Sujet Précédent Sujet Suivant

Accélérer mon pc

haruso -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Il y a 3 semaines une personne m'a aider à supprimer tous les petits virus que j'avais accumulé(pop up ...)
Je le remercie encore mais seulement mon pc rame un peu depuis donc j'aimerais qu'on m'aide à accélérer mon pc!!

Merci d'avance

Cordialement,
Haruso
A voir également:

28 réponses

  • 1
  • 2
Réponse 1 / 28
tchaning Messages postés 4629 Statut Membre 299
 
portable fixe .?
0
Réponse 2 / 28
haruso
 
c'est un ordinateur fixe avec une tour et tout quoi^^
0
Réponse 3 / 28
tchaning Messages postés 4629 Statut Membre 299
 
regarde et decoche les programme ki te sont inutile au demarrage

demarrer ==> executer ==> msconfig ==> onglet demarrage
0
Réponse 4 / 28
haruso
 
J'avais déja décoché certains programmes mais j'en est redécoché et c'est déja mieu.
Si tu connais d'autres petit truc comme cela pour accélérer le pc ,je suis preneur :)
Et je voudrais que tu m'aide car "des fois" j'ouvre un site web, il s'affiche rapidement mais il charge proxy.daylimotion.com ou alors sense.daylimotion.com ou encore comme la sur cette page logc15.xiti.com
Daylimotion est un exemple mais il n'y a pas que ce site.

Merci de bien vouloir m'aider

Cordialement,
Haruso
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 28
tchaning Messages postés 4629 Statut Membre 299
 
alors la telecharge HIJACKTHIS

lance un scan , puis copie et colle ici le rapport du programme
0
Réponse 6 / 28
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt firefox n'est pas a jour

et tu peux pour nettoyer lancer glary utilities (sans mettre l'askbar)

https://www.commentcamarche.net/telecharger/utilitaires/11165-glary-utilities/

qui avait virer les infections? demande dans le meme post sinon !
0
Réponse 7 / 28
haruso
 
C'est Ske98 je crois un truc comme cela, il s'est bien occupé de moi.

Voici le rapport HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:20, on 29/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\sav du saumurois\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.olidata.com/
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Update Service (gupdate1c98c6f69c3c64a) (gupdate1c98c6f69c3c64a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O24 - Desktop Component 0: (no name) - http://www.evous.fr/musique/plugins/notation/notation.js
0
Réponse 8 / 28
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok fais glary utilities

__________________

désactive la protection en temps réel de Spyware Terminator

car tu as déjà kaspersky qui le fait , et cela fait ramer

______________

♦ Télécharge Ad-remover ( de C_XX ) sur ton bureau :

http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

♦ Déconnecte toi et ferme toutes applications en cours !

♦ clic droit sur "Ad-R.exe" en tant qu'administrateur pour lancer l'installation et laisse les paramètres d'installation par défaut .

♦ clic droit sur le raccourci Ad-remover en tant qu'administrateur qui est sur ton bureau pour lancer l'outil .

♦ Au menu principal choisis l'option "L" et tape sur [entrée] .

♦ Laisse travailler l'outil et ne touche à rien ...

♦ Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

♦ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
Réponse 9 / 28
haruso
 
Voici le rapport Ad-report :

.
======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/06/2009 à 7:10 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 13:02:16, 29/07/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: ORDINATEUR | Utilisateur actuel: sav du saumurois
.
Administrateur: Administrateur
N'est pas administrateur: ASPNET
N'est pas administrateur: HelpAssistant *Desactive*
Administrateur: HsUser_RtH5uj6PszD
N'est pas administrateur: Invité *Desactive*
Administrateur: sav du saumurois
N'est pas administrateur: SUPPORT_388945a0 *Desactive*
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
HKCR\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
HKCR\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
HKCR\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
.
C:\DOCUME~1\SAVDUS~1\APPLIC~1\Mozilla\Firefox\Profiles\8k4c4xwg.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome.manifest
C:\DOCUME~1\SAVDUS~1\APPLIC~1\Mozilla\Firefox\Profiles\8k4c4xwg.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome.manifest.dev
C:\DOCUME~1\SAVDUS~1\APPLIC~1\Mozilla\Firefox\Profiles\8k4c4xwg.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\install.rdf
C:\DOCUME~1\SAVDUS~1\APPLIC~1\Mozilla\Firefox\Profiles\8k4c4xwg.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\install.rdf.bak
C:\DOCUME~1\SAVDUS~1\APPLIC~1\Mozilla\Firefox\Profiles\8k4c4xwg.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome
C:\DOCUME~1\SAVDUS~1\APPLIC~1\Mozilla\Firefox\Profiles\8k4c4xwg.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults
C:\DOCUME~1\SAVDUS~1\APPLIC~1\Mozilla\Firefox\Profiles\8k4c4xwg.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF
C:\DOCUME~1\SAVDUS~1\APPLIC~1\Mozilla\Firefox\Profiles\8k4c4xwg.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome\ajtoolbar.jar
C:\DOCUME~1\SAVDUS~1\APPLIC~1\Mozilla\Firefox\Profiles\8k4c4xwg.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences
C:\DOCUME~1\SAVDUS~1\APPLIC~1\Mozilla\Firefox\Profiles\8k4c4xwg.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\ask.gif
C:\DOCUME~1\SAVDUS~1\APPLIC~1\Mozilla\Firefox\Profiles\8k4c4xwg.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\ask.src
C:\DOCUME~1\SAVDUS~1\APPLIC~1\Mozilla\Firefox\Profiles\8k4c4xwg.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\snipit.js
C:\DOCUME~1\SAVDUS~1\APPLIC~1\Mozilla\Firefox\Profiles\8k4c4xwg.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\config.dat.bak
C:\DOCUME~1\SAVDUS~1\APPLIC~1\Mozilla\Firefox\Profiles\8k4c4xwg.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\config.dat
C:\DOCUME~1\SAVDUS~1\APPLIC~1\Mozilla\Firefox\Profiles\8k4c4xwg.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF\manifest.mf
C:\DOCUME~1\SAVDUS~1\APPLIC~1\Mozilla\Firefox\Profiles\8k4c4xwg.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF\zigbert.rsa
C:\DOCUME~1\SAVDUS~1\APPLIC~1\Mozilla\Firefox\Profiles\8k4c4xwg.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF\zigbert.sf
C:\DOCUME~1\SAVDUS~1\APPLIC~1\Mozilla\Firefox\Profiles\8k4c4xwg.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
C:\Program Files\AskBarDis\unins000.dat
C:\Program Files\AskBarDis\unins000.exe
C:\Program Files\AskBarDis\bar
C:\Program Files\AskBarDis\bar\Settings
C:\Program Files\AskBarDis\bar\bin
C:\Program Files\AskBarDis\bar\Settings\config.dat.bak
C:\Program Files\AskBarDis\bar\Settings\config.dat
C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
C:\Program Files\AskBarDis\bar\bin\psvince.dll
C:\Program Files\AskBarDis

