Virus Qui Affecte Les Navigateurs
wellan
Messages postés
49
Statut
Membre
-
dédétraqué Messages postés 4522 Statut Contributeur sécurité -
dédétraqué Messages postés 4522 Statut Contributeur sécurité -
Bonjour,
Alors voilà, depuis quelque temps quand je vais sur google par exemple ou yahoo pour faire des recherches, je clique sur le site je suis toujours immédiatement redirigé vers un autre page.
J'ai essayer plusieurs navigateur comme IE8, Firefox, Google Chrome...
J'ai ensuite mis mon ordinateur à jour.
J'ai fais des scans avec Norton Internet Security 2010, avast!, Microsoft Security Essential, Spybot Search & destroy.
Encore aucun résultat... -_-
Alors j'ai fait une restauration système...RIEN encore le même problème...
Alors j'ai essayer Kaspersky eeeeeet OUI il détecte le problème et il le BLOQUE !!
Mais avec le navigateur aussi...Le même problème je ne peut pas faire mes recherches...
Finalement...Me voici, qui demande votre aide
Alors voilà, depuis quelque temps quand je vais sur google par exemple ou yahoo pour faire des recherches, je clique sur le site je suis toujours immédiatement redirigé vers un autre page.
J'ai essayer plusieurs navigateur comme IE8, Firefox, Google Chrome...
J'ai ensuite mis mon ordinateur à jour.
J'ai fais des scans avec Norton Internet Security 2010, avast!, Microsoft Security Essential, Spybot Search & destroy.
Encore aucun résultat... -_-
Alors j'ai fait une restauration système...RIEN encore le même problème...
Alors j'ai essayer Kaspersky eeeeeet OUI il détecte le problème et il le BLOQUE !!
Mais avec le navigateur aussi...Le même problème je ne peut pas faire mes recherches...
Finalement...Me voici, qui demande votre aide
A voir également:
- Virus Qui Affecte Les Navigateurs
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Supprimer les données de navigation - Guide
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
5 réponses
Salut wellan
On va vérifier cela, télécharge RSIT (de random/random) sur le bureau ici :
http://images.malwareremoval.com/random/RSIT.exe
- Clique droit sur RSIT.exe qui est sur le bureau et choisir exécuter en tant qu'administrateur
- Clique sur Continue dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenue des deux rapports, log.txt et info.txt(réduit dans la barre des tâches) à la fin de l’analyse
Les rapports sont dans le dossier ici C:\rsit
@++ :)
On va vérifier cela, télécharge RSIT (de random/random) sur le bureau ici :
http://images.malwareremoval.com/random/RSIT.exe
- Clique droit sur RSIT.exe qui est sur le bureau et choisir exécuter en tant qu'administrateur
- Clique sur Continue dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenue des deux rapports, log.txt et info.txt(réduit dans la barre des tâches) à la fin de l’analyse
Les rapports sont dans le dossier ici C:\rsit
@++ :)
Alors voilà...
info.txt
info.txt logfile of random's system information tool 1.06 2010-02-10 17:05:48
======Uninstall list======
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\Setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\Setup.exe" -uninstall
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 9.07 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe After Effects 7.0-->msiexec /I {DD362256-A7A2-4524-9457-213DDC2AFC2A}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge 1.0-->MsiExec.exe /I{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Recommended Settings CS4-->MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Extra Settings CS4-->MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit 1.0-->MsiExec.exe /I{B74D4E10-0000-0000-0000-EDED00000102}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
ALPS Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
a-squared Free 4.5-->"C:\Program Files\a-squared Free\unins000.exe"
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
BitComet 1.15-->C:\Program Files\BitComet\uninst.exe
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
CloneDVD 4.5.0.0-->"C:\Program Files\CloneDVD\unins000.exe"
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Core FTP LE 2.1-->C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
FileZilla Client 3.3.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
FormatFactory 2.20-->C:\Program Files\FreeTime\FormatFactory\uninst.exe
FXhome VisionLab Studio (remove only)-->"C:\Program Files\FXhome VisionLab Studio\FXhome VisionLab Studio Uninstall.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
GIMP 2.6.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Glary Utilities 2.19.0.800-->"C:\Program Files\Glary Utilities\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\4.0.249.78\Installer\setup.exe" --uninstall --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall
IpSharkk 2.5-->"C:\Program Files\IpSharkk\unins000.exe"
Java DB 10.4.2.1-->MsiExec.exe /X{926C96FB-9D0A-4504-8000-C6D3A4A3118E}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
JMicron JMB38X Flash Media Controller-->"C:\Program Files\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe" delpkg
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
LimeWire 5.4.6-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Antimalware Service FR-FR Language Pack-->MsiExec.exe /X{A4526B5A-89C0-4F4B-9E6E-4F883374D5F9}
Microsoft Antimalware-->MsiExec.exe /X{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Essentials\setup.exe /x
Microsoft Security Essentials-->MsiExec.exe /I{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6)-->C:\Program Files\Mozilla
log.txt
Logfile of random's system information tool 1.06 (written by random/random)
Run by Alexandre at 2010-02-11 15:55:54
Microsoft Windows 7 Édition Familiale Premium
System drive C: has 82 GB (72%) free of 114 GB
Total RAM: 1978 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05:50, on 2010-02-10
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Users\ALEXAN~1\AppData\Local\Temp\setuper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Users\ALEXAN~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe
C:\Program Files\Trend Micro\HijackThis\Alexandre.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\trend micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" (User 'Système')
