Problème IE - Page 3

Précédent
  • 1
  • 2
  • 3
Réponse 41 / 60
thomas0785 Messages postés 179 Statut Membre
 
Désolé de te rederanger, mais le logiciel reste bloqué a l'etape36 ...
0
Réponse 42 / 60
thomas0785 Messages postés 179 Statut Membre
 
re. Fini!!
Voici le log.txt :
ComboFix 09-07-12.01 - famille lamiaud 13/07/2009 9:32.3.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2046.1327 [GMT 2:00]
Running from: c:\users\famille lamiaud\Desktop\Thomas0785.exe
Command switches used :: c:\users\famille lamiaud\Desktop\CFScript - Copie.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\famille lamiaud\AppData\Roaming\Bifrost"
.

((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 )))))))))))))))))))))))))))))))
.

2009-07-13 07:38 . 2009-07-13 07:40 -------- d-----w- c:\users\famille lamiaud\AppData\Local\temp
2009-07-12 15:54 . 2009-07-12 15:54 198064 ----a-w- c:\users\famille lamiaud\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2009-07-12 15:54 . 2009-07-13 07:40 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\DMCache
2009-07-12 15:54 . 2009-07-12 17:46 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\IDM
2009-07-12 15:54 . 2009-07-12 15:54 -------- d-----w- c:\program files\Internet Download Manager
2009-07-11 14:21 . 2009-07-12 14:17 -------- d-----w- C:\FindyKill
2009-07-10 12:58 . 2009-07-10 12:58 -------- d-----w- c:\windows\Sun
2009-07-10 12:40 . 2009-07-12 17:22 -------- d-----w- c:\windows\s
2009-07-10 12:40 . 2009-07-11 13:50 -------- d--h--w- c:\program files\installer
2009-07-10 10:44 . 2009-07-10 10:44 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\teamspeak2
2009-07-10 10:43 . 2009-07-10 10:44 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-07-08 16:42 . 2009-07-08 16:42 -------- d-----w- c:\program files\RoadKill
2009-07-07 17:24 . 2009-07-07 17:24 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\Autodesk
2009-07-07 17:23 . 2009-07-07 18:26 -------- d-----w- c:\users\famille lamiaud\AppData\Local\Autodesk
2009-07-07 15:59 . 2009-07-07 17:24 -------- d-----w- c:\programdata\Autodesk
2009-07-07 06:48 . 2008-07-31 08:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2009-07-07 06:48 . 2008-07-31 08:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2009-07-07 06:48 . 2008-07-31 08:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2009-07-07 06:48 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2009-07-07 06:48 . 2008-07-12 06:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2009-07-07 06:48 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2009-07-06 20:21 . 2009-07-07 17:13 -------- d-----w- c:\program files\Autodesk
2009-07-06 18:44 . 2009-07-06 18:44 -------- d-----w- c:\program files\SafeSoft
2009-07-06 18:40 . 2009-07-11 14:16 -------- d-----w- c:\users\famille lamiaud\AppData\Local\G DATA
2009-07-06 18:37 . 2009-07-06 18:37 680 ----a-w- c:\users\famille lamiaud\AppData\Local\d3d9caps.dat
2009-07-06 16:41 . 2009-07-07 18:26 -------- d-----w- C:\FLEXLM
2009-07-06 14:59 . 2009-07-06 14:59 29128 ----a-w- c:\windows\system32\drivers\GRD.sys
2009-07-06 14:51 . 2009-07-06 14:51 50632 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2009-07-06 14:51 . 2009-07-06 14:51 51656 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2009-07-06 14:51 . 2009-07-06 14:51 32200 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2009-07-06 14:50 . 2009-07-06 14:50 335872 ----a-r- c:\users\famille lamiaud\AppData\Roaming\Microsoft\Installer\{C8D55041-A13C-4620-8DF4-9C5A9C16908D}\ARPPRODUCTICON.exe
2009-07-06 14:50 . 2009-07-06 14:50 40392 ----a-w- c:\windows\system32\drivers\gdwfpcd32.sys
2009-07-06 14:50 . 2009-07-06 14:50 -------- d-sh--w- C:\#GDATA.Trash.Store#
2009-07-06 14:49 . 2009-07-06 14:49 -------- d-----w- c:\program files\Common Files\G DATA
2009-07-06 14:49 . 2009-07-06 14:58 -------- d-----w- c:\programdata\G DATA
2009-07-06 14:49 . 2009-07-06 14:49 -------- d-----w- c:\program files\G Data
2009-07-06 14:03 . 2009-07-06 14:03 -------- d-----w- c:\program files\RegCleaner
2009-07-06 13:42 . 2009-07-06 13:42 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-06 13:42 . 2009-07-06 13:42 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\SystemRequirementsLab
2009-07-06 13:42 . 2009-07-06 13:42 207872 ----a-w- c:\users\famille lamiaud\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-07-06 13:42 . 2009-07-06 13:42 207872 ----a-w- c:\users\famille lamiaud\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-07-06 13:42 . 2009-07-06 13:42 207872 ----a-w- c:\users\famille lamiaud\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-07-06 13:42 . 2009-07-06 13:42 207872 ----a-w- c:\users\famille lamiaud\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-07-06 11:10 . 2009-07-06 11:11 -------- d-----w- c:\program files\trend micro
2009-07-06 11:10 . 2009-07-06 11:11 -------- d-----w- C:\rsit
2009-07-04 20:37 . 2009-07-09 09:55 132 ----a-w- C:\httpdwl.dat
2009-07-04 20:37 . 2009-07-09 09:55 815 ----a-w- C:\rtsr_eml_sr.dat
2009-07-04 20:37 . 2009-07-09 09:55 141 ----a-w- C:\dwl.dat
2009-07-03 19:10 . 2009-07-03 19:10 16 ----a-w- C:\asdict.dat
2009-07-03 12:41 . 2009-07-06 12:27 -------- d-----w- C:\tmp
2009-07-02 19:10 . 2009-07-06 14:50 -------- d-----w- c:\program files\RogueRemover FREE
2009-07-02 19:05 . 2009-06-30 07:41 54272 ----a-w- c:\windows\system32\NetFilter.exe
2009-07-02 19:05 . 2009-06-30 07:41 28672 ----a-w- c:\windows\system32\NFUninstall.exe
2009-07-02 19:05 . 2009-06-22 14:58 22016 ----a-w- c:\windows\system32\drivers\Ndisrd.sys
2009-07-02 19:05 . 2009-06-22 14:58 13312 ----a-w- c:\windows\system32\drivers\snetcfg.exe
2009-07-02 19:05 . 2009-05-14 09:58 61440 ----a-w- c:\windows\system32\ndisapi.dll
2009-07-02 19:05 . 2009-07-02 19:05 -------- d-----w- c:\program files\Common Files\Uninstall
2009-07-02 18:48 . 2009-07-02 18:48 -------- d-----w- c:\program files\CCleaner
2009-07-02 18:38 . 2009-07-06 11:19 -------- d-----w- c:\program files\Unlocker
2009-07-02 15:26 . 2009-07-02 15:26 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\Blender Foundation
2009-07-02 12:05 . 2009-07-02 12:05 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\Not a Number
2009-07-02 08:05 . 2009-07-02 08:05 8704 ----a-w- c:\users\famille lamiaud\AppData\Roaming\Thinstall\CSDATA\400000a400003i\FNPLicensingService.exe
2009-07-02 08:05 . 2009-07-02 08:05 8704 ----a-w- c:\users\famille lamiaud\AppData\Roaming\Thinstall\CSDATA\1000000800002i\svchost.exe
