d-----w- c:\program files\RoadKill
2009-07-07 17:24 . 2009-07-07 17:24 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\Autodesk
2009-07-07 17:23 . 2009-07-07 18:26 -------- d-----w- c:\users\famille lamiaud\AppData\Local\Autodesk
2009-07-07 15:59 . 2009-07-07 17:24 -------- d-----w- c:\programdata\Autodesk
2009-07-07 06:48 . 2008-07-31 08:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2009-07-07 06:48 . 2008-07-31 08:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2009-07-07 06:48 . 2008-07-31 08:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2009-07-07 06:48 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2009-07-07 06:48 . 2008-07-12 06:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2009-07-07 06:48 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2009-07-06 20:21 . 2009-07-07 17:13 -------- d-----w- c:\program files\Autodesk
2009-07-06 18:44 . 2009-07-06 18:44 -------- d-----w- c:\program files\SafeSoft
2009-07-06 18:40 . 2009-07-11 14:16 -------- d-----w- c:\users\famille lamiaud\AppData\Local\G DATA
2009-07-06 18:37 . 2009-07-06 18:37 680 ----a-w- c:\users\famille lamiaud\AppData\Local\d3d9caps.dat
2009-07-06 16:41 . 2009-07-07 18:26 -------- d-----w- C:\FLEXLM
2009-07-06 14:59 . 2009-07-06 14:59 29128 ----a-w- c:\windows\system32\drivers\GRD.sys
2009-07-06 14:51 . 2009-07-06 14:51 50632 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2009-07-06 14:51 . 2009-07-06 14:51 51656 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2009-07-06 14:51 . 2009-07-06 14:51 32200 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2009-07-06 14:50 . 2009-07-06 14:50 335872 ----a-r- c:\users\famille lamiaud\AppData\Roaming\Microsoft\Installer\{C8D55041-A13C-4620-8DF4-9C5A9C16908D}\ARPPRODUCTICON.exe
2009-07-06 14:50 . 2009-07-06 14:50 40392 ----a-w- c:\windows\system32\drivers\gdwfpcd32.sys
2009-07-06 14:50 . 2009-07-06 14:50 -------- d-sh--w- C:\#GDATA.Trash.Store#
2009-07-06 14:49 . 2009-07-06 14:49 -------- d-----w- c:\program files\Common Files\G DATA
2009-07-06 14:49 . 2009-07-06 14:58 -------- d-----w- c:\programdata\G DATA
2009-07-06 14:49 . 2009-07-06 14:49 -------- d-----w- c:\program files\G Data
2009-07-06 14:03 . 2009-07-06 14:03 -------- d-----w- c:\program files\RegCleaner
2009-07-06 13:42 . 2009-07-06 13:42 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-06 13:42 . 2009-07-06 13:42 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\SystemRequirementsLab
2009-07-06 13:42 . 2009-07-06 13:42 207872 ----a-w- c:\users\famille lamiaud\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-07-06 13:42 . 2009-07-06 13:42 207872 ----a-w- c:\users\famille lamiaud\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-07-06 13:42 . 2009-07-06 13:42 207872 ----a-w- c:\users\famille lamiaud\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-07-06 13:42 . 2009-07-06 13:42 207872 ----a-w- c:\users\famille lamiaud\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-07-06 11:10 . 2009-07-06 11:11 -------- d-----w- c:\program files\trend micro
2009-07-06 11:10 . 2009-07-06 11:11 -------- d-----w- C:\rsit
2009-07-04 20:37 . 2009-07-09 09:55 132 ----a-w- C:\httpdwl.dat
2009-07-04 20:37 . 2009-07-09 09:55 815 ----a-w- C:\rtsr_eml_sr.dat
2009-07-04 20:37 . 2009-07-09 09:55 141 ----a-w- C:\dwl.dat
2009-07-03 19:10 . 2009-07-03 19:10 16 ----a-w- C:\asdict.dat
2009-07-03 12:41 . 2009-07-06 12:27 -------- d-----w- C:\tmp
2009-07-02 19:10 . 2009-07-06 14:50 -------- d-----w- c:\program files\RogueRemover FREE
2009-07-02 19:05 . 2009-06-30 07:41 54272 ----a-w- c:\windows\system32\NetFilter.exe
2009-07-02 19:05 . 2009-06-30 07:41 28672 ----a-w- c:\windows\system32\NFUninstall.exe
2009-07-02 19:05 . 2009-06-22 14:58 22016 ----a-w- c:\windows\system32\drivers\Ndisrd.sys
2009-07-02 19:05 . 2009-06-22 14:58 13312 ----a-w- c:\windows\system32\drivers\snetcfg.exe
2009-07-02 19:05 . 2009-05-14 09:58 61440 ----a-w- c:\windows\system32\ndisapi.dll
2009-07-02 19:05 . 2009-07-02 19:05 -------- d-----w- c:\program files\Common Files\Uninstall
2009-07-02 18:48 . 2009-07-02 18:48 -------- d-----w- c:\program files\CCleaner
2009-07-02 18:38 . 2009-07-06 11:19 -------- d-----w- c:\program files\Unlocker
2009-07-02 15:26 . 2009-07-02 15:26 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\Blender Foundation
2009-07-02 12:05 . 2009-07-02 12:05 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\Not a Number
2009-07-02 08:05 . 2009-07-02 08:05 8704 ----a-w- c:\users\famille lamiaud\AppData\Roaming\Thinstall\CSDATA\400000a400003i\FNPLicensingService.exe
2009-07-02 08:05 . 2009-07-02 08:05 8704 ----a-w- c:\users\famille lamiaud\AppData\Roaming\Thinstall\CSDATA\1000000800002i\svchost.exe
2009-07-02 08:04 . 2009-07-02 08:04 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\Thinstall
2009-07-01 20:16 . 2006-11-22 08:01 693760 ----a-w- c:\windows\system32\drivers\hardlock.sys
2009-07-01 20:06 . 2009-07-07 16:00 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-07-01 20:06 . 2009-07-01 20:06 -------- d-----w- c:\program files\Common Files\Alias Shared
2009-07-01 15:19 . 2009-07-01 15:19 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\Anuman Interactive
2009-07-01 15:19 . 2009-07-01 15:19 347648 ----a-w- c:\users\famille lamiaud\AppData\Roaming\Anuman Interactive\AnumanLive\AnumanLive.exe
2009-07-01 13:06 . 2009-07-01 13:06 -------- d-----w- c:\windows\system32\(app)
2009-07-01 11:47 . 2009-07-01 11:47 -------- d-----w- c:\programdata\Messenger Plus!
2009-07-01 11:39 . 2009-07-01 11:39 -------- d-----w- c:\program files\Messenger Plus! Live
2009-06-30 19:02 . 2009-06-30 19:02 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\FlashGet
2009-06-30 19:02 . 2009-06-30 19:02 -------- d-----w- c:\program files\FlashGet
2009-06-30 18:59 . 2009-06-30 18:59 110 ----a-w- c:\windows\system32\cas.bat
2009-06-30 18:59 . 2009-06-24 12:04 -------- d-----w- c:\windows\system32\WEHBGS
2009-06-30 17:30 . 2009-06-30 17:30 -------- d-----w- c:\programdata\9146
2009-06-30 08:18 . 2007-08-21 13:21 794624 ----a-w- c:\windows\system32\spr32d35.dll