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.

* Mozilla FireFox Version 3.0.12 *

Nom du profil: 8k4c4xwg.default (sav du saumurois)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Google");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.google.fr/");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.12");
.
.

* Internet Explorer Version 8.0.6001.18702 *

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Start Page: hxxp://fr.msn.com/?ocid=iehp

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

.
============== Processus Caches/Bloque ==============
.
PID: 152 [LOCKED] AVP.EXE
PID: 3860 [LOCKED] AVP.EXE
.

============== Suspect (Cracks, Serials ... ) ==============

.
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
C:\Documents and Settings\All Users\Application Data\Spyware Terminator\SharedFiles\SPT_38_DB_3.007.027.0000_patch_3.007.024.000.torrent
C:\Documents and Settings\All Users\Application Data\Spyware Terminator\SharedFiles\SPT_38_DB_3.007.028.0000_patch_3.007.027.000.torrent
C:\Documents and Settings\All Users\Application Data\Spyware Terminator\SharedFiles\SPT_38_DB_3.007.029.0000_patch_3.007.028.000.torrent
C:\Documents and Settings\sav du saumurois\Local Settings\Temporary Internet Files\Content.IE5\N5HI7D5W\SPT_38_DB_3.007.029.0000_patch_3.007.028.000[1].torrent
.
===================================
.
6764 Octet(s) - C:\Ad-Report-CLEAN.log
.
5 Fichier(s) - C:\DOCUME~1\SAVDUS~1\LOCALS~1\Temp
10 Fichier(s) - C:\WINDOWS\Temp
.
18 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
10 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 15:17:52 | 29/07/2009
.
============== E.O.F ==============
.
0
Réponse 10 / 28
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok fais l'option de suppression avec ad remover et vire tout

kaspersky et spyware terminator sont des versions legales ou pas?

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
C:\Documents and Settings\All Users\Application Data\Spyware Terminator\SharedFiles\SPT_38_DB_3.007.027.0000_patch_3.007.024.000.torrent
C:\Documents and Settings\All Users\Application Data\Spyware Terminator\SharedFiles\SPT_38_DB_3.007.028.0000_patch_3.007.027.000.torrent
C:\Documents and Settings\All Users\Application Data\Spyware Terminator\SharedFiles\SPT_38_DB_3.007.029.0000_patch_3.007.028.000.torrent
C:\Documents and Settings\sav du saumurois\Local Settings\Temporary Internet Files\Content.IE5\N5HI7D5W\SPT_38_DB_3.007.029.0000_patch_3.007.028.000[1].torrent
.
0
Réponse 11 / 28
haruso
 
J'ai acheté Kaspersky Antivirus dans un magasin tandis que Spyware Terminator c'est Ske98 qui m'avais dit de le télécharger car c'était un bon Anti Malware
0
Réponse 12 / 28
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
oui mais ne pas le telecharger sur torrent mais sur le site officiel

vire le

puis remets le depuis ce lien sans activer la protection en temps reél

https://www.commentcamarche.net/telecharger/securite/20947-spyware-terminator/
0
Réponse 13 / 28
haruso
 
Je l'ai télécharger sur un site officiel pas sur torrent.
Mon pc rame beaucoup moins depuis que tu m'a aidé mais par contre j'aimerais que tu essaye de régler mon problème des chargements de page.
Ce n'est pas sur toute les pages mais par exemple daylimotion il charge toujours quelque chose (EX: transfert des données depuis proxy-28.daylimotion.com) c'est quoi sa?
0
Réponse 14 / 28
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 15 / 28
haruso
 
Voici le rapport:

ComboFix 09-07-29.04 - sav du saumurois 30/07/2009 13:14.1.1 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.515 [GMT 2:00]
Running from: c:\documents and settings\sav du saumurois\Bureau\Spybots\Commen sa marche\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\10fa5a0.msi
c:\windows\Installer\14c50b8.msi
c:\windows\Installer\8a2108.msi
c:\windows\Installer\WinRMSrv.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\17687090.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games

((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))))
.

