Sujet Précédent Sujet Suivant

Ativirus system PRO

Résolu/Fermé
Parishilton - 23 nov. 2009 à 17:17
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 26 nov. 2009 à 11:44
Bonjour tout l monde
..probleme.. sur mon ordi est venu tout seul le (faux) antivirus Antivirus System PRO..y me bloque pas mal de choses et me signale des fausses infections.. je pete un cable.. quand j' ouvre regedit ou la restauration systeme, y me met un message comme quoi the file machinblablabla est infected etc .. ça fait que je peux quasiement rien ouvrir.. j ai regardé pas mal de tuto pour enlever ce truc mais j' arrive a aucun.. toutes les 2 scondes j ai des alertes de partout qui me dit qu un fichier est infecté c chiiiaaannt!!
JE sous => VISTA <=
j ai vraiment besoin d aide svpp..

28 réponses

  • 1
  • 2
Réponse 1 / 28
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
24 nov. 2009 à 11:33
fais le ménage dans tes cracks


_______________________

fais l'option de nettoyage de ad remover et vire tout et colle le rapport

_______________________


remets un rapport rsit et dis si encore des soucis
1
Réponse 2 / 28
RA|STL|N Messages postés 450 Date d'inscription lundi 24 mars 2008 Statut Membre Dernière intervention 24 mai 2016 79
23 nov. 2009 à 17:22
Désinstalle-moi cette m*** :) et installe un bon antivirus du genre Karpersky antivirus 2010 (payant) ou bien Avg Free edition (gratuit).

https://boutique.kaspersky.fr/

Avg

0
Réponse 3 / 28
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
23 nov. 2009 à 17:29
slt

passe super antispyware et colle le rapport

https://www.malekal.com/?s=SUPERAntiSpyware

puis


scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:


https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­

______________________

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
Réponse 4 / 28
Parishilton
23 nov. 2009 à 17:50
..je ne peux pas installer super antispyware.. un message du faux antvirus me bloque l acces
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 28
Parishilton
23 nov. 2009 à 18:03
J ai testé avec les 2 autres logiciels et il ny a qu' avec Malwarebyte que ça ne bloque pas... Pour les autres, meme en executant en tant qu administrateur, le message apparait et ferme instantanément leur fenetre..
Mon antivirus (le vrai) c' est Avira antivir..
0
Réponse 6 / 28
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
23 nov. 2009 à 18:24
les rapports?


et

si le reste passe pas:



Télécharge ZHPDiag de Nicolas Coolman sur ton bureau :

-> http://www.premiumorange.com/zeb-help-process/download/ZHPDiag.zip
-> https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html


Enregistre le sur ton Bureau.

Une fois le téléchargement achevé,fais un double clic sur ZHPDiag.exe et suis les instructions.

N'oublie pas de cocher la case qui permet de mettre un raccourci sur le Bureau.

Double clique sur le raccourci ZHPDiag sur ton Bureau.

/|\ l'outil a créé 2 icônes ZHPDiag et ZHPFix.

Clique sur la loupe pour lancer l'analyse.

Laisse l'outil travailler, il peut être assez long.

Ferme ZHPDiag en fin d'analyse.
0
Réponse 7 / 28
Parishilton
23 nov. 2009 à 18:46
En fait malwarebyte ne passe pas non plus.. c' est que l installation qui passe.. et puis.. le reste non plus, rien ne passe.. quand c' est pas l' installation c' est l ouverture du programme... ...
0
Réponse 8 / 28
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
23 nov. 2009 à 18:50
démarre en mode sans echec avec prise en charge du reseau

en appuyant sur F5 ou F8 ou ESC ou F2 au demarrage de ton pc


et colle un rapport malwarebyte ou super antispyware
0
Réponse 9 / 28
Parishilton
23 nov. 2009 à 19:34
super antispyware que je ne peux installer, je ne peut pas non plus l installer en sans echec.. quant à malwarebyte, il a trouvé 7 fichiers que j' ai supprimé, mais le log reste introuvable, (et le probleme persiste)
merci de vos réponses
0
Réponse 10 / 28
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
23 nov. 2009 à 19:41
colle alors RSIT ou ZHP DIAG
0
Réponse 11 / 28
Parishilton
23 nov. 2009 à 20:05
RSIT
info.txt
info.txt logfile of random's system information tool 1.06 2009-11-23 19:55:00

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Acrobat Reader 3.01-->C:\Windows\unin040c.exe -fC:\Acrobat3\Reader\DeIsL1.isu
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10e_plugin.exe -uninstall broker+activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10e_plugin.exe -uninstall broker+plugin
Adobe Reader 8-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AdobeReader*
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Advertising Center-->MsiExec.exe /X{b2ec4a38-b545-4a00-8214-13fe0e915e6d}
Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AssaultCube v1.0-->"C:\Program Files\AssaultCube_v1.0\uninstall.exe"
Astrocycle 3.9.1-->MsiExec.exe /X{8FA87D0D-A783-4FC6-B52E-73F2B0290218}
Auslogics Disk Defrag-->"C:\Program Files\Auslogics\Auslogics Disk Defrag\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Browser Address Error Redirector-->regsvr32 /u /s "C:\Program Files\Google\Google_BAE\BAE.dll"
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x040c
Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42EDF895-158C-484E-A7F2-42B90759F281}\SETUP.EXE" -l0x40c UNINST
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Driver Detective-->"C:\Program Files\InstallShield Installation Information\{7395D650-AE5D-4D68-B8FE-D3FA6B51467F}\setup.exe" -runfromtemp -l0x0409 -removeonly
Driver Detective-->MsiExec.exe /X{7395D650-AE5D-4D68-B8FE-D3FA6B51467F}
eoEngine 9.1-->"C:\Program Files\EoRezo\unins000.exe"
EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}\SETUP.EXE" -l0x40c UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{46CBBDF8-55B5-40DB-B459-7B848394309C}\Setup.exe" -l0x40c UNINST
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
EPSON Stylus S20 Series Printer Uninstall-->C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FINSEAE.EXE /R /APD /P:"EPSON Stylus S20 Series"
EPSON Stylus S20_T10_T20 Manuel-->C:\Program Files\EPSON\TPMANUAL\ESS20_T10_T20\FRA\USE_G\DOCUNINS.EXE
EVEREST Ultimate Edition v5.02-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
F.E.A.R. 2: Project Origin-->"C:\Program Files\Steam\steam.exe" steam://uninstall/16450
Favorit-->c:\users\the lynx\appdata\local\ekwog.bat
FEARCombat-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75E607CF-7BAE-4B88-84B3-97F3DF44BA28}\setup.exe" -l0x9 /zU -removeonly
FileHippo.com Update Checker-->"C:\Program Files\filehippo.com\uninstall.exe"
Free Video Dub version 1.5-->"C:\Program Files\DVDVideoSoft\Free Video Dub\unins000.exe"
Futuremark SystemInfo-->"C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0009 -removeonly
GamersFirst LIVE!-->"C:\Program Files\GamersFirst\LIVE!\uninstall.exe"
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GIMP 2.6.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google BAE-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleBAE*
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Earth-->MsiExec.exe /X{3A05B900-A3E7-11DE-A9B7-005056806466}
HDReg France-->MsiExec.exe /I{0ED40D2A-7131-4FE7-941E-5C329336F712}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
iZ3D Driver Remove-->"C:\Program Files\iZ3D Driver\unins001.exe"
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LimeWire 5.4.1-->"C:\Program Files\LimeWire\uninstall.exe"
Ma-Config.com-->MsiExec.exe /X{425FFD94-36BD-4933-881B-FE0B9DADF2B7}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Metaboli-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *METABOLI*
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.5.4)-->C:\Program Files\Mozilla Firefox 3.5 Beta 4\uninstall\helper.exe
Mozilla Firefox (3.6b3)-->C:\Program Files\Mozilla Firefox 3.6 Beta 1\uninstall\helper.exe
Mozilla Thunderbird (3.0b4)-->C:\Program Files\Mozilla Thunderbird 3 Beta 2\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero ControlCenter-->MsiExec.exe /X{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}
Nero Installer-->MsiExec.exe /X{e8a80433-302b-4ff1-815d-fcc8eac482ff}
Nero Online Upgrade-->MsiExec.exe /X{dba84796-8503-4ff0-af57-1747dd9a166d}
Nero StartSmart OEM-->MsiExec.exe /X{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}
Nero StartSmart-->MsiExec.exe /X{7748ac8c-18e3-43bb-959b-088faea16fb2}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
OpenAL-->"C:\Program Files\OpenAL\OpenALwEAX.exe" /U
OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33}
Orbit Downloader-->"C:\Program Files\Orbitdownloader\unins000.exe"
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Packard Bell ImageWriter-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *ImageWriter*
Packard Bell LCD Test-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *LCDTest*
Packard Bell Updator-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Updator*
PS Smart Cleaner-->C:\Program Files\PS Smart Cleaner\uninstal.exe
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Ramboost-->C:\Program Files\ramboost\Uninstal.exe
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek Ethernet Controller Driver For Windows Vista and Later-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek HD Audio V6.0.1.5559-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AUDIO_REALTEK*
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RivaTuner v2.24-->"C:\Program Files\RivaTuner v2.24\uninstall.exe"
Sauerbraten-->"C:\Program Files\Sauerbraten\uninstall.exe"
SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}
Skype 3.6.2.248-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SKYPE*
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SoftwareUpdate 1.0-->"C:\Users\The Lynx\AppData\Roaming\eoRezo\SoftwareUpdate\unins000.exe"
Spyware Doctor 7.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Startup Delayer v2.5 (build 138)-->C:\Program Files\r2 Studios\Startup Delayer\Uninstall.exe
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
System Requirements Lab-->MsiExec.exe /I{1E99F5D7-4262-4C7C-9135-F066E7485811}
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TmNationsForever-->"C:\Program Files\TmNationsForever\unins000.exe"
Tremulous 1.1.0-->"C:\Program Files\Tremulous\uninstall.exe"
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Veoh Web Player-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"
Video NVIDIA v174.74-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *VIDEO_NVIDIA*
VLC media player 1.0.0-rc4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: PC-de-Jenny
Event Code: 4226
Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.
Record Number: 57271
Source Name: Tcpip
Time Written: 20090627161538.822534-000
Event Type: Avertissement
User:

Computer Name: PC-de-Jenny
Event Code: 4226
Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.
Record Number: 57262
Source Name: Tcpip
Time Written: 20090627154711.701834-000
Event Type: Avertissement
User:

Computer Name: PC-de-Jenny
Event Code: 4226
Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.
Record Number: 57260
Source Name: Tcpip
Time Written: 20090627153630.178834-000
Event Type: Avertissement
User:

Computer Name: PC-de-Jenny
Event Code: 4226
Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.
Record Number: 57238
Source Name: Tcpip
Time Written: 20090627151001.518334-000
Event Type: Avertissement
User:

Computer Name: PC-de-Jenny
Event Code: 15016
Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur.
Record Number: 57177
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090627150638.044324-000
Event Type: Erreur
User:

=====Application event log=====

Computer Name: PC-de-Jenny
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 557
Source Name: Microsoft-Windows-WMI
Time Written: 20090131120458.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Jenny
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 524
Source Name: Microsoft-Windows-WMI
Time Written: 20090130161009.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Jenny
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 478
Source Name: Microsoft-Windows-WMI
Time Written: 20090130134651.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Jenny
Event Code: 10
Mess










LOG:
Logfile of random's system information tool 1.06 (written by random/random)
Run by The Lynx at 2009-11-23 19:58:38
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 109 GB (48%) free of 226 GB
Total RAM: 3071 MB (72% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Extension de garantie-Jenny.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{31390909-BCCA-4DB0-8E50-2920CFEF7A6E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2009-10-14 179472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}]
EoBHO Class - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll [2008-11-18 42792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Google\Google_BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2009-05-20 429816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"RivaTuner"=C:\Program Files\RivaTuner v2.24\RivaTunerWrapper.exe [2009-02-25 24576]
"RivaTunerStartupDaemon"=C:\Program Files\RivaTuner v2.24\RivaTunerWrapper.exe [2009-02-25 24576]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-29 4911104]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-11-02 198160]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-04 149280]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe []
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SoftwareHelper"=C:\Users\The Lynx\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe [2008-12-09 368224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"F.lux"=C:\Users\The Lynx\Local Settings\Apps\F.lux\flux.exe [2009-08-29 966656]
"ekgbyedc"=C:\Users\The Lynx\AppData\Local\yejrlq\utwxsysguard.exe [2009-11-23 285712]
"dkactmir"=C:\Users\The Lynx\AppData\Local\cjitmt\ubihsysguard.exe [2009-11-23 285712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe [2009-07-30 318272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe /preinstalled []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
C:\Program Files\CCleaner\CCleaner.exe [2009-10-22 1700664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ekwog]
c:\users\the lynx\appdata\local\ekwog.exe ekwog []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine]
C:\Program Files\EoRezo\EoEngine.exe [2009-02-23 472872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus S20 Series]
C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEAE.EXE [2007-11-30 188928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\filehippo.com]
C:\Program Files\filehippo.com\UpdateChecker.exe [2009-09-28 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe /autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\The Lynx\AppData\Local\Google\Update\GoogleUpdate.exe /c []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\Windows\system32\NvCpl.dll [2009-10-28 12686440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
C:\Program Files\RivaTuner v2.24\RivaTunerWrapper.exe [2009-02-25 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2008-01-29 4911104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2009-10-30 1217808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-04 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-11-02 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe [2007-02-20 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe [2009-11-19 314160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2009-05-20 3561720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Jenny^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE /tsr []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^The Lynx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2008-12-15 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^The Lynx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
C:\PROGRA~1\Xfire\xfire.exe [2009-10-15 3141008]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec30782c-1b15-11de-b339-001e903c4e15}]
shell\AutoRun\command - I:\EmDesk.exe
shell\EmDesk\command - I:\EmDesk.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-11-23 19:54:55 ----DC---- C:\Program Files\trend micro
2009-11-23 19:04:42 ----AC---- C:\Windows\ntbtlog.txt
2009-11-23 18:07:27 ----DC---- C:\rsit
2009-11-23 18:07:08 ----DC---- C:\Users\The Lynx\AppData\Roaming\Malwarebytes
2009-11-23 18:07:03 ----DC---- C:\ProgramData\Malwarebytes
2009-11-23 18:07:03 ----DC---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-23 17:06:58 ----AC---- C:\Windows\system32\WS2Fix.exe
2009-11-23 17:06:58 ----AC---- C:\Windows\system32\VCCLSID.exe
2009-11-23 17:06:58 ----AC---- C:\Windows\system32\VACFix.exe
2009-11-23 17:06:58 ----AC---- C:\Windows\system32\swxcacls.exe
2009-11-23 17:06:58 ----AC---- C:\Windows\system32\swsc.exe
2009-11-23 17:06:58 ----AC---- C:\Windows\system32\swreg.exe
2009-11-23 17:06:58 ----AC---- C:\Windows\system32\SrchSTS.exe
2009-11-23 17:06:58 ----AC---- C:\Windows\system32\Process.exe
2009-11-23 17:06:58 ----AC---- C:\Windows\system32\o4Patch.exe
2009-11-23 17:06:58 ----AC---- C:\Windows\system32\IEDFix.exe
2009-11-23 17:06:58 ----AC---- C:\Windows\system32\IEDFix.C.exe
2009-11-23 17:06:58 ----AC---- C:\Windows\system32\dumphive.exe
2009-11-23 17:06:58 ----AC---- C:\Windows\system32\Agent.OMZ.Fix.exe
2009-11-23 17:06:58 ----AC---- C:\Windows\system32\404Fix.exe
2009-11-23 16:27:36 ----DC---- C:\Users\The Lynx\AppData\Roaming\PC Tools
2009-11-23 16:27:36 ----DC---- C:\ProgramData\PC Tools
2009-11-23 16:27:36 ----DC---- C:\Program Files\Common Files\PC Tools
2009-11-17 20:56:21 ----DC---- C:\Program Files\Windows Portable Devices
2009-11-17 20:36:27 ----DC---- C:\Program Files\Zone Dactylo
2009-11-17 17:10:41 ----DC---- C:\Users\The Lynx\AppData\Roaming\Auslogics
2009-11-17 17:10:37 ----DC---- C:\Program Files\Auslogics
2009-11-17 13:48:10 ----AC---- C:\Windows\system32\UIRibbonRes.dll
2009-11-17 13:48:10 ----AC---- C:\Windows\system32\UIAnimation.dll
2009-11-17 13:48:09 ----AC---- C:\Windows\system32\UIRibbon.dll
2009-11-17 13:47:54 ----AC---- C:\Windows\system32\WMPhoto.dll
2009-11-17 13:47:53 ----AC---- C:\Windows\system32\xpsservices.dll
2009-11-17 13:47:53 ----AC---- C:\Windows\system32\XpsRasterService.dll
2009-11-17 13:47:53 ----AC---- C:\Windows\system32\XpsPrint.dll
2009-11-17 13:47:53 ----AC---- C:\Windows\system32\XpsGdiConverter.dll
2009-11-17 13:47:53 ----AC---- C:\Windows\system32\WindowsCodecsExt.dll
2009-11-17 13:47:53 ----AC---- C:\Windows\system32\WindowsCodecs.dll
2009-11-17 13:47:53 ----AC---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-11-17 13:47:53 ----AC---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-11-17 13:47:53 ----AC---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-11-17 13:47:53 ----AC---- C:\Windows\system32\OpcServices.dll
2009-11-17 13:47:53 ----AC---- C:\Windows\system32\FntCache.dll
2009-11-17 13:47:53 ----AC---- C:\Windows\system32\dxdiagn.dll
2009-11-17 13:47:53 ----AC---- C:\Windows\system32\dxdiag.exe
2009-11-17 13:47:53 ----AC---- C:\Windows\system32\DWrite.dll
2009-11-17 13:47:53 ----AC---- C:\Windows\system32\d3d10warp.dll
2009-11-17 13:47:53 ----AC---- C:\Windows\system32\d2d1.dll
2009-11-17 13:47:53 ----AC---- C:\Windows\system32\cdd.dll
2009-11-17 13:47:52 ----AC---- C:\Windows\system32\dxgi.dll
2009-11-17 13:47:52 ----AC---- C:\Windows\system32\d3d11.dll
2009-11-17 13:47:52 ----AC---- C:\Windows\system32\d3d10level9.dll
2009-11-17 13:47:52 ----AC---- C:\Windows\system32\d3d10core.dll
2009-11-17 13:47:52 ----AC---- C:\Windows\system32\d3d10_1core.dll
2009-11-17 13:47:52 ----AC---- C:\Windows\system32\d3d10_1.dll
2009-11-17 13:47:52 ----AC---- C:\Windows\system32\d3d10.dll
2009-11-17 13:47:34 ----AC---- C:\Windows\system32\WPDShextAutoplay.exe
2009-11-17 13:47:34 ----AC---- C:\Windows\system32\wpdbusenum.dll
2009-11-17 13:47:34 ----AC---- C:\Windows\system32\BthMtpContextHandler.dll
2009-11-17 13:47:32 ----AC---- C:\Windows\system32\WpdConns.dll
2009-11-17 13:47:32 ----AC---- C:\Windows\system32\PortableDeviceConnectApi.dll
2009-11-17 13:47:31 ----AC---- C:\Windows\system32\WPDSp.dll
2009-11-17 13:47:31 ----AC---- C:\Windows\system32\WPDShServiceObj.dll
2009-11-17 13:47:31 ----AC---- C:\Windows\system32\wpdshext.dll
2009-11-17 13:47:31 ----AC---- C:\Windows\system32\WpdMtpUS.dll
2009-11-17 13:47:31 ----AC---- C:\Windows\system32\WpdMtp.dll
2009-11-17 13:47:31 ----AC---- C:\Windows\system32\wpd_ci.dll
2009-11-17 13:47:31 ----AC---- C:\Windows\system32\PortableDeviceWMDRM.dll
2009-11-17 13:47:31 ----AC---- C:\Windows\system32\PortableDeviceTypes.dll
2009-11-17 13:47:31 ----AC---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-11-17 13:47:31 ----AC---- C:\Windows\system32\PortableDeviceApi.dll
2009-11-17 13:46:38 ----AC---- C:\Windows\system32\UIAutomationCore.dll
2009-11-17 13:46:38 ----AC---- C:\Windows\system32\oleaccrc.dll
2009-11-17 13:46:38 ----AC---- C:\Windows\system32\oleacc.dll
2009-11-16 17:47:02 ----DC---- C:\Program Files\adslTV
2009-11-11 10:15:04 ----AC---- C:\Windows\system32\WSDApi.dll
2009-11-04 19:27:14 ----AC---- C:\Windows\system32\OpenCL.dll
2009-11-04 19:27:14 ----AC---- C:\Windows\system32\nvwgf2um.dll
2009-11-04 19:27:12 ----AC---- C:\Windows\system32\nvoglv32.dll
2009-11-04 19:27:12 ----AC---- C:\Windows\system32\nvd3dum.dll
2009-11-04 19:27:12 ----AC---- C:\Windows\system32\nvcuvid.dll
2009-11-04 19:27:12 ----AC---- C:\Windows\system32\nvcuvenc.dll
2009-11-04 19:27:10 ----AC---- C:\Windows\system32\nvcuda.dll
2009-11-04 19:27:10 ----AC---- C:\Windows\system32\nvcompiler.dll
2009-11-04 19:27:10 ----AC---- C:\Windows\system32\nvcod171.dll
2009-11-04 19:27:10 ----AC---- C:\Windows\system32\nvcod.dll
2009-11-04 19:26:23 ----AC---- C:\Windows\system32\javaws.exe
2009-11-04 19:26:23 ----AC---- C:\Windows\system32\javaw.exe
2009-11-04 19:26:23 ----AC---- C:\Windows\system32\java.exe
2009-11-04 10:36:37 ----AC---- C:\Windows\system32\mshtml.dll
2009-11-02 19:35:49 ----DC---- C:\Program Files\iPod
2009-11-02 19:35:47 ----DC---- C:\Program Files\iTunes
2009-11-02 19:32:07 ----DC---- C:\Program Files\Common Files\xing shared
2009-11-02 19:31:05 ----DC---- C:\Program Files\Mozilla Firefox 3.6 Beta 1
2009-10-30 12:03:16 ----AC---- C:\Windows\system32\devil.dll
2009-10-30 12:03:16 ----AC---- C:\Windows\system32\avisynth.dll
2009-10-30 12:03:15 ----AC---- C:\Windows\system32\yv12vfw.dll
2009-10-30 12:03:15 ----AC---- C:\Windows\system32\i420vfw.dll
2009-10-30 12:03:15 ----AC---- C:\Windows\system32\AVSredirect.dll
2009-10-30 12:03:14 ----DC---- C:\Program Files\AviSynth 2.5
2009-10-30 11:53:03 ----DC---- C:\Users\The Lynx\AppData\Roaming\GrabPro
2009-10-30 11:52:30 ----DC---- C:\Downloads
2009-10-30 11:52:23 ----DC---- C:\Users\The Lynx\AppData\Roaming\Orbit
2009-10-30 11:52:23 ----DC---- C:\Program Files\Orbitdownloader
2009-10-30 11:45:13 ----DC---- C:\Program Files\Free Offers from Freeze.com
2009-10-28 13:35:27 ----AC---- C:\Windows\system32\wmp.dll
2009-10-28 13:35:24 ----AC---- C:\Windows\system32\unregmp2.exe
2009-10-28 13:35:22 ----AC---- C:\Windows\system32\wmploc.DLL
2009-10-28 00:05:00 ----AC---- C:\Windows\system32\nvvsvc.exe
2009-10-28 00:05:00 ----AC---- C:\Windows\system32\nvsvcr.dll
2009-10-28 00:05:00 ----AC---- C:\Windows\system32\nvsvc.dll
2009-10-28 00:05:00 ----AC---- C:\Windows\system32\nvmctray.dll
2009-10-28 00:05:00 ----AC---- C:\Windows\system32\nvcpl.dll
2009-10-27 11:43:45 ----DC---- C:\Windows\system32\eu-ES
2009-10-27 11:43:45 ----DC---- C:\Windows\system32\ca-ES
2009-10-27 11:43:43 ----DC---- C:\Windows\system32\vi-VN
2009-10-27 11:41:35 ----AC---- C:\Windows\RTKAUDIOSERVICE.EXE
2009-10-27 11:32:59 ----DC---- C:\Windows\system32\EventProviders
2009-10-27 11:30:06 ----AC---- C:\Windows\system32\wups2.dll
2009-10-27 11:30:06 ----AC---- C:\Windows\system32\wucltux.dll
2009-10-27 11:30:06 ----AC---- C:\Windows\system32\wuauclt.exe
2009-10-27 11:30:05 ----AC---- C:\Windows\system32\wuaueng.dll
2009-10-27 11:29:49 ----AC---- C:\Windows\system32\wups.dll
2009-10-27 11:29:49 ----AC---- C:\Windows\system32\wudriver.dll
2009-10-27 11:29:49 ----AC---- C:\Windows\system32\wuapi.dll
2009-10-27 11:29:44 ----AC---- C:\Windows\system32\wuwebv.dll
2009-10-27 11:29:44 ----AC---- C:\Windows\system32\wuapp.exe