2009-06-30 08:15 . 2009-06-30 08:21 -------- d-----w- c:\program files\Architecte 3D Platinium Demo
2009-06-30 07:50 . 2009-07-08 16:30 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\ArchiFacile
2009-06-30 06:31 . 2009-07-11 14:17 -------- d-----w- c:\program files\iMesh Applications
2009-06-29 19:56 . 2009-06-29 19:56 -------- d-----w- c:\program files\Microsoft Works
2009-06-29 19:54 . 2009-06-29 19:54 -------- d-----w- c:\program files\Microsoft.NET
2009-06-29 19:50 . 2009-06-29 19:50 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-06-29 19:46 . 2009-06-29 19:46 -------- d--h--r- C:\MSOCache
2009-06-29 16:15 . 2009-07-11 14:18 -------- d-----w- c:\program files\Real Desktop
2009-06-29 15:04 . 2009-06-29 15:04 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\TuneUp Software
2009-06-29 14:48 . 2009-06-29 14:48 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\Real Desktop
2009-06-29 14:48 . 2009-06-29 14:48 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\Desktopicon
2009-06-29 01:01 . 2008-05-27 05:17 34816 ----a-w- c:\windows\system32\msscb.dll
2009-06-29 01:01 . 2008-05-27 05:17 11776 ----a-w- c:\windows\system32\msshooks.dll
2009-06-29 01:01 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2009-06-29 01:01 . 2008-05-27 04:59 106605 ----a-w- c:\windows\system32\StructuredQuerySchema.bin
2009-06-28 20:11 . 2009-06-28 20:11 -------- d-----w- c:\program files\Tony Hawk's Underground 2
2009-06-28 16:15 . 2009-06-28 16:15 -------- d--h--r- c:\users\famille lamiaud\AppData\Roaming\SecuROM
2009-06-28 16:13 . 2009-06-28 16:13 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-28 16:12 . 2009-06-28 16:12 -------- d-----w- c:\windows\system32\xlive
2009-06-28 16:12 . 2009-06-28 16:12 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-06-28 12:55 . 2009-06-28 14:56 -------- d-----w- c:\program files\Rockstar Games
2009-06-27 09:47 . 2009-07-02 07:57 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\dvdcss
2009-06-26 16:21 . 2009-06-26 16:21 -------- d-----w- c:\users\famille lamiaud\AppData\Local\Apple Computer
2009-06-26 13:25 . 2009-06-26 13:25 -------- d-----w- c:\program files\QuickTime
2009-06-26 13:25 . 2009-06-26 13:25 -------- d-----w- c:\programdata\Apple Computer
2009-06-26 13:24 . 2009-06-26 13:24 -------- d-----w- c:\users\famille lamiaud\AppData\Local\Apple
2009-06-25 19:35 . 2009-06-25 19:47 -------- d-----w- c:\program files\Counter-Strike Source MomoLAN Edition
2009-06-25 18:50 . 2009-06-25 18:50 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\CD-LabelPrint
2009-06-24 08:40 . 2009-06-24 08:40 -------- d-----w- c:\programdata\Xerox
2009-06-23 07:28 . 2009-06-23 07:28 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\Artisteer
2009-06-22 16:06 . 2009-07-04 16:25 -------- d-----w- c:\program files\Ubisoft
2009-06-21 17:39 . 2009-06-21 17:40 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\vlc
2009-06-21 17:10 . 2007-04-13 14:35 442368 ----a-w- c:\windows\system32\Cmeaupci.exe
2009-06-21 17:10 . 2007-03-26 17:39 65536 ----a-w- c:\windows\system32\CmiInstallResAll.dll
2009-06-21 17:10 . 2006-10-06 03:47 319968 ----a-w- c:\windows\difxapi.dll
2009-06-21 15:52 . 2009-06-21 15:52 -------- d-----w- c:\users\famille lamiaud\AppData\Local\Mozilla
2009-06-21 14:38 . 2009-06-21 14:38 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-21 14:38 . 2009-06-21 14:38 -------- d-----w- c:\program files\DivX
2009-06-21 14:33 . 2009-06-26 16:52 -------- d-----w- c:\programdata\SpeedBit
2009-06-21 14:33 . 2009-06-26 16:52 -------- d-----w- c:\program files\DAP
2009-06-21 11:06 . 2009-06-21 11:06 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\VitySoft
2009-06-20 14:00 . 2009-06-20 14:01 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\Sony Corporation
2009-06-20 13:55 . 2006-10-30 11:46 6097 ----a-w- c:\windows\system32\drivers\sonyhcb.sys
2009-06-20 13:55 . 2006-10-30 11:46 38739 ----a-w- c:\windows\system32\drivers\sonyhcc.sys
2009-06-20 13:55 . 2006-10-30 11:46 3654 ----a-w- c:\windows\system32\drivers\Sonyhcp.dll
2009-06-20 13:55 . 2006-10-30 11:46 299923 ----a-w- c:\windows\system32\drivers\sonyhcs.sys
2009-06-20 13:55 . 2006-10-30 11:46 53248 ----a-w- c:\windows\system32\SONYHCY.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-13 07:38 . 2009-05-26 12:09 81984 ----a-w- c:\windows\system32\bdod.bin
2009-07-12 13:08 . 2006-11-02 15:48 632908 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-12 13:08 . 2006-11-02 15:48 115570 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-12 10:05 . 2009-05-26 07:56 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-11 14:27 . 2009-05-27 11:03 -------- d-----w- c:\program files\Google
2009-07-11 14:20 . 2009-06-12 20:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-07 17:23 . 2009-05-30 16:14 -------- d-----w- c:\programdata\FLEXnet
2009-07-06 14:50 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-02 19:40 . 2009-05-26 06:33 49605 ----a-w- c:\programdata\nvModes.dat
2009-07-02 13:55 . 2009-07-02 13:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-07-01 12:21 . 2009-05-27 16:54 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\uTorrent
2009-06-30 01:01 . 2009-05-26 07:42 -------- d-----w- c:\programdata\Microsoft Help
2009-06-29 20:17 . 2009-05-26 04:23 198400 ----a-w- c:\users\famille lamiaud\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-29 19:56 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-06-28 19:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2009-06-28 13:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-06-28 13:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-28 13:36 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-28 13:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-06-28 13:35 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-28 13:10 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-06-28 13:10 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-06-26 16:52 . 2009-05-29 19:37 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-06-20 13:45 . 2009-05-30 10:14 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-14 19:06 . 2009-06-12 20:07 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\Canon
