Logiciel malveillant Aluréon.
Walkyrian
Messages postés
63
Statut
Membre
-
Lyonnais92 -
Lyonnais92 -
Bonjour, voilà j'ai un petit problème, mon ordinateur est infecter par un logiciel malveillant qui se prénomme Aluréon, qui c'est placé dans 2 ficher Systéme 32, je ne peut ni les supprimer et les mettre en quarantaine ne sert pas longtemps car ils reviennent 5 minutes après.
J'aimerais un petit coup de main de votre part afin de régler se problème au plus vite et ne pu me faire spammer d'alerte avast.
Merci à vous ! A+
J'aimerais un petit coup de main de votre part afin de régler se problème au plus vite et ne pu me faire spammer d'alerte avast.
Merci à vous ! A+
A voir également:
- Logiciel malveillant Aluréon.
- Logiciel - Guide
- Money logiciel - Télécharger - Comptabilité & Facturation
- Ce logiciel gratuit répare automatiquement votre PC quand Windows a des problèmes - Guide
- Logiciel de sauvegarde gratuit - Guide
- Logiciel montage vidéo gratuit windows 10 - Guide
117 réponses
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:files
C:/Windows/Systeme32/TDLCLK.DLL
:commands
[emptytemp]
[start explorer]
[reboot]
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:files
C:/Windows/Systeme32/TDLCLK.DLL
:commands
[emptytemp]
[start explorer]
[reboot]
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
oups manque un bout ^^
▶ clic droit en tant qu'admin sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous Customs Scans/Fixes :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:files
C:/Windows/Systeme32/TDLCLK.DLL
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur RunFix pour lancer la suppression.
▶ Poste le rapport.
▶ clic droit en tant qu'admin sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous Customs Scans/Fixes :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:files
C:/Windows/Systeme32/TDLCLK.DLL
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur RunFix pour lancer la suppression.
▶ Poste le rapport.
Voilà
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== FILES ==========
Invalid time flag! [ TDLCLK.DLL ]. Must be numerical.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Jordan
->Temp folder emptied: 5801455 bytes
->Temporary Internet Files folder emptied: 1060548 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 96772554 bytes
->Google Chrome cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 484472 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 322584 bytes
Total Files Cleaned = 99,60 mb
OTL by OldTimer - Version 3.1.10.0 log created on 11272009_190356
Files\Folders moved on Reboot...
C:\Users\Jordan\AppData\Local\Temp\~DF844E.tmp moved successfully.
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\Windows\temp\rmvr.tmp moved successfully.
Registry entries deleted on Reboot...
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== FILES ==========
Invalid time flag! [ TDLCLK.DLL ]. Must be numerical.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Jordan
->Temp folder emptied: 5801455 bytes
->Temporary Internet Files folder emptied: 1060548 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 96772554 bytes
->Google Chrome cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 484472 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 322584 bytes
Total Files Cleaned = 99,60 mb
OTL by OldTimer - Version 3.1.10.0 log created on 11272009_190356
Files\Folders moved on Reboot...
C:\Users\Jordan\AppData\Local\Temp\~DF844E.tmp moved successfully.
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\Windows\temp\rmvr.tmp moved successfully.
Registry entries deleted on Reboot...
Comment aller en Mode sans échec :
▶ Redémarres ton ordi
▶ Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
▶ Tu verras un écran avec options de démarrage apparaître
▶ Choisis la première option : Sans Échec, et valide avec "Entrée"
▶ Choisis ton compte habituel, et non Administrateur (si besoin ... )
(attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreurs ...)
▶ Redémarres ton ordi
▶ Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
▶ Tu verras un écran avec options de démarrage apparaître
▶ Choisis la première option : Sans Échec, et valide avec "Entrée"
▶ Choisis ton compte habituel, et non Administrateur (si besoin ... )
(attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreurs ...)
Merci C_XX mais j ai mis le bon chemin dans mon exe mais pas changé l'attrib , ca doit etre pour ca qu il ne l apas supprimé (ah ! j'ai recupéré ce qu il a ecirt sans faire gaffe , quel ane !)
refais-le comme ceci :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:files
C:\Windows\System32\TDLCLK.DLL
:commands
[emptytemp]
[start explorer]
[reboot]
refais-le comme ceci :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:files
C:\Windows\System32\TDLCLK.DLL
:commands
[emptytemp]
[start explorer]
[reboot]
mouais faut qu'j'arrete de speeder comme un ane sans regarder...je suis belier ^^
j ai corrigé merci
j ai corrigé merci
Voilà mec je l'ai delete manuelement en mode sans echec ( clique droit supprimer et vidage de corbeille ) c'est sa ?
ben c est ok , royal...tu auras encore la detection mais elle est isolée puis va etre nettoyée :
(je comprends pourquoi mon exe n'a pas marché ^^)
-> ▶ Scan BitDefender
▶ Fais une analyse antivirus en ligne sur BitDefender on line avec Internet Explorer
▶ Clique en bas à gauche sur Scan on line.