2009-07-02 08:04 . 2009-07-02 08:04 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\Thinstall
2009-07-01 20:16 . 2006-11-22 08:01 693760 ----a-w- c:\windows\system32\drivers\hardlock.sys
2009-07-01 20:06 . 2009-07-07 16:00 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-07-01 20:06 . 2009-07-01 20:06 -------- d-----w- c:\program files\Common Files\Alias Shared
2009-07-01 15:19 . 2009-07-01 15:19 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\Anuman Interactive
2009-07-01 15:19 . 2009-07-01 15:19 347648 ----a-w- c:\users\famille lamiaud\AppData\Roaming\Anuman Interactive\AnumanLive\AnumanLive.exe
2009-07-01 13:06 . 2009-07-01 13:06 -------- d-----w- c:\windows\system32\(app)
2009-07-01 11:47 . 2009-07-01 11:47 -------- d-----w- c:\programdata\Messenger Plus!
2009-07-01 11:39 . 2009-07-01 11:39 -------- d-----w- c:\program files\Messenger Plus! Live
2009-06-30 19:02 . 2009-06-30 19:02 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\FlashGet
2009-06-30 19:02 . 2009-06-30 19:02 -------- d-----w- c:\program files\FlashGet
2009-06-30 18:59 . 2009-06-30 18:59 110 ----a-w- c:\windows\system32\cas.bat
2009-06-30 18:59 . 2009-06-24 12:04 -------- d-----w- c:\windows\system32\WEHBGS
2009-06-30 17:30 . 2009-06-30 17:30 -------- d-----w- c:\programdata\9146
2009-06-30 08:18 . 2007-08-21 13:21 794624 ----a-w- c:\windows\system32\spr32d35.dll
2009-06-30 08:15 . 2009-06-30 08:21 -------- d-----w- c:\program files\Architecte 3D Platinium Demo
2009-06-30 07:50 . 2009-07-08 16:30 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\ArchiFacile
2009-06-30 06:31 . 2009-07-11 14:17 -------- d-----w- c:\program files\iMesh Applications
2009-06-29 19:56 . 2009-06-29 19:56 -------- d-----w- c:\program files\Microsoft Works
2009-06-29 19:54 . 2009-06-29 19:54 -------- d-----w- c:\program files\Microsoft.NET
2009-06-29 19:50 . 2009-06-29 19:50 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-06-29 19:46 . 2009-06-29 19:46 -------- d--h--r- C:\MSOCache
2009-06-29 16:15 . 2009-07-11 14:18 -------- d-----w- c:\program files\Real Desktop
2009-06-29 15:04 . 2009-06-29 15:04 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\TuneUp Software
2009-06-29 14:48 . 2009-06-29 14:48 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\Real Desktop
2009-06-29 14:48 . 2009-06-29 14:48 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\Desktopicon
2009-06-29 01:01 . 2008-05-27 05:17 34816 ----a-w- c:\windows\system32\msscb.dll
2009-06-29 01:01 . 2008-05-27 05:17 11776 ----a-w- c:\windows\system32\msshooks.dll
2009-06-29 01:01 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2009-06-29 01:01 . 2008-05-27 04:59 106605 ----a-w- c:\windows\system32\StructuredQuerySchema.bin
2009-06-28 20:11 . 2009-06-28 20:11 -------- d-----w- c:\program files\Tony Hawk's Underground 2
2009-06-28 16:15 . 2009-06-28 16:15 -------- d--h--r- c:\users\famille lamiaud\AppData\Roaming\SecuROM
2009-06-28 16:13 . 2009-06-28 16:13 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-28 16:12 . 2009-06-28 16:12 -------- d-----w- c:\windows\system32\xlive
2009-06-28 16:12 . 2009-06-28 16:12 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-06-28 12:55 . 2009-06-28 14:56 -------- d-----w- c:\program files\Rockstar Games
2009-06-27 09:47 . 2009-07-02 07:57 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\dvdcss
2009-06-26 16:21 . 2009-06-26 16:21 -------- d-----w- c:\users\famille lamiaud\AppData\Local\Apple Computer
2009-06-26 13:25 . 2009-06-26 13:25 -------- d-----w- c:\program files\QuickTime
2009-06-26 13:25 . 2009-06-26 13:25 -------- d-----w- c:\programdata\Apple Computer
2009-06-26 13:24 . 2009-06-26 13:24 -------- d-----w- c:\users\famille lamiaud\AppData\Local\Apple
2009-06-25 19:35 . 2009-06-25 19:47 -------- d-----w- c:\program files\Counter-Strike Source MomoLAN Edition
2009-06-25 18:50 . 2009-06-25 18:50 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\CD-LabelPrint
2009-06-24 08:40 . 2009-06-24 08:40 -------- d-----w- c:\programdata\Xerox
2009-06-23 07:28 . 2009-06-23 07:28 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\Artisteer
2009-06-22 16:06 . 2009-07-04 16:25 -------- d-----w- c:\program files\Ubisoft
2009-06-21 17:39 . 2009-06-21 17:40 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\vlc
2009-06-21 17:10 . 2007-04-13 14:35 442368 ----a-w- c:\windows\system32\Cmeaupci.exe
2009-06-21 17:10 . 2007-03-26 17:39 65536 ----a-w- c:\windows\system32\CmiInstallResAll.dll
2009-06-21 17:10 . 2006-10-06 03:47 319968 ----a-w- c:\windows\difxapi.dll
2009-06-21 15:52 . 2009-06-21 15:52 -------- d-----w- c:\users\famille lamiaud\AppData\Local\Mozilla
2009-06-21 14:38 . 2009-06-21 14:38 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-21 14:38 . 2009-06-21 14:38 -------- d-----w- c:\program files\DivX
2009-06-21 14:33 . 2009-06-26 16:52 -------- d-----w- c:\programdata\SpeedBit
2009-06-21 14:33 . 2009-06-26 16:52 -------- d-----w- c:\program files\DAP
2009-06-21 11:06 . 2009-06-21 11:06 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\VitySoft
2009-06-20 14:00 . 2009-06-20 14:01 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\Sony Corporation
2009-06-20 13:55 . 2006-10-30 11:46 6097 ----a-w- c:\windows\system32\drivers\sonyhcb.sys
2009-06-20 13:55 . 2006-10-30 11:46 38739 ----a-w- c:\windows\system32\drivers\sonyhcc.sys
2009-06-20 13:55 . 2006-10-30 11:46 3654 ----a-w- c:\windows\system32\drivers\Sonyhcp.dll
2009-06-20 13:55 . 2006-10-30 11:46 299923 ----a-w- c:\windows\system32\drivers\sonyhcs.sys
2009-06-20 13:55 . 2006-10-30 11:46 53248 ----a-w- c:\windows\system32\SONYHCY.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-13 07:38 . 2009-05-26 12:09 81984 ----a-w- c:\windows\system32\bdod.bin
2009-07-12 13:08 . 2006-11-02 15:48 632908 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-12 13:08 . 2006-11-02 15:48 115570 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-12 10:05 . 2009-05-26 07:56 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-11 14:27 . 2009-05-27 11:03 -------- d-----w- c:\program files\Google
2009-07-11 14:20 . 2009-06-12 20:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-07 17:23 . 2009-05-30 16:14 -------- d-----w- c:\programdata\FLEXnet
2009-07-06 14:50 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-02 19:40 . 2009-05-26 06:33 49605 ----a-w- c:\programdata\nvModes.dat
2009-07-02 13:55 . 2009-07-02 13:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-07-01 12:21 . 2009-05-27 16:54 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\uTorrent