O4 - HKUS\.DEFAULT\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (GoogleUpdateBeta) - Unknown owner - C:\Users\Alexandre\AppData\Local\Google\Update\GoogleUpdateBeta.exe (file missing)
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
info.txt
info.txt logfile of random's system information tool 1.06 2010-02-10 17:05:48
======Uninstall list======
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\Setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\Setup.exe" -uninstall
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 9.07 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe After Effects 7.0-->msiexec /I {DD362256-A7A2-4524-9457-213DDC2AFC2A}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge 1.0-->MsiExec.exe /I{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Recommended Settings CS4-->MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Extra Settings CS4-->MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit 1.0-->MsiExec.exe /I{B74D4E10-0000-0000-0000-EDED00000102}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
ALPS Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
a-squared Free 4.5-->"C:\Program Files\a-squared Free\unins000.exe"
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
BitComet 1.15-->C:\Program Files\BitComet\uninst.exe
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
CloneDVD 4.5.0.0-->"C:\Program Files\CloneDVD\unins000.exe"
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Core FTP LE 2.1-->C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
FileZilla Client 3.3.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
FormatFactory 2.20-->C:\Program Files\FreeTime\FormatFactory\uninst.exe
FXhome VisionLab Studio (remove only)-->"C:\Program Files\FXhome VisionLab Studio\FXhome VisionLab Studio Uninstall.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
GIMP 2.6.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Glary Utilities 2.19.0.800-->"C:\Program Files\Glary Utilities\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\4.0.249.78\Installer\setup.exe" --uninstall --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall
IpSharkk 2.5-->"C:\Program Files\IpSharkk\unins000.exe"
Java DB 10.4.2.1-->MsiExec.exe /X{926C96FB-9D0A-4504-8000-C6D3A4A3118E}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
JMicron JMB38X Flash Media Controller-->"C:\Program Files\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe" delpkg
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
LimeWire 5.4.6-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Antimalware Service FR-FR Language Pack-->MsiExec.exe /X{A4526B5A-89C0-4F4B-9E6E-4F883374D5F9}
Microsoft Antimalware-->MsiExec.exe /X{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Essentials\setup.exe /x
Microsoft Security Essentials-->MsiExec.exe /I{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6)-->C:\Program Files\Mozilla
log.txt
Logfile of random's system information tool 1.06 (written by random/random)
Run by Alexandre at 2010-02-11 15:55:54
Microsoft Windows 7 Édition Familiale Premium
System drive C: has 82 GB (72%) free of 114 GB
Total RAM: 1978 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05:50, on 2010-02-10
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Users\ALEXAN~1\AppData\Local\Temp\setuper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Users\ALEXAN~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe
C:\Program Files\Trend Micro\HijackThis\Alexandre.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\trend micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" (User 'Système')
O4 - HKUS\.DEFAULT\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (GoogleUpdateBeta) - Unknown owner - C:\Users\Alexandre\AppData\Local\Google\Update\GoogleUpdateBeta.exe (file missing)
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
Salut wellan
Télécharge combofix.exe (de sUBs) sur le bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/
Important Désactive ton Antivirus, antispyware et Pare feu avant le scan avec Combofix :
https://forum.pcastuces.com/default.asp
https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
==> Sauvegarde ton travail et ferme toutes les fenêtres actives, il peut y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n’est pas fini. <==
Double clique sur combofix.exe, clique sur OUI et valide par Entrée
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure
@++ :)
Télécharge combofix.exe (de sUBs) sur le bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/
Important Désactive ton Antivirus, antispyware et Pare feu avant le scan avec Combofix :
https://forum.pcastuces.com/default.asp
https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
==> Sauvegarde ton travail et ferme toutes les fenêtres actives, il peut y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n’est pas fini. <==
Double clique sur combofix.exe, clique sur OUI et valide par Entrée
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure
@++ :)
Alors Voilà...
ComboFix 10-02-12.01 - Alexandre 2010-02-13 7:45.1.2 - x86
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.2.1036.18.1978.799 [GMT -5:00]
Lancé depuis: c:\users\Alexandre\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\temp
c:\users\Alexandre\AppData\Roaming\inst.exe
c:\windows\system32\systeminfo3.dll
D:\install.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-01-13 au 2010-02-13 ))))))))))))))))))))))))))))))))))))
.
2010-02-10 21:54 . 2010-02-10 22:11 -------- d-----w- c:\program files\trend micro
2010-02-10 21:19 . 2010-02-10 22:20 -------- d-----w- c:\program files\a-squared Free
2010-02-10 21:11 . 2010-02-10 21:11 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-02-10 21:11 . 2010-02-10 21:11 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-02-10 21:11 . 2010-02-10 21:11 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-02-10 21:11 . 2010-02-10 23:31 -------- d-----w- c:\users\Alexandre\AppData\Roaming\Spyware Terminator
2010-02-10 21:11 . 2010-02-10 22:21 -------- d-----w- c:\programdata\Spyware Terminator
2010-02-10 21:11 . 2010-02-10 21:13 -------- d-----w- c:\program files\Spyware Terminator
