Un virus...
Résolu
SpOke1503
Messages postés
12
Statut
Membre
-
SpOke1503 Messages postés 12 Statut Membre -
SpOke1503 Messages postés 12 Statut Membre -
Bonjour,Voila tout... J'ai attrapé un virus avant hier Mais il m'a Bloqué avast Malware-Antimaleware Internet Exploreur mozila etc... je peux plus allez faire de recherche sur internet J'ai fait un rapport Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:25:59, on 13/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Pristy Utils\Tray Agent.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Pristy Utils\CD Hotkey F9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\explorer.exe
J:\HiJackThis.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Windows\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp32&d=1208&m=imedia_a4730_fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp32&d=1208&m=imedia_a4730_fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\ezShellStart.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Tray Agent.lnk = C:\Program Files\Pristy Utils\Tray Agent.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2290217-1F67-41D2-A277-E62335CC781C}: NameServer = 85.255.112.225,85.255.112.199
O17 - HKLM\System\CCS\Services\Tcpip\..\{C402E126-ACC1-4537-AB6B-2B6DE61F00E8}: NameServer = 85.255.112.225,85.255.112.199
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.225,85.255.112.199
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.225,85.255.112.199
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service Google Update (gupdate1ca0ddb7eee11f5) (gupdate1ca0ddb7eee11f5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:25:59, on 13/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Pristy Utils\Tray Agent.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Pristy Utils\CD Hotkey F9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\explorer.exe
J:\HiJackThis.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Windows\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp32&d=1208&m=imedia_a4730_fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp32&d=1208&m=imedia_a4730_fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\ezShellStart.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Tray Agent.lnk = C:\Program Files\Pristy Utils\Tray Agent.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2290217-1F67-41D2-A277-E62335CC781C}: NameServer = 85.255.112.225,85.255.112.199
O17 - HKLM\System\CCS\Services\Tcpip\..\{C402E126-ACC1-4537-AB6B-2B6DE61F00E8}: NameServer = 85.255.112.225,85.255.112.199
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.225,85.255.112.199
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.225,85.255.112.199
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service Google Update (gupdate1ca0ddb7eee11f5) (gupdate1ca0ddb7eee11f5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
A voir également:
- Un virus...
- Virus mcafee - Accueil - Piratage
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
- Ordinateur bloqué virus - Accueil - Arnaque
17 réponses
Bonjour,
--> Désactive l'UAC le temps de la désinfection.
/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\
--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Clique droit sur ComboFix.exe (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur afin de le lancer.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
--> Désactive l'UAC le temps de la désinfection.
/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\
--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Clique droit sur ComboFix.exe (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur afin de le lancer.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
Voila Merci D'avoir répondu aussi vite J'ai mis un peu de temps dsl mais c'est le Scan...
ComboFix 09-08-10.06 - Benjamin 13/08/2009 18:51.1.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3326.2448 [GMT 2:00]
Running from: J:\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1891926680-1825607294-912342561-500
c:\$recycle.bin\S-1-5-21-2615618031-1473878728-100546447-500
c:\windows\system32\drivers\ESQULqubtmkmucymiqhppsfvtpcbpvhdpbxsc.sys
c:\windows\System32\ESQULbeinejefessoaemkcobukpxuycqmrdiy.dll
c:\windows\System32\ESQULysxvniabogmwyrmmwrhrewyeqbvvgqpc.dll
c:\windows\TEMP\63693617.tmp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ESQULserv.sys
-------\Legacy_ESQULserv.sys
-------\Service_ESQULserv.sys
((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.