2009-06-30 01:01 . 2009-05-26 07:42 -------- d-----w- c:\programdata\Microsoft Help
2009-06-29 20:17 . 2009-05-26 04:23 198400 ----a-w- c:\users\famille lamiaud\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-29 19:56 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-06-28 19:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2009-06-28 13:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-06-28 13:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-28 13:36 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-28 13:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-06-28 13:35 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-28 13:10 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-06-28 13:10 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-06-26 16:52 . 2009-05-29 19:37 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-06-20 13:45 . 2009-05-30 10:14 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-14 19:06 . 2009-06-12 20:07 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\Canon
2009-06-13 06:57 . 2009-06-13 06:57 -------- d-----w- c:\program files\Clever Age
2009-06-13 06:56 . 2009-06-13 06:56 -------- d-----w- c:\program files\MSECache
2009-06-12 20:04 . 2009-06-12 20:04 -------- d-----w- c:\programdata\CanonIJPLM
2009-06-12 20:03 . 2009-06-12 20:00 -------- d-----w- c:\program files\Canon
2009-06-12 20:03 . 2009-06-12 20:03 -------- d-----w- c:\program files\Common Files\CANON
2009-06-12 20:00 . 2009-06-12 20:00 -------- d--h--w- c:\program files\CanonBJ
2009-06-09 15:42 . 2009-06-09 15:43 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-09 15:42 . 2009-06-09 15:42 -------- d-----w- c:\program files\Java
2009-06-04 21:11 . 2009-06-04 21:11 684872 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-05-31 21:21 . 2009-05-31 17:45 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-05-31 14:49 . 2009-05-31 14:49 -------- d-----w- c:\programdata\Blizzard
2009-05-30 16:18 . 2009-05-30 16:18 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\ImgBurn
2009-05-30 14:47 . 2009-05-30 14:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-30 14:27 . 2009-05-30 14:27 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-05-30 10:52 . 2009-05-30 10:19 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\Download Manager
2009-05-30 10:15 . 2009-05-30 10:15 1180 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-05-30 10:13 . 2009-05-30 10:13 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\Leadertech
2009-05-30 10:04 . 2009-05-30 10:04 -------- d-----w- c:\program files\EA Games
2009-05-30 09:35 . 2009-05-30 09:35 -------- d-----w- c:\program files\Alcohol Soft
2009-05-30 09:31 . 2009-05-30 09:31 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-29 20:04 . 2009-05-29 20:04 -------- d-----w- c:\program files\Free Offers from Freeze.com
2009-05-29 19:35 . 2009-05-29 19:35 -------- d-----w- c:\programdata\Stardock
2009-05-29 19:35 . 2009-05-29 19:35 -------- d-----w- c:\program files\Stardock
2009-05-29 19:26 . 2009-05-29 19:26 -------- d-----w- c:\program files\VideoLAN
2009-05-29 19:17 . 2009-05-29 19:17 98304 ----a-w- c:\users\famille lamiaud\AppData\Roaming\EleFun Desktops\tropicwaterfall_wallpaper\wallpaper.exe
2009-05-29 19:17 . 2009-05-29 19:17 57344 ----a-w- c:\users\famille lamiaud\AppData\Roaming\EleFun Desktops\tropicwaterfall_wallpaper\wallpaper.dll
2009-05-29 19:17 . 2009-05-29 19:17 151552 ----a-w- c:\users\famille lamiaud\AppData\Roaming\EleFun Desktops\tropicwaterfall_wallpaper\sysinfo.exe
2009-05-29 19:17 . 2009-05-29 19:17 1155708 ----a-w- c:\users\famille lamiaud\AppData\Roaming\EleFun Desktops\tropicwaterfall_wallpaper\flash.exe
2009-05-29 19:17 . 2009-05-29 19:17 1609732 ----a-w- c:\users\famille lamiaud\AppData\Roaming\EleFun Desktops\tropicwaterfall_wallpaper\swfplayer.exe
2009-05-29 19:17 . 2009-05-29 19:17 151624 ----a-w- c:\users\famille lamiaud\AppData\Roaming\EleFun Desktops\tropicwaterfall_wallpaper\uninstall.exe
2009-05-29 19:17 . 2009-05-29 19:17 225280 ----a-w- c:\users\famille lamiaud\AppData\Roaming\EleFun Desktops\tropicwaterfall_wallpaper\Tropic Waterfall_installer.exe
2009-05-29 19:17 . 2009-05-29 19:17 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\EleFun Desktops
2009-05-29 19:14 . 2009-05-29 19:14 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\.ZMatrix
2009-05-29 19:11 . 2009-05-26 05:51 -------- d--h--w- c:\users\famille lamiaud\AppData\Roaming\Bifrost
2009-05-28 18:47 . 2009-05-28 18:47 -------- d--h--w- c:\users\famille lamiaud\AppData\Roaming\installer
2009-05-28 18:47 . 2009-05-28 18:47 123951 ---h--w- c:\users\famille lamiaud\AppData\Roaming\installer\Intel.exe
2009-05-27 11:03 . 2009-05-27 11:03 -------- d-----w- c:\programdata\NOS
2009-05-27 01:06 . 2009-05-26 07:59 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-26 17:27 . 2009-05-26 17:26 -------- d-----w- c:\program files\WowCartographe
2009-05-26 16:01 . 2009-05-26 16:01 -------- d-----w- c:\program files\SFR
2009-05-26 13:45 . 2009-05-26 13:45 269312 ----a-w- c:\windows\system32\es.dll
2009-05-26 12:18 . 2009-05-26 12:18 104328 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2009-05-26 12:06 . 2009-05-26 12:00 -------- d-----w- c:\programdata\BitDefender
2009-05-26 12:01 . 2009-05-26 12:01 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\BitDefender
2009-05-26 12:01 . 2009-05-26 12:00 -------- d-----w- c:\program files\BitDefender
2009-05-26 12:01 . 2009-05-26 12:00 -------- d-----w- c:\program files\Common Files\BitDefender
2009-05-26 07:59 . 2009-05-26 07:54 -------- d-----w- c:\program files\Windows Live
2009-05-26 07:58 . 2009-05-26 07:58 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-05-26 07:57 . 2009-05-26 07:57 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-05-26 07:56 . 2009-05-26 07:56 -------- d-----w- c:\users\famille lamiaud\AppData\Roaming\InterTrust
2009-05-26 07:55 . 2009-05-26 07:55 -------- d-----w- c:\program files\Microsoft
2009-05-26 07:55 . 2009-05-26 07:55 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-26 07:53 . 2009-05-26 07:53 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-26 06:58 . 2009-05-26 06:33 -------- d-----w- c:\programdata\NVIDIA
2009-05-26 06:29 . 2009-05-26 06:29 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-05-26 06:29 . 2009-05-26 06:29 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-05-26 06:29 . 2009-05-26 06:29 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-05-26 06:29 . 2009-05-26 06:29 272896 ----a-w- c:\windows\system32\polstore.dll