▶ Accepte la licence et laisse-le installer l'Active x..
▶ Laisse-toi guider. Colle son rapport ici.
Aide
(je comprends pourquoi mon exe n'a pas marché ^^)
-> ▶ Scan BitDefender
▶ Fais une analyse antivirus en ligne sur BitDefender on line avec Internet Explorer
▶ Clique en bas à gauche sur Scan on line.
▶ Accepte la licence et laisse-le installer l'Active x..
▶ Laisse-toi guider. Colle son rapport ici.
Aide
Le probléme quand je supprime manuelement c'est que le fichier se restaure tout seul, donc avast me le re-dectecte, donc j'ai vu ton post et j'ai refais scan OTL voici le rapport (quand le fichier a été déplacer avast ma mis l'alerte j'ai mis "ne rien faire" dis moi si j'ai bien fais )
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== FILES ==========
C:\Windows\System32\tdlclk.dll moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Jordan
->Temp folder emptied: 626123 bytes
->Temporary Internet Files folder emptied: 1062879 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 14324765 bytes
->Google Chrome cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 1264 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 15,30 mb
OTL by OldTimer - Version 3.1.10.0 log created on 11272009_192945
Files\Folders moved on Reboot...
C:\Users\Jordan\AppData\Local\Temp\~DFF6D6.tmp moved successfully.
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== FILES ==========
C:\Windows\System32\tdlclk.dll moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Jordan
->Temp folder emptied: 626123 bytes
->Temporary Internet Files folder emptied: 1062879 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 14324765 bytes
->Google Chrome cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 1264 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 15,30 mb
OTL by OldTimer - Version 3.1.10.0 log created on 11272009_192945
Files\Folders moved on Reboot...
C:\Users\Jordan\AppData\Local\Temp\~DFF6D6.tmp moved successfully.
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Le fichier tdlclk.dll se restaure toujours dans mon Systéme32 bizzare je te fais le scan BitDefender ?
Voilà le rapport BitDefender :
BitDefender QuickScan Beta 32-bit v0.9.8.2
------------------------------------------
Scan date: Fri Nov 27 19:43:25 2009
Machine ID: 104AD72C
Warning: Low execution rights. Please run QuickScan/browser as Administrator.
No infection found.
---------------------
Processes
---------
<unsigned> Catalyst Control Centre: Host application 5052 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
<unsigned> Catalyst Control Center: Monitoring program 3040 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
<unsigned> LightScribeControlPanel.exe 4040 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
<unsigned> qtplugin.exe 3932 C:\Windows\System32\qtplugin.exe
<verified> avast! service GUI component 2388 C:\Program Files\Alwil Software\Avast4\ashDisp.exe
<verified> DAEMON Tools Lite 3748 C:\Program Files\DAEMON Tools Lite\daemon.exe
<verified> HP Advisor 1612 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
<verified> HP MediaSmart SmartMenu 3756 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
<verified> Quick Launch Buttons 2996 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
<verified> HPWAMain Module 2444 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
<verified> Module to process WiFi messages. 5020 C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
<verified> HP DVDSmart Resident Program 3020 C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
<verified> HpqToaster Module 5216 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
<verified> CyberLink MediaLibray Service 2532 C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
<verified> CyberLink PowerCinema Resident Program 3412 C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
<verified> IDT PC Audio 2148 C:\Program Files\IDT\WDM\sttray.exe
<verified> Java(TM) Platform SE binary 4012 C:\Program Files\Java\jre6\bin\jusched.exe
<verified> Firefox 272 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> Propriétés de la connexion SFR 1528 C:\Program Files\SFR\Kit\9props.exe
<verified> SUPERAntiSpyware Application 1128 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
<verified> Synaptics TouchPad Enhancements 2012 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
<verified> Windows Defender User Interface 3928 C:\Program Files\Windows Defender\MSASCui.exe
<verified> Windows Live Communications Platform 5080 C:\Program Files\Windows Live\Contacts\wlcomm.exe
<verified> Windows Live Messenger 3696 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
<verified> Application de configuration du service Partage ré 1524 C:\Program Files\Windows Media Player\wmpnscfg.exe
<verified> DNA 3552 C:\Users\Jordan\Program Files\DNA\btdna.exe
<verified> Media Center Media Status Aggregator Service 4608 C:\Windows\ehome\ehmsas.exe
<verified> Media Center Tray Applet 4060 C:\Windows\ehome\ehtray.exe
<verified> Explorateur Windows 2244 C:\Windows\Explorer.EXE
<verified> Gestionnaire de fenêtres du Bureau 2216 C:\Windows\system32\Dwm.exe
<verified> Moteur du Planificateur de tâches 2420 C:\Windows\system32\taskeng.exe
Network activity
----------------
Process msnmsgr.exe (3696) connected on port 1863 (MSN) - 65.54.49.88
Process qtplugin.exe (3932) connected on port 80 (HTTP) - 89-149-254-17.local
Process btdna.exe (3552) listens on ports: 53811
Autoruns and critical files
---------------------------