2009-08-13 17:01 . 2009-08-13 17:04 -------- d-----w- c:\users\Benjamin\AppData\Local\temp
2009-08-13 17:01 . 2009-08-13 17:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-12 11:27 . 2009-02-11 08:19 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-12 11:27 . 2009-02-11 08:19 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-12 11:27 . 2009-08-12 11:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-12 09:57 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-12 09:57 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-12 09:57 . 2009-08-12 09:57 -------- d-----w- c:\program files\Avira
2009-08-12 09:57 . 2009-08-12 09:57 -------- d-----w- c:\progra~2\Avira
2009-08-05 00:33 . 2009-08-05 00:33 3033712 ----a-w- c:\windows\system32\drivers\appdrv01.sys
2009-08-05 00:33 . 2009-08-05 00:33 316816 ----a-w- c:\windows\system32\appdrvrem01.exe
2009-08-04 20:23 . 2009-08-11 18:44 -------- d-----w- c:\users\Benjamin\AppData\Roaming\Pro Cycling Manager 2009
2009-08-04 19:55 . 2009-08-04 22:22 -------- d-----w- c:\program files\Cyanide
2009-08-04 19:45 . 2009-08-04 19:49 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-04 18:55 . 2009-08-04 18:55 -------- d-----w- c:\program files\MSN Messenger
2009-08-04 16:55 . 2009-08-04 16:55 -------- d-----w- c:\program files\SimBin
2009-07-31 17:36 . 2009-07-31 17:36 -------- d-----w- c:\program files\Codemasters
2009-07-28 08:55 . 2009-07-28 08:55 -------- dc----w- c:\progra~2\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-07-28 08:48 . 2009-07-28 08:48 -------- d-----w- c:\progra~2\PC Drivers HeadQuarters
2009-07-26 14:33 . 2009-07-31 13:30 -------- d-----w- c:\users\Benjamin\AppData\Roaming\dvdcss
2009-07-26 10:24 . 2009-07-26 10:24 -------- d-----w- c:\progra~2\Google Updater
2009-07-18 07:44 . 2009-08-02 16:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-18 07:44 . 2009-08-07 16:00 -------- d-----w- c:\program files\Norton Security Scan
2009-07-17 22:12 . 2009-07-17 22:12 -------- d-----w- c:\windows\system32\Adobe
2009-07-15 11:15 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 11:15 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 11:15 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 11:15 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 19:46 . 2009-07-14 19:49 170339 ----a-w- c:\windows\hpqins00.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 16:56 . 2008-01-21 08:40 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-13 16:56 . 2008-01-21 08:40 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-12 11:55 . 2008-12-16 03:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-12 11:50 . 2009-04-17 13:56 1 ----a-w- c:\users\Benjamin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-08-12 11:12 . 2009-06-16 12:08 -------- d-----w- c:\users\Benjamin\AppData\Roaming\Skype
2009-08-12 11:11 . 2009-06-16 12:11 -------- d-----w- c:\users\Benjamin\AppData\Roaming\skypePM
2009-08-12 08:26 . 2009-07-12 18:07 -------- d-----w- c:\users\Benjamin\AppData\Roaming\vlc
2009-08-10 18:08 . 2009-03-06 22:58 -------- d-----w- c:\program files\Steam
2009-08-10 18:08 . 2009-08-10 18:08 125 ----a-w- c:\windows\tmp.tmp.tmp
2009-08-05 00:02 . 2009-03-22 17:54 -------- d-----w- c:\users\Benjamin\AppData\Roaming\uTorrent
2009-08-02 13:53 . 2009-06-16 08:56 -------- d-----w- c:\users\Benjamin\AppData\Roaming\Mumble
2009-08-02 08:59 . 2009-03-10 07:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-31 16:20 . 2008-12-16 03:47 -------- d-----w- c:\progra~2\Symantec
2009-07-27 08:44 . 2009-03-22 19:49 -------- d-----w- c:\progra~2\HP
2009-07-27 08:27 . 2009-03-22 20:14 -------- d-----w- c:\users\Benjamin\AppData\Roaming\Image Zone Express
2009-07-26 10:27 . 2008-12-27 12:41 -------- d-----w- c:\program files\Google
2009-07-21 21:52 . 2009-07-29 07:12 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 07:12 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 07:12 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 07:12 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-18 07:41 . 2009-03-06 22:53 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-15 18:51 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-13 19:15 . 2009-07-13 19:15 -------- d-----w- c:\users\Benjamin\AppData\Roaming\Canneverbe_Limited
2009-07-13 19:14 . 2009-07-13 19:14 -------- d-----w- c:\program files\CDBurnerXP
2009-07-13 17:07 . 2009-03-06 17:06 75824 ----a-w- c:\users\Benjamin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-13 17:01 . 2008-12-16 03:21 -------- d-----w- c:\progra~2\Microsoft Help
2009-07-12 15:12 . 2009-04-17 13:39 -------- d-----w- c:\program files\Java
2009-07-11 20:41 . 2009-03-06 23:07 -------- d-----w- c:\program files\Common Files\Steam
2009-06-27 10:37 . 2009-06-27 10:37 -------- d-----w- c:\program files\Avanquest update
2009-06-27 10:35 . 2009-06-27 10:35 -------- d-----w- c:\progra~2\BVRP Software