2009-05-26 06:26 . 2009-05-26 06:26 94720 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-05-26 06:26 . 2009-05-26 06:26 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-05-26 06:26 . 2009-05-26 06:26 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-05-26 06:21 . 2009-05-26 06:21 -------- d--h--w- c:\programdata\CanonBJ
2009-05-26 06:15 . 2009-05-26 06:15 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-05-26 06:13 . 2009-05-26 06:13 296960 ----a-w- c:\windows\system32\gdi32.dll
2009-05-26 06:11 . 2009-05-26 06:11 212480 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-05-26 06:09 . 2009-05-26 06:09 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2009-05-26 06:09 . 2009-05-26 06:09 38912 ----a-w- c:\windows\system32\xolehlp.dll
2009-05-26 06:07 . 2009-05-26 06:07 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-05-26 06:07 . 2009-05-26 06:07 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-05-26 06:07 . 2009-05-26 06:07 1695744 ----a-w- c:\windows\system32\gameux.dll
2009-05-26 06:06 . 2009-05-26 06:06 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-05-26 06:05 . 2009-05-26 06:05 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-05-26 06:05 . 2009-05-26 06:05 1191936 ----a-w- c:\windows\system32\msxml3.dll
2009-05-26 06:00 . 2009-05-26 06:00 2048 ----a-w- c:\windows\system32\tzres.dll
2009-05-26 05:57 . 2009-05-26 05:57 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-05-26 12:17 . 2009-06-22 16:41 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
1990-01-01 01:01 . 1990-01-01 01:01 45056 --sh--r- c:\windows\System32\ebad32.dll
2008-01-19 07:33 . 2009-05-29 17:32 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-07-12_15.05.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-10 12:40 . 2009-07-12 20:20 56908 c:\windows\s\logg.dat
+ 2009-05-27 10:22 . 2009-03-26 15:35 210352 c:\windows\System32\idmmbc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{C8D60FED-1EF4-DC93-1EBA-254EDE19E339}"="c:\users\famille lamiaud\AppData\Roaming\s\svchost.exe" [2009-06-13 82301]
"{DD010E09-21E5-E79D-0FB1-1E7B2349D787}"="c:\users\famille lamiaud\AppData\Roaming\installer\Intel.exe" [2009-05-28 123951]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2819504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GDFirewallTray"="c:\program files\G Data\TotalCare\Firewall\GDFirewallTray.exe" [2009-05-08 882352]
"G DATA AntiVirus Trayapplication"="c:\program files\G Data\TotalCare\AVKTray\AVKTray.exe" [2009-05-08 921672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{BDCB0AE8-833C-61D2-29E1-CA811135D25A}"= "c:\windows\system32\ebad32.dll" [1990-01-01 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^famille lamiaud^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Outil de détection de support Picture Motion Browser.lnk]
path=c:\users\famille lamiaud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outil de détection de support Picture Motion Browser.lnk
backup=c:\windows\pss\Outil de détection de support Picture Motion Browser.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^famille lamiaud^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Real Desktop.lnk]
path=c:\users\famille lamiaud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Real Desktop.lnk
backup=c:\windows\pss\Real Desktop.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{35BF254B-95CB-4021-8539-A684103914F0}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{8CC1A739-889A-41A2-8CF5-486374443BE5}"= UDP:c:\program files\SFR\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player SFR)
"{119E070A-9C3D-4A88-8837-2BE61819F715}"= TCP:c:\program files\SFR\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player SFR)
"{C225A988-692E-4FA9-A59A-07D0CBEC983E}"= UDP:5353:Adobe CSI CS4
"{C2F0C60B-5B67-4108-8F65-B8BD95016738}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{246137CB-CDD2-434E-9C5F-D5463A22874D}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{F67D97AE-53E8-4596-855D-E74FB0EFCA43}"= UDP:c:\program files\Activision\Prototype\prototypef.exe:Prototype(TM)
"{383C7F35-A240-46AC-8259-92B563438E6C}"= TCP:c:\program files\Activision\Prototype\prototypef.exe:Prototype(TM)
"{C985D988-01BD-4367-81B7-4B6D4BB0BFE4}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{0E92B132-7E59-4F8C-9C86-622CCD57B4A3}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{C789E6BD-E972-482B-94D6-C3C171007981}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{763AC11B-5783-408B-BA37-07A4C7B1A402}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{A1A9E8B6-7068-4AF7-8398-10AC8E22176E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{74E98946-E402-4423-9DBD-0C164B8D67AE}"= UDP:c:\program files\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe:Call of Juarez - Bound in Blood
"{C2B433E7-A27C-47D3-9FD9-54A206C3FC8B}"= TCP:c:\program files\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe:Call of Juarez - Bound in Blood
"{D9508144-30C0-4DC8-AAB9-D6EC244D4CC4}"= UDP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{1C6C941B-3FD0-4F16-ADDB-9DA1C0A87106}"= TCP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{32DF32FE-7CE6-44AB-8A7A-E058B94B4E33}"= UDP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{833FA8CC-4BD1-42B5-8C52-D878E17BB3F8}"= TCP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{81EDBE1B-0BBC-4BBE-BBBE-9D087EBF036F}"= UDP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{B248E40D-6147-4601-BC07-4E8B9C5CFA04}"= TCP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{6F0B982E-BC5B-4242-ADF2-72E58E5D69BA}"= UDP:c:\program files\Autodesk\3ds Max 2010\3dsmax.exe:Autodesk 3ds Max 2010 32-bit
"{ECA0EFB2-8921-43B7-A99C-1931F6DB76C2}"= TCP:c:\program files\Autodesk\3ds Max 2010\3dsmax.exe:Autodesk 3ds Max 2010 32-bit
"{5D11BCDC-ABD9-46EC-944C-F78F78C3C9D4}"= UDP:c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe:mental ray satellite for Autodesk 3ds Max 2010 32-bit
"{6610F330-44FE-4B5E-8993-6780D2A83D73}"= TCP:c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe:mental ray satellite for Autodesk 3ds Max 2010 32-bit
"{04548E18-0B49-47B9-86FC-B57EED8FF5D2}"= UDP:c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe:mental ray satellite server for Autodesk 3ds Max 2010 32-bit
"{2D869170-ACF8-4DF7-9931-DC88E3D658CC}"= TCP:c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe:mental ray satellite server for Autodesk 3ds Max 2010 32-bit