2009-06-13 06:57 . 2009-06-13 06:57 -------- d-----w- c:\program files\Clever Age
2009-06-13 06:56 . 2009-06-13 06:56 -------- d-----w- c:\program files\MSECache
2009-06-12 20:04 . 2009-06-12 20:04 -------- d-----w- c:\programdata\CanonIJPLM
2009-06-12 20:03 . 2009-06-12 20:00 -------- d-----w- c:\program files\Canon
2009-06-12 20:03 . 2009-06-12 20:03 -------- d-----w- c:\program files\Common Files\CANON
2009-06-12 20:00 . 2009-06-12 20:00 -------- d--h--w- c:\program files\CanonBJ
2009-06-09 15:42 . 2009-06-09 15:43 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-09 15:42 . 2009-06-09 15:42 -------- d-----w- c:\program files\Java
2009-06-04 21:11 . 2009-06-04 21:11 684872 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-05-31 21:21 . 2009-05-31 17:45 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-05-31 14:49 . 2009-05-31 14:49 -------- d-----w- c:\programdata\Blizzard
2009-05-30 16:18 . 2009-05-30 16:18 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\ImgBurn
2009-05-30 14:47 . 2009-05-30 14:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-30 14:27 . 2009-05-30 14:27 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-05-30 10:52 . 2009-05-30 10:19 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\Download Manager
2009-05-30 10:15 . 2009-05-30 10:15 1180 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-05-30 10:13 . 2009-05-30 10:13 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\Leadertech
2009-05-30 10:04 . 2009-05-30 10:04 -------- d-----w- c:\program files\EA Games
2009-05-30 09:35 . 2009-05-30 09:35 -------- d-----w- c:\program files\Alcohol Soft
2009-05-30 09:31 . 2009-05-30 09:31 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-29 20:04 . 2009-05-29 20:04 -------- d-----w- c:\program files\Free Offers from Freeze.com
2009-05-29 19:35 . 2009-05-29 19:35 -------- d-----w- c:\programdata\Stardock
2009-05-29 19:35 . 2009-05-29 19:35 -------- d-----w- c:\program files\Stardock
2009-05-29 19:26 . 2009-05-29 19:26 -------- d-----w- c:\program files\VideoLAN
2009-05-29 19:17 . 2009-05-29 19:17 98304 ----a-w- c:\users\famille lamiaud\AppData\Roaming\EleFun Desktops\tropicwaterfall_wallpaper\wallpaper.exe
2009-05-29 19:17 . 2009-05-29 19:17 57344 ----a-w- c:\users\famille lamiaud\AppData\Roaming\EleFun Desktops\tropicwaterfall_wallpaper\wallpaper.dll
2009-05-29 19:17 . 2009-05-29 19:17 151552 ----a-w- c:\users\famille lamiaud\AppData\Roaming\EleFun Desktops\tropicwaterfall_wallpaper\sysinfo.exe
2009-05-29 19:17 . 2009-05-29 19:17 1155708 ----a-w- c:\users\famille lamiaud\AppData\Roaming\EleFun Desktops\tropicwaterfall_wallpaper\flash.exe
2009-05-29 19:17 . 2009-05-29 19:17 1609732 ----a-w- c:\users\famille lamiaud\AppData\Roaming\EleFun Desktops\tropicwaterfall_wallpaper\swfplayer.exe
2009-05-29 19:17 . 2009-05-29 19:17 151624 ----a-w- c:\users\famille lamiaud\AppData\Roaming\EleFun Desktops\tropicwaterfall_wallpaper\uninstall.exe
2009-05-29 19:17 . 2009-05-29 19:17 225280 ----a-w- c:\users\famille lamiaud\AppData\Roaming\EleFun Desktops\tropicwaterfall_wallpaper\Tropic Waterfall_installer.exe
2009-05-29 19:17 . 2009-05-29 19:17 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\EleFun Desktops
2009-05-29 19:14 . 2009-05-29 19:14 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\.ZMatrix
2009-05-29 19:11 . 2009-05-26 05:51 -------- d--h--w- c:\users\famille lamiaud\AppData\Roaming\Bifrost
2009-05-28 18:47 . 2009-05-28 18:47 -------- d--h--w- c:\users\famille lamiaud\AppData\Roaming\installer
2009-05-28 18:47 . 2009-05-28 18:47 123951 ---h--w- c:\users\famille lamiaud\AppData\Roaming\installer\Intel.exe
2009-05-27 11:03 . 2009-05-27 11:03 -------- d-----w- c:\programdata\NOS
2009-05-27 01:06 . 2009-05-26 07:59 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-26 17:27 . 2009-05-26 17:26 -------- d-----w- c:\program files\WowCartographe
2009-05-26 16:01 . 2009-05-26 16:01 -------- d-----w- c:\program files\SFR
2009-05-26 13:45 . 2009-05-26 13:45 269312 ----a-w- c:\windows\system32\es.dll
2009-05-26 12:18 . 2009-05-26 12:18 104328 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2009-05-26 12:06 . 2009-05-26 12:00 -------- d-----w- c:\programdata\BitDefender
2009-05-26 12:01 . 2009-05-26 12:01 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\BitDefender
2009-05-26 12:01 . 2009-05-26 12:00 -------- d-----w- c:\program files\BitDefender
2009-05-26 12:01 . 2009-05-26 12:00 -------- d-----w- c:\program files\Common Files\BitDefender
2009-05-26 07:59 . 2009-05-26 07:54 -------- d-----w- c:\program files\Windows Live
2009-05-26 07:58 . 2009-05-26 07:58 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-05-26 07:57 . 2009-05-26 07:57 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-05-26 07:56 . 2009-05-26 07:56 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\InterTrust
2009-05-26 07:55 . 2009-05-26 07:55 -------- d-----w- c:\program files\Microsoft
2009-05-26 07:55 . 2009-05-26 07:55 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-26 07:53 . 2009-05-26 07:53 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-26 06:58 . 2009-05-26 06:33 -------- d-----w- c:\programdata\NVIDIA
2009-05-26 06:29 . 2009-05-26 06:29 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-05-26 06:29 . 2009-05-26 06:29 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-05-26 06:29 . 2009-05-26 06:29 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-05-26 06:29 . 2009-05-26 06:29 272896 ----a-w- c:\windows\system32\polstore.dll
2009-05-26 06:26 . 2009-05-26 06:26 94720 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-05-26 06:26 . 2009-05-26 06:26 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-05-26 06:26 . 2009-05-26 06:26 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-05-26 06:21 . 2009-05-26 06:21 -------- d--h--w- c:\programdata\CanonBJ