2009-07-29 11:02 . 2009-07-29 11:02 -------- d-----w- c:\program files\Ad-remover
2009-07-29 11:00 . 2009-07-29 11:00 -------- d-----w- c:\documents and settings\sav du saumurois\Application Data\GlarySoft
2009-07-29 10:58 . 2009-07-29 10:58 -------- d-----w- c:\program files\Glary Utilities
2009-07-19 13:25 . 2009-07-19 13:25 737280 ----a-w- c:\windows\iun6002.exe
2009-07-17 20:32 . 2009-07-17 20:32 -------- d-----w- c:\documents and settings\sav du saumurois\Local Settings\Application Data\Temp
2009-07-02 16:47 . 2009-07-02 16:47 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2009-07-02 16:47 . 2009-07-02 16:47 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2009-07-02 16:47 . 2009-07-02 16:47 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-07-02 16:47 . 2009-07-02 16:47 -------- d-----w- c:\documents and settings\sav du saumurois\Application Data\Spyware Terminator
2009-07-02 16:46 . 2009-07-02 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-07-02 16:46 . 2009-07-02 16:46 -------- d-----w- c:\program files\Spyware Terminator
2009-07-01 19:21 . 2009-07-01 19:23 5253 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2009-07-01 19:04 . 2008-06-14 17:33 272768 ------w- c:\windows\system32\dllcache\bthport.sys
2009-07-01 19:03 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-01 19:03 . 2009-02-09 11:24 2191104 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-07-01 19:03 . 2009-03-06 14:20 286720 ------w- c:\windows\system32\dllcache\pdh.dll
2009-07-01 19:03 . 2009-02-09 11:23 111104 ------w- c:\windows\system32\dllcache\services.exe
2009-07-01 19:03 . 2009-02-09 10:53 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-07-01 19:03 . 2009-02-09 10:53 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-07-01 19:03 . 2009-02-09 10:53 685568 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-07-01 19:03 . 2009-02-09 10:53 735744 ------w- c:\windows\system32\dllcache\lsasrv.dll
2009-07-01 19:03 . 2009-02-09 10:53 739840 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-07-01 19:03 . 2009-02-09 10:53 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-01 19:03 . 2009-02-09 11:23 2147328 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-07-01 19:03 . 2009-02-09 11:23 2025984 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-01 19:02 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-07-01 19:02 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-07-01 19:02 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-07-01 19:02 . 2008-04-11 19:05 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-07-01 19:01 . 2008-12-16 12:31 354304 ------w- c:\windows\system32\dllcache\winhttp.dll
2009-07-01 19:01 . 2008-10-15 16:35 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-07-01 19:00 . 2008-04-21 21:15 219136 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-07-01 18:28 . 2009-07-01 18:28 -------- d-----w- c:\windows\system32\fr
2009-07-01 18:28 . 2009-07-01 18:28 -------- d-----w- c:\windows\l2schemas
2009-07-01 18:28 . 2009-07-01 18:28 -------- d-----w- c:\windows\system32\bits
2009-07-01 18:25 . 2009-07-01 18:25 -------- d-----w- c:\windows\ServicePackFiles
2009-07-01 18:10 . 2009-07-01 18:10 -------- d-----w- c:\windows\EHome
2009-07-01 14:54 . 2009-07-01 14:54 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-01 14:06 . 2009-07-01 14:06 20 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\bases\apu\ForDiff\apu0003.dat.com
2009-07-01 13:49 . 2009-07-01 13:49 -------- d-sh--w- c:\documents and settings\sav du saumurois\IECompatCache
2009-07-01 13:47 . 2009-07-01 13:47 -------- d-sh--w- c:\documents and settings\sav du saumurois\PrivacIE
2009-07-01 13:45 . 2009-07-01 13:45 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-01 13:45 . 2009-07-01 13:45 -------- d-sh--w- c:\documents and settings\sav du saumurois\IETldCache
2009-07-01 13:40 . 2009-07-01 13:40 -------- d--h--w- c:\windows\msdownld.tmp
2009-07-01 13:40 . 2009-07-01 13:40 -------- d-----w- c:\windows\ie8updates
2009-07-01 13:38 . 2009-07-01 13:38 -------- d--h--w- c:\windows\ie8
2009-07-01 13:36 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-07-01 13:36 . 2009-07-03 16:57 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-01 13:36 . 2009-07-03 16:57 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-01 13:13 . 2009-07-01 13:13 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-01 13:13 . 2009-07-01 13:13 152576 ----a-w- c:\documents and settings\sav du saumurois\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-01 11:18 . 2009-07-01 11:18 -------- d-----w- c:\windows\BDOSCAN8
2009-06-30 20:05 . 2009-06-30 20:05 -------- d-----w- c:\documents and settings\sav du saumurois\Application Data\Malwarebytes
2009-06-30 20:04 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-30 20:04 . 2009-06-30 20:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-30 20:04 . 2009-06-30 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-30 20:04 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 11:20 . 2008-02-13 18:37 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-30 11:20 . 2008-02-13 18:37 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-30 11:20 . 2008-02-13 18:37 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-30 11:20 . 2008-02-13 18:37 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-21 10:56 . 2009-06-26 17:09 208616 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-07-03 16:57 . 1979-12-31 22:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 06:26 . 1979-12-31 22:00 78346 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-02 06:26 . 1979-12-31 22:00 476620 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-01 19:23 . 2008-02-06 17:06 73800 ----a-w- c:\documents and settings\sav du saumurois\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 19:23 . 2008-11-27 10:43 72066 ----a-w- c:\windows\BricoPackUninst.cmd
2009-07-01 19:23 . 1979-12-31 22:00 219648 ----a-w- c:\windows\system32\uxtheme.dll
2009-07-01 18:31 . 2004-09-22 11:57 76507 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-01 13:34 . 2009-02-19 07:56 0 ----a-r- c:\documents and settings\sav du saumurois\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
2009-06-28 18:46 . 2009-06-28 18:46 -------- d-----w- c:\documents and settings\sav du saumurois\Application Data\InstallShield
2009-06-27 11:21 . 2009-06-27 11:21 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-27 11:21 . 2009-06-27 11:21 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-27 11:21 . 2009-06-27 11:21 -------- d-----w- c:\documents and settings\sav du saumurois\Application Data\TuneUp Software
2009-06-27 11:21 . 2009-06-27 11:21 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-06-27 11:21 . 2009-06-27 11:21 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-06-27 11:20 . 2009-06-27 11:20 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-26 17:10 . 2008-02-13 18:37 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-06-26 17:10 . 2008-02-13 18:37 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-06-26 17:10 . 2008-01-29 15:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-06-26 17:10 . 2009-06-26 17:09 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-06-26 17:10 . 2009-06-26 17:09 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-06-26 09:23 . 2009-06-26 09:23 -------- d-----w- c:\program files\Panicware
2009-06-23 17:40 . 2009-06-23 17:40 -------- d-----w- c:\program files\TVersity
2009-06-16 16:21 . 2009-06-16 16:21 137 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\fusioncache.dat
2009-06-16 16:21 . 2009-06-16 16:21 139 ----a-w- c:\documents and settings\sav du saumurois\Local Settings\Application Data\fusioncache.dat
2009-06-16 16:21 . 2009-06-16 16:21 -------- d-----w- c:\program files\Windows Media Connect
2009-06-16 14:40 . 1979-12-31 22:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 1979-12-31 22:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:10 . 1979-12-31 22:00 1297408 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 18:25 . 2009-06-03 18:25 -------- d-----w- c:\program files\QuickTime
2009-06-03 18:14 . 2009-06-03 18:14 55920 ---ha-w- c:\windows\system32\mlfcache.dat
2009-05-30 10:50 . 2009-05-30 10:50 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-29 11:36 . 2009-03-14 06:24 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 11:36 . 2008-11-09 19:39 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-07 15:33 . 1979-12-31 22:00 348672 ----a-w- c:\windows\system32\localspl.dll
2009-05-03 13:50 . 2009-05-03 13:50 2876234 ----a-w- c:\program files\DofusInstaller_v1_27_0.exe
2008-02-06 16:52 . 2008-02-06 16:52 278528 ----a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
2004-07-22 08:51 . 2004-07-22 08:51 3432656 ----a-w- c:\program files\ManagedDX.CAB
2004-07-19 20:58 . 2004-07-19 20:58 1156363 ----a-w- c:\program files\BDANT.cab
2004-07-19 20:53 . 2004-07-19 20:53 976020 ----a-w- c:\program files\BDAXP.cab
2004-07-09 12:17 . 2004-07-09 12:17 13265040 ----a-w- c:\program files\dxnt.cab
2004-07-09 07:13 . 2004-07-09 07:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-07-09 07:13 . 2004-07-09 07:13 703080 ----a-w- c:\program files\BDA.cab
2004-07-09 02:08 . 2004-07-09 02:08 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 02:08 . 2004-07-09 02:08 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 01:03 . 2004-07-09 01:03 62976 ----a-w- c:\program files\DSETUP.dll
2009-07-23 15:12 . 2009-05-31 18:44 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-07-02 3055616]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-07-21 208616]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-07-02 2173440]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"CARPService"="carpserv.exe" - c:\windows\system32\carpserv.exe [2001-12-23 4608]