2009-06-27 10:30 . 2009-06-27 10:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-06-26 19:37 . 2009-06-26 19:37 -------- d-----w- c:\program files\Sony Ericsson
2009-06-26 19:37 . 2009-06-26 19:37 -------- d-----w- c:\progra~2\Sony Ericsson
2009-06-22 13:47 . 2009-03-18 16:18 -------- d-----w- c:\users\Benjamin\AppData\Roaming\Hamachi
2009-06-19 11:19 . 2009-06-19 11:19 10134 ----a-r- c:\users\Benjamin\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-19 11:18 . 2009-06-19 11:18 -------- d-----w- c:\program files\Microsoft WSE
2009-06-19 11:08 . 2009-04-13 22:09 -------- d-----w- c:\program files\Electronic Arts
2009-06-18 17:25 . 2009-03-25 17:06 -------- d-----w- c:\users\Benjamin\AppData\Roaming\HP
2009-06-16 12:08 . 2009-06-16 12:08 -------- d-----r- c:\program files\Skype
2009-06-16 12:08 . 2009-06-16 12:08 -------- d-----w- c:\program files\Common Files\Skype
2009-06-16 12:08 . 2009-06-16 12:08 -------- d-----w- c:\progra~2\Skype
2009-06-16 08:56 . 2009-06-16 08:53 -------- d-----w- c:\program files\Mumble
2009-05-21 09:33 . 2009-04-18 09:13 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-17 18:13 . 2009-05-17 18:13 8854 ----a-r- c:\users\Benjamin\AppData\Roaming\Microsoft\Installer\{E6B4523B-A47C-4DBA-918C-D9E220B3F4EC}\UNINST_Uninstall_Cub_E6B4523BA47C4DBA918CD9E220B3F4EC.exe
2009-05-17 18:13 . 2009-05-17 18:13 71542 ----a-r- c:\users\Benjamin\AppData\Roaming\Microsoft\Installer\{E6B4523B-A47C-4DBA-918C-D9E220B3F4EC}\ARPPRODUCTICON.exe
2009-05-17 18:13 . 2009-05-17 18:13 110592 ----a-r- c:\users\Benjamin\AppData\Roaming\Microsoft\Installer\{E6B4523B-A47C-4DBA-918C-D9E220B3F4EC}\NewShortcut1_E6B4523BA47C4DBA918CD9E220B3F4EC.exe
2009-05-17 18:13 . 2009-05-17 18:13 110592 ----a-r- c:\users\Benjamin\AppData\Roaming\Microsoft\Installer\{E6B4523B-A47C-4DBA-918C-D9E220B3F4EC}\Cube.exe1_E6B4523BA47C4DBA918CD9E220B3F4EC.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-10 397312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13584928]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-27 24064]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-18 6793760]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-01-29 52392]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Tray Agent.lnk - c:\program files\Pristy Utils\Tray Agent.exe [2009-4-25 12800]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1D17A1B2-F82D-48D8-8765-1AF230282335}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F644351D-C165-468B-82A9-30066C4D89BB}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BF072197-A0A0-495C-B55A-48D48B918009}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{6232EE71-1427-4311-8520-15799F0C8A7F}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{27F5AF59-1BC3-411B-A5A6-F9FDE9745B21}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{E96B3A2D-958D-434D-B96F-34FA2540B2AF}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{A8D550EE-E2CA-4ABC-B6BB-3804F509E8D4}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{64A3640D-4334-46F1-8D7E-7488332532C9}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{114A3CFE-FC68-402B-B8D5-C0C15ABF95EB}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{B69285AC-3154-4E8F-B6B7-54A271E5AAA1}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{5EC7BFD9-2C99-4CFB-A47B-1424D8465CAF}"= UDP:c:\program files\eMule\emule.exe:eMule
"{D7A8910F-B6F3-40F7-98DF-0F3F8F5CA0D1}"= TCP:c:\program files\eMule\emule.exe:eMule
"4cfcce4d-f849-40d8-a8b7-242c7ae33eff"= %ProgramFiles%\eMule\emule.exe:Emule
"TCP Query User{8FF81173-624D-467A-84D7-F3F6B566589F}c:\\program files\\steam\\steamapps\\clouter73\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\clouter73\counter-strike source\hl2.exe:hl2
"UDP Query User{E3A7ACF0-2F1B-4851-B0B9-D01636202322}c:\\program files\\steam\\steamapps\\clouter73\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\clouter73\counter-strike source\hl2.exe:hl2
"TCP Query User{78FF6101-EDE5-4F20-91A4-BD153609E007}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"UDP Query User{9DD01BA8-E108-4ADD-B991-E427DFBF9F73}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"{FCFDA27F-E6E3-458D-8B37-BB774C26FDD2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{2A0457C3-0F7E-4D83-81E5-726D4C764563}c:\\program files\\steam\\steamapps\\clouter73\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\clouter73\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{934A9FE1-3AB2-4F60-B4C3-4D3685312B96}c:\\program files\\steam\\steamapps\\clouter73\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\clouter73\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{E6AEDFBF-AC6B-4AAC-B747-DFE11BB85800}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{3B6409D5-B9E0-4BA1-8279-03D1426E0EE1}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{444C7645-544A-478F-95AE-DF1EF7660F6C}c:\\program files\\left 4 dead\\left4dead.exe"= UDP:c:\program files\left 4 dead\left4dead.exe:left4dead