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 gdwfpcd;G DATA WFP CD;c:\windows\System32\drivers\gdwfpcd32.sys [06/07/2009 16:50 40392]
R1 GRD;G Data Rootkit Detector Driver;c:\windows\System32\drivers\GRD.sys [06/07/2009 16:59 29128]
R2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe [08/05/2009 10:41 1044552]
R2 AVKService;Planificateur G Data;c:\program files\G Data\TotalCare\AVK\AVKService.exe [08/05/2009 10:41 388168]
R2 AVKWCtl;G Data Gardien;c:\program files\G Data\TotalCare\AVK\AVKWCtl.exe [07/05/2009 02:53 1210216]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [06/10/2008 17:16 82696]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [13/04/2009 11:51 86016]
R3 bdfm;BDFM;c:\windows\System32\drivers\bdfm.sys [18/09/2008 11:09 111112]
R3 GDFwSvc;Pare-feu personnel G Data;c:\program files\G Data\TotalCare\Firewall\GDFwSvc.exe [10/03/2009 03:31 1416216]
R3 GDMnIcpt;GDMnIcpt;c:\windows\System32\drivers\MiniIcpt.sys [06/07/2009 16:51 50632]
R3 GDPkIcpt;GDPkIcpt;c:\windows\System32\drivers\PktIcpt.sys [06/07/2009 16:51 51656]
R3 GDScan;G Data Scanner;c:\program files\Common Files\G DATA\GDScan\GDScan.exe [10/03/2009 03:47 298568]
R3 HookCentre;HookCentre;c:\windows\System32\drivers\HookCentre.sys [06/07/2009 16:51 32200]
R3 NdisrdMP;NdisrdMP;c:\windows\System32\drivers\Ndisrd.sys [02/07/2009 21:05 22016]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [26/05/2009 09:59 55280]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
S3 G Data Tuner Service;G Data Tuner Service;c:\program files\G Data\TotalCare\AVKTuner\AVKTunerService.exe [25/02/2009 04:18 907336]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 Ndisrd;WinpkFilter Service;c:\windows\System32\drivers\Ndisrd.sys [02/07/2009 21:05 22016]
S3 Service G Data Backup;Service G Data Backup;c:\program files\G Data\TotalCare\AVKBackup\AVKBackupService.exe [10/03/2009 04:24 852040]
S4 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [17/07/2008 12:06 118784]
S4 gupdate1c9f27dfb2199cb;Service Google Update (gupdate1c9f27dfb2199cb);c:\program files\Google\Update\GoogleUpdate.exe [21/06/2009 16:38 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C8D60FED-1EF4-DC93-1EBA-254EDE19E339}]
c:\windows\s\svchost.exe s