[HKLM\~\startupfolder\C:^Documents and Settings^sav du saumurois^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
backup=c:\windows\pss\RocketDock.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\French\\setup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\System32\\dpnsvr.exe"=
"c:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\WINDOWS\\System32\\java.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 17:29 33808]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [02/07/2009 18:47 142592]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [03/06/2009 14:46 92008]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/12/2007 13:28 24592]
R3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\drivers\M1000KNT.sys [14/05/2008 15:49 449483]
R3 Tunx00;FunTV Video Capture;c:\windows\system32\drivers\Tunx00.sys [22/09/2004 14:19 302720]
R3 TxTuner;FunTV TV Tuner;c:\windows\system32\drivers\TxTuner.sys [22/09/2004 14:19 26880]
S2 gupdate1c98c6f69c3c64a;Google Update Service (gupdate1c98c6f69c3c64a);c:\program files\Google\Update\GoogleUpdate.exe [11/02/2009 18:37 133104]
.
Contents of the 'Scheduled Tasks' folder

2009-07-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-16 19:10]

2009-07-30 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-07-29 14:55]

2009-07-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-07-30 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:42]

2009-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 16:37]

2009-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 16:37]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{B00F3D7D-ECAD-4A3B-BCF7-BA5FC1FD0F8D} - (no file)