======List of files/folders modified in the last 1 months======

2009-11-23 19:54:55 ----DC---- C:\Program Files
2009-11-23 19:53:50 ----DC---- C:\Program Files\Mozilla Thunderbird 3 Beta 2
2009-11-23 19:27:44 ----DC---- C:\Windows\System32
2009-11-23 19:27:44 ----DC---- C:\Windows\inf
2009-11-23 19:27:44 ----AC---- C:\Windows\system32\PerfStringBackup.INI
2009-11-23 19:20:46 ----DC---- C:\Windows\Temp
2009-11-23 19:20:37 ----DC---- C:\Windows\prefetch
2009-11-23 19:15:02 ----DC---- C:\ProgramData\NVIDIA
2009-11-23 19:04:42 ----DC---- C:\Windows
2009-11-23 18:49:24 ----ADC---- C:\Windows\system32\drivers
2009-11-23 18:07:03 ----DC---- C:\ProgramData
2009-11-23 17:46:02 ----DC---- C:\Program Files\Common Files\Wise Installation Wizard
2009-11-23 16:35:21 ----ADC---- C:\ProgramData\TEMP
2009-11-23 16:27:36 ----DC---- C:\Program Files\Common Files
2009-11-23 16:06:36 ----AC---- C:\Windows\system32\PnkBstrB.exe
2009-11-22 17:36:57 ----DC---- C:\Users\The Lynx\AppData\Roaming\vlc
2009-11-22 13:19:16 ----SHDC---- C:\Windows\Installer
2009-11-22 13:19:16 ----DC---- C:\Program Files\DivX
2009-11-22 13:17:31 ----DC---- C:\Program Files\Mozilla Firefox 3.5 Beta 4
2009-11-21 22:24:49 ----DC---- C:\ProgramData\TmForever
2009-11-21 16:54:19 ----DC---- C:\Users\The Lynx\AppData\Roaming\Skype
2009-11-21 16:54:17 ----DC---- C:\Users\The Lynx\AppData\Roaming\skypePM
2009-11-20 11:39:38 ----SHD---- C:\System Volume Information
2009-11-19 11:39:46 ----DC---- C:\Users\The Lynx\AppData\Roaming\uTorrent
2009-11-19 11:39:40 ----DC---- C:\Program Files\uTorrent
2009-11-19 11:39:20 ----DC---- C:\Program Files\JkDefrag
2009-11-17 21:16:04 ----D---- C:\Windows\rescache
2009-11-17 21:01:58 ----DC---- C:\Windows\system32\Tasks
2009-11-17 20:56:21 ----DC---- C:\Windows\system32\wbem
2009-11-17 20:56:21 ----DC---- C:\Windows\system32\fr-FR
2009-11-17 20:56:20 ----DC---- C:\Windows\system32\pt-BR
2009-11-17 20:56:20 ----DC---- C:\Windows\system32\it-IT
2009-11-17 20:56:20 ----DC---- C:\Windows\system32\he-IL
2009-11-17 20:56:20 ----DC---- C:\Windows\system32\bg-BG
2009-11-17 20:56:19 ----DC---- C:\Windows\system32\zh-TW
2009-11-17 20:56:19 ----DC---- C:\Windows\system32\zh-HK
2009-11-17 20:56:19 ----DC---- C:\Windows\system32\zh-CN
2009-11-17 20:56:19 ----DC---- C:\Windows\system32\uk-UA
2009-11-17 20:56:19 ----DC---- C:\Windows\system32\tr-TR
2009-11-17 20:56:19 ----DC---- C:\Windows\system32\th-TH
2009-11-17 20:56:19 ----DC---- C:\Windows\system32\sv-SE
2009-11-17 20:56:19 ----DC---- C:\Windows\system32\sr-Latn-CS
2009-11-17 20:56:19 ----DC---- C:\Windows\system32\sl-SI
2009-11-17 20:56:19 ----DC---- C:\Windows\system32\sk-SK
2009-11-17 20:56:19 ----DC---- C:\Windows\system32\ru-RU
2009-11-17 20:56:19 ----DC---- C:\Windows\system32\ro-RO
2009-11-17 20:56:19 ----DC---- C:\Windows\system32\pt-PT
2009-11-17 20:56:19 ----DC---- C:\Windows\system32\pl-PL
2009-11-17 20:56:19 ----DC---- C:\Windows\system32\nl-NL
2009-11-17 20:56:19 ----DC---- C:\Windows\system32\nb-NO
2009-11-17 20:56:19 ----DC---- C:\Windows\system32\lv-LV
2009-11-17 20:56:19 ----DC---- C:\Windows\system32\lt-LT
2009-11-17 20:56:19 ----DC---- C:\Windows\system32\ko-KR
2009-11-17 20:56:19 ----DC---- C:\Windows\system32\ja-JP
2009-11-17 20:56:19 ----DC---- C:\Windows\system32\hu-HU
2009-11-17 20:56:19 ----DC---- C:\Windows\system32\hr-HR
2009-11-17 20:56:19 ----DC---- C:\Windows\system32\fi-FI
2009-11-17 20:56:19 ----DC---- C:\Windows\system32\et-EE
2009-11-17 20:56:19 ----DC---- C:\Windows\system32\es-ES
2009-11-17 20:56:19 ----DC---- C:\Windows\system32\en-US
2009-11-17 20:56:19 ----DC---- C:\Windows\system32\el-GR
2009-11-17 20:56:19 ----DC---- C:\Windows\system32\de-DE
2009-11-17 20:56:19 ----DC---- C:\Windows\system32\da-DK
2009-11-17 20:56:19 ----DC---- C:\Windows\system32\cs-CZ
2009-11-17 20:56:19 ----DC---- C:\Windows\system32\ar-SA
2009-11-17 17:15:15 ----DC---- C:\Windows\Debug
2009-11-17 13:48:18 ----D---- C:\Windows\winsxs
2009-11-17 13:48:17 ----DC---- C:\Windows\system32\catroot2
2009-11-17 13:48:17 ----DC---- C:\Windows\system32\catroot
2009-11-16 20:32:42 ----DC---- C:\Users\The Lynx\AppData\Roaming\LimeWire
2009-11-16 17:29:46 ----DC---- C:\Program Files\LimeWire
2009-11-11 10:55:28 ----DC---- C:\Program Files\Windows Mail
2009-11-09 15:42:40 ----DC---- C:\Program Files\SystemRequirementsLab
2009-11-09 15:42:38 ----DC---- C:\Users\The Lynx\AppData\Roaming\SystemRequirementsLab
2009-11-05 18:36:21 ----AC---- C:\Windows\system32\mrt.exe
2009-11-04 19:29:32 ----DC---- C:\Program Files\NVIDIA Corporation
2009-11-04 19:26:10 ----AC---- C:\Windows\system32\deploytk.dll
2009-11-02 20:42:06 ----C---- C:\Windows\system32\MpSigStub.exe
2009-11-02 19:35:48 ----DC---- C:\Program Files\Common Files\Apple
2009-11-02 19:35:47 ----DC---- C:\ProgramData\Apple Computer
2009-11-02 19:32:21 ----DC---- C:\Program Files\Common Files\Real
2009-11-02 19:32:20 ----AC---- C:\Windows\system32\rmoc3260.dll
2009-11-02 19:32:09 ----AC---- C:\Windows\system32\pndx5032.dll
2009-11-02 19:32:09 ----AC---- C:\Windows\system32\pndx5016.dll
2009-11-02 19:31:56 ----AC---- C:\Windows\system32\pncrt.dll
2009-10-31 09:02:31 ----DC---- C:\ProgramData\Xfire
2009-10-30 12:03:12 ----RSDC---- C:\Windows\Fonts
2009-10-30 12:00:19 ----DC---- C:\Program Files\Common Files\DivX Shared
2009-10-30 11:36:07 ----DC---- C:\Users\The Lynx\AppData\Roaming\Xfire
2009-10-30 11:34:36 ----DC---- C:\Program Files\Steam
2009-10-30 11:34:14 ----SDC---- C:\Program Files\Xfire
2009-10-28 13:54:59 ----DC---- C:\Program Files\Internet Explorer
2009-10-28 13:54:25 ----DC---- C:\Program Files\Windows Media Player
2009-10-28 05:41:36 ----AC---- C:\Windows\system32\nvudisp.exe
2009-10-28 05:41:36 ----AC---- C:\Windows\system32\nvapi.dll
2009-10-27 16:50:14 ----DC---- C:\Windows\Microsoft.NET
2009-10-27 16:50:13 ----RSDC---- C:\Windows\assembly
2009-10-27 12:47:59 ----DC---- C:\Users\The Lynx\AppData\Roaming\gtk-2.0
2009-10-27 11:51:07 ----SHDC---- C:\boot
2009-10-27 11:44:38 ----DC---- C:\Program Files\Windows Calendar
2009-10-27 11:44:38 ----DC---- C:\Program Files\Movie Maker
2009-10-27 11:44:35 ----DC---- C:\Program Files\Windows Sidebar
2009-10-27 11:44:35 ----DC---- C:\Program Files\Windows Journal
2009-10-27 11:44:35 ----D---- C:\Program Files\Windows Collaboration
2009-10-27 11:44:33 ----DC---- C:\Program Files\Windows Photo Gallery
2009-10-27 11:44:33 ----DC---- C:\Program Files\Common Files\System
2009-10-27 11:44:30 ----DC---- C:\Windows\ehome
2009-10-27 11:44:30 ----DC---- C:\Program Files\Windows Defender
2009-10-27 11:44:30 ----D---- C:\Windows\servicing
2009-10-27 11:44:19 ----DC---- C:\Windows\system32\XPSViewer
2009-10-27 11:44:19 ----DC---- C:\Windows\IME
2009-10-27 11:44:18 ----DC---- C:\Windows\system32\oobe
2009-10-27 11:44:18 ----DC---- C:\Windows\system32\fr
2009-10-27 11:44:17 ----DC---- C:\Windows\system32\migration
2009-10-27 11:44:15 ----D---- C:\Windows\system32\AdvancedInstallers
2009-10-27 11:44:14 ----DC---- C:\Windows\system32\SLUI
2009-10-27 11:44:14 ----DC---- C:\Windows\system32\setup
2009-10-27 11:44:13 ----DC---- C:\Windows\system32\manifeststore
2009-10-27 11:44:11 ----DC---- C:\Windows\system32\migwiz
2009-10-27 11:43:49 ----DC---- C:\Windows\AppPatch
2009-10-27 11:43:43 ----D---- C:\Windows\system32\Boot
2009-10-27 11:42:48 ----DC---- C:\Windows\system32\RTCOM
2009-10-26 16:54:24 ----AC---- C:\Windows\system32\nvuninst.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-10-01 176128]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
S1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-05-07 96104]
S1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers; \??\C:\Program Files\iZ3D Driver\Win32\S3DInjectionDriver.sys [2009-04-24 34968]
S1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520]
S2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-08-07 55656]
S3 cpuz130;cpuz130; \??\C:\Users\THELYN~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys []
S3 cpuz132;cpuz132; \??\C:\Windows\TEMP\cpuz132\cpuz132_x32.sys []
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2009-09-23 14336]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 EagleNT;EagleNT; \??\C:\Users\The Lynx\AppData\Local\Temp\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.SYS [2008-09-17 27672]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-30 2058528]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-10-28 11505128]
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.24\RivaTuner32.sys [2009-02-25 9088]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-10-31 124960]
S4 nvsmu;nvsmu; C:\Windows\system32\drivers\nvsmu.sys [2007-10-12 13312]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-07 185089]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
S2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S2 gupdate1ca3f709ec0bc55;Google Update Service (gupdate1ca3f709ec0bc55); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-27 133104]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe []
S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-10-28 122984]
S2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
S2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-08-15 75064]
S2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-11-23 215104]
S2 S3D Service (Win32);S3D Service (Win32); C:\Program Files\iZ3D Driver\Win32\S3DCService.exe [2009-05-26 206848]
S2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe []
S2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe []
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-10-27 240232]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-05-21 654848]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-09-23 238960]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe []
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-03-18 2796509]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-10-02 316664]

-----------------EOF-----------------
0
Réponse 12 / 28
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
23 nov. 2009 à 20:17
ok

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

sous le nom de antibagle. Fais le avant que le fichier ne soit enregistré sur le bureau

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 13 / 28
Parishilton
23 nov. 2009 à 20:36
Voici:



ComboFix 09-11-22.08 - The Lynx 23/11/2009 20:21.1.4 - x86 NETWORK
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3071.2378 [GMT 1:00]
Lancé depuis: c:\users\The Lynx\Desktop\antibagle.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2213320035-1606170603-2836574021-500
c:\program files\QUAD Utilities
c:\users\The Lynx\AppData\Local\cjitmt
c:\users\The Lynx\AppData\Local\cjitmt\ubihsysguard.exe
c:\users\The Lynx\AppData\Local\yejrlq
c:\users\The Lynx\AppData\Local\yejrlq\utwxsysguard.exe
c:\users\The Lynx\autorun.inf
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\AVSredirect.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-23 au 2009-11-23 ))))))))))))))))))))))))))))))))))))
.