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DD010E09-21E5-E79D-0FB1-1E7B2349D787}]
c:\program files\installer\Intel.exe s
.
Contents of the 'Scheduled Tasks' folder

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-21 14:38]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-21 14:38]

2009-07-13 c:\windows\Tasks\User_Feed_Synchronization-{8A225F2D-099B-4515-8CA2-20755F7F3E60}.job
- c:\windows\system32\msfeedssync.exe [2009-05-29 07:33]
.
.
------- Supplementary Scan -------
.
IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Download with Rapget - c:\users\famille lamiaud\Desktop\RapGet [Wawa-Mania][By i_love_sexe]\rapget.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
LSP: c:\windows\system32\idmmbc.dll
FF - ProfilePath - c:\users\famille lamiaud\AppData\Roaming\Mozilla\Firefox\Profiles\8xtk6h4p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\components\avkwebfilterff.dll
FF - component: c:\users\famille lamiaud\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 09:40
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2206738436-4009848665-2407041408-1000\Software\SecuROM\License information*]
"datasecu"=hex:40,df,fc,44,51,09,0d,70,9c,37,02,f3,35,15,a7,b6,da,bd,6d,8b,6d,
6a,af,d2,46,58,6d,9b,dc,be,16,cf,08,f1,90,07,c3,8a,ed,47,9d,af,79,b7,d8,f1,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2009\vsserv.exe
c:\windows\System32\audiodg.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\conime.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-07-13 9:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-13 07:46
ComboFix2.txt 2009-07-12 15:07