.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\sav du saumurois\Application Data\Mozilla\Firefox\Profiles\8k4c4xwg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-30 13:26
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-217350199-2832510544-1248521287-1005\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:55,3b,6a,4b,22,e7,31,c5,f8,a6,d9,76,3c,a0,09,29,3c,c5,7d,47,76,
8b,c6,aa,de,cc,5f,4e,53,ea,98,3a,87,f4,af,74,02,42,46,37,90,31,ea,89,10,0c,\
"rkeysecu"=hex:9f,34,0b,b6,52,17,ac,33,ff,e5,01,31,45,92,c1,e3
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1004)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(380)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\shimgvw.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msls31.dll
c:\windows\system32\netshell.dll
c:\windows\system32\credui.dll
c:\windows\system32\eappprxy.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\program files\TGTSOFT\STYLEXP\STYLEXPSERVICE.EXE
c:\program files\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\program files\FICHIERS COMMUNS\FRANCE TELECOM\SHARED MODULES\FTRTSVC\0\FTRTSVC.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\windows\SYSTEM32\HPZIPM12.EXE
c:\windows\SYSTEM32\PNKBSTRA.EXE
c:\program files\MICROSOFT\SEARCH ENHANCEMENT PACK\SEAPORT\SEAPORT.EXE
c:\program files\ANALOG DEVICES\SOUNDMAX\SMAGENT.EXE
c:\program files\SPYWARE TERMINATOR\SP_RSSER.EXE
c:\program files\TVERSITY\MEDIA SERVER\MEDIASERVER.EXE
c:\program files\WINDOWS MEDIA PLAYER\WMPNETWK.EXE
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-30 13:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-30 11:29

Pre-Run: 95 036 735 488 octets libres
Post-Run: 94 871 552 000 octets libres

277 --- E O F --- 2009-07-29 18:51
0
Réponse 16 / 28
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
analyse ce fichier sur virus total et colle le rapport: https://www.virustotal.com/gui/

c:\windows\iun6002.exe

et dis si encore des soucis avec ton pc
0
Réponse 17 / 28
loulouto Messages postés 78 Statut Membre 1
 
nn vous avez rien compris bah tout simplement tu le met dans le tgv et c bon
voila a++++++
0
Réponse 18 / 28
haruso
 
Voici le rapport:

File size: 737280 bytes
MD5...: 456462905091db042141487fe030e3c9
SHA1..: bb57b4850528c3c8d9bf159fb5b9f414ddc7d5d7
SHA256: a93dc5e28d74ef40dd5d694aff7fb5f24c27dac4b59adae008cfdc5ca65587b0
ssdeep: 12288:n/Kw1mzcOv7j0NRF6u7UvuKkVV3oG2v6urURWRfFW4aikgwsqEKO:n+SIu
fX3oG2v6P0FParsK
PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5ec75
timedatestamp.....: 0x402aa809 (Wed Feb 11 22:09:13 2004)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8436e 0x85000 6.52 1237ff6301825d5921b7f9a2f5139816
.rdata 0x86000 0x18156 0x19000 4.42 f6348df4f813de13cfb1e801130e5f79
.data 0x9f000 0x1193c 0xe000 5.13 596eac4f3dcfd1be5b3c6efaf752d891
.rsrc 0xb1000 0x6778 0x7000 3.64 d209a606411a3420b49c6373aa0bc2dc