2009-05-26 06:15 . 2009-05-26 06:15 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-05-26 06:13 . 2009-05-26 06:13 296960 ----a-w- c:\windows\system32\gdi32.dll
2009-05-26 06:11 . 2009-05-26 06:11 212480 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-05-26 06:09 . 2009-05-26 06:09 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2009-05-26 06:09 . 2009-05-26 06:09 38912 ----a-w- c:\windows\system32\xolehlp.dll
2009-05-26 06:07 . 2009-05-26 06:07 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-05-26 06:07 . 2009-05-26 06:07 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-05-26 06:07 . 2009-05-26 06:07 1695744 ----a-w- c:\windows\system32\gameux.dll
2009-05-26 06:06 . 2009-05-26 06:06 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-05-26 06:05 . 2009-05-26 06:05 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-05-26 06:05 . 2009-05-26 06:05 1191936 ----a-w- c:\windows\system32\msxml3.dll
2009-05-26 06:00 . 2009-05-26 06:00 2048 ----a-w- c:\windows\system32\tzres.dll
2009-05-26 05:57 . 2009-05-26 05:57 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-05-26 12:17 . 2009-06-22 16:41 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
1990-01-01 01:01 . 1990-01-01 01:01 45056 --sh--r- c:\windows\System32\ebad32.dll
2008-01-19 07:33 . 2009-05-29 17:32 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-07-12_15.05.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-10 12:40 . 2009-07-12 20:20 56908 c:\windows\s\logg.dat
+ 2009-05-27 10:22 . 2009-03-26 15:35 210352 c:\windows\System32\idmmbc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{C8D60FED-1EF4-DC93-1EBA-254EDE19E339}"="c:\users\famille lamiaud\AppData\Roaming\s\svchost.exe" [2009-06-13 82301]
"{DD010E09-21E5-E79D-0FB1-1E7B2349D787}"="c:\users\famille lamiaud\AppData\Roaming\installer\Intel.exe" [2009-05-28 123951]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2819504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GDFirewallTray"="c:\program files\G Data\TotalCare\Firewall\GDFirewallTray.exe" [2009-05-08 882352]
"G DATA AntiVirus Trayapplication"="c:\program files\G Data\TotalCare\AVKTray\AVKTray.exe" [2009-05-08 921672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{BDCB0AE8-833C-61D2-29E1-CA811135D25A}"= "c:\windows\system32\ebad32.dll" [1990-01-01 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^famille lamiaud^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Outil de détection de support Picture Motion Browser.lnk]
path=c:\users\famille lamiaud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outil de détection de support Picture Motion Browser.lnk
backup=c:\windows\pss\Outil de détection de support Picture Motion Browser.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^famille lamiaud^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Real Desktop.lnk]
path=c:\users\famille lamiaud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Real Desktop.lnk
backup=c:\windows\pss\Real Desktop.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{35BF254B-95CB-4021-8539-A684103914F0}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{8CC1A739-889A-41A2-8CF5-486374443BE5}"= UDP:c:\program files\SFR\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player SFR)
"{119E070A-9C3D-4A88-8837-2BE61819F715}"= TCP:c:\program files\SFR\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player SFR)
"{C225A988-692E-4FA9-A59A-07D0CBEC983E}"= UDP:5353:Adobe CSI CS4
"{C2F0C60B-5B67-4108-8F65-B8BD95016738}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{246137CB-CDD2-434E-9C5F-D5463A22874D}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{F67D97AE-53E8-4596-855D-E74FB0EFCA43}"= UDP:c:\program files\Activision\Prototype\prototypef.exe:Prototype(TM)
"{383C7F35-A240-46AC-8259-92B563438E6C}"= TCP:c:\program files\Activision\Prototype\prototypef.exe:Prototype(TM)
"{C985D988-01BD-4367-81B7-4B6D4BB0BFE4}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{0E92B132-7E59-4F8C-9C86-622CCD57B4A3}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{C789E6BD-E972-482B-94D6-C3C171007981}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{763AC11B-5783-408B-BA37-07A4C7B1A402}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{A1A9E8B6-7068-4AF7-8398-10AC8E22176E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{74E98946-E402-4423-9DBD-0C164B8D67AE}"= UDP:c:\program files\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe:Call of Juarez - Bound in Blood
"{C2B433E7-A27C-47D3-9FD9-54A206C3FC8B}"= TCP:c:\program files\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe:Call of Juarez - Bound in Blood
"{D9508144-30C0-4DC8-AAB9-D6EC244D4CC4}"= UDP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{1C6C941B-3FD0-4F16-ADDB-9DA1C0A87106}"= TCP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{32DF32FE-7CE6-44AB-8A7A-E058B94B4E33}"= UDP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{833FA8CC-4BD1-42B5-8C52-D878E17BB3F8}"= TCP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{81EDBE1B-0BBC-4BBE-BBBE-9D087EBF036F}"= UDP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{B248E40D-6147-4601-BC07-4E8B9C5CFA04}"= TCP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{6F0B982E-BC5B-4242-ADF2-72E58E5D69BA}"= UDP:c:\program files\Autodesk\3ds Max 2010\3dsmax.exe:Autodesk 3ds Max 2010 32-bit
"{ECA0EFB2-8921-43B7-A99C-1931F6DB76C2}"= TCP:c:\program files\Autodesk\3ds Max 2010\3dsmax.exe:Autodesk 3ds Max 2010 32-bit
"{5D11BCDC-ABD9-46EC-944C-F78F78C3C9D4}"= UDP:c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe:mental ray satellite for Autodesk 3ds Max 2010 32-bit
"{6610F330-44FE-4B5E-8993-6780D2A83D73}"= TCP:c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe:mental ray satellite for Autodesk 3ds Max 2010 32-bit
"{04548E18-0B49-47B9-86FC-B57EED8FF5D2}"= UDP:c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe:mental ray satellite server for Autodesk 3ds Max 2010 32-bit
"{2D869170-ACF8-4DF7-9931-DC88E3D658CC}"= TCP:c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe:mental ray satellite server for Autodesk 3ds Max 2010 32-bit