2009-11-23 19:27 . 2009-11-23 19:28 -------- dc----w- c:\users\The Lynx\AppData\Local\temp
2009-11-23 19:27 . 2009-11-23 19:27 -------- dc----w- c:\users\Default\AppData\Local\temp
2009-11-23 19:27 . 2009-11-23 19:27 -------- d-----w- c:\users\Jenny\AppData\Local\temp
2009-11-23 18:54 . 2009-11-23 18:54 -------- dc----w- c:\program files\trend micro
2009-11-23 17:07 . 2009-11-23 18:55 -------- dc----w- C:\rsit
2009-11-23 17:07 . 2009-11-23 17:07 -------- dc----w- c:\users\The Lynx\AppData\Roaming\Malwarebytes
2009-11-23 17:07 . 2009-09-10 13:54 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-23 17:07 . 2009-11-23 17:49 4096 dc----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-23 17:07 . 2009-11-23 17:07 -------- dc----w- c:\programdata\Malwarebytes
2009-11-23 17:07 . 2009-09-10 13:53 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-11-23 15:27 . 2009-09-24 07:55 97208 -c--a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2009-11-23 15:27 . 2009-09-24 07:55 229304 -c--a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-23 15:27 . 2009-10-06 15:31 87784 -c--a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-23 15:27 . 2009-09-23 15:10 207280 -c--a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-23 15:27 . 2009-09-03 08:45 70408 -c--a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-23 15:27 . 2009-11-23 15:27 -------- dc----w- c:\program files\Common Files\PC Tools
2009-11-23 15:27 . 2009-11-23 15:27 -------- dc----w- c:\users\The Lynx\AppData\Roaming\PC Tools
2009-11-23 15:27 . 2009-11-23 15:27 -------- dc----w- c:\programdata\PC Tools
2009-11-22 12:04 . 2009-11-22 16:18 4096 d-----w- c:\users\Jenny\AppData\Roaming\Orbit
2009-11-17 19:56 . 2009-11-17 19:56 -------- dc----w- c:\program files\Windows Portable Devices
2009-11-17 19:36 . 2009-11-17 19:36 -------- dc----w- c:\program files\Zone Dactylo
2009-11-17 16:10 . 2009-11-17 16:10 -------- dc----w- c:\users\The Lynx\AppData\Roaming\Auslogics
2009-11-17 16:10 . 2009-11-17 16:10 -------- dc----w- c:\program files\Auslogics
2009-11-17 12:48 . 2009-09-10 02:00 1164800 -c--a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-17 12:48 . 2009-09-10 02:00 92672 -c--a-w- c:\windows\system32\UIAnimation.dll
2009-11-17 12:48 . 2009-09-10 02:01 3023360 -c--a-w- c:\windows\system32\UIRibbon.dll
2009-11-17 12:46 . 2009-10-08 21:08 555520 -c--a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-17 12:46 . 2009-10-08 21:08 234496 -c--a-w- c:\windows\system32\oleacc.dll
2009-11-17 12:46 . 2009-10-08 21:07 4096 -c--a-w- c:\windows\system32\oleaccrc.dll
2009-11-16 16:47 . 2009-11-17 16:13 4096 dc----w- c:\program files\adslTV
2009-11-11 09:15 . 2009-08-14 13:27 2036736 -c--a-w- c:\windows\system32\win32k.sys
2009-11-11 09:15 . 2009-08-10 12:35 355328 -c--a-w- c:\windows\system32\WSDApi.dll
2009-11-09 14:42 . 2009-11-09 14:42 138240 -c--a-w- c:\users\The Lynx\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2009-11-09 14:42 . 2009-11-09 14:42 138240 -c--a-w- c:\users\The Lynx\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2009-11-09 14:42 . 2009-11-09 14:42 138240 -c--a-w- c:\users\The Lynx\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2009-11-09 14:42 . 2009-11-09 14:42 138240 -c--a-w- c:\users\The Lynx\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2009-11-04 18:27 . 2009-10-28 04:41 76392 -c--a-w- c:\windows\system32\OpenCL.dll
2009-11-04 18:27 . 2009-10-28 04:41 4239464 -c--a-w- c:\windows\system32\nvwgf2um.dll
2009-11-04 18:27 . 2009-10-28 04:41 11505128 -c--a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-11-04 18:27 . 2009-10-28 04:41 9330792 -c--a-w- c:\windows\system32\nvd3dum.dll
2009-11-04 18:27 . 2009-10-28 04:41 2243176 -c--a-w- c:\windows\system32\nvcuvid.dll
2009-11-04 18:27 . 2009-10-28 04:41 1989224 -c--a-w- c:\windows\system32\nvcuvenc.dll
2009-11-04 18:27 . 2009-10-28 04:41 14060136 -c--a-w- c:\windows\system32\nvoglv32.dll
2009-11-04 18:27 . 2009-10-28 04:41 3999848 -c--a-w- c:\windows\system32\nvcuda.dll
2009-11-04 18:27 . 2009-10-28 04:41 170600 -c--a-w- c:\windows\system32\nvcod171.dll
2009-11-04 18:27 . 2009-10-28 04:41 170600 -c--a-w- c:\windows\system32\nvcod.dll
2009-11-04 18:27 . 2009-10-28 04:41 11381352 -c--a-w- c:\windows\system32\nvcompiler.dll
2009-11-02 18:35 . 2009-11-02 18:35 -------- dc----w- c:\program files\iPod
2009-11-02 18:35 . 2009-11-02 18:36 4096 dc----w- c:\program files\iTunes
2009-11-02 18:32 . 2009-11-02 18:32 -------- dc----w- c:\program files\Common Files\xing shared
2009-11-02 18:31 . 2009-11-23 13:19 12288 dc----w- c:\program files\Mozilla Firefox 3.6 Beta 1
2009-10-30 11:03 . 2007-05-17 16:30 318976 -c--a-w- c:\windows\system32\avisynth.dll
2009-10-30 11:03 . 2004-02-22 09:11 719872 -c--a-w- c:\windows\system32\devil.dll
2009-10-30 11:03 . 2004-01-24 23:00 70656 -c--a-w- c:\windows\system32\yv12vfw.dll
2009-10-30 11:03 . 2004-01-24 23:00 70656 -c--a-w- c:\windows\system32\i420vfw.dll
2009-10-30 11:03 . 2009-10-30 11:03 -------- dc----w- c:\program files\AviSynth 2.5
2009-10-30 10:53 . 2009-10-30 10:53 -------- dc----w- c:\users\The Lynx\AppData\Roaming\GrabPro
2009-10-30 10:52 . 2009-11-22 12:04 -------- dc----w- C:\Downloads
2009-10-30 10:52 . 2009-11-22 18:20 4096 dc----w- c:\users\The Lynx\AppData\Roaming\Orbit
2009-10-30 10:52 . 2009-10-30 10:52 4096 dc----w- c:\program files\Orbitdownloader
2009-10-30 10:45 . 2009-10-30 10:45 4096 dc----w- c:\program files\Free Offers from Freeze.com
2009-10-28 19:58 . 2009-10-28 19:58 79144 -c--a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-28 12:35 . 2009-09-10 14:58 310784 -c--a-w- c:\windows\system32\unregmp2.exe
2009-10-28 12:35 . 2009-09-10 14:59 8147456 -c--a-w- c:\windows\system32\wmploc.DLL
2009-10-27 23:05 . 2009-10-27 23:05 812648 -c--a-w- c:\windows\system32\nvsvc.dll
2009-10-27 23:05 . 2009-10-27 23:05 1323624 -c--a-w- c:\windows\system32\nvsvcr.dll
2009-10-27 23:05 . 2009-10-27 23:05 12686440 -c--a-w- c:\windows\system32\nvcpl.dll
2009-10-27 23:05 . 2009-10-27 23:05 122984 -c--a-w- c:\windows\system32\nvvsvc.exe
2009-10-27 23:05 . 2009-10-27 23:05 110184 -c--a-w- c:\windows\system32\nvmctray.dll
2009-10-27 10:43 . 2009-10-27 10:44 -------- dc----w- c:\windows\system32\ca-ES
2009-10-27 10:43 . 2009-10-27 10:44 -------- dc----w- c:\windows\system32\eu-ES
2009-10-27 10:43 . 2009-10-27 10:44 -------- dc----w- c:\windows\system32\vi-VN
2009-10-27 10:41 . 2008-01-16 16:25 98304 -c--a-w- c:\windows\RTKAUDIOSERVICE.EXE
2009-10-27 10:32 . 2009-10-27 10:32 -------- dc----w- c:\windows\system32\EventProviders
2009-10-27 10:30 . 2009-08-07 02:24 44768 -c--a-w- c:\windows\system32\wups2.dll
2009-10-27 10:30 . 2009-08-07 02:24 53472 -c--a-w- c:\windows\system32\wuauclt.exe
2009-10-27 10:30 . 2009-08-07 01:45 2421760 -c--a-w- c:\windows\system32\wucltux.dll
2009-10-27 10:30 . 2009-08-07 02:23 1929952 -c--a-w- c:\windows\system32\wuaueng.dll
2009-10-27 10:29 . 2009-08-07 02:24 35552 -c--a-w- c:\windows\system32\wups.dll
2009-10-27 10:29 . 2009-08-07 02:23 575704 -c--a-w- c:\windows\system32\wuapi.dll
2009-10-27 10:29 . 2009-08-07 01:44 87552 -c--a-w- c:\windows\system32\wudriver.dll
2009-10-27 10:29 . 2009-08-06 18:23 171608 -c--a-w- c:\windows\system32\wuwebv.dll
2009-10-27 10:29 . 2009-08-06 17:44 33792 -c--a-w- c:\windows\system32\wuapp.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-23 19:13 . 2009-04-11 20:04 1356 -c--a-w- c:\users\The Lynx\AppData\Local\d3d9caps.dat
2009-11-23 19:12 . 2009-06-29 16:57 16384 dc----w- c:\program files\Mozilla Thunderbird 3 Beta 2
2009-11-23 18:27 . 2008-05-21 19:29 668580 -c--a-w- c:\windows\system32\perfh00C.dat
2009-11-23 18:27 . 2008-05-21 19:29 122972 -c--a-w- c:\windows\system32\perfc00C.dat
2009-11-23 18:15 . 2009-05-22 09:16 52972 -c--a-w- c:\programdata\nvModes.dat
2009-11-23 18:15 . 2008-05-21 09:46 4096 dc----w- c:\programdata\NVIDIA
2009-11-23 16:46 . 2009-02-12 14:54 4096 dc----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-23 15:06 . 2009-02-12 16:00 215104 -c--a-w- c:\windows\system32\PnkBstrB.exe
2009-11-23 14:36 . 2009-02-12 16:00 138576 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-22 16:36 . 2009-06-27 16:29 4096 dc----w- c:\users\The Lynx\AppData\Roaming\vlc
2009-11-22 12:19 . 2009-04-11 11:52 8192 dc----w- c:\program files\DivX
2009-11-22 12:17 . 2009-05-04 08:24 28672 dc----w- c:\program files\Mozilla Firefox 3.5 Beta 4
2009-11-22 12:08 . 2009-04-20 15:36 1 ----a-w- c:\users\Jenny\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-22 12:06 . 2009-04-19 16:40 -------- d-----w- c:\users\Jenny\AppData\Roaming\Apple Computer
2009-11-21 21:24 . 2009-10-12 13:04 4096 dc----w- c:\programdata\TmForever
2009-11-21 15:54 . 2009-01-31 15:48 4096 dc----w- c:\users\The Lynx\AppData\Roaming\Skype
2009-11-21 15:54 . 2009-04-10 15:03 -------- dc----w- c:\users\The Lynx\AppData\Roaming\skypePM
2009-11-19 10:39 . 2009-08-30 21:05 12288 dc----w- c:\users\The Lynx\AppData\Roaming\uTorrent