( 14 imports )
> WINMM.dll: waveOutGetNumDevs
> VERSION.dll: VerLanguageNameA, GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA
> KERNEL32.dll: GetCPInfo, GetOEMCP, RtlUnwind, RaiseException, HeapFree, HeapAlloc, HeapReAlloc, GetTimeZoneInformation, GetSystemTime, GetLocalTime, ExitProcess, GetStartupInfoA, GetCommandLineA, GetACP, HeapSize, SetUnhandledExceptionFilter, GetEnvironmentVariableA, GlobalFlags, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, LCMapStringA, LCMapStringW, UnhandledExceptionFilter, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetStringTypeA, GetStringTypeW, IsBadCodePtr, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, SetErrorMode, LocalReAlloc, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, GetVersion, GetCurrentThreadId, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, LockResource, FindResourceA, LoadResource, SystemTimeToFileTime, GetFileTime, FileTimeToSystemTime, WideCharToMultiByte, InterlockedDecrement, GetFullPathNameA, MoveFileA, UnlockFile, LockFile, FlushFileBuffers, DuplicateHandle, DosDateTimeToFileTime, LocalFileTimeToFileTime, SetFileTime, GetTickCount, IsBadStringPtrA, FileTimeToLocalFileTime, FileTimeToDosDateTime, lstrcmpiA, LocalAlloc, LocalLock, LocalUnlock, GlobalReAlloc, IsDBCSLeadByte, lstrcatA, TlsGetValue, IsBadReadPtr, TlsFree, TlsSetValue, TlsAlloc, MultiByteToWideChar, GetPrivateProfileIntA, GlobalMemoryStatus, GetVolumeInformationA, GetComputerNameA, MoveFileExA, WritePrivateProfileStringA, GetPrivateProfileStringA, TerminateProcess, Sleep, GetDiskFreeSpaceA, lstrcmpA, GetCurrentDirectoryA, LoadLibraryExA, GetLogicalDriveStringsA, GetShortPathNameA, CopyFileA, FormatMessageA, LocalFree, CreateProcessA, GetPrivateProfileSectionNamesA, GetPrivateProfileSectionA, GlobalAlloc, GlobalLock, GlobalHandle, GlobalUnlock, GlobalFree, GetCurrentThread, GetCurrentProcess, GetWindowsDirectoryA, GetSystemDirectoryA, GetSystemDefaultLangID, GetDriveTypeA, MulDiv, InterlockedIncrement, FindNextFileA, FindFirstFileA, FindClose, RemoveDirectoryA, SetCurrentDirectoryA, CreateDirectoryA, GetFileAttributesA, SetFileAttributesA, WriteFile, ReadFile, CreateFileA, GetFileSize, SetFilePointer, SetEndOfFile, DeleteFileA, GetTempPathA, GetTempFileNameA, lstrcpyA, lstrlenA, lstrcpynA, ExpandEnvironmentStringsA, GetProcessVersion, GetModuleFileNameA, OpenProcess, CloseHandle, GetModuleHandleA, LoadLibraryA, GetProcAddress, GetEnvironmentStrings, FreeEnvironmentStringsA, GetCurrentProcessId, FreeLibrary, GetVersionExA, GetLastError, SetLastError, HeapDestroy
> USER32.dll: UnpackDDElParam, ReuseDDElParam, SetMenu, LoadMenuA, DestroyMenu, ReleaseCapture, TranslateAcceleratorA, LoadAcceleratorsA, SetRectEmpty, GetMessageA, ValidateRect, GetCursorPos, PtInRect, FillRect, DrawFocusRect, GrayStringA, DrawTextA, TabbedTextOutA, EndPaint, BeginPaint, ClientToScreen, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, MapWindowPoints, GetSysColor, GetFocus, AdjustWindowRectEx, ScreenToClient, EqualRect, DeferWindowPos, BeginDeferWindowPos, CopyRect, EndDeferWindowPos, IsWindowVisible, UnregisterClassA, GetTopWindow, GetCapture, WinHelpA, GetMenu, GetMenuItemCount, GetSubMenu, GetMenuItemID, GetKeyState, SetWindowsHookExA, CallNextHookEx, GetClassLongA, BringWindowToTop, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetMessagePos, GetLastActivePopup, GetForegroundWindow, GetWindow, SystemParametersInfoA, GetWindowPlacement, SetActiveWindow, CreateDialogIndirectParamA, GetParent, SetFocus, IsWindowEnabled, ShowWindow, MoveWindow, GetDlgCtrlID, IsDialogMessageA, SendDlgItemMessageA, GetDlgItem, UnhookWindowsHookEx, GetWindowTextLengthA, LoadStringA, WaitForInputIdle, SetDlgItemTextA, SetWindowTextA, SetForegroundWindow, EndDialog, DialogBoxParamA, GetActiveWindow, GetClassNameA, CharUpperA, OemToCharA, CharNextA, CharPrevA, CharUpperBuffA, SetCursor, IsIconic, DrawIcon, DestroyIcon, ExitWindowsEx, LoadCursorA, UpdateWindow, RedrawWindow, GetDesktopWindow, GetWindowTextA, EnumWindows, GetWindowThreadProcessId, PostMessageA, ShowOwnedPopups, GetSysColorBrush, SetPropA, SetWindowPos, MessageBoxA, MsgWaitForMultipleObjects, GetSystemMetrics, EnableWindow, InvalidateRect, GetClientRect, GetDC, ReleaseDC, GetWindowRect, LoadIconA, SendMessageTimeoutA, TranslateMessage, DispatchMessageA, PeekMessageA, PostQuitMessage, IsWindow, GetWindowLongA, DefWindowProcA, SetWindowLongA, GetClassInfoA, RegisterClassA, CreateWindowExA, SendMessageA, DestroyWindow, wsprintfA, RegisterWindowMessageA, GetNextDlgTabItem
> GDI32.dll: SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SetMapMode, SelectObject, RestoreDC, SaveDC, CreateCompatibleDC, BitBlt, Escape, ExtTextOutA, TextOutA, RectVisible, PtVisible, ScaleWindowExtEx, SetWindowExtEx, DeleteObject, StretchDIBits, RealizePalette, SelectPalette, Rectangle, GetDeviceCaps, CreateFontA, CreateBitmap, SetTextColor, GetClipBox, GetBkColor, SetBkColor, SetBkMode, CreateICA, DeleteDC, GetTextMetricsA, RemoveFontResourceA, CreatePalette, GetStockObject, AddFontResourceA, CreateSolidBrush, CreateFontIndirectA, GetObjectA, ScaleViewportExtEx
> comdlg32.dll: GetFileTitleA, GetOpenFileNameA, GetSaveFileNameA
> WINSPOOL.DRV: DocumentPropertiesA, OpenPrinterA, ClosePrinter
> ADVAPI32.dll: GetServiceDisplayNameA, RegOpenKeyExA, RegCreateKeyExA, RegDeleteValueA, RegDeleteKeyA, LookupPrivilegeValueA, AdjustTokenPrivileges, LookupAccountSidA, GetUserNameA, OpenThreadToken, OpenProcessToken, GetTokenInformation, AllocateAndInitializeSid, EqualSid, FreeSid, UnlockServiceDatabase, OpenSCManagerA, EnumServicesStatusA, QueryServiceStatus, ControlService, StartServiceA, DeleteService, CloseServiceHandle, CreateServiceA, OpenServiceA, RegCloseKey, RegConnectRegistryA, RegEnumValueA, RegEnumKeyExA, RegQueryInfoKeyA, RegSetValueExA, RegQueryValueExA
> SHELL32.dll: DragFinish, SHChangeNotify, ShellExecuteA, SHBrowseForFolderA, SHGetFileInfoA, SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, DragQueryFileA
> COMCTL32.dll: -
> ole32.dll: CoInitialize, CoUninitialize, CoCreateInstance
> OLEAUT32.dll: -, -
> WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> NETAPI32.dll: Netbios

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-

Sa n'a pas changé puisque je n'ai pas supprimer ce fichier, j'attends ton analyse du rapport
0
Réponse 19 / 28
haruso
 
ah mince je n'est pas attendu assez longtemps l'analyse est pas terminé. Je te renvois le rapport quand s'est fini.
Dois-je aussi copier coller la liste avec les antivirus/mise a jour ou juste les informations essentielle qui se trouve en dessous?
0
Réponse 20 / 28
haruso
 