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 gdwfpcd;G DATA WFP CD;c:\windows\System32\drivers\gdwfpcd32.sys [06/07/2009 16:50 40392]
R1 GRD;G Data Rootkit Detector Driver;c:\windows\System32\drivers\GRD.sys [06/07/2009 16:59 29128]
R2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe [08/05/2009 10:41 1044552]
R2 AVKService;Planificateur G Data;c:\program files\G Data\TotalCare\AVK\AVKService.exe [08/05/2009 10:41 388168]
R2 AVKWCtl;G Data Gardien;c:\program files\G Data\TotalCare\AVK\AVKWCtl.exe [07/05/2009 02:53 1210216]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [06/10/2008 17:16 82696]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [13/04/2009 11:51 86016]
R3 bdfm;BDFM;c:\windows\System32\drivers\bdfm.sys [18/09/2008 11:09 111112]
R3 GDFwSvc;Pare-feu personnel G Data;c:\program files\G Data\TotalCare\Firewall\GDFwSvc.exe [10/03/2009 03:31 1416216]
R3 GDMnIcpt;GDMnIcpt;c:\windows\System32\drivers\MiniIcpt.sys [06/07/2009 16:51 50632]
R3 GDPkIcpt;GDPkIcpt;c:\windows\System32\drivers\PktIcpt.sys [06/07/2009 16:51 51656]
R3 GDScan;G Data Scanner;c:\program files\Common Files\G DATA\GDScan\GDScan.exe [10/03/2009 03:47 298568]
R3 HookCentre;HookCentre;c:\windows\System32\drivers\HookCentre.sys [06/07/2009 16:51 32200]
R3 NdisrdMP;NdisrdMP;c:\windows\System32\drivers\Ndisrd.sys [02/07/2009 21:05 22016]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [26/05/2009 09:59 55280]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
S3 G Data Tuner Service;G Data Tuner Service;c:\program files\G Data\TotalCare\AVKTuner\AVKTunerService.exe [25/02/2009 04:18 907336]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 Ndisrd;WinpkFilter Service;c:\windows\System32\drivers\Ndisrd.sys [02/07/2009 21:05 22016]
S3 Service G Data Backup;Service G Data Backup;c:\program files\G Data\TotalCare\AVKBackup\AVKBackupService.exe [10/03/2009 04:24 852040]
S4 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [17/07/2008 12:06 118784]
S4 gupdate1c9f27dfb2199cb;Service Google Update (gupdate1c9f27dfb2199cb);c:\program files\Google\Update\GoogleUpdate.exe [21/06/2009 16:38 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C8D60FED-1EF4-DC93-1EBA-254EDE19E339}]
c:\windows\s\svchost.exe s