2010-02-10 21:06 . 2010-02-10 21:06 -------- d-----w- c:\users\Alexandre\AppData\Roaming\Malwarebytes
2010-02-10 21:06 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-10 21:06 . 2010-02-10 21:06 -------- d-----w- c:\programdata\Malwarebytes
2010-02-10 21:06 . 2010-02-10 21:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-10 21:06 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-10 01:15 . 2010-02-11 20:57 -------- d-----w- C:\rsit
2010-02-09 23:33 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100204.001\IDSvix86.sys
2010-02-09 23:33 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100204.001\IDSXpx86.sys
2010-02-09 23:33 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100204.001\Scxpx86.dll
2010-02-09 23:33 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100204.001\IDSxpx86.dll
2010-02-09 23:33 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100204.001\IDSviA64.sys
2010-02-09 22:57 . 2009-12-10 03:16 784752 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
2010-02-09 22:56 . 2010-02-09 23:12 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-09 22:56 . 2010-02-09 22:56 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-09 22:56 . 2010-02-09 22:56 -------- d-----w- c:\program files\Symantec
2010-02-09 22:56 . 2010-02-09 23:37 968560 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\OCS\hsplayer.dll
2010-02-09 22:56 . 2009-08-30 00:16 164216 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
2010-02-09 22:56 . 2009-09-01 08:27 892272 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\CLT\cltLMSx.dll
2010-02-09 22:56 . 2010-02-10 23:27 -------- d-----w- c:\windows\system32\drivers\NIS
2010-02-09 22:56 . 2010-02-09 22:56 -------- d-----w- c:\program files\Norton Internet Security
2010-02-09 22:54 . 2010-02-09 22:54 -------- d-----w- c:\program files\NortonInstaller
2010-02-09 00:57 . 2010-02-09 22:13 -------- d-----w- c:\programdata\Kaspersky Lab
2010-02-09 00:57 . 2010-02-09 00:57 -------- d-----w- c:\program files\Kaspersky Lab
2010-02-06 19:11 . 2010-02-06 19:11 -------- d-----w- c:\users\Alexandre\AppData\Roaming\OtakuSoftware
2010-02-06 15:13 . 2010-02-06 15:15 -------- d-----w- c:\program files\Google
2010-02-06 14:30 . 2010-02-09 23:02 -------- d-----w- c:\programdata\Lavasoft
2010-02-06 14:12 . 2010-02-06 14:14 -------- d-----w- C:\.jagex_cache_32
2010-02-05 22:42 . 2010-02-05 22:42 -------- d-----w- c:\users\Alexandre\AppData\Roaming\PRMT
2010-02-05 22:42 . 2010-02-05 22:42 -------- d-----w- c:\users\Alexandre\AppData\Roaming\Softland
2010-02-05 22:40 . 2010-02-05 22:40 -------- d-----w- c:\users\Alexandre\AppData\Roaming\PROject MT
2010-02-05 22:39 . 2010-02-05 22:39 -------- d-----w- c:\windows\msagent
2010-02-05 22:36 . 2010-02-05 23:15 -------- d-----w- c:\windows\Lhsp
2010-02-05 22:36 . 2010-02-05 22:36 -------- d-----w- c:\programdata\PRMT
2010-02-05 22:34 . 2010-02-05 22:34 -------- d-----w- c:\users\Alexandre\AppData\Local\VS Revo Group
2010-02-05 22:23 . 2010-02-05 22:23 57344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{949133A8-69C9-1EB8-0049-53669B4D346E}-aswScan.dll
2010-02-04 21:39 . 2010-02-04 21:39 1024 ---h--r- c:\windows\system32\NTIOFM4.dll
2010-02-04 21:39 . 2010-02-04 21:39 1024 ---h--r- c:\windows\system32\NTIBUN5.dll
2010-02-04 21:39 . 2008-01-30 09:52 14848 ----a-w- c:\windows\system32\drivers\NTIDrvr.sys
2010-02-04 21:37 . 2010-02-12 20:40 -------- d-----w- c:\program files\NewTech Infosystems
2010-02-04 03:08 . 2010-02-04 03:08 -------- d-----w- c:\users\Alexandre\AppData\Roaming\Canneverbe Limited
2010-02-03 23:32 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-03 23:32 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-03 23:32 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-03 23:32 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-03 23:32 . 2010-02-11 18:38 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-02-03 23:31 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-03 23:31 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-03 23:31 . 2010-02-03 23:31 -------- d-----w- c:\programdata\Alwil Software
2010-02-03 23:31 . 2010-02-03 23:31 -------- d-----w- c:\program files\Alwil Software
2010-02-02 21:00 . 2010-02-06 16:41 -------- d-----w- c:\users\Alexandre\AppData\Local\Google
2010-02-02 20:58 . 2010-02-02 20:58 102400 --sha-r- c:\windows\system32\msexch401.dll
2010-02-01 21:47 . 2010-02-01 21:47 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-31 22:58 . 2010-01-31 22:58 0 ----a-w- c:\windows\nsreg.dat
2010-01-31 22:58 . 2010-02-01 21:48 -------- d-----w- c:\users\Alexandre\AppData\Local\Thunderbird
2010-01-31 22:58 . 2010-02-01 21:11 -------- d-----w- c:\users\Alexandre\AppData\Roaming\Thunderbird
2010-01-30 07:31 . 2010-01-30 07:31 668720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100130.002\BHDrvx64.sys
2010-01-30 07:31 . 2010-01-30 07:31 610704 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100130.002\bbRGen.dll
2010-01-30 07:31 . 2010-01-30 07:31 529456 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100130.002\BHDrvx86.sys
2010-01-30 07:31 . 2010-01-30 07:31 201616 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100130.002\BHRules.dll
2010-01-30 07:31 . 2010-01-30 07:31 1405840 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100130.002\BHEngine.dll
2010-01-28 23:03 . 2010-01-29 23:16 10128 ----a-w- c:\programdata\DVDXStudio\CloneDVD4\MainApp.dll
2010-01-28 23:03 . 2010-01-28 23:03 -------- d-----w- c:\program files\CloneDVD
2010-01-28 23:03 . 2010-01-28 23:03 -------- d-----w- c:\programdata\DVDXStudio
2010-01-28 20:54 . 2010-01-29 22:20 -------- d-----w- c:\programdata\SlySoft
2010-01-28 20:46 . 2010-01-29 22:20 -------- d-----w- c:\program files\SlySoft
2010-01-28 00:59 . 2010-01-28 23:03 -------- d-----w- c:\users\Alexandre\AppData\Roaming\Vso
2010-01-28 00:59 . 2010-01-28 23:03 47360 ----a-w- c:\users\Alexandre\AppData\Roaming\pcouffin.sys
2010-01-28 00:59 . 2010-01-28 00:59 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-01-26 20:57 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-01-26 20:57 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-01-25 13:33 . 2010-01-25 13:33 -------- d-----w- c:\users\Alexandre\AppData\Local\Apps