Tiens je te donne tout comme sa tu fera le tri^^

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.07.31 -
AhnLab-V3 5.0.0.2 2009.07.31 -
AntiVir 7.9.0.238 2009.07.31 -
Antiy-AVL 2.0.3.7 2009.07.31 -
Authentium 5.1.2.4 2009.07.31 -
Avast 4.8.1335.0 2009.07.30 -
AVG 8.5.0.406 2009.07.31 -
BitDefender 7.2 2009.07.31 -
CAT-QuickHeal 10.00 2009.07.30 -
ClamAV 0.94.1 2009.07.31 -
Comodo 1825 2009.07.31 -
DrWeb 5.0.0.12182 2009.07.31 -
eSafe 7.0.17.0 2009.07.30 Win32.Banker
eTrust-Vet 31.6.6649 2009.07.31 -
F-Prot 4.4.4.56 2009.07.30 -
F-Secure 8.0.14470.0 2009.07.31 -
Fortinet 3.120.0.0 2009.07.31 -
GData 19 2009.07.31 -
Ikarus T3.1.1.64.0 2009.07.31 -
Jiangmin 11.0.800 2009.07.31 -
K7AntiVirus 7.10.807 2009.07.31 -
Kaspersky 7.0.0.125 2009.07.31 -
McAfee 5693 2009.07.30 -
McAfee+Artemis 5693 2009.07.30 -
McAfee-GW-Edition 6.8.5 2009.07.31 -
Microsoft 1.4903 2009.07.31 -
NOD32 4294 2009.07.31 -
Norman 6.01.09 2009.07.31 -
nProtect 2009.1.8.0 2009.07.31 -
PCTools 4.4.2.0 2009.07.31 -
Prevx 3.0 2009.07.31 -
Rising 21.40.44.00 2009.07.31 -
Sophos 4.44.0 2009.07.31 -
Sunbelt 3.2.1858.2 2009.07.31 -
Symantec 1.4.4.12 2009.07.31 -
TheHacker 6.3.4.3.374 2009.07.30 -
TrendMicro 8.950.0.1094 2009.07.31 -
VBA32 3.12.10.9 2009.07.31 -
ViRobot 2009.7.31.1863 2009.07.31 -
VirusBuster 4.6.5.0 2009.07.31 -
Information additionnelle
File size: 737280 bytes
MD5...: 456462905091db042141487fe030e3c9
SHA1..: bb57b4850528c3c8d9bf159fb5b9f414ddc7d5d7
SHA256: a93dc5e28d74ef40dd5d694aff7fb5f24c27dac4b59adae008cfdc5ca65587b0
ssdeep: 12288:n/Kw1mzcOv7j0NRF6u7UvuKkVV3oG2v6urURWRfFW4aikgwsqEKO:n+SIu
fX3oG2v6P0FParsK
PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5ec75
timedatestamp.....: 0x402aa809 (Wed Feb 11 22:09:13 2004)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8436e 0x85000 6.52 1237ff6301825d5921b7f9a2f5139816
.rdata 0x86000 0x18156 0x19000 4.42 f6348df4f813de13cfb1e801130e5f79
.data 0x9f000 0x1193c 0xe000 5.13 596eac4f3dcfd1be5b3c6efaf752d891
.rsrc 0xb1000 0x6778 0x7000 3.64 d209a606411a3420b49c6373aa0bc2dc