"UDP Query User{3D9ABA87-ECBF-460B-BE8A-1D300C8FD67E}c:\\program files\\left 4 dead\\left4dead.exe"= TCP:c:\program files\left 4 dead\left4dead.exe:left4dead
"TCP Query User{41911C11-884D-4E4D-AEDB-4587C4F8C287}c:\\program files\\steam\\steamapps\\clouter73\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\clouter73\day of defeat source\hl2.exe:hl2
"UDP Query User{7D725196-28B2-4C05-BE72-5ACC05231D19}c:\\program files\\steam\\steamapps\\clouter73\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\clouter73\day of defeat source\hl2.exe:hl2
"TCP Query User{AC2E86A9-7FBB-4C8C-9492-3619DDE61E0C}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{2BE4F0E2-516E-41C7-BAEC-A22CD1E68B78}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"{83DBA98E-1148-4AA4-9BA1-D70A7FF62F02}"= UDP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{636440CA-CFC1-4B0B-BF77-E0DD8F620DAB}"= TCP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{4963FF7B-E3C8-478C-8E58-EA331840285D}"= UDP:c:\program files\Cyanide\Pro Cycling Manager - Season 2009\PCM.exe:Pro Cycling Manager - Season 2009
"{EA056C93-A5D1-429D-8E13-1E16B43BEF90}"= TCP:c:\program files\Cyanide\Pro Cycling Manager - Season 2009\PCM.exe:Pro Cycling Manager - Season 2009
"{C16D6C0C-19A1-4C8D-8231-1B6D0FA8BADE}"= UDP:c:\program files\Cyanide\Pro Cycling Manager - Season 2009\Autorun\Exe\Autorun.exe:Pro Cycling Manager - Season 2009 - AutoRun
"{89DAB405-615D-45B8-96A0-EFF6E7A3EFCD}"= TCP:c:\program files\Cyanide\Pro Cycling Manager - Season 2009\Autorun\Exe\Autorun.exe:Pro Cycling Manager - Season 2009 - AutoRun
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [03/02/2009 17:39 63096]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\System32\drivers\sfsync03.sys [11/07/2006 09:30 42392]
R1 appdrv01;Application Driver (01);c:\windows\System32\drivers\appdrv01.sys [05/08/2009 02:33 3033712]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [05/06/2009 19:11 114768]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 01:45 124832]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [12/08/2009 11:57 108289]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [05/06/2009 19:11 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [05/06/2009 19:11 51792]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 04:23 21504]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S2 gupdate1ca0ddb7eee11f5;Service Google Update (gupdate1ca0ddb7eee11f5);c:\program files\Google\Update\GoogleUpdate.exe [26/07/2009 12:26 133104]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [06/03/2009 22:52 28224]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\System32\drivers\s3017bus.sys [26/06/2009 21:37 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\System32\drivers\s3017mdfl.sys [26/06/2009 21:37 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\System32\drivers\s3017mdm.sys [26/06/2009 21:37 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s3017mgmt.sys [26/06/2009 21:37 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\System32\drivers\s3017nd5.sys [26/06/2009 21:37 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\System32\drivers\s3017obex.sys [26/06/2009 21:37 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\System32\drivers\s3017unic.sys [26/06/2009 21:37 110120]
S4 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [27/12/2008 14:41 24064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp32&d=1208&m=imedia_a4730_fr
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp32&d=1208&m=imedia_a4730_fr
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1891926680-1825607294-912342561-1000\Software\SecuROM\License information*]
"datasecu"=hex:53,81,18,34,a7,5c,3a,fe,0a,c4,79,50,1d,9b,dd,62,1e,4d,fc,f8,03,
b1,5e,54,da,2b,d6,10,56,e4,da,42,06,75,2f,20,4b,29,ba,75,3b,90,30,30,07,fc,\
"rkeysecu"=hex:3f,9c,78,ff,47,48,6d,75,26,24,a5,a3,5a,8d,9d,60
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\conime.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\IoctlSvc.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Pristy Utils\CD Hotkey F9.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-08-13 19:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-13 17:09
Pre-Run: 855 973 928 960 octets libres
Post-Run: 855 913 099 264 octets libres
273 --- E O F --- 2009-08-10 15:37
ComboFix 09-08-10.06 - Benjamin 13/08/2009 18:51.1.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3326.2448 [GMT 2:00]
Running from: J:\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1891926680-1825607294-912342561-500
c:\$recycle.bin\S-1-5-21-2615618031-1473878728-100546447-500
c:\windows\system32\drivers\ESQULqubtmkmucymiqhppsfvtpcbpvhdpbxsc.sys
c:\windows\System32\ESQULbeinejefessoaemkcobukpxuycqmrdiy.dll
c:\windows\System32\ESQULysxvniabogmwyrmmwrhrewyeqbvvgqpc.dll
c:\windows\TEMP\63693617.tmp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ESQULserv.sys
-------\Legacy_ESQULserv.sys
-------\Service_ESQULserv.sys
((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.