2010-01-25 13:33 . 2010-01-30 00:09 -------- d-----w- c:\users\Alexandre\AppData\Local\Deployment
2010-01-23 01:24 . 2010-02-05 21:33 -------- d-----w- c:\users\Alexandre\AppData\Roaming\FileZilla
2010-01-23 01:23 . 2010-01-23 01:23 -------- d-----w- c:\program files\FileZilla FTP Client
2010-01-21 20:58 . 2009-12-19 09:02 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-19 23:38 . 2010-01-19 23:38 -------- d-----w- c:\program files\DVD Decrypter
2010-01-19 22:14 . 2010-01-19 22:14 -------- d-----w- c:\users\Alexandre\AppData\Roaming\Canneverbe_Limited
2010-01-19 22:14 . 2010-01-19 22:14 -------- d-----w- c:\programdata\Canneverbe Limited
2010-01-19 21:48 . 2009-11-12 18:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-01-19 21:48 . 2010-02-04 12:43 -------- d-----w- c:\program files\CDBurnerXP
2010-01-18 00:03 . 2010-01-18 00:03 -------- d-----w- c:\programdata\Symantec
2010-01-17 15:58 . 2010-01-25 22:41 -------- d-----w- c:\programdata\eMule
2010-01-17 15:56 . 2010-02-04 22:48 -------- d-----w- c:\programdata\DVD Shrink
2010-01-17 15:56 . 2010-01-17 15:56 -------- d-----w- c:\program files\DVD Shrink
2010-01-17 15:43 . 2010-01-17 15:43 -------- d-----w- c:\program files\Orbitdownloader
2010-01-16 15:17 . 2010-01-16 15:17 -------- d-----w- c:\users\Alexandre\AppData\Local\CyberLink
2010-01-16 15:16 . 2010-01-16 15:17 -------- d-----w- c:\users\Alexandre\AppData\Local\PlayMovie
2010-01-16 15:16 . 2010-01-16 15:17 -------- d-----w- c:\users\Alexandre\AppData\Local\SoftDMA
2010-01-16 15:16 . 2010-01-16 15:16 -------- d-----w- c:\users\Alexandre\AppData\Local\Acer Arcade Deluxe
2010-01-16 15:16 . 2010-01-16 15:17 -------- d-----w- c:\users\Alexandre\AppData\Roaming\CyberLink
2010-01-15 00:10 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-15 00:10 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-12 22:02 . 2009-10-30 14:41 1 ----a-w- c:\users\Alexandre\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-12 20:41 . 2009-11-10 21:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-12 20:28 . 2009-11-12 23:37 -------- d-----w- c:\users\Alexandre\AppData\Roaming\CoreFTP
2010-02-12 14:52 . 2009-07-14 08:39 695004 ----a-w- c:\windows\system32\perfh00C.dat
2010-02-12 14:52 . 2009-07-14 08:39 127684 ----a-w- c:\windows\system32\perfc00C.dat
2010-02-12 14:51 . 2009-10-29 23:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-09 23:32 . 2010-02-13 12:08 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100212.039\NAVENG.SYS
2010-02-09 23:32 . 2010-02-13 12:08 1324720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100212.039\NAVEX15.SYS
2010-02-09 23:32 . 2010-02-13 12:08 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100212.039\ECMSVR32.DLL
2010-02-09 23:32 . 2010-02-13 12:08 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100212.039\CCERASER.DLL
2010-02-09 22:56 . 2010-02-09 22:56 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-02-09 22:56 . 2010-02-09 22:56 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-02-09 22:56 . 2009-11-01 18:42 -------- d-----w- c:\programdata\Norton
2010-02-09 22:54 . 2009-11-01 18:41 -------- d-----w- c:\programdata\NortonInstaller
2010-02-09 16:41 . 2009-11-14 15:10 -------- d-----w- c:\program files\Glary Utilities
2010-02-05 23:01 . 2009-10-27 14:26 116920 ----a-w- c:\users\Alexandre\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-05 22:56 . 2009-10-30 02:36 -------- d-----w- c:\users\Alexandre\AppData\Roaming\uTorrent
2010-02-05 22:33 . 2010-01-14 00:45 -------- d-----w- c:\users\Alexandre\AppData\Roaming\Orbit
2010-02-05 22:23 . 2010-02-05 22:23 202752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{EB19C8E3-BBEB-A399-4E44-B3E3472886C8}-aswCmnBS.dll
2010-02-04 22:00 . 2009-11-03 23:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-04 03:05 . 2009-11-06 19:10 -------- d-----w- c:\users\Alexandre\AppData\Roaming\LimeWire
2010-02-03 22:21 . 2009-10-27 22:58 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-02-03 22:21 . 2009-10-27 22:58 573760 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-02-03 22:05 . 2009-10-30 02:37 -------- d-----w- c:\program files\uTorrent
2010-01-31 22:33 . 2009-11-08 21:40 -------- d-----w- c:\programdata\Microsoft Help
2010-01-31 00:06 . 2009-11-29 21:33 -------- d-----w- c:\users\Alexandre\AppData\Roaming\U3
2010-01-22 00:38 . 2009-10-31 15:27 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-01-22 00:38 . 2009-10-31 15:27 573760 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-01-20 21:57 . 2009-10-27 22:50 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 23:29 . 2010-02-10 21:01 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 21:01 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 21:01 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 21:01 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 21:01 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 21:01 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 21:01 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 21:01 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-18 00:01 . 2009-11-10 21:31 -------- d-----w- c:\programdata\CyberLink
2010-01-14 16:12 . 2009-10-27 14:14 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-14 00:45 . 2010-01-14 00:45 -------- d-----w- c:\users\Alexandre\AppData\Roaming\GrabPro
2010-01-11 00:54 . 2010-01-11 00:53 -------- d-----w- c:\program files\LimeWire
2010-01-10 19:15 . 2010-01-10 19:04 -------- d-----w- c:\programdata\PassMark
2010-01-09 20:13 . 2010-01-09 20:13 65536 ----a-w- c:\windows\system32\buxegeh.dll
2010-01-08 03:18 . 2010-02-10 21:01 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-10 21:01 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-27 21:09 . 2009-10-30 23:25 -------- d-----w- c:\program files\FreeTime
2009-12-27 15:28 . 2009-11-14 01:46 -------- d-----w- c:\users\Alexandre\AppData\Roaming\gtk-2.0
