Virus Qui Affecte Les Navigateurs
Fermé
wellan
Messages postés
43
Date d'inscription
vendredi 29 février 2008
Statut
Membre
Dernière intervention
25 août 2010
-
10 févr. 2010 à 00:54
dédétraqué Messages postés 4384 Date d'inscription vendredi 5 septembre 2008 Statut Contributeur sécurité Dernière intervention 4 février 2013 - 13 févr. 2010 à 17:38
dédétraqué Messages postés 4384 Date d'inscription vendredi 5 septembre 2008 Statut Contributeur sécurité Dernière intervention 4 février 2013 - 13 févr. 2010 à 17:38
A voir également:
- Virus Qui Affecte Les Navigateurs
- Tinyurl virus - Forum Virus / Sécurité
- Svchost.exe virus - Guide
- Tlauncher virus ✓ - Forum Jeux vidéo
- Softonic virus - Forum Virus / Sécurité
- 6 proccesus svchost.exe Virus? ✓ - Forum Virus / Sécurité
5 réponses
dédétraqué
Messages postés
4384
Date d'inscription
vendredi 5 septembre 2008
Statut
Contributeur sécurité
Dernière intervention
4 février 2013
286
10 févr. 2010 à 01:00
10 févr. 2010 à 01:00
Salut wellan
On va vérifier cela, télécharge RSIT (de random/random) sur le bureau ici :
http://images.malwareremoval.com/random/RSIT.exe
- Clique droit sur RSIT.exe qui est sur le bureau et choisir exécuter en tant qu'administrateur
- Clique sur Continue dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenue des deux rapports, log.txt et info.txt(réduit dans la barre des tâches) à la fin de l’analyse
Les rapports sont dans le dossier ici C:\rsit
@++ :)
On va vérifier cela, télécharge RSIT (de random/random) sur le bureau ici :
http://images.malwareremoval.com/random/RSIT.exe
- Clique droit sur RSIT.exe qui est sur le bureau et choisir exécuter en tant qu'administrateur
- Clique sur Continue dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenue des deux rapports, log.txt et info.txt(réduit dans la barre des tâches) à la fin de l’analyse
Les rapports sont dans le dossier ici C:\rsit
@++ :)
wellan
Messages postés
43
Date d'inscription
vendredi 29 février 2008
Statut
Membre
Dernière intervention
25 août 2010
1
11 févr. 2010 à 22:10
11 févr. 2010 à 22:10
Alors voilà...
info.txt
info.txt logfile of random's system information tool 1.06 2010-02-10 17:05:48
======Uninstall list======
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\Setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\Setup.exe" -uninstall
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 9.07 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe After Effects 7.0-->msiexec /I {DD362256-A7A2-4524-9457-213DDC2AFC2A}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge 1.0-->MsiExec.exe /I{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Recommended Settings CS4-->MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Extra Settings CS4-->MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit 1.0-->MsiExec.exe /I{B74D4E10-0000-0000-0000-EDED00000102}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
ALPS Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
a-squared Free 4.5-->"C:\Program Files\a-squared Free\unins000.exe"
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
BitComet 1.15-->C:\Program Files\BitComet\uninst.exe
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
CloneDVD 4.5.0.0-->"C:\Program Files\CloneDVD\unins000.exe"
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Core FTP LE 2.1-->C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
FileZilla Client 3.3.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
FormatFactory 2.20-->C:\Program Files\FreeTime\FormatFactory\uninst.exe
FXhome VisionLab Studio (remove only)-->"C:\Program Files\FXhome VisionLab Studio\FXhome VisionLab Studio Uninstall.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
GIMP 2.6.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Glary Utilities 2.19.0.800-->"C:\Program Files\Glary Utilities\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\4.0.249.78\Installer\setup.exe" --uninstall --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall
IpSharkk 2.5-->"C:\Program Files\IpSharkk\unins000.exe"
Java DB 10.4.2.1-->MsiExec.exe /X{926C96FB-9D0A-4504-8000-C6D3A4A3118E}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
JMicron JMB38X Flash Media Controller-->"C:\Program Files\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe" delpkg
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
LimeWire 5.4.6-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Antimalware Service FR-FR Language Pack-->MsiExec.exe /X{A4526B5A-89C0-4F4B-9E6E-4F883374D5F9}
Microsoft Antimalware-->MsiExec.exe /X{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Essentials\setup.exe /x
Microsoft Security Essentials-->MsiExec.exe /I{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6)-->C:\Program Files\Mozilla
log.txt
Logfile of random's system information tool 1.06 (written by random/random)
Run by Alexandre at 2010-02-11 15:55:54
Microsoft Windows 7 Édition Familiale Premium
System drive C: has 82 GB (72%) free of 114 GB
Total RAM: 1978 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05:50, on 2010-02-10
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Users\ALEXAN~1\AppData\Local\Temp\setuper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Users\ALEXAN~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe
C:\Program Files\Trend Micro\HijackThis\Alexandre.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\trend micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" (User 'Système')