2009-08-13 17:01 . 2009-08-13 17:04 -------- d-----w- c:\users\Benjamin\AppData\Local\temp
2009-08-13 17:01 . 2009-08-13 17:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-12 11:27 . 2009-02-11 08:19 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-12 11:27 . 2009-02-11 08:19 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-12 11:27 . 2009-08-12 11:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-12 09:57 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-12 09:57 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-12 09:57 . 2009-08-12 09:57 -------- d-----w- c:\program files\Avira
2009-08-12 09:57 . 2009-08-12 09:57 -------- d-----w- c:\progra~2\Avira
2009-08-05 00:33 . 2009-08-05 00:33 3033712 ----a-w- c:\windows\system32\drivers\appdrv01.sys
2009-08-05 00:33 . 2009-08-05 00:33 316816 ----a-w- c:\windows\system32\appdrvrem01.exe
2009-08-04 20:23 . 2009-08-11 18:44 -------- d-----w- c:\users\Benjamin\AppData\Roaming\Pro Cycling Manager 2009
2009-08-04 19:55 . 2009-08-04 22:22 -------- d-----w- c:\program files\Cyanide
2009-08-04 19:45 . 2009-08-04 19:49 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-04 18:55 . 2009-08-04 18:55 -------- d-----w- c:\program files\MSN Messenger
2009-08-04 16:55 . 2009-08-04 16:55 -------- d-----w- c:\program files\SimBin
2009-07-31 17:36 . 2009-07-31 17:36 -------- d-----w- c:\program files\Codemasters
2009-07-28 08:55 . 2009-07-28 08:55 -------- dc----w- c:\progra~2\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-07-28 08:48 . 2009-07-28 08:48 -------- d-----w- c:\progra~2\PC Drivers HeadQuarters
2009-07-26 14:33 . 2009-07-31 13:30 -------- d-----w- c:\users\Benjamin\AppData\Roaming\dvdcss
2009-07-26 10:24 . 2009-07-26 10:24 -------- d-----w- c:\progra~2\Google Updater
2009-07-18 07:44 . 2009-08-02 16:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-18 07:44 . 2009-08-07 16:00 -------- d-----w- c:\program files\Norton Security Scan
2009-07-17 22:12 . 2009-07-17 22:12 -------- d-----w- c:\windows\system32\Adobe
2009-07-15 11:15 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 11:15 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 11:15 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 11:15 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 19:46 . 2009-07-14 19:49 170339 ----a-w- c:\windows\hpqins00.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 16:56 . 2008-01-21 08:40 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-13 16:56 . 2008-01-21 08:40 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-12 11:55 . 2008-12-16 03:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-12 11:50 . 2009-04-17 13:56 1 ----a-w- c:\users\Benjamin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-08-12 11:12 . 2009-06-16 12:08 -------- d-----w- c:\users\Benjamin\AppData\Roaming\Skype
2009-08-12 11:11 . 2009-06-16 12:11 -------- d-----w- c:\users\Benjamin\AppData\Roaming\skypePM
2009-08-12 08:26 . 2009-07-12 18:07 -------- d-----w- c:\users\Benjamin\AppData\Roaming\vlc
2009-08-10 18:08 . 2009-03-06 22:58 -------- d-----w- c:\program files\Steam
2009-08-10 18:08 . 2009-08-10 18:08 125 ----a-w- c:\windows\tmp.tmp.tmp
2009-08-05 00:02 . 2009-03-22 17:54 -------- d-----w- c:\users\Benjamin\AppData\Roaming\uTorrent
2009-08-02 13:53 . 2009-06-16 08:56 -------- d-----w- c:\users\Benjamin\AppData\Roaming\Mumble
2009-08-02 08:59 . 2009-03-10 07:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-31 16:20 . 2008-12-16 03:47 -------- d-----w- c:\progra~2\Symantec
2009-07-27 08:44 . 2009-03-22 19:49 -------- d-----w- c:\progra~2\HP
2009-07-27 08:27 . 2009-03-22 20:14 -------- d-----w- c:\users\Benjamin\AppData\Roaming\Image Zone Express
2009-07-26 10:27 . 2008-12-27 12:41 -------- d-----w- c:\program files\Google
2009-07-21 21:52 . 2009-07-29 07:12 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 07:12 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 07:12 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 07:12 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-18 07:41 . 2009-03-06 22:53 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-15 18:51 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-13 19:15 . 2009-07-13 19:15 -------- d-----w- c:\users\Benjamin\AppData\Roaming\Canneverbe_Limited