2009-11-19 10:39 . 2009-08-30 09:37 -------- dc----w- c:\program files\uTorrent
2009-11-19 10:39 . 2009-06-13 11:09 -------- dc----w- c:\program files\JkDefrag
2009-11-17 19:56 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 19:56 . 2009-11-17 19:56 0 -c-ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 19:56 . 2009-11-17 19:56 0 -c-ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-16 19:32 . 2009-04-10 09:20 8192 dc----w- c:\users\The Lynx\AppData\Roaming\LimeWire
2009-11-16 16:29 . 2009-04-09 21:01 40960 dc----w- c:\program files\LimeWire
2009-11-11 09:55 . 2006-11-02 11:18 4096 dc----w- c:\program files\Windows Mail
2009-11-09 14:42 . 2009-05-22 09:06 4096 dc----w- c:\program files\SystemRequirementsLab
2009-11-09 14:42 . 2009-05-22 09:06 4096 dc----w- c:\users\The Lynx\AppData\Roaming\SystemRequirementsLab
2009-11-08 13:45 . 2009-04-20 15:26 1 -c--a-w- c:\users\The Lynx\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-04 18:29 . 2009-07-29 18:19 -------- dc----w- c:\program files\NVIDIA Corporation
2009-11-04 18:26 . 2009-04-09 21:02 411368 -c--a-w- c:\windows\system32\deploytk.dll
2009-11-03 11:36 . 2009-01-30 13:25 111864 ----a-w- c:\users\Jenny\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-02 19:42 . 2009-10-03 10:12 195456 -c----w- c:\windows\system32\MpSigStub.exe
2009-11-02 18:35 . 2009-03-28 14:24 -------- dc----w- c:\program files\Common Files\Apple
2009-11-02 18:35 . 2009-03-28 14:25 -------- dc----w- c:\programdata\Apple Computer
2009-11-02 18:32 . 2009-07-22 14:25 4096 dc----w- c:\program files\Common Files\Real
2009-10-31 08:02 . 2009-06-04 18:28 4096 dc----w- c:\programdata\Xfire
2009-10-30 11:00 . 2009-04-11 11:52 4096 dc----w- c:\program files\Common Files\DivX Shared
2009-10-30 10:36 . 2009-04-10 17:00 -------- dc----w- c:\users\The Lynx\AppData\Roaming\Xfire
2009-10-30 10:34 . 2009-04-11 18:40 8192 dc----w- c:\program files\Steam
2009-10-30 10:34 . 2009-04-10 17:00 12288 dcs---w- c:\program files\Xfire
2009-10-28 04:41 . 2009-11-04 18:27 10920 -c--a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-10-28 04:41 . 2009-09-27 14:12 588392 -c--a-w- c:\windows\system32\nvudisp.exe
2009-10-28 04:41 . 2009-04-30 20:02 1249384 -c--a-w- c:\windows\system32\nvapi.dll
2009-10-27 11:47 . 2009-09-01 19:14 -------- dc----w- c:\users\The Lynx\AppData\Roaming\gtk-2.0
2009-10-27 10:44 . 2006-11-02 12:37 -------- dc----w- c:\program files\Windows Calendar
2009-10-27 10:44 . 2006-11-02 12:37 4096 dc----w- c:\program files\Windows Sidebar
2009-10-27 10:44 . 2006-11-02 12:37 4096 dc----w- c:\program files\Windows Journal
2009-10-27 10:44 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Collaboration
2009-10-27 10:44 . 2006-11-02 12:37 4096 dc----w- c:\program files\Windows Photo Gallery
2009-10-27 10:44 . 2006-11-02 12:37 4096 dc----w- c:\program files\Windows Defender
2009-10-26 15:54 . 2008-05-21 09:42 588392 -c--a-w- c:\windows\system32\nvuninst.exe
2009-10-18 20:38 . 2009-10-18 20:26 -------- dc----w- c:\users\The Lynx\AppData\Roaming\Audacity
2009-10-17 12:18 . 2009-10-17 12:18 653560 -c--a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-10-17 08:04 . 2008-05-21 09:56 4096 dc----w- c:\program files\Common Files\Adobe
2009-10-15 12:54 . 2009-10-15 12:52 4096 dc----w- c:\users\The Lynx\AppData\Roaming\Yamb
2009-10-15 12:52 . 2009-10-15 12:52 128682 -c--a-w- c:\users\The Lynx\AppData\Roaming\Yamb\Uninstall.exe
2009-10-15 12:51 . 2009-10-15 12:50 4096 dc----w- c:\program files\Common Files\DVDVideoSoft
2009-10-15 12:50 . 2009-10-15 12:50 -------- dc----w- c:\program files\DVDVideoSoft
2009-10-14 23:58 . 2009-10-14 23:58 41872 -c--a-w- c:\windows\system32\xfcodec.dll
2009-10-14 10:33 . 2008-05-21 09:58 4096 dc----w- c:\program files\Google
2009-10-14 07:33 . 2009-10-08 18:58 4096 dc----w- c:\program files\Motherboard Monitor 5
2009-10-13 18:38 . 2009-05-29 09:37 -------- dc----r- c:\program files\Skype
2009-10-12 13:01 . 2009-10-12 12:59 4096 dc----w- c:\program files\TmNationsForever
2009-10-05 09:34 . 2009-04-11 18:40 -------- dc----w- c:\program files\Common Files\Steam
2009-10-01 10:45 . 2008-05-21 09:49 -------- dc----w- c:\program files\Realtek
2009-10-01 10:45 . 2009-10-01 10:45 94208 -c--a-w- c:\windows\system32\RTNUninst32.dll
2009-10-01 10:45 . 2009-10-01 10:45 73728 -c--a-w- c:\windows\system32\RtNicProp32.dll
2009-10-01 10:45 . 2009-10-01 10:45 176128 -c--a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-10-01 10:42 . 2009-02-12 14:55 12288 dc----w- c:\program files\AGEIA Technologies
2009-10-01 10:34 . 2009-05-22 09:44 4096 dc----w- c:\program files\ma-config.com
2009-10-01 10:34 . 2009-05-22 09:44 -------- dc----w- c:\programdata\ma-config.com
2009-10-01 01:02 . 2009-11-17 12:47 2537472 -c--a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-17 12:47 30208 -c--a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-17 12:47 334848 -c--a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-17 12:47 87552 -c--a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-17 12:47 31232 -c--a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-17 12:47 546816 -c--a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-17 12:47 160256 -c--a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-17 12:47 60928 -c--a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-17 12:47 350208 -c--a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-17 12:47 196608 -c--a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-17 12:47 100864 -c--a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-17 12:47 81920 -c--a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-17 12:47 40448 -c--a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-17 12:47 226816 -c--a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-17 12:47 33280 -c--a-w- c:\windows\system32\WpdConns.dll
2009-10-01 01:01 . 2009-11-17 12:47 61952 -c--a-w- c:\windows\system32\WpdMtpUS.dll
2009-09-29 18:43 . 2009-01-30 13:29 111864 -c--a-w- c:\users\The Lynx\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-28 10:04 . 2009-09-18 16:16 4096 dc----w- c:\program files\Zanag
2009-09-27 15:46 . 2009-09-27 15:46 4942440 -c--a-w- c:\windows\system32\nvdisps.dll
2009-09-27 14:12 . 2009-09-27 14:12 170600 -c--a-w- c:\windows\system32\nvcod167.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 -c--a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 -c--a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 -c--a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 -c--a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 -c--a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 -c--a-w- c:\windows\system32\DivX.dll
2009-09-25 02:10 . 2009-11-17 12:47 974848 -c--a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-17 12:47 189440 -c--a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-05-04 08:23 . 2009-05-04 08:23 122880 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-04-15 20:24 . 2009-04-15 20:24 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-05-21 19:32 . 2008-05-21 19:32 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\The Lynx\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RivaTuner"="c:\program files\RivaTuner v2.24\RivaTunerWrapper.exe" [2009-02-25 24576]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24\RivaTunerWrapper.exe" [2009-02-25 24576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-02 198160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-04 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-29 4911104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"SoftwareHelper"="c:\users\The Lynx\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe" [2008-12-09 368224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Jenny^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
path=c:\users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^The Lynx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\The Lynx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^The Lynx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\users\The Lynx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [23/11/2009 16:27 207280]
S1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;c:\program files\iZ3D Driver\Win32\S3DInjectionDriver.sys [29/08/2009 16:55 34968]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [07/05/2009 13:59 108289]
S2 gupdate1ca3f709ec0bc55;Google Update Service (gupdate1ca3f709ec0bc55);c:\program files\Google\Update\GoogleUpdate.exe [27/09/2009 13:47 133104]
S2 S3D Service (Win32);S3D Service (Win32);c:\program files\iZ3D Driver\Win32\S3DCService.exe [29/08/2009 16:55 206848]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe --> c:\program files\Spyware Doctor\pctsAuxs.exe [?]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [27/10/2009 23:08 240232]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 03:23 21504]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [23/09/2009 13:50 238960]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'