2009-12-19 18:22 . 2009-12-19 18:22 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-12-19 09:02 . 2010-02-10 21:01 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02 . 2010-02-10 21:01 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02 . 2010-02-10 21:01 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02 . 2010-02-10 21:01 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02 . 2010-02-10 21:01 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02 . 2010-02-10 21:01 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02 . 2010-02-10 21:01 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02 . 2010-02-10 21:01 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-12-17 22:25 . 2009-12-17 22:25 26024 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2009-12-08 11:40 . 2010-02-10 21:01 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 11:40 . 2010-02-10 21:01 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 11:32 . 2010-02-10 21:01 292864 ----a-w- c:\windows\system32\apphelp.dll
2009-12-08 08:05 . 2010-02-10 21:01 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-08 08:05 . 2010-02-10 21:01 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-02-10 3037696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-29 1468296]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-14 1048392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-14 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-14 167424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-14 144384]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-07-24 167936]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-30 7289376]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-30 1833504]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-01-28 2757512]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-02-10 2166784]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-02-10 3037696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Users^Alexandre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Alexandre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2009-11-08 17:03 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2009-12-28 14:22 3214272 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glary Memory Optimizer]
2010-01-15 04:01 102712 ----a-w- c:\program files\Glary Utilities\memdefrag.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-27 23:38 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-01-29 21:24 319280 ----a-w- c:\program files\uTorrent\uTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"Ginipic"="c:\program files\Ginipic\Ginipic.Bootstrapper.exe" -startup
"server.exe"=c:\windows\server.exe
R0 SymDS;Symantec Data Store;c:\windows\System32\drivers\NIS\1105000.07F\symds.sys [2010-02-10 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1105000.07F\symefa.sys [2010-02-10 172592]
R1 anf0100.sys;anf0100.sys;c:\windows\System32\drivers\anf0100.sys [2009-11-15 9728]
R1 aswSP;aswSP;c:\windows\System32\drivers\aswSP.sys [2010-02-03 162512]
R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100130.002\BHDrvx86.sys [2010-01-30 529456]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1105000.07F\cchpx86.sys [2010-02-10 501888]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100210.001\IDSvix86.sys [2010-02-13 343088]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [2010-02-10 142592]
R1 SymIRON;Symantec Iron Driver;c:\windows\System32\drivers\NIS\1105000.07F\ironx86.sys [2010-02-10 116272]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\drivers\NIS\1105000.07F\symtdiv.sys [2010-02-10 340016]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [2009-07-13 48128]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2009-11-10 61424]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2010-02-10 1858144]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2010-02-03 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2010-02-03 51792]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-11-10 81504]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.5.0.127\ccsvchst.exe [2010-02-10 126392]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2009-11-10 122368]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-10-29 1153368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-02-10 102448]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [2009-06-18 42480]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [2009-03-02 139776]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
S3 fssfltr;fssfltr;c:\windows\System32\drivers\fssfltr.sys [2009-10-27 54632]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-08-06 704864]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [2008-08-15 93968]
.
Contenu du dossier 'Tâches planifiées'
2010-02-07 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2009-12-02 17:37]
2010-02-11 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-11-14 04:01]
2010-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 15:13]
2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 15:13]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyServer = socks=
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xporter vers Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\Alexandre\AppData\Roaming\Mozilla\Firefox\Profiles\ydlezdoe.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&q=
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.5.0.127\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-2319197388-584443319-777709610-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EE2AB201-FF59-FF34-C7AB-7E9FD06A3FB9}*]
"pafkdlnijjplgnndjnphgnpoejclmjnp"=hex:69,61,61,6f,64,70,63,6f,62,61,64,6a,6e,
69,6b,63,65,6b,00,00
"abpijhnfckhbcnckbdclolfepnkmfddpln"=hex:69,61,70,6e,67,70,62,64,6e,63,69,69,
61,64,6a,67,64,6d,00,00
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2010-02-13 07:57:32
ComboFix-quarantined-files.txt 2010-02-13 12:57
Avant-CF: 93 422 575 616 octets libres
Après-CF: 93 352 181 760 octets libres
- - End Of File - - 2969F9A2455DE34B2796161FBCA17581
ComboFix 10-02-12.01 - Alexandre 2010-02-13 7:45.1.2 - x86
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.2.1036.18.1978.799 [GMT -5:00]
Lancé depuis: c:\users\Alexandre\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\temp
c:\users\Alexandre\AppData\Roaming\inst.exe
c:\windows\system32\systeminfo3.dll
D:\install.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-01-13 au 2010-02-13 ))))))))))))))))))))))))))))))))))))
.