<unsigned> Catalyst® Control Center Launcher C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
<unsigned> LightScribeControlPanel.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
<unsigned> ShellExecuteHook c:\program files\superantispyware\sasseh.dll
<unsigned> SUPERAntiSpyware WinLogon Processor C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
<unsigned> qtplugin.exe C:\Windows\System32\qtplugin.exe
<verified> avast! service GUI component C:\Program Files\Alwil Software\Avast4\ashDisp.exe
<verified> StartMen Application C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
<verified> StartMen Application C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
<verified> StartMen Application C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
<verified> StartMen Application C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
<verified> DAEMON Tools Lite C:\Program Files\DAEMON Tools Lite\daemon.exe
<verified> HP Advisor C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
<verified> HP Health Check Scheduler c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
<verified> HP MediaSmart SmartMenu C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
<verified> Quick Launch Buttons C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
<verified> HPWAMain Module C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
<verified> HP DVDSmart Resident Program C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
<verified> HP MediaSmart TV Resident Program C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
<verified> StartMen Application C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
<verified> CyberLink MediaLibray Service C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
<verified> CyberLink PowerCinema Resident Program C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
<verified> IDT PC Audio C:\Program Files\IDT\WDM\sttray.exe
<verified> Java(TM) Platform SE binary C:\Program Files\Java\jre6\bin\jusched.exe
<verified> Propriétés de la connexion SFR C:\Program Files\SFR\Kit\9props.exe
<verified> SUPERAntiSpyware Application C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
<verified> Synaptics TouchPad Enhancements C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
<verified> Windows Defender User Interface C:\Program Files\Windows Defender\MSASCui.exe
<verified> Windows Live Messenger C:\Program Files\Windows Live\Messenger\msnmsgr.exe
<verified> Application de configuration du service Partage ré C:\Program Files\Windows Media Player\wmpnscfg.exe
<verified> DNA C:\Users\Jordan\Program Files\DNA\btdna.exe
<verified> Media Center Tray Applet C:\Windows\ehome\ehtray.exe
<verified> Bibliothèque de l'interface utilisateur du navigat C:\Windows\System32\browseui.dll
<verified> Application d'ouverture de session Userinit c:\windows\system32\userinit.exe
<verified> Contrôleur de site Web C:\Windows\System32\webcheck.dll
Browser plugins
---------------
<unsigned> Bonjour Namespace Provider C:\Program Files\Bonjour\mdnsNSP.dll
<unsigned> GEPlugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> Version 0.9.9, copyright 1996-2009 The VideoLAN Te C:\Program Files\VideoLAN\VLC\npvlc.dll
<unsigned> Adobe Shockwave for Director Netscape plug-in, ver C:\Windows\system32\Adobe\Director\np32dsw.dll
<verified> AOL IE Toolbar Dynamic Link Library c:\program files\aol\aol toolbar 5.0\aoltb.dll
<verified> Microsoft® Windows Live ID Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
<verified> Delivery Network Acceleration by BitTorrent™ C:\Program Files\DNA\plugins\npbtdna.dll
<verified> Google Update C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
<verified> npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
<verified> Java(TM) Platform SE binary c:\program files\java\jre6\bin\jp2ssv.dll
<verified> 3.0.40818.0 c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll
<verified> Office Live Update v1.4 C:\Program Files\Microsoft\Office Live\npOLW.dll
<verified> Search Helper for Internet Explorer c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
<verified> NPRuntime Script Plug-in Library for Java(TM) Depl C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
<verified> Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> Skype add-on for IE c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
<verified> NPWLPG C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
<verified> Windows Live Toolbar Core c:\program files\windows live\toolbar\wltcore.dll
<verified> Uno Messenger C:\Windows\Downloaded Program Files\GAME_UNO1.dll
<verified> Zone.com Stats Client for MSN Messenger C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll
<verified> Zone.com Minesweeper Flags for MSN Messenger C:\Windows\Downloaded Program Files\MineSweeper.dll
<verified> Windows Presentation Foundation (WPF) plug-in for c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Internet Explorer C:\Windows\System32\ieframe.dll
<verified> NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
<verified> Fournisseur de service Sockets 2.0 de Microsoft Wi C:\Windows\System32\mswsock.dll
<verified> Fournisseur Shim d'affectation de noms de messager C:\Windows\System32\NapiNSP.dll
<verified> Network Location Awareness 2 C:\Windows\System32\nlaapi.dll
<verified> Fournisseur d’espace de noms PNRP C:\Windows\System32\pnrpnsp.dll
<verified> LDAP RnR Provider DLL C:\Windows\System32\winrnr.dll
Missing files
-------------
File not found: cmd.exe
referenced in: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\"AlternateShell"
Scan
----
No file uploaded.