2009-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-27 12:47]

2009-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-27 12:47]

2009-11-23 c:\windows\Tasks\User_Feed_Synchronization-{31390909-BCCA-4DB0-8E50-2920CFEF7A6E}.job
- c:\windows\system32\msfeedssync.exe [2009-10-15 03:41]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.ask.com/?o=13928&l=dis
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.cooxer.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\The Lynx\AppData\Roaming\Mozilla\Firefox\Profiles\4b99dec9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.startup.homepage - hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\programdata\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-ekgbyedc - c:\users\The Lynx\AppData\Local\yejrlq\utwxsysguard.exe
HKCU-Run-dkactmir - c:\users\The Lynx\AppData\Local\cjitmt\ubihsysguard.exe
HKLM-Run-ISTray - c:\program files\Spyware Doctor\pctsTray.exe
HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-Spyware Doctor - c:\program files\Spyware Doctor\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-23 20:28
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1279825802-691479019-3188430526-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1b,f2,06,38,f4,8a,c8,81,a5,c5,2d,25,4d,a9,5c,d7,12,f3,46,db,51,c5,00,
49,8b,dd,b8,7a,d1,1e,45,58,93,4f,58,3b,56,23,6e,01,37,78,f8,db,39,80,33,c0,\
"??"=hex:76,98,a5,15,2c,24,35,06,b5,af,5f,6b,22,da,cb,99
.
Heure de fin: 2009-11-23 20:29
ComboFix-quarantined-files.txt 2009-11-23 19:29

Avant-CF: 114 688 937 984 octets libres
Après-CF: 115 201 658 880 octets libres

- - End Of File - - FC984D2A7B14D2B2B8369820A91A3860
0
Réponse 14 / 28
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
23 nov. 2009 à 20:42
remets un rapport rsit
0
Réponse 15 / 28
Parishilton
23 nov. 2009 à 20:46
LOG

Logfile of random's system information tool 1.06 (written by random/random)
Run by The Lynx at 2009-11-23 20:40:03
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 110 GB (49%) free of 226 GB
Total RAM: 3071 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:40:09, on 23/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\The Lynx\Desktop\RSIT.exe
C:\Program Files\trend micro\The Lynx.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ask.com/?o=13928&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.24\RivaTunerWrapper.exe" /T
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24\RivaTunerWrapper.exe" /S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [SoftwareHelper] C:\Users\The Lynx\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [F.lux] "C:\Users\The Lynx\Local Settings\Apps\F.lux\flux.exe" /noshow
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1ca3f709ec0bc55) (gupdate1ca3f709ec0bc55) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: S3D Service (Win32) - iZ3D Inc. - C:\Program Files\iZ3D Driver\Win32\S3DCService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
0
Réponse 16 / 28
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
23 nov. 2009 à 21:04
analyse ce fichier sur virus total et colle moi le rapoprt : https://www.virustotal.com/gui/

C:\Users\The Lynx\Local Settings\Apps\F.lux\flux.exe

_____________________



Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.



Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :

https://www.commentcamarche.net/telecharger/securite/2547-ad-remover/
http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe
https://www.androidworld.fr/


/!\ Déconnectes toi et fermes toutes applications en cours

● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
Réponse 17 / 28
Parishilton
24 nov. 2009 à 10:53
RAPPORT VIRUS TOTAL

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.43 2009.11.23 -
AhnLab-V3 5.0.0.2 2009.11.20 -
AntiVir 7.9.1.70 2009.11.23 -
Antiy-AVL 2.0.3.7 2009.11.23 -
Authentium 5.2.0.5 2009.11.23 -
Avast 4.8.1351.0 2009.11.23 -
AVG 8.5.0.425 2009.11.22 -
BitDefender 7.2 2009.11.23 -
CAT-QuickHeal 10.00 2009.11.23 -
ClamAV 0.94.1 2009.11.23 -
Comodo 3009 2009.11.23 -
DrWeb 5.0.0.12182 2009.11.23 -
eSafe 7.0.17.0 2009.11.19 -
eTrust-Vet 35.1.7136 2009.11.23 -
F-Prot 4.5.1.85 2009.11.23 -
F-Secure 9.0.15370.0 2009.11.20 -
Fortinet 3.120.0.0 2009.11.23 -
GData 19 2009.11.23 -
Ikarus T3.1.1.74.0 2009.11.23 -
Jiangmin 11.0.800 2009.11.23 -
K7AntiVirus 7.10.901 2009.11.20 -
Kaspersky 7.0.0.125 2009.11.23 -
McAfee 5810 2009.11.22 -
McAfee+Artemis 5810 2009.11.22 -
McAfee-GW-Edition 6.8.5 2009.11.23 -
Microsoft 1.5302 2009.11.23 -
NOD32 4630 2009.11.23 -
Norman 6.03.02 2009.11.23 -
nProtect 2009.1.8.0 2009.11.23 -
Panda 10.0.2.2 2009.11.23 -
PCTools 7.0.3.5 2009.11.23 -
Prevx 3.0 2009.11.23 -
Rising 22.23.00.09 2009.11.23 -
Sophos 4.47.0 2009.11.23 -
Sunbelt 3.2.1858.2 2009.11.22 -
Symantec 1.4.4.12 2009.11.23 -
TheHacker 6.5.0.2.075 2009.11.20 -
TrendMicro 9.0.0.1003 2009.11.23 -
VBA32 3.12.12.0 2009.11.22 -
ViRobot 2009.11.23.2049 2009.11.23 -
VirusBuster 5.0.21.0 2009.11.22 -
Information additionnelle
File size: 966656 bytes
MD5 : a1f86a5a0da1bec12b7dd19c6234bb15
SHA1 : 0761f9e56677af208c1a1d9efe3694062d89a870
SHA256: dbbacf4a78355261e652fc6612f007278d96907d8d2f9fc5c06fc58667c52202
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4D90C
timedatestamp.....: 0x4A98C3ED (Sat Aug 29 08:00:13 2009)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x59A5C 0x5A000 6.61 599b9eca6bd0c23cd40496f14d27bba5
.rdata 0x5B000 0x7FD8 0x8000 5.61 583c44cd5fc429f74b42ecf55adbcfca
.data 0x63000 0x88B38 0x84000 6.72 eac7fb46e29ae955fb47f74b875be6bc
.rsrc 0xEC000 0x4EA0 0x5000 5.50 b727bb435984d68ad7116a5666ff640a

( 10 imports )

> advapi32.dll: RegCloseKey, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA
> comctl32.dll: InitCommonControlsEx
> gdi32.dll: SelectObject, CreateDIBSection, DeleteObject, GetStockObject, CreateCompatibleDC, SetBkMode, CreateFontIndirectA, GetGlyphOutlineA, GetKerningPairsA, GetDeviceCaps, CreatePen, Rectangle, GetDCOrgEx, GetClipBox, DeleteDC, SetDeviceGammaRamp, CreateDCA, GetDeviceGammaRamp, BitBlt
> kernel32.dll: lstrcpynA, GetModuleHandleA, GetProcAddress, GetVersionExA, ExitProcess, CreateMutexA, IsBadCodePtr, SetEnvironmentVariableA, CompareStringW, CompareStringA, SetStdHandle, GetStringTypeW, GetStringTypeA, SetUnhandledExceptionFilter, GetLastError, CloseHandle, Sleep, QueryPerformanceCounter, QueryPerformanceFrequency, InitializeCriticalSection, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, TerminateThread, WaitForSingleObject, SetThreadPriority, GetCurrentThreadId, InterlockedIncrement, InterlockedDecrement, CopyFileA, DeleteFileA, CreateDirectoryA, GetFileAttributesA, FindFirstFileA, FindClose, GetFileAttributesExA, SetFileAttributesA, FindNextFileA, LoadLibraryA, GetModuleFileNameA, FreeLibrary, LocalFree, FormatMessageA, GetVersion, WideCharToMultiByte, CompareFileTime, lstrcmpW, GetTimeZoneInformation, CreateFileA, GetFileSize, SetFilePointer, SetEndOfFile, FlushFileBuffers, UnmapViewOfFile, ReadFile, WriteFile, GetStartupInfoA, GetCommandLineA, RtlUnwind, ResumeThread, CreateThread, TlsSetValue, ExitThread, HeapFree, HeapAlloc, MultiByteToWideChar, GetSystemTime, GetLocalTime, TerminateProcess, GetCurrentProcess, HeapReAlloc, HeapSize, TlsAlloc, SetLastError, TlsGetValue, RaiseException, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, GetCPInfo, GetACP, GetOEMCP, LCMapStringA, LCMapStringW
> oleaut32.dll: -, -
> shell32.dll: ShellExecuteA, Shell_NotifyIconA
> urlmon.dll: URLDownloadToFileA
> user32.dll: GetWindow, DestroyWindow, IsWindow, PostMessageA, DestroyIcon, GetWindowTextA, ClientToScreen, GetClientRect, GetParent, CreateWindowExA, ShowWindow, IsWindowVisible, LoadIconA, RegisterClassA, DefWindowProcA, SetWindowPos, MoveWindow, ReleaseCapture, EndPaint, CallWindowProcA, BeginPaint, PostQuitMessage, MessageBeep, GetClassInfoA, GetActiveWindow, SetActiveWindow, ReleaseDC, wsprintfA, GetAsyncKeyState, SetCursor, GetClassNameA, UnregisterClassA, PeekMessageA, GetCursorPos, MsgWaitForMultipleObjects, DispatchMessageA, TranslateMessage, TranslateAcceleratorA, IsDialogMessageA, MessageBoxA, GetWindowTextLengthA, AdjustWindowRectEx, GetMenu, InvalidateRect, ScreenToClient, SetCapture, FindWindowExA, SetParent, GetTopWindow, SetFocus, EndDialog, DialogBoxParamA, SetWindowLongA, SendMessageA, EnumThreadWindows, LoadCursorA, GetWindowLongA, FlashWindowEx, GetDC, LoadImageA, OffsetRect, IntersectRect, SystemParametersInfoA, IsIconic, GetWindowRect, GetSystemMetrics, SetWindowTextA, GetDlgItem, EnableWindow, CreatePopupMenu, DestroyMenu, TrackPopupMenuEx, SetForegroundWindow, AppendMenuA
> wininet.dll: InternetCloseHandle, DeleteUrlCacheEntry, InternetCrackUrlA, HttpQueryInfoA, InternetOpenA, InternetConnectA, HttpOpenRequestA, HttpSendRequestA
> wintrust.dll: WinVerifyTrust

( 0 exports )
TrID : File type identification
Win32 EXE PECompact compressed (generic) (41.8%)
Win32 Executable MS Visual C++ (generic) (37.9%)
Win32 Executable Generic (8.5%)
Win32 Dynamic Link Library (generic) (7.6%)
Generic Win/DOS Executable (2.0%)
ssdeep: 12288:9hwIkHdtw7tbbzQkKe0jA3bSI+qEEE0oic1yidLkaJanwnnbXmbKUUl/lC:o0RsU2A3bSIUEE0OL+2jkKbC
PEiD : -
RDS : NSRL Reference Data Set
-