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DD010E09-21E5-E79D-0FB1-1E7B2349D787}]
c:\program files\installer\Intel.exe s
.
Contents of the 'Scheduled Tasks' folder

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-21 14:38]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-21 14:38]

2009-07-13 c:\windows\Tasks\User_Feed_Synchronization-{8A225F2D-099B-4515-8CA2-20755F7F3E60}.job
- c:\windows\system32\msfeedssync.exe [2009-05-29 07:33]
.
.
------- Supplementary Scan -------
.
IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Download with Rapget - c:\users\famille lamiaud\Desktop\RapGet [Wawa-Mania][By i_love_sexe]\rapget.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
LSP: c:\windows\system32\idmmbc.dll
FF - ProfilePath - c:\users\famille lamiaud\AppData\Roaming\Mozilla\Firefox\Profiles\8xtk6h4p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\components\avkwebfilterff.dll
FF - component: c:\users\famille lamiaud\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 09:40
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2206738436-4009848665-2407041408-1000\Software\SecuROM\License information*]
"datasecu"=hex:40,df,fc,44,51,09,0d,70,9c,37,02,f3,35,15,a7,b6,da,bd,6d,8b,6d,
6a,af,d2,46,58,6d,9b,dc,be,16,cf,08,f1,90,07,c3,8a,ed,47,9d,af,79,b7,d8,f1,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2009\vsserv.exe
c:\windows\System32\audiodg.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\conime.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-07-13 9:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-13 07:46
ComboFix2.txt 2009-07-12 15:07