2010-02-10 21:54 . 2010-02-10 22:11 -------- d-----w- c:\program files\trend micro
2010-02-10 21:19 . 2010-02-10 22:20 -------- d-----w- c:\program files\a-squared Free
2010-02-10 21:11 . 2010-02-10 21:11 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-02-10 21:11 . 2010-02-10 21:11 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-02-10 21:11 . 2010-02-10 21:11 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-02-10 21:11 . 2010-02-10 23:31 -------- d-----w- c:\users\Alexandre\AppData\Roaming\Spyware Terminator
2010-02-10 21:11 . 2010-02-10 22:21 -------- d-----w- c:\programdata\Spyware Terminator
2010-02-10 21:11 . 2010-02-10 21:13 -------- d-----w- c:\program files\Spyware Terminator
2010-02-10 21:06 . 2010-02-10 21:06 -------- d-----w- c:\users\Alexandre\AppData\Roaming\Malwarebytes
2010-02-10 21:06 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-10 21:06 . 2010-02-10 21:06 -------- d-----w- c:\programdata\Malwarebytes
2010-02-10 21:06 . 2010-02-10 21:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-10 21:06 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-10 01:15 . 2010-02-11 20:57 -------- d-----w- C:\rsit
2010-02-09 23:33 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100204.001\IDSvix86.sys
2010-02-09 23:33 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100204.001\IDSXpx86.sys
2010-02-09 23:33 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100204.001\Scxpx86.dll
2010-02-09 23:33 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100204.001\IDSxpx86.dll
2010-02-09 23:33 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100204.001\IDSviA64.sys
2010-02-09 22:57 . 2009-12-10 03:16 784752 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
2010-02-09 22:56 . 2010-02-09 23:12 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-09 22:56 . 2010-02-09 22:56 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-09 22:56 . 2010-02-09 22:56 -------- d-----w- c:\program files\Symantec
2010-02-09 22:56 . 2010-02-09 23:37 968560 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\OCS\hsplayer.dll
2010-02-09 22:56 . 2009-08-30 00:16 164216 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
2010-02-09 22:56 . 2009-09-01 08:27 892272 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\CLT\cltLMSx.dll
2010-02-09 22:56 . 2010-02-10 23:27 -------- d-----w- c:\windows\system32\drivers\NIS
2010-02-09 22:56 . 2010-02-09 22:56 -------- d-----w- c:\program files\Norton Internet Security
2010-02-09 22:54 . 2010-02-09 22:54 -------- d-----w- c:\program files\NortonInstaller
2010-02-09 00:57 . 2010-02-09 22:13 -------- d-----w- c:\programdata\Kaspersky Lab
2010-02-09 00:57 . 2010-02-09 00:57 -------- d-----w- c:\program files\Kaspersky Lab
2010-02-06 19:11 . 2010-02-06 19:11 -------- d-----w- c:\users\Alexandre\AppData\Roaming\OtakuSoftware
2010-02-06 15:13 . 2010-02-06 15:15 -------- d-----w- c:\program files\Google
2010-02-06 14:30 . 2010-02-09 23:02 -------- d-----w- c:\programdata\Lavasoft
2010-02-06 14:12 . 2010-02-06 14:14 -------- d-----w- C:\.jagex_cache_32
2010-02-05 22:42 . 2010-02-05 22:42 -------- d-----w- c:\users\Alexandre\AppData\Roaming\PRMT
2010-02-05 22:42 . 2010-02-05 22:42 -------- d-----w- c:\users\Alexandre\AppData\Roaming\Softland
2010-02-05 22:40 . 2010-02-05 22:40 -------- d-----w- c:\users\Alexandre\AppData\Roaming\PROject MT
2010-02-05 22:39 . 2010-02-05 22:39 -------- d-----w- c:\windows\msagent
2010-02-05 22:36 . 2010-02-05 23:15 -------- d-----w- c:\windows\Lhsp
2010-02-05 22:36 . 2010-02-05 22:36 -------- d-----w- c:\programdata\PRMT
2010-02-05 22:34 . 2010-02-05 22:34 -------- d-----w- c:\users\Alexandre\AppData\Local\VS Revo Group
2010-02-05 22:23 . 2010-02-05 22:23 57344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{949133A8-69C9-1EB8-0049-53669B4D346E}-aswScan.dll
2010-02-04 21:39 . 2010-02-04 21:39 1024 ---h--r- c:\windows\system32\NTIOFM4.dll
2010-02-04 21:39 . 2010-02-04 21:39 1024 ---h--r- c:\windows\system32\NTIBUN5.dll
2010-02-04 21:39 . 2008-01-30 09:52 14848 ----a-w- c:\windows\system32\drivers\NTIDrvr.sys
2010-02-04 21:37 . 2010-02-12 20:40 -------- d-----w- c:\program files\NewTech Infosystems
2010-02-04 03:08 . 2010-02-04 03:08 -------- d-----w- c:\users\Alexandre\AppData\Roaming\Canneverbe Limited
2010-02-03 23:32 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-03 23:32 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-03 23:32 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-03 23:32 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-03 23:32 . 2010-02-11 18:38 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-02-03 23:31 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-03 23:31 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-03 23:31 . 2010-02-03 23:31 -------- d-----w- c:\programdata\Alwil Software
2010-02-03 23:31 . 2010-02-03 23:31 -------- d-----w- c:\program files\Alwil Software
2010-02-02 21:00 . 2010-02-06 16:41 -------- d-----w- c:\users\Alexandre\AppData\Local\Google
2010-02-02 20:58 . 2010-02-02 20:58 102400 --sha-r- c:\windows\system32\msexch401.dll
2010-02-01 21:47 . 2010-02-01 21:47 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-31 22:58 . 2010-01-31 22:58 0 ----a-w- c:\windows\nsreg.dat
2010-01-31 22:58 . 2010-02-01 21:48 -------- d-----w- c:\users\Alexandre\AppData\Local\Thunderbird
2010-01-31 22:58 . 2010-02-01 21:11 -------- d-----w- c:\users\Alexandre\AppData\Roaming\Thunderbird
2010-01-30 07:31 . 2010-01-30 07:31 668720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100130.002\BHDrvx64.sys
2010-01-30 07:31 . 2010-01-30 07:31 610704 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100130.002\bbRGen.dll
2010-01-30 07:31 . 2010-01-30 07:31 529456 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100130.002\BHDrvx86.sys
2010-01-30 07:31 . 2010-01-30 07:31 201616 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100130.002\BHRules.dll
2010-01-30 07:31 . 2010-01-30 07:31 1405840 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100130.002\BHEngine.dll
2010-01-28 23:03 . 2010-01-29 23:16 10128 ----a-w- c:\programdata\DVDXStudio\CloneDVD4\MainApp.dll
2010-01-28 23:03 . 2010-01-28 23:03 -------- d-----w- c:\program files\CloneDVD
2010-01-28 23:03 . 2010-01-28 23:03 -------- d-----w- c:\programdata\DVDXStudio
2010-01-28 20:54 . 2010-01-29 22:20 -------- d-----w- c:\programdata\SlySoft
2010-01-28 20:46 . 2010-01-29 22:20 -------- d-----w- c:\program files\SlySoft
2010-01-28 00:59 . 2010-01-28 23:03 -------- d-----w- c:\users\Alexandre\AppData\Roaming\Vso
2010-01-28 00:59 . 2010-01-28 23:03 47360 ----a-w- c:\users\Alexandre\AppData\Roaming\pcouffin.sys