RAPPORT AD REMOVER

.
======= RAPPORT D'AD-REMOVER 1.1.4.6_D | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 22.11.2009 à 23:00
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 10:44:11, 24/11/2009 | Mode sans echec | Option: SCAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 2 v6.0.6002
Nom du PC: PC-DE-JENNY | Utilisateur actuel: The Lynx
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
C:\ProgramData\Trymedia
C:\Users\THELYN~1\AppData\Roaming\EoRezo
C:\Users\THELYN~1\AppData\Roaming\live-player
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Live-Player
C:\Program Files\EoRezo
C:\Program Files\Live-Player
C:\Program Files\Mozilla FireFox\Components\AskSearch.js
C:\Users\Jenny\AppData\Local\VirtualStore\Program Files\EoRezo
C:\Users\Jenny\AppData\Roaming\EoRezo
C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Cookies\jenny@eorezo[1].txt
C:\Windows\Prefetch\SOFTWAREUPDATEHP.EXE-971F631D.pf
C:\Users\THELYN~1\AppData\Roaming\MICROS~1\Windows\Cookies\the_lynx@ask[2].txt
C:\Users\THELYN~1\AppData\Roaming\MICROS~1\Windows\Cookies\the_lynx@eorezo[1].txt
C:\Users\THELYN~1\AppData\Roaming\MICROS~1\Windows\Cookies\the_lynx@eorezo[2].txt
C:\Users\The Lynx\AppData\Local\ekwog.bat
.
HKCU\software\EoRezo
HKCU\software\Live-Player
HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
HKLM\software\classes\appid\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKLM\software\classes\appid\EoRezoBHO.DLL
HKLM\Software\Classes\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\software\classes\EoRezoBHO.EoBHO
HKLM\software\classes\EoRezoBHO.EoBHO.1
HKLM\Software\Classes\Interface\{819DB72D-1C28-4387-9778-E2FF3DC86F74}
HKLM\Software\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKLM\software\EoRezo
HKLM\software\Live-Player
HKLM\software\microsoft\shared tools\msconfig\startupreg\EoEngine
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SoftwareHelper
HKLM\software\microsoft\windows\currentversion\uninstall\eoEngine_is1
HKLM\software\microsoft\windows\currentversion\uninstall\SoftwareUpdate_is1
HKU\s-1-5-21-1279825802-691479019-3188430526-1001\software\EoRezo
HKU\s-1-5-21-1279825802-691479019-3188430526-1001\software\Live-Player
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.6b3 [en-US] *
.
Nom du profil: 4b99dec9.default (The Lynx)
.
(THELYN~1, prefs.js) Browser.download.lastDir, C:\Users\The Lynx\Desktop
(THELYN~1, prefs.js) Browser.search.defaultenginename, Fast Browser Search
(THELYN~1, prefs.js) Browser.search.defaulturl, hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
(THELYN~1, prefs.js) Browser.startup.homepage, hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
.
(THELYN~1, prefs.js) TROUVE - Browser.search.defaultenginename, Fast Browser Search
(THELYN~1, prefs.js) TROUVE - Browser.search.defaulturl, hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
(THELYN~1, prefs.js) TROUVE - Browser.search.order.1, Fast Browser Search
(THELYN~1, prefs.js) TROUVE - Extensions.snipit.chromeURL, hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q={searchTerms}&crm=1
.
.
.
(Jenny, prefs.js) Browser.download.dir, C:\Users\Jenny\Downloads
.
.
.
* Internet Explorer Version 8.0.6001.18828 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.ask.com/?o=13928&l=dis
Default_Search_URL: hxxp://www.google.com/ie
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://www.cooxer.com/
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Users\The Lynx\AppData\Roaming\uTorrent\Crysis.Cracks+Key-SAVED.torrent
C:\Users\The Lynx\AppData\Roaming\uTorrent\Crysis.Warhead.Crack-TDM.torrent
C:\Users\The Lynx\AppData\Roaming\uTorrent\Crysis_Warhead_Crack___Serial.rar.torrent
C:\Users\The Lynx\AppData\Roaming\uTorrent\FEAR Gold crack + serial.torrent
C:\Users\The Lynx\Documents\Downloads\AquaMark3_Vista_X64-Patch (1).zip
C:\Users\The Lynx\Documents\Downloads\AquaMark3_Vista_X64-Patch.zip
C:\Users\The Lynx\Documents\Downloads\AquaMark3_Vista_X64-Patch\AquaMark3_Vista_X64-Patch\aquamark.exe
C:\Users\The Lynx\Downloads\call_of_duty_4_modern_warfare_patch_v1.6_variety_map_pack_multi-langues_245252.exe
C:\Users\The Lynx\Downloads\Crysis_Warhead_Crack___Serial.rar
C:\Users\The Lynx\Downloads\Counter Strike Condition Zero\CS-CZ - Crack and Keys.rar
C:\Users\The Lynx\Downloads\Counter-Strike 1.6\Counter-Strike 1.6 Patch v21 Full.exe
C:\Users\The Lynx\Downloads\Counter-Strike 1.6\cs16patch_full_V23.exe
C:\Users\The Lynx\Downloads\Counter-Strike 1.6\PatchV23b_Sitecs_protocolo_47_48.exe
C:\Users\The Lynx\Downloads\Crysis.Cracks+Key-SAVED\Crysis-Cracks\Crack for WinVista\Bin32\Crysis.exe
C:\Users\The Lynx\Downloads\Crysis.Cracks+Key-SAVED\Crysis-Cracks\Crack for WinVista\Bin64\Crysis.exe
C:\Users\The Lynx\Downloads\Crysis.Cracks+Key-SAVED\Crysis-Cracks\Crack for WinXP\Crysis.exe
C:\Users\The Lynx\Downloads\Crysis.Cracks+Key-SAVED\Crysis-Key\Crysis-Key.exe
C:\Users\The Lynx\Downloads\Crysis.Warhead.Crack-TDM\Gratis Godis h„r.URL
C:\Users\The Lynx\Downloads\Crysis.Warhead.Crack-TDM\tdm-cw.nfo
C:\Users\The Lynx\Downloads\Crysis.Warhead.Crack-TDM\tdm-cw.rar
C:\Users\The Lynx\Downloads\F.E.A.R\Crack\FEAR.exe
C:\Users\The Lynx\Downloads\F.E.A.R\Keygen\Keygen for F.E.A.R.exe
C:\Users\The Lynx\Downloads\FEAR Gold crack + serial\F.E.A.R Gold Edition crack.rar
C:\Users\The Lynx\Downloads\FEAR with both expansions\F.E.A.R\Crack\FEAR.exe
C:\Users\The Lynx\Downloads\FEAR with both expansions\F.E.A.R\Crack\mcz-fear108crk.nfo
C:\Users\The Lynx\Downloads\FEAR with both expansions\FEAR Perseus Mandate\Crack\FEARXP2.exe
C:\Users\The Lynx\Downloads\FEAR with both expansions\FEAR Perseus Mandate\Crack\hatred.exe
.
===================================
.
6535 Octet(s) - C:\Ad-Report-SCAN[1].log
.
14 Fichier(s) - C:\Users\THELYN~1\AppData\Local\Temp
0 Fichier(s) - C:\Windows\Temp
.
4 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 10:45:55 | 24/11/2009 - SCAN[1]
.
============== E.O.F ==============
.
0
Réponse 18 / 28
Parishilton
24 nov. 2009 à 12:53
Virus erradiqué... =>MERCI<= de ton aide et bonne continuation !!

.
======= RAPPORT D'AD-REMOVER 1.1.4.6_D | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 22.11.2009 à 23:00
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 12:42:18, 24/11/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 2 v6.0.6002
Nom du PC: PC-DE-JENNY | Utilisateur actuel: The Lynx
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.6b3 [en-US] *
.
Nom du profil: 4b99dec9.default (The Lynx)
.
(THELYN~1, prefs.js) Browser.download.lastDir, C:\Users\The Lynx\Desktop
(THELYN~1, prefs.js) Browser.startup.homepage, hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
.
.
.
(Jenny, prefs.js) Browser.download.dir, C:\Users\Jenny\Downloads
.
.
.
* Internet Explorer Version 8.0.6001.18828 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
6993 Octet(s) - C:\Ad-Report-CLEAN[1].log
3130 Octet(s) - C:\Ad-Report-CLEAN[2].log
2369 Octet(s) - C:\Ad-Report-CLEAN[3].log
2032 Octet(s) - C:\Ad-Report-CLEAN[4].log
6865 Octet(s) - C:\Ad-Report-SCAN[1].log
.
12 Fichier(s) - C:\Users\THELYN~1\AppData\Local\Temp
0 Fichier(s) - C:\Windows\Temp
.
26 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
91 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 12:45:44 | 24/11/2009 - CLEAN[4]
.
============== E.O.F ==============
.






RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by The Lynx at 2009-11-24 12:47:00
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 138 GB (61%) free of 226 GB
Total RAM: 3071 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:06, on 24/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Users\The Lynx\Local Settings\Apps\F.lux\flux.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\explorer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\The Lynx\Desktop\RSIT.exe
C:\Program Files\trend micro\The Lynx.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.24\RivaTunerWrapper.exe" /T
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24\RivaTunerWrapper.exe" /S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [F.lux] "C:\Users\The Lynx\Local Settings\Apps\F.lux\flux.exe" /noshow
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1ca3f709ec0bc55) (gupdate1ca3f709ec0bc55) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: S3D Service (Win32) - iZ3D Inc. - C:\Program Files\iZ3D Driver\Win32\S3DCService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
0
Réponse 19 / 28
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
25 nov. 2009 à 10:25
ok pour finir



télécharge OTM
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/ (de Old_Timer) sur ton Bureau.

double-clique sur OTM.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTM :Paste instruction for items to be moved.


:processes
explorer.exe
:files
c:\users\the lynx\appdata\local\ekwog.exe ekwog
:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ekwog]
:commands
[purity]
[emptytemp]
[start explorer]

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTM\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

_______________________

lance tools cleaner pour virer ce qui a été utilisé




tu peux vérifier avec antivir que tout est ok

rq: garde malwarebyte en complément d'antivir

a plus
0
Réponse 20 / 28
Parishilton
25 nov. 2009 à 10:59
Voila

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder c:\users\the lynx\appdata\local\ekwog.exe ekwog not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ekwog\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jenny
->Temp folder emptied: 32770 bytes
->Temporary Internet Files folder emptied: 12875475 bytes
->Java cache emptied: 13326665 bytes
->FireFox cache emptied: 101119242 bytes

User: Public
->Temp folder emptied: 0 bytes

User: the
->Temp folder emptied: 0 bytes

User: The Lynx
->Temp folder emptied: 179431361 bytes
->Temporary Internet Files folder emptied: 798423 bytes
->Java cache emptied: 41430132 bytes
->FireFox cache emptied: 62844878 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 2966 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 352900 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 322 bytes
RecycleBin emptied: 1634304 bytes

Total Files Cleaned = 394,87 mb


OTM by OldTimer - Version 3.1.2.0 log created on 11252009_104716

Files moved on Reboot...

Registry entries deleted on Reboot...
0

Discussions similaires

comment faire si on a un mail delivery system
angeldu5954 -
angeldu5954 -

5 réponses
Supprimer un fichier ouvert dans systeme.
kakashiles -
yly -

12 réponses
missing operating system
sissy123 -
Utilisateur anonyme -

5 réponses
Mode d'utilisation de la caméra V380 en français
delacree -
Gigi -

14 réponses
pro direct soccer fiable ?
Doudy28 -
Alex -

7 réponses