Pre-Run: 144 907 403 264 octets libres
Post-Run: 144 975 228 928 octets libres

412 --- E O F --- 2009-06-30 01:01
0
Réponse 43 / 60
thomas0785 Messages postés 179 Statut Membre
 
MBAM Fonctionne !

Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2297
Windows 6.0.6001 Service Pack 1

13/07/2009 11:00:28
mbam-log-2009-07-13 (11-00-28).txt

Type de recherche: Examen rapide
Eléments examinés: 75765
Temps écoulé: 5 minute(s), 17 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\imeshmediabar.stockbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\imeshmediabar.stockbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{c8d60fed-1ef4-dc93-1eba-254ede19e339} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\famille lamiaud\AppData\Roaming\s\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
0
Réponse 44 / 60
Utilisateur anonyme
 
Salut.

Ré-ouvre MBAM, va sur l'onglet "Quarantaine" et supprime tout ce qui s'y trouve.

==============================

Passe ce petit nettoyeur :

▶ Télécharge CCleaner, version Slim, sans toolbar:

CCLEANER

▶ Va dans "Options">>"Avancé". Décoche la première ligne.

▶ Va dans la section "Nettoyeur". Lance l'analyse. La liste créée, lance le nettoyage deux fois de suite afin d'obtenir 0bytes supprimé!

▶ Ensuite dans "Registre", lance une recherche des erreurs. La liste créée, fais-les réparer.

/!\ A ce moment CCleaner te demande normalement de sauvegarder le registre, fais-le. /!\

▶ Recommence ensuite le cycle Recherche/Réparation des erreurs jusqu'à n'en trouver aucune lors de la recherche.

===============================

Nettoyage des outils:

▶ Télécharge ToolsCleaner par A.Rothstein & dj QUIOU sur ton Bureau:

Toolscleaner

▶ Clique sur Recherche et laisse le scan se terminer.

▶ Clique sur Suppression pour finaliser.

▶ Clique sur Quitter, pour que le rapport puisse se créer.

▶ Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).

=================================

Redémarre ton pc et poste un nouveau rapport RSIT. Hijackthis et RSIT s'étant normalement faits supprimer par Toolscleaner (RSIT a besoin d'Hijackthis pour être complet), tu peux les retrouver ici :

HijackThis :

▶ Télécharge hijackthis

▶ Tout est expliqué sur ce site web pour l'installer et l'utiliser correctement.

RSIT :

http://images.malwareremoval.com/random/RSIT.exe

▶ Double-clique sur RSIT.exe.

▶ Clique sur Continue à l'écran Disclaimer.

▶ Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

++
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 60
thomas0785 Messages postés 179 Statut Membre
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by famille lamiaud at 2009-07-13 13:50:32
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 138 GB (59%) free of 234 GB
Total RAM: 2046 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:50:43, on 13/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\Explorer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\famille lamiaud\Desktop\RSIT.exe
C:\Program Files\trend micro\HijackThis\famille lamiaud.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\TotalCare\Webfilter\AVKWebIE.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\TotalCare\Webfilter\AVKWebIE.dll
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G Data\TotalCare\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G Data\TotalCare\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [{DD010E09-21E5-E79D-0FB1-1E7B2349D787}] C:\Users\famille lamiaud\AppData\Roaming\installer\Intel.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with Rapget - C:\Users\famille lamiaud\Desktop\RapGet [Wawa-Mania][By i_love_sexe]\rapget.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1244562212888&h=4a694804e93d36a5bceb5b87cf99d8f9/&filename=jinstall-6u13-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - (no file)
O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: Planificateur G Data (AVKService) - G Data Software AG - C:\Program Files\G Data\TotalCare\AVK\AVKService.exe
O23 - Service: G Data Gardien (AVKWCtl) - G Data Software AG - C:\Program Files\G Data\TotalCare\AVK\AVKWCtl.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: G Data Tuner Service - G Data Software AG - C:\Program Files\G Data\TotalCare\AVKTuner\AVKTunerService.exe
O23 - Service: Pare-feu personnel G Data (GDFwSvc) - G Data Software AG - C:\Program Files\G Data\TotalCare\Firewall\GDFwSvc.exe
O23 - Service: G Data Scanner (GDScan) - G DATA Software AG - C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: Service G Data Backup - G Data Software AG - C:\Program Files\G Data\TotalCare\AVKBackup\AVKBackupService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
0
Réponse 46 / 60
thomas0785 Messages postés 179 Statut Membre
 
J'ai pas le fichier info.....
0
Réponse 47 / 60
thomas0785 Messages postés 179 Statut Membre
 
Le truc tools cleaner a supprimé hijackthis
0
Réponse 48 / 60
Utilisateur anonyme
 
Ok ! Comment va le pc ?