Pre-Run: 144 907 403 264 octets libres
Post-Run: 144 975 228 928 octets libres

412 --- E O F --- 2009-06-30 01:01
0
Réponse 43 / 60
thomas0785 Messages postés 179 Statut Membre
 
MBAM Fonctionne !

Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2297
Windows 6.0.6001 Service Pack 1

13/07/2009 11:00:28
mbam-log-2009-07-13 (11-00-28).txt

Type de recherche: Examen rapide
Eléments examinés: 75765
Temps écoulé: 5 minute(s), 17 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\imeshmediabar.stockbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\imeshmediabar.stockbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{c8d60fed-1ef4-dc93-1eba-254ede19e339} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\famille lamiaud\AppData\Roaming\s\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
0
Réponse 44 / 60
Utilisateur anonyme
 
Salut.

Ré-ouvre MBAM, va sur l'onglet "Quarantaine" et supprime tout ce qui s'y trouve.

==============================

Passe ce petit nettoyeur :

▶ Télécharge CCleaner, version Slim, sans toolbar:

CCLEANER

▶ Va dans "Options">>"Avancé". Décoche la première ligne.

▶ Va dans la section "Nettoyeur". Lance l'analyse. La liste créée, lance le nettoyage deux fois de suite afin d'obtenir 0bytes supprimé!

▶ Ensuite dans "Registre", lance une recherche des erreurs. La liste créée, fais-les réparer.

/!\ A ce moment CCleaner te demande normalement de sauvegarder le registre, fais-le. /!\

▶ Recommence ensuite le cycle Recherche/Réparation des erreurs jusqu'à n'en trouver aucune lors de la recherche.

===============================

Nettoyage des outils:

▶ Télécharge ToolsCleaner par A.Rothstein & dj QUIOU sur ton Bureau:

Toolscleaner

▶ Clique sur Recherche et laisse le scan se terminer.

▶ Clique sur Suppression pour finaliser.

▶ Clique sur Quitter, pour que le rapport puisse se créer.

▶ Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).

=================================

Redémarre ton pc et poste un nouveau rapport RSIT. Hijackthis et RSIT s'étant normalement faits supprimer par Toolscleaner (RSIT a besoin d'Hijackthis pour être complet), tu peux les retrouver ici :

HijackThis :

▶ Télécharge hijackthis

▶ Tout est expliqué sur ce site web pour l'installer et l'utiliser correctement.

RSIT :

http://images.malwareremoval.com/random/RSIT.exe

▶ Double-clique sur RSIT.exe.

▶ Clique sur Continue à l'écran Disclaimer.

▶ Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

++
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 60
thomas0785 Messages postés 179 Statut Membre
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by famille lamiaud at 2009-07-13 13:50:32
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 138 GB (59%) free of 234 GB
Total RAM: 2046 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:50:43, on 13/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\Explorer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\famille lamiaud\Desktop\RSIT.exe
C:\Program Files\trend micro\HijackThis\famille lamiaud.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\TotalCare\Webfilter\AVKWebIE.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\TotalCare\Webfilter\AVKWebIE.dll
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G Data\TotalCare\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G Data\TotalCare\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [{DD010E09-21E5-E79D-0FB1-1E7B2349D787}] C:\Users\famille lamiaud\AppData\Roaming\installer\Intel.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with Rapget - C:\Users\famille lamiaud\Desktop\RapGet [Wawa-Mania][By i_love_sexe]\rapget.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1244562212888&h=4a694804e93d36a5bceb5b87cf99d8f9/&filename=jinstall-6u13-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - (no file)
O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: Planificateur G Data (AVKService) - G Data Software AG - C:\Program Files\G Data\TotalCare\AVK\AVKService.exe
O23 - Service: G Data Gardien (AVKWCtl) - G Data Software AG - C:\Program Files\G Data\TotalCare\AVK\AVKWCtl.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: G Data Tuner Service - G Data Software AG - C:\Program Files\G Data\TotalCare\AVKTuner\AVKTunerService.exe
O23 - Service: Pare-feu personnel G Data (GDFwSvc) - G Data Software AG - C:\Program Files\G Data\TotalCare\Firewall\GDFwSvc.exe
O23 - Service: G Data Scanner (GDScan) - G DATA Software AG - C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: Service G Data Backup - G Data Software AG - C:\Program Files\G Data\TotalCare\AVKBackup\AVKBackupService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
0
Réponse 46 / 60
thomas0785 Messages postés 179 Statut Membre
 
J'ai pas le fichier info.....
0
Réponse 47 / 60
thomas0785 Messages postés 179 Statut Membre
 
Le truc tools cleaner a supprimé hijackthis
0
Réponse 48 / 60
Utilisateur anonyme
 
Ok ! Comment va le pc ?