( 14 imports )
> WINMM.dll: waveOutGetNumDevs
> VERSION.dll: VerLanguageNameA, GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA
> KERNEL32.dll: GetCPInfo, GetOEMCP, RtlUnwind, RaiseException, HeapFree, HeapAlloc, HeapReAlloc, GetTimeZoneInformation, GetSystemTime, GetLocalTime, ExitProcess, GetStartupInfoA, GetCommandLineA, GetACP, HeapSize, SetUnhandledExceptionFilter, GetEnvironmentVariableA, GlobalFlags, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, LCMapStringA, LCMapStringW, UnhandledExceptionFilter, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetStringTypeA, GetStringTypeW, IsBadCodePtr, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, SetErrorMode, LocalReAlloc, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, GetVersion, GetCurrentThreadId, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, LockResource, FindResourceA, LoadResource, SystemTimeToFileTime, GetFileTime, FileTimeToSystemTime, WideCharToMultiByte, InterlockedDecrement, GetFullPathNameA, MoveFileA, UnlockFile, LockFile, FlushFileBuffers, DuplicateHandle, DosDateTimeToFileTime, LocalFileTimeToFileTime, SetFileTime, GetTickCount, IsBadStringPtrA, FileTimeToLocalFileTime, FileTimeToDosDateTime, lstrcmpiA, LocalAlloc, LocalLock, LocalUnlock, GlobalReAlloc, IsDBCSLeadByte, lstrcatA, TlsGetValue, IsBadReadPtr, TlsFree, TlsSetValue, TlsAlloc, MultiByteToWideChar, GetPrivateProfileIntA, GlobalMemoryStatus, GetVolumeInformationA, GetComputerNameA, MoveFileExA, WritePrivateProfileStringA, GetPrivateProfileStringA, TerminateProcess, Sleep, GetDiskFreeSpaceA, lstrcmpA, GetCurrentDirectoryA, LoadLibraryExA, GetLogicalDriveStringsA, GetShortPathNameA, CopyFileA, FormatMessageA, LocalFree, CreateProcessA, GetPrivateProfileSectionNamesA, GetPrivateProfileSectionA, GlobalAlloc, GlobalLock, GlobalHandle, GlobalUnlock, GlobalFree, GetCurrentThread, GetCurrentProcess, GetWindowsDirectoryA, GetSystemDirectoryA, GetSystemDefaultLangID, GetDriveTypeA, MulDiv, InterlockedIncrement, FindNextFileA, FindFirstFileA, FindClose, RemoveDirectoryA, SetCurrentDirectoryA, CreateDirectoryA, GetFileAttributesA, SetFileAttributesA, WriteFile, ReadFile, CreateFileA, GetFileSize, SetFilePointer, SetEndOfFile, DeleteFileA, GetTempPathA, GetTempFileNameA, lstrcpyA, lstrlenA, lstrcpynA, ExpandEnvironmentStringsA, GetProcessVersion, GetModuleFileNameA, OpenProcess, CloseHandle, GetModuleHandleA, LoadLibraryA, GetProcAddress, GetEnvironmentStrings, FreeEnvironmentStringsA, GetCurrentProcessId, FreeLibrary, GetVersionExA, GetLastError, SetLastError, HeapDestroy
> USER32.dll: UnpackDDElParam, ReuseDDElParam, SetMenu, LoadMenuA, DestroyMenu, ReleaseCapture, TranslateAcceleratorA, LoadAcceleratorsA, SetRectEmpty, GetMessageA, ValidateRect, GetCursorPos, PtInRect, FillRect, DrawFocusRect, GrayStringA, DrawTextA, TabbedTextOutA, EndPaint, BeginPaint, ClientToScreen, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, MapWindowPoints, GetSysColor, GetFocus, AdjustWindowRectEx, ScreenToClient, EqualRect, DeferWindowPos, BeginDeferWindowPos, CopyRect, EndDeferWindowPos, IsWindowVisible, UnregisterClassA, GetTopWindow, GetCapture, WinHelpA, GetMenu, GetMenuItemCount, GetSubMenu, GetMenuItemID, GetKeyState, SetWindowsHookExA, CallNextHookEx, GetClassLongA, BringWindowToTop, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetMessagePos, GetLastActivePopup, GetForegroundWindow, GetWindow, SystemParametersInfoA, GetWindowPlacement, SetActiveWindow, CreateDialogIndirectParamA, GetParent, SetFocus, IsWindowEnabled, ShowWindow, MoveWindow, GetDlgCtrlID, IsDialogMessageA, SendDlgItemMessageA, GetDlgItem, UnhookWindowsHookEx, GetWindowTextLengthA, LoadStringA, WaitForInputIdle, SetDlgItemTextA, SetWindowTextA, SetForegroundWindow, EndDialog, DialogBoxParamA, GetActiveWindow, GetClassNameA, CharUpperA, OemToCharA, CharNextA, CharPrevA, CharUpperBuffA, SetCursor, IsIconic, DrawIcon, DestroyIcon, ExitWindowsEx, LoadCursorA, UpdateWindow, RedrawWindow, GetDesktopWindow, GetWindowTextA, EnumWindows, GetWindowThreadProcessId, PostMessageA, ShowOwnedPopups, GetSysColorBrush, SetPropA, SetWindowPos, MessageBoxA, MsgWaitForMultipleObjects, GetSystemMetrics, EnableWindow, InvalidateRect, GetClientRect, GetDC, ReleaseDC, GetWindowRect, LoadIconA, SendMessageTimeoutA, TranslateMessage, DispatchMessageA, PeekMessageA, PostQuitMessage, IsWindow, GetWindowLongA, DefWindowProcA, SetWindowLongA, GetClassInfoA, RegisterClassA, CreateWindowExA, SendMessageA, DestroyWindow, wsprintfA, RegisterWindowMessageA, GetNextDlgTabItem
> GDI32.dll: SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SetMapMode, SelectObject, RestoreDC, SaveDC, CreateCompatibleDC, BitBlt, Escape, ExtTextOutA, TextOutA, RectVisible, PtVisible, ScaleWindowExtEx, SetWindowExtEx, DeleteObject, StretchDIBits, RealizePalette, SelectPalette, Rectangle, GetDeviceCaps, CreateFontA, CreateBitmap, SetTextColor, GetClipBox, GetBkColor, SetBkColor, SetBkMode, CreateICA, DeleteDC, GetTextMetricsA, RemoveFontResourceA, CreatePalette, GetStockObject, AddFontResourceA, CreateSolidBrush, CreateFontIndirectA, GetObjectA, ScaleViewportExtEx
> comdlg32.dll: GetFileTitleA, GetOpenFileNameA, GetSaveFileNameA
> WINSPOOL.DRV: DocumentPropertiesA, OpenPrinterA, ClosePrinter
> ADVAPI32.dll: GetServiceDisplayNameA, RegOpenKeyExA, RegCreateKeyExA, RegDeleteValueA, RegDeleteKeyA, LookupPrivilegeValueA, AdjustTokenPrivileges, LookupAccountSidA, GetUserNameA, OpenThreadToken, OpenProcessToken, GetTokenInformation, AllocateAndInitializeSid, EqualSid, FreeSid, UnlockServiceDatabase, OpenSCManagerA, EnumServicesStatusA, QueryServiceStatus, ControlService, StartServiceA, DeleteService, CloseServiceHandle, CreateServiceA, OpenServiceA, RegCloseKey, RegConnectRegistryA, RegEnumValueA, RegEnumKeyExA, RegQueryInfoKeyA, RegSetValueExA, RegQueryValueExA
> SHELL32.dll: DragFinish, SHChangeNotify, ShellExecuteA, SHBrowseForFolderA, SHGetFileInfoA, SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, DragQueryFileA
> COMCTL32.dll: -
> ole32.dll: CoInitialize, CoUninitialize, CoCreateInstance
> OLEAUT32.dll: -, -
> WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> NETAPI32.dll: Netbios

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=456462905091db042141487fe030e3c9' target='_blank'>https://www.symantec.com?md5=456462905091db042141487fe030e3c9</a>
0