Scan finished - communication took 8 sec
Total traffic - 0.09 MB sent, 3.63 KB recvd
Scanned 1633 files and modules - 61 seconds
BitDefender QuickScan Beta 32-bit v0.9.8.2
------------------------------------------
Scan date: Fri Nov 27 19:43:25 2009
Machine ID: 104AD72C
Warning: Low execution rights. Please run QuickScan/browser as Administrator.
No infection found.
---------------------
Processes
---------
<unsigned> Catalyst Control Centre: Host application 5052 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
<unsigned> Catalyst Control Center: Monitoring program 3040 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
<unsigned> LightScribeControlPanel.exe 4040 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
<unsigned> qtplugin.exe 3932 C:\Windows\System32\qtplugin.exe
<verified> avast! service GUI component 2388 C:\Program Files\Alwil Software\Avast4\ashDisp.exe
<verified> DAEMON Tools Lite 3748 C:\Program Files\DAEMON Tools Lite\daemon.exe
<verified> HP Advisor 1612 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
<verified> HP MediaSmart SmartMenu 3756 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
<verified> Quick Launch Buttons 2996 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
<verified> HPWAMain Module 2444 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
<verified> Module to process WiFi messages. 5020 C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
<verified> HP DVDSmart Resident Program 3020 C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
<verified> HpqToaster Module 5216 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
<verified> CyberLink MediaLibray Service 2532 C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
<verified> CyberLink PowerCinema Resident Program 3412 C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
<verified> IDT PC Audio 2148 C:\Program Files\IDT\WDM\sttray.exe
<verified> Java(TM) Platform SE binary 4012 C:\Program Files\Java\jre6\bin\jusched.exe
<verified> Firefox 272 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> Propriétés de la connexion SFR 1528 C:\Program Files\SFR\Kit\9props.exe
<verified> SUPERAntiSpyware Application 1128 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
<verified> Synaptics TouchPad Enhancements 2012 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
<verified> Windows Defender User Interface 3928 C:\Program Files\Windows Defender\MSASCui.exe
<verified> Windows Live Communications Platform 5080 C:\Program Files\Windows Live\Contacts\wlcomm.exe
<verified> Windows Live Messenger 3696 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
<verified> Application de configuration du service Partage ré 1524 C:\Program Files\Windows Media Player\wmpnscfg.exe
<verified> DNA 3552 C:\Users\Jordan\Program Files\DNA\btdna.exe
<verified> Media Center Media Status Aggregator Service 4608 C:\Windows\ehome\ehmsas.exe
<verified> Media Center Tray Applet 4060 C:\Windows\ehome\ehtray.exe
<verified> Explorateur Windows 2244 C:\Windows\Explorer.EXE
<verified> Gestionnaire de fenêtres du Bureau 2216 C:\Windows\system32\Dwm.exe
<verified> Moteur du Planificateur de tâches 2420 C:\Windows\system32\taskeng.exe
Network activity
----------------
Process msnmsgr.exe (3696) connected on port 1863 (MSN) - 65.54.49.88
Process qtplugin.exe (3932) connected on port 80 (HTTP) - 89-149-254-17.local
Process btdna.exe (3552) listens on ports: 53811
Autoruns and critical files
---------------------------
<unsigned> Catalyst® Control Center Launcher C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
<unsigned> LightScribeControlPanel.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
<unsigned> ShellExecuteHook c:\program files\superantispyware\sasseh.dll
<unsigned> SUPERAntiSpyware WinLogon Processor C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
<unsigned> qtplugin.exe C:\Windows\System32\qtplugin.exe
<verified> avast! service GUI component C:\Program Files\Alwil Software\Avast4\ashDisp.exe
<verified> StartMen Application C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
<verified> StartMen Application C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
<verified> StartMen Application C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
<verified> StartMen Application C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
<verified> DAEMON Tools Lite C:\Program Files\DAEMON Tools Lite\daemon.exe
<verified> HP Advisor C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
<verified> HP Health Check Scheduler c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
<verified> HP MediaSmart SmartMenu C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