Tu peux me dire ce qui se trouve ici : C:\Windows\oxxhz.txt

Et ici : C:\Program Files\wvzarxbz.txt

Si tu ne sais pas, tu peux supprimer.

====================================

On va terminer :

OTM :

▶ Télécharge OTM (de Old_Timer) sur ton Bureau

▶ Double-clique sur OTM.exe pour le lancer.

▶ Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.

▶ Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTM sous "Paste instructions for item to be moved".

-----------------------------------------------------------------------------

:processes
explorer.exe

:files
c:\windows\PEV.txt
c:\windows\system32\tmp.txt

:commands
[purity]
[emptytemp]
[start explorer]

-----------------------------------------------------------------------------

▶ clique sur MoveIt! pour lancer la suppression.

▶ Le résultat apparaitra dans le cadre "Results".

▶ Clique sur Exit pour fermer.

▶ Poste le rapport situé dans C:\_OTM\MovedFiles.

▶ Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

===========================

Reviens me dire comment se comporte le pc.

++
0
Réponse 49 / 60
thomas0785 Messages postés 179 Statut Membre
 
Re.

Voilà : All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder c:\windows\PEV.txt not found.
c:\windows\system32\tmp.txt moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: famille lamiaud
->Temp folder emptied: 53475 bytes
->Temporary Internet Files folder emptied: 65670 bytes
->Java cache emptied: 9810204 bytes
->FireFox cache emptied: 33381708 bytes
->Google Chrome cache emptied: 62625981 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\Windows\temp\hlktmp scheduled to be deleted on reboot.
Windows Temp folder emptied: 972773483 bytes
RecycleBin emptied: 3563260 bytes

Total Files Cleaned = 1032.17 mb

OTM by OldTimer - Version 3.0.0.5 log created on 07132009_144637

Files moved on Reboot...
C:\Windows\temp\hlktmp moved successfully.

IL Y A TJRS AUTANT DE PROCESSUS....;-(

++
0
Réponse 50 / 60
thomas0785 Messages postés 179 Statut Membre
 
EXEMPLE : IL Y A 20 PROCESSUS svchost.exe
0
Réponse 51 / 60
Utilisateur anonyme
 
RE.

Relance OTM, copie ce qui suit et fais la même manip' :

:files
c:\windows\PEV.exe

=========================================

▶ Désactive ton antivirus

▶ Rends toi sur ce site : https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr (avec Internet Explorer uniquement)

▶ En bas à droite, clique sur Démarrer Online-scanner

▶ Dans la nouvelle fenêtre qui s'affiche clique sur J'accepte

▶ Accepte les Contrôle ActiveX

▶ Choisis Poste de travail pour le scan.

▶ Celui-ci terminé, sauvegarde le rapport (choisis fichier texte) et poste le dans ta prochaine réponse.

▶ Pour t'aider à utiliser le scan en ligne, consulte ce tutoriel

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

++
0
Réponse 52 / 60
thomas0785 Messages postés 179 Statut Membre
 
========== FILES ==========
c:\windows\PEV.exe moved successfully.

OTM by OldTimer - Version 3.0.0.5 log created on 07132009_152136
0
Réponse 53 / 60
thomas0785 Messages postés 179 Statut Membre
 
C'est mega long kaspersky...
50 analysés fichiers en 10 minutes
0
Réponse 54 / 60
thomas0785 Messages postés 179 Statut Membre
 
Voilà : http://ww38.toofiles.com/fr/oip/documents/html/pr6al6-a793c8-5ub89n.html

Bon le nom na aucun rapport avec le fichier...C'est un de mes delires...
0
Réponse 55 / 60
thomas0785 Messages postés 179 Statut Membre
 
Et j'ai aussi déjà supprimé les fichiers infectés
0
Réponse 56 / 60
Utilisateur anonyme
 
Salut.

Tu as tout supprimé alors ?

Et tu as remarqué un mieux sur le pc ?

++
0
Réponse 57 / 60
thomas0785 Messages postés 179 Statut Membre
 
Re.

Toujours trop de processus, 1.25 go en tout...

++
0
Réponse 58 / 60
thomas0785 Messages postés 179 Statut Membre
 
ReRe.

As-tu une autre solution ?

++
0
Réponse 59 / 60
Utilisateur anonyme
 
Je t'envoie un MP.

++
0
Réponse 60 / 60
thomas0785 Messages postés 179 Statut Membre
 
Re.

Ok

++
0

Discussions similaires

Prélèvement Apple.com Bill
Eva_007 -
kikine -

8 réponses
Prélèvement inconnu APPLE.COM/BILL ORIGINE IRL
leon274 -
HelpiOS -

1 réponse
Prélèvements sur Itunes.com/bill Itunes.com Lu
christinesibille -
Rahimullah -

71 réponses
Prélèvement GD Media.
constance -
Nucoptere -

9 réponses
Version IE portable ou standalone
monkey_monk -
monkey_monk -

6 réponses