Tu peux me dire ce qui se trouve ici : C:\Windows\oxxhz.txt

Et ici : C:\Program Files\wvzarxbz.txt

Si tu ne sais pas, tu peux supprimer.

====================================

On va terminer :

OTM :

▶ Télécharge OTM (de Old_Timer) sur ton Bureau

▶ Double-clique sur OTM.exe pour le lancer.

▶ Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.

▶ Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTM sous "Paste instructions for item to be moved".

-----------------------------------------------------------------------------

:processes
explorer.exe

:files
c:\windows\PEV.txt
c:\windows\system32\tmp.txt

:commands
[purity]
[emptytemp]
[start explorer]

-----------------------------------------------------------------------------

▶ clique sur MoveIt! pour lancer la suppression.

▶ Le résultat apparaitra dans le cadre "Results".

▶ Clique sur Exit pour fermer.

▶ Poste le rapport situé dans C:\_OTM\MovedFiles.

▶ Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

===========================

Reviens me dire comment se comporte le pc.

++
0
Réponse 49 / 60
thomas0785 Messages postés 179 Statut Membre
 
Re.

Voilà : All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder c:\windows\PEV.txt not found.
c:\windows\system32\tmp.txt moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: famille lamiaud
->Temp folder emptied: 53475 bytes
->Temporary Internet Files folder emptied: 65670 bytes
->Java cache emptied: 9810204 bytes
->FireFox cache emptied: 33381708 bytes
->Google Chrome cache emptied: 62625981 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\Windows\temp\hlktmp scheduled to be deleted on reboot.
Windows Temp folder emptied: 972773483 bytes
RecycleBin emptied: 3563260 bytes

Total Files Cleaned = 1032.17 mb

OTM by OldTimer - Version 3.0.0.5 log created on 07132009_144637

Files moved on Reboot...
C:\Windows\temp\hlktmp moved successfully.

IL Y A TJRS AUTANT DE PROCESSUS....;-(

++
0
Réponse 50 / 60
thomas0785 Messages postés 179 Statut Membre
 
EXEMPLE : IL Y A 20 PROCESSUS svchost.exe
0
Réponse 51 / 60
Utilisateur anonyme
 
RE.

Relance OTM, copie ce qui suit et fais la même manip' :

:files
c:\windows\PEV.exe

=========================================

▶ Désactive ton antivirus

▶ Rends toi sur ce site : https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr (avec Internet Explorer uniquement)

▶ En bas à droite, clique sur Démarrer Online-scanner

▶ Dans la nouvelle fenêtre qui s'affiche clique sur J'accepte

▶ Accepte les Contrôle ActiveX

▶ Choisis Poste de travail pour le scan.

▶ Celui-ci terminé, sauvegarde le rapport (choisis fichier texte) et poste le dans ta prochaine réponse.

▶ Pour t'aider à utiliser le scan en ligne, consulte ce tutoriel

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

++
0
Réponse 52 / 60
thomas0785 Messages postés 179 Statut Membre
 
========== FILES ==========
c:\windows\PEV.exe moved successfully.

OTM by OldTimer - Version 3.0.0.5 log created on 07132009_152136
0
Réponse 53 / 60
thomas0785 Messages postés 179 Statut Membre
 
C'est mega long kaspersky...
50 analysés fichiers en 10 minutes
0
Réponse 54 / 60
thomas0785 Messages postés 179 Statut Membre
 
Voilà : http://ww38.toofiles.com/fr/oip/documents/html/pr6al6-a793c8-5ub89n.html

Bon le nom na aucun rapport avec le fichier...C'est un de mes delires...
0
Réponse 55 / 60
thomas0785 Messages postés 179 Statut Membre
 
Et j'ai aussi déjà supprimé les fichiers infectés
0
Réponse 56 / 60
Utilisateur anonyme
 
Salut.

Tu as tout supprimé alors ?

Et tu as remarqué un mieux sur le pc ?

++
0
Réponse 57 / 60
thomas0785 Messages postés 179 Statut Membre
 
Re.

Toujours trop de processus, 1.25 go en tout...

++
0
Réponse 58 / 60
thomas0785 Messages postés 179 Statut Membre
 
ReRe.

As-tu une autre solution ?

++
0
Réponse 59 / 60
Utilisateur anonyme
 
Je t'envoie un MP.

++
0
Réponse 60 / 60
thomas0785 Messages postés 179 Statut Membre
 
Re.

Ok

++
0
Précédent
  • 1
  • 2
  • 3

Discussions similaires

Prélèvement Apple.com Bill
Eva_007 -
kikine -

8 réponses
Prélèvement inconnu APPLE.COM/BILL ORIGINE IRL
leon274 -
HelpiOS -

1 réponse
Prélèvements sur Itunes.com/bill Itunes.com Lu
christinesibille -
Rahimullah -

71 réponses
Prélèvement GD Media.
constance -
Nucoptere -

9 réponses
Facture de google 380€ !
Misternet -
okapi -

61 réponses