2010-01-28 00:59 . 2010-01-28 00:59 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-01-26 20:57 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-01-26 20:57 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-01-25 13:33 . 2010-01-25 13:33 -------- d-----w- c:\users\Alexandre\AppData\Local\Apps
2010-01-25 13:33 . 2010-01-30 00:09 -------- d-----w- c:\users\Alexandre\AppData\Local\Deployment
2010-01-23 01:24 . 2010-02-05 21:33 -------- d-----w- c:\users\Alexandre\AppData\Roaming\FileZilla
2010-01-23 01:23 . 2010-01-23 01:23 -------- d-----w- c:\program files\FileZilla FTP Client
2010-01-21 20:58 . 2009-12-19 09:02 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-19 23:38 . 2010-01-19 23:38 -------- d-----w- c:\program files\DVD Decrypter
2010-01-19 22:14 . 2010-01-19 22:14 -------- d-----w- c:\users\Alexandre\AppData\Roaming\Canneverbe_Limited
2010-01-19 22:14 . 2010-01-19 22:14 -------- d-----w- c:\programdata\Canneverbe Limited
2010-01-19 21:48 . 2009-11-12 18:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-01-19 21:48 . 2010-02-04 12:43 -------- d-----w- c:\program files\CDBurnerXP
2010-01-18 00:03 . 2010-01-18 00:03 -------- d-----w- c:\programdata\Symantec
2010-01-17 15:58 . 2010-01-25 22:41 -------- d-----w- c:\programdata\eMule
2010-01-17 15:56 . 2010-02-04 22:48 -------- d-----w- c:\programdata\DVD Shrink
2010-01-17 15:56 . 2010-01-17 15:56 -------- d-----w- c:\program files\DVD Shrink
2010-01-17 15:43 . 2010-01-17 15:43 -------- d-----w- c:\program files\Orbitdownloader
2010-01-16 15:17 . 2010-01-16 15:17 -------- d-----w- c:\users\Alexandre\AppData\Local\CyberLink
2010-01-16 15:16 . 2010-01-16 15:17 -------- d-----w- c:\users\Alexandre\AppData\Local\PlayMovie
2010-01-16 15:16 . 2010-01-16 15:17 -------- d-----w- c:\users\Alexandre\AppData\Local\SoftDMA
2010-01-16 15:16 . 2010-01-16 15:16 -------- d-----w- c:\users\Alexandre\AppData\Local\Acer Arcade Deluxe
2010-01-16 15:16 . 2010-01-16 15:17 -------- d-----w- c:\users\Alexandre\AppData\Roaming\CyberLink
2010-01-15 00:10 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-15 00:10 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-12 22:02 . 2009-10-30 14:41 1 ----a-w- c:\users\Alexandre\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-12 20:41 . 2009-11-10 21:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-12 20:28 . 2009-11-12 23:37 -------- d-----w- c:\users\Alexandre\AppData\Roaming\CoreFTP
2010-02-12 14:52 . 2009-07-14 08:39 695004 ----a-w- c:\windows\system32\perfh00C.dat
2010-02-12 14:52 . 2009-07-14 08:39 127684 ----a-w- c:\windows\system32\perfc00C.dat
2010-02-12 14:51 . 2009-10-29 23:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-09 23:32 . 2010-02-13 12:08 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100212.039\NAVENG.SYS
2010-02-09 23:32 . 2010-02-13 12:08 1324720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100212.039\NAVEX15.SYS
2010-02-09 23:32 . 2010-02-13 12:08 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100212.039\ECMSVR32.DLL
2010-02-09 23:32 . 2010-02-13 12:08 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100212.039\CCERASER.DLL
2010-02-09 22:56 . 2010-02-09 22:56 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-02-09 22:56 . 2010-02-09 22:56 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-02-09 22:56 . 2009-11-01 18:42 -------- d-----w- c:\programdata\Norton
2010-02-09 22:54 . 2009-11-01 18:41 -------- d-----w- c:\programdata\NortonInstaller
2010-02-09 16:41 . 2009-11-14 15:10 -------- d-----w- c:\program files\Glary Utilities
2010-02-05 23:01 . 2009-10-27 14:26 116920 ----a-w- c:\users\Alexandre\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-05 22:56 . 2009-10-30 02:36 -------- d-----w- c:\users\Alexandre\AppData\Roaming\uTorrent
2010-02-05 22:33 . 2010-01-14 00:45 -------- d-----w- c:\users\Alexandre\AppData\Roaming\Orbit
2010-02-05 22:23 . 2010-02-05 22:23 202752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{EB19C8E3-BBEB-A399-4E44-B3E3472886C8}-aswCmnBS.dll
2010-02-04 22:00 . 2009-11-03 23:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-04 03:05 . 2009-11-06 19:10 -------- d-----w- c:\users\Alexandre\AppData\Roaming\LimeWire
2010-02-03 22:21 . 2009-10-27 22:58 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-02-03 22:21 . 2009-10-27 22:58 573760 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-02-03 22:05 . 2009-10-30 02:37 -------- d-----w- c:\program files\uTorrent
2010-01-31 22:33 . 2009-11-08 21:40 -------- d-----w- c:\programdata\Microsoft Help
2010-01-31 00:06 . 2009-11-29 21:33 -------- d-----w- c:\users\Alexandre\AppData\Roaming\U3
2010-01-22 00:38 . 2009-10-31 15:27 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-01-22 00:38 . 2009-10-31 15:27 573760 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-01-20 21:57 . 2009-10-27 22:50 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 23:29 . 2010-02-10 21:01 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 21:01 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 21:01 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 21:01 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 21:01 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 21:01 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 21:01 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 21:01 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-18 00:01 . 2009-11-10 21:31 -------- d-----w- c:\programdata\CyberLink
2010-01-14 16:12 . 2009-10-27 14:14 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-14 00:45 . 2010-01-14 00:45 -------- d-----w- c:\users\Alexandre\AppData\Roaming\GrabPro
2010-01-11 00:54 . 2010-01-11 00:53 -------- d-----w- c:\program files\LimeWire
2010-01-10 19:15 . 2010-01-10 19:04 -------- d-----w- c:\programdata\PassMark
2010-01-09 20:13 . 2010-01-09 20:13 65536 ----a-w- c:\windows\system32\buxegeh.dll
2010-01-08 03:18 . 2010-02-10 21:01 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-10 21:01 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-27 21:09 . 2009-10-30 23:25 -------- d-----w- c:\program files\FreeTime
2009-12-27 15:28 . 2009-11-14 01:46 -------- d-----w- c:\users\Alexandre\AppData\Roaming\gtk-2.0
2009-12-19 18:22 . 2009-12-19 18:22 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-12-19 09:02 . 2010-02-10 21:01 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02 . 2010-02-10 21:01 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02 . 2010-02-10 21:01 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02 . 2010-02-10 21:01 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02 . 2010-02-10 21:01 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02 . 2010-02-10 21:01 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02 . 2010-02-10 21:01 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02 . 2010-02-10 21:01 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-12-17 22:25 . 2009-12-17 22:25 26024 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2009-12-08 11:40 . 2010-02-10 21:01 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 11:40 . 2010-02-10 21:01 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 11:32 . 2010-02-10 21:01 292864 ----a-w- c:\windows\system32\apphelp.dll