2009-07-13 19:14 . 2009-07-13 19:14 -------- d-----w- c:\program files\CDBurnerXP
2009-07-13 17:07 . 2009-03-06 17:06 75824 ----a-w- c:\users\Benjamin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-13 17:01 . 2008-12-16 03:21 -------- d-----w- c:\progra~2\Microsoft Help
2009-07-12 15:12 . 2009-04-17 13:39 -------- d-----w- c:\program files\Java
2009-07-11 20:41 . 2009-03-06 23:07 -------- d-----w- c:\program files\Common Files\Steam
2009-06-27 10:37 . 2009-06-27 10:37 -------- d-----w- c:\program files\Avanquest update
2009-06-27 10:35 . 2009-06-27 10:35 -------- d-----w- c:\progra~2\BVRP Software
2009-06-27 10:30 . 2009-06-27 10:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-06-26 19:37 . 2009-06-26 19:37 -------- d-----w- c:\program files\Sony Ericsson
2009-06-26 19:37 . 2009-06-26 19:37 -------- d-----w- c:\progra~2\Sony Ericsson
2009-06-22 13:47 . 2009-03-18 16:18 -------- d-----w- c:\users\Benjamin\AppData\Roaming\Hamachi
2009-06-19 11:19 . 2009-06-19 11:19 10134 ----a-r- c:\users\Benjamin\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-19 11:18 . 2009-06-19 11:18 -------- d-----w- c:\program files\Microsoft WSE
2009-06-19 11:08 . 2009-04-13 22:09 -------- d-----w- c:\program files\Electronic Arts
2009-06-18 17:25 . 2009-03-25 17:06 -------- d-----w- c:\users\Benjamin\AppData\Roaming\HP
2009-06-16 12:08 . 2009-06-16 12:08 -------- d-----r- c:\program files\Skype
2009-06-16 12:08 . 2009-06-16 12:08 -------- d-----w- c:\program files\Common Files\Skype
2009-06-16 12:08 . 2009-06-16 12:08 -------- d-----w- c:\progra~2\Skype
2009-06-16 08:56 . 2009-06-16 08:53 -------- d-----w- c:\program files\Mumble
2009-05-21 09:33 . 2009-04-18 09:13 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-17 18:13 . 2009-05-17 18:13 8854 ----a-r- c:\users\Benjamin\AppData\Roaming\Microsoft\Installer\{E6B4523B-A47C-4DBA-918C-D9E220B3F4EC}\UNINST_Uninstall_Cub_E6B4523BA47C4DBA918CD9E220B3F4EC.exe
2009-05-17 18:13 . 2009-05-17 18:13 71542 ----a-r- c:\users\Benjamin\AppData\Roaming\Microsoft\Installer\{E6B4523B-A47C-4DBA-918C-D9E220B3F4EC}\ARPPRODUCTICON.exe
2009-05-17 18:13 . 2009-05-17 18:13 110592 ----a-r- c:\users\Benjamin\AppData\Roaming\Microsoft\Installer\{E6B4523B-A47C-4DBA-918C-D9E220B3F4EC}\NewShortcut1_E6B4523BA47C4DBA918CD9E220B3F4EC.exe
2009-05-17 18:13 . 2009-05-17 18:13 110592 ----a-r- c:\users\Benjamin\AppData\Roaming\Microsoft\Installer\{E6B4523B-A47C-4DBA-918C-D9E220B3F4EC}\Cube.exe1_E6B4523BA47C4DBA918CD9E220B3F4EC.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-10 397312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13584928]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-27 24064]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-18 6793760]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-01-29 52392]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Tray Agent.lnk - c:\program files\Pristy Utils\Tray Agent.exe [2009-4-25 12800]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1D17A1B2-F82D-48D8-8765-1AF230282335}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F644351D-C165-468B-82A9-30066C4D89BB}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BF072197-A0A0-495C-B55A-48D48B918009}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{6232EE71-1427-4311-8520-15799F0C8A7F}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{27F5AF59-1BC3-411B-A5A6-F9FDE9745B21}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{E96B3A2D-958D-434D-B96F-34FA2540B2AF}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{A8D550EE-E2CA-4ABC-B6BB-3804F509E8D4}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{64A3640D-4334-46F1-8D7E-7488332532C9}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{114A3CFE-FC68-402B-B8D5-C0C15ABF95EB}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{B69285AC-3154-4E8F-B6B7-54A271E5AAA1}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{5EC7BFD9-2C99-4CFB-A47B-1424D8465CAF}"= UDP:c:\program files\eMule\emule.exe:eMule