O4 - HKUS\.DEFAULT\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (GoogleUpdateBeta) - Unknown owner - C:\Users\Alexandre\AppData\Local\Google\Update\GoogleUpdateBeta.exe (file missing)
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
info.txt
info.txt logfile of random's system information tool 1.06 2010-02-10 17:05:48
======Uninstall list======
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\Setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\Setup.exe" -uninstall
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 9.07 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe After Effects 7.0-->msiexec /I {DD362256-A7A2-4524-9457-213DDC2AFC2A}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge 1.0-->MsiExec.exe /I{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Recommended Settings CS4-->MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Extra Settings CS4-->MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit 1.0-->MsiExec.exe /I{B74D4E10-0000-0000-0000-EDED00000102}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
ALPS Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
a-squared Free 4.5-->"C:\Program Files\a-squared Free\unins000.exe"
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
BitComet 1.15-->C:\Program Files\BitComet\uninst.exe
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
CloneDVD 4.5.0.0-->"C:\Program Files\CloneDVD\unins000.exe"
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Core FTP LE 2.1-->C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
FileZilla Client 3.3.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
FormatFactory 2.20-->C:\Program Files\FreeTime\FormatFactory\uninst.exe
FXhome VisionLab Studio (remove only)-->"C:\Program Files\FXhome VisionLab Studio\FXhome VisionLab Studio Uninstall.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
GIMP 2.6.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Glary Utilities 2.19.0.800-->"C:\Program Files\Glary Utilities\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\4.0.249.78\Installer\setup.exe" --uninstall --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall
IpSharkk 2.5-->"C:\Program Files\IpSharkk\unins000.exe"
Java DB 10.4.2.1-->MsiExec.exe /X{926C96FB-9D0A-4504-8000-C6D3A4A3118E}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
JMicron JMB38X Flash Media Controller-->"C:\Program Files\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe" delpkg
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
LimeWire 5.4.6-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Antimalware Service FR-FR Language Pack-->MsiExec.exe /X{A4526B5A-89C0-4F4B-9E6E-4F883374D5F9}
Microsoft Antimalware-->MsiExec.exe /X{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Essentials\setup.exe /x
Microsoft Security Essentials-->MsiExec.exe /I{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6)-->C:\Program Files\Mozilla
log.txt
Logfile of random's system information tool 1.06 (written by random/random)
Run by Alexandre at 2010-02-11 15:55:54
Microsoft Windows 7 Édition Familiale Premium
System drive C: has 82 GB (72%) free of 114 GB
Total RAM: 1978 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05:50, on 2010-02-10
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Users\ALEXAN~1\AppData\Local\Temp\setuper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Users\ALEXAN~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\VS Revo Group\Revo Uninstaller\revouninstaller.exe
C:\Program Files\Trend Micro\HijackThis\Alexandre.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\trend micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" (User 'Système')
O4 - HKUS\.DEFAULT\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (GoogleUpdateBeta) - Unknown owner - C:\Users\Alexandre\AppData\Local\Google\Update\GoogleUpdateBeta.exe (file missing)
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
dédétraqué
Messages postés
4384
Date d'inscription
vendredi 5 septembre 2008
Statut
Contributeur sécurité
Dernière intervention
4 février 2013
286
12 févr. 2010 à 05:38
12 févr. 2010 à 05:38
Salut wellan
Télécharge combofix.exe (de sUBs) sur le bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/
Important Désactive ton Antivirus, antispyware et Pare feu avant le scan avec Combofix :
https://forum.pcastuces.com/default.asp
https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
==> Sauvegarde ton travail et ferme toutes les fenêtres actives, il peut y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n’est pas fini. <==
Double clique sur combofix.exe, clique sur OUI et valide par Entrée
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure
@++ :)
Télécharge combofix.exe (de sUBs) sur le bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/
Important Désactive ton Antivirus, antispyware et Pare feu avant le scan avec Combofix :
https://forum.pcastuces.com/default.asp
https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
==> Sauvegarde ton travail et ferme toutes les fenêtres actives, il peut y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n’est pas fini. <==
Double clique sur combofix.exe, clique sur OUI et valide par Entrée
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure
@++ :)
wellan
Messages postés
43
Date d'inscription
vendredi 29 février 2008
Statut
Membre
Dernière intervention
25 août 2010
1
13 févr. 2010 à 14:00
13 févr. 2