2009-12-08 08:05 . 2010-02-10 21:01 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-08 08:05 . 2010-02-10 21:01 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-02-10 3037696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-29 1468296]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-14 1048392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-14 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-14 167424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-14 144384]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-07-24 167936]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-30 7289376]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-30 1833504]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-01-28 2757512]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-02-10 2166784]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-02-10 3037696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Users^Alexandre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Alexandre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2009-11-08 17:03 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2009-12-28 14:22 3214272 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glary Memory Optimizer]
2010-01-15 04:01 102712 ----a-w- c:\program files\Glary Utilities\memdefrag.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-27 23:38 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-01-29 21:24 319280 ----a-w- c:\program files\uTorrent\uTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"Ginipic"="c:\program files\Ginipic\Ginipic.Bootstrapper.exe" -startup
"server.exe"=c:\windows\server.exe
R0 SymDS;Symantec Data Store;c:\windows\System32\drivers\NIS\1105000.07F\symds.sys [2010-02-10 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1105000.07F\symefa.sys [2010-02-10 172592]
R1 anf0100.sys;anf0100.sys;c:\windows\System32\drivers\anf0100.sys [2009-11-15 9728]
R1 aswSP;aswSP;c:\windows\System32\drivers\aswSP.sys [2010-02-03 162512]
R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100130.002\BHDrvx86.sys [2010-01-30 529456]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1105000.07F\cchpx86.sys [2010-02-10 501888]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100210.001\IDSvix86.sys [2010-02-13 343088]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [2010-02-10 142592]
R1 SymIRON;Symantec Iron Driver;c:\windows\System32\drivers\NIS\1105000.07F\ironx86.sys [2010-02-10 116272]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\drivers\NIS\1105000.07F\symtdiv.sys [2010-02-10 340016]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [2009-07-13 48128]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2009-11-10 61424]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2010-02-10 1858144]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2010-02-03 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2010-02-03 51792]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-11-10 81504]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.5.0.127\ccsvchst.exe [2010-02-10 126392]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2009-11-10 122368]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-10-29 1153368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-02-10 102448]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [2009-06-18 42480]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [2009-03-02 139776]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
S3 fssfltr;fssfltr;c:\windows\System32\drivers\fssfltr.sys [2009-10-27 54632]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-08-06 704864]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [2008-08-15 93968]
.
Contenu du dossier 'Tâches planifiées'
2010-02-07 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2009-12-02 17:37]
2010-02-11 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-11-14 04:01]
2010-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 15:13]
2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 15:13]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyServer = socks=
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xporter vers Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\Alexandre\AppData\Roaming\Mozilla\Firefox\Profiles\ydlezdoe.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&q=
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.5.0.127\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-2319197388-584443319-777709610-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EE2AB201-FF59-FF34-C7AB-7E9FD06A3FB9}*]
"pafkdlnijjplgnndjnphgnpoejclmjnp"=hex:69,61,61,6f,64,70,63,6f,62,61,64,6a,6e,
69,6b,63,65,6b,00,00
"abpijhnfckhbcnckbdclolfepnkmfddpln"=hex:69,61,70,6e,67,70,62,64,6e,63,69,69,
61,64,6a,67,64,6d,00,00
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2010-02-13 07:57:32
ComboFix-quarantined-files.txt 2010-02-13 12:57
Avant-CF: 93 422 575 616 octets libres
Après-CF: 93 352 181 760 octets libres
- - End Of File - - 2969F9A2455DE34B2796161FBCA17581
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Salut wellan
Faire un scan de ce fichier msexch401.dll ici :
https://www.virustotal.com/gui/
Clique sur Parcourir et copie/colle ceci :
c:\windows\system32\msexch401.dll
Après tu clique sur Envoyer le fichier et attendre le résultat de l’analyse.
Si il te dit que le fichier a déjà été analysé, sélectionne le bouton :
Reanalyse le fichier maintenant et attendre le résultat de l'analyse, poste le résultat au complet.
Poste le résultat au complet
Aide : http://bibou0007.com/scans-en-ligne-f75/tutorial-sur-virustotal-t190.htm
Faire également un scan de ce fichier :
c:\windows\system32\buxegeh.dll
@++ :)
Faire un scan de ce fichier msexch401.dll ici :
https://www.virustotal.com/gui/
Clique sur Parcourir et copie/colle ceci :
c:\windows\system32\msexch401.dll
Après tu clique sur Envoyer le fichier et attendre le résultat de l’analyse.
Si il te dit que le fichier a déjà été analysé, sélectionne le bouton :
Reanalyse le fichier maintenant et attendre le résultat de l'analyse, poste le résultat au complet.
Poste le résultat au complet
Aide : http://bibou0007.com/scans-en-ligne-f75/tutorial-sur-virustotal-t190.htm
Faire également un scan de ce fichier :
c:\windows\system32\buxegeh.dll
@++ :)