<verified> Quick Launch Buttons C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
<verified> HPWAMain Module C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
<verified> HP DVDSmart Resident Program C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
<verified> HP MediaSmart TV Resident Program C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
<verified> StartMen Application C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
<verified> CyberLink MediaLibray Service C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
<verified> CyberLink PowerCinema Resident Program C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
<verified> IDT PC Audio C:\Program Files\IDT\WDM\sttray.exe
<verified> Java(TM) Platform SE binary C:\Program Files\Java\jre6\bin\jusched.exe
<verified> Propriétés de la connexion SFR C:\Program Files\SFR\Kit\9props.exe
<verified> SUPERAntiSpyware Application C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
<verified> Synaptics TouchPad Enhancements C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
<verified> Windows Defender User Interface C:\Program Files\Windows Defender\MSASCui.exe
<verified> Windows Live Messenger C:\Program Files\Windows Live\Messenger\msnmsgr.exe
<verified> Application de configuration du service Partage ré C:\Program Files\Windows Media Player\wmpnscfg.exe
<verified> DNA C:\Users\Jordan\Program Files\DNA\btdna.exe
<verified> Media Center Tray Applet C:\Windows\ehome\ehtray.exe
<verified> Bibliothèque de l'interface utilisateur du navigat C:\Windows\System32\browseui.dll
<verified> Application d'ouverture de session Userinit c:\windows\system32\userinit.exe
<verified> Contrôleur de site Web C:\Windows\System32\webcheck.dll
Browser plugins
---------------
<unsigned> Bonjour Namespace Provider C:\Program Files\Bonjour\mdnsNSP.dll
<unsigned> GEPlugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> The QuickTime Plugin allows you to view a wide var C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> Version 0.9.9, copyright 1996-2009 The VideoLAN Te C:\Program Files\VideoLAN\VLC\npvlc.dll
<unsigned> Adobe Shockwave for Director Netscape plug-in, ver C:\Windows\system32\Adobe\Director\np32dsw.dll
<verified> AOL IE Toolbar Dynamic Link Library c:\program files\aol\aol toolbar 5.0\aoltb.dll
<verified> Microsoft® Windows Live ID Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
<verified> Delivery Network Acceleration by BitTorrent™ C:\Program Files\DNA\plugins\npbtdna.dll
<verified> Google Update C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
<verified> npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
<verified> Java(TM) Platform SE binary c:\program files\java\jre6\bin\jp2ssv.dll
<verified> 3.0.40818.0 c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll
<verified> Office Live Update v1.4 C:\Program Files\Microsoft\Office Live\npOLW.dll
<verified> Search Helper for Internet Explorer c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
<verified> NPRuntime Script Plug-in Library for Java(TM) Depl C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
<verified> Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> Skype add-on for IE c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
<verified> NPWLPG C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
<verified> Windows Live Toolbar Core c:\program files\windows live\toolbar\wltcore.dll
<verified> Uno Messenger C:\Windows\Downloaded Program Files\GAME_UNO1.dll
<verified> Zone.com Stats Client for MSN Messenger C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll
<verified> Zone.com Minesweeper Flags for MSN Messenger C:\Windows\Downloaded Program Files\MineSweeper.dll
<verified> Windows Presentation Foundation (WPF) plug-in for c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Internet Explorer C:\Windows\System32\ieframe.dll
<verified> NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
<verified> Fournisseur de service Sockets 2.0 de Microsoft Wi C:\Windows\System32\mswsock.dll
<verified> Fournisseur Shim d'affectation de noms de messager C:\Windows\System32\NapiNSP.dll
<verified> Network Location Awareness 2 C:\Windows\System32\nlaapi.dll
<verified> Fournisseur d’espace de noms PNRP C:\Windows\System32\pnrpnsp.dll
<verified> LDAP RnR Provider DLL C:\Windows\System32\winrnr.dll
Missing files
-------------
File not found: cmd.exe
referenced in: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\"AlternateShell"
Scan
----
No file uploaded.
Scan finished - communication took 8 sec
Total traffic - 0.09 MB sent, 3.63 KB recvd
Scanned 1633 files and modules - 61 seconds