"{D7A8910F-B6F3-40F7-98DF-0F3F8F5CA0D1}"= TCP:c:\program files\eMule\emule.exe:eMule
"4cfcce4d-f849-40d8-a8b7-242c7ae33eff"= %ProgramFiles%\eMule\emule.exe:Emule
"TCP Query User{8FF81173-624D-467A-84D7-F3F6B566589F}c:\\program files\\steam\\steamapps\\clouter73\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\clouter73\counter-strike source\hl2.exe:hl2
"UDP Query User{E3A7ACF0-2F1B-4851-B0B9-D01636202322}c:\\program files\\steam\\steamapps\\clouter73\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\clouter73\counter-strike source\hl2.exe:hl2
"TCP Query User{78FF6101-EDE5-4F20-91A4-BD153609E007}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"UDP Query User{9DD01BA8-E108-4ADD-B991-E427DFBF9F73}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"{FCFDA27F-E6E3-458D-8B37-BB774C26FDD2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{2A0457C3-0F7E-4D83-81E5-726D4C764563}c:\\program files\\steam\\steamapps\\clouter73\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\clouter73\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{934A9FE1-3AB2-4F60-B4C3-4D3685312B96}c:\\program files\\steam\\steamapps\\clouter73\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\clouter73\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{E6AEDFBF-AC6B-4AAC-B747-DFE11BB85800}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{3B6409D5-B9E0-4BA1-8279-03D1426E0EE1}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{444C7645-544A-478F-95AE-DF1EF7660F6C}c:\\program files\\left 4 dead\\left4dead.exe"= UDP:c:\program files\left 4 dead\left4dead.exe:left4dead
"UDP Query User{3D9ABA87-ECBF-460B-BE8A-1D300C8FD67E}c:\\program files\\left 4 dead\\left4dead.exe"= TCP:c:\program files\left 4 dead\left4dead.exe:left4dead
"TCP Query User{41911C11-884D-4E4D-AEDB-4587C4F8C287}c:\\program files\\steam\\steamapps\\clouter73\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\clouter73\day of defeat source\hl2.exe:hl2
"UDP Query User{7D725196-28B2-4C05-BE72-5ACC05231D19}c:\\program files\\steam\\steamapps\\clouter73\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\clouter73\day of defeat source\hl2.exe:hl2
"TCP Query User{AC2E86A9-7FBB-4C8C-9492-3619DDE61E0C}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{2BE4F0E2-516E-41C7-BAEC-A22CD1E68B78}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"{83DBA98E-1148-4AA4-9BA1-D70A7FF62F02}"= UDP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{636440CA-CFC1-4B0B-BF77-E0DD8F620DAB}"= TCP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{4963FF7B-E3C8-478C-8E58-EA331840285D}"= UDP:c:\program files\Cyanide\Pro Cycling Manager - Season 2009\PCM.exe:Pro Cycling Manager - Season 2009
"{EA056C93-A5D1-429D-8E13-1E16B43BEF90}"= TCP:c:\program files\Cyanide\Pro Cycling Manager - Season 2009\PCM.exe:Pro Cycling Manager - Season 2009
"{C16D6C0C-19A1-4C8D-8231-1B6D0FA8BADE}"= UDP:c:\program files\Cyanide\Pro Cycling Manager - Season 2009\Autorun\Exe\Autorun.exe:Pro Cycling Manager - Season 2009 - AutoRun
"{89DAB405-615D-45B8-96A0-EFF6E7A3EFCD}"= TCP:c:\program files\Cyanide\Pro Cycling Manager - Season 2009\Autorun\Exe\Autorun.exe:Pro Cycling Manager - Season 2009 - AutoRun
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [03/02/2009 17:39 63096]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\System32\drivers\sfsync03.sys [11/07/2006 09:30 42392]
R1 appdrv01;Application Driver (01);c:\windows\System32\drivers\appdrv01.sys [05/08/2009 02:33 3033712]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [05/06/2009 19:11 114768]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 01:45 124832]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [12/08/2009 11:57 108289]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [05/06/2009 19:11 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [05/06/2009 19:11 51792]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 04:23 21504]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S2 gupdate1ca0ddb7eee11f5;Service Google Update (gupdate1ca0ddb7eee11f5);c:\program files\Google\Update\GoogleUpdate.exe [26/07/2009 12:26 133104]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [06/03/2009 22:52 28224]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\System32\drivers\s3017bus.sys [26/06/2009 21:37 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\System32\drivers\s3017mdfl.sys [26/06/2009 21:37 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\System32\drivers\s3017mdm.sys [26/06/2009 21:37 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s3017mgmt.sys [26/06/2009 21:37 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\System32\drivers\s3017nd5.sys [26/06/2009 21:37 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\System32\drivers\s3017obex.sys [26/06/2009 21:37 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\System32\drivers\s3017unic.sys [26/06/2009 21:37 110120]
S4 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [27/12/2008 14:41 24064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp32&d=1208&m=imedia_a4730_fr
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp32&d=1208&m=imedia_a4730_fr
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1891926680-1825607294-912342561-1000\Software\SecuROM\License information*]
"datasecu"=hex:53,81,18,34,a7,5c,3a,fe,0a,c4,79,50,1d,9b,dd,62,1e,4d,fc,f8,03,
b1,5e,54,da,2b,d6,10,56,e4,da,42,06,75,2f,20,4b,29,ba,75,3b,90,30,30,07,fc,\
"rkeysecu"=hex:3f,9c,78,ff,47,48,6d,75,26,24,a5,a3,5a,8d,9d,60
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\conime.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\IoctlSvc.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Pristy Utils\CD Hotkey F9.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-08-13 19:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-13 17:09
Pre-Run: 855 973 928 960 octets libres
Post-Run: 855 913 099 264 octets libres
273 --- E O F --- 2009-08-10 15:37
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Comment réactiver UAC Parce qu'il me mettes
"tentive d'opération non autorisé sur une clé du Registre marqué pour supression" le non de la fenètre c'est explorer.exe
"tentive d'opération non autorisé sur une clé du Registre marqué pour supression" le non de la fenètre c'est explorer.exe
J'peux aller sur internet explorer j'ai plus de message d'erreurs.
Maintenant qu'est-ce qu'il faut faire pour détruire complètement le virus ( s'il est pas détruit déja ) ?
Maintenant qu'est-ce qu'il faut faire pour détruire complètement le virus ( s'il est pas détruit déja ) ?
---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
D'accord. Merci Beaucoup Je met en pause les anti-virus pendant le scan? je te copierai Le Scan avant de suprimer
Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2551
Windows 6.0.6001 Service Pack 1
13/08/2009 20:20:18
mbam-log-2009-08-13 (20-20-03).txt
Type de recherche: Examen rapide
Eléments examinés: 84256
Temps écoulé: 6 minute(s), 18 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> No action taken.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> No action taken.
Voila le Résultat. je suprime?
Version de la base de données: 2551
Windows 6.0.6001 Service Pack 1
13/08/2009 20:20:18
mbam-log-2009-08-13 (20-20-03).txt
Type de recherche: Examen rapide
Eléments examinés: 84256
Temps écoulé: 6 minute(s), 18 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> No action taken.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> No action taken.
Voila le Résultat. je suprime?
Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2551
Windows 6.0.6001 Service Pack 1
13/08/2009 20:43:58
mbam-log-2009-08-13 (20-43-58).txt
Type de recherche: Examen rapide
Eléments examinés: 84256
Temps écoulé: 6 minute(s), 18 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
Voila. Merci Beaucoup Pour Tout, Je Mets un résolut. Merci Destrio
Version de la base de données: 2551
Windows 6.0.6001 Service Pack 1
13/08/2009 20:43:58
mbam-log-2009-08-13 (20-43-58).txt
Type de recherche: Examen rapide
Eléments examinés: 84256
Temps écoulé: 6 minute(s), 18 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
Voila. Merci Beaucoup Pour Tout, Je Mets un résolut. Merci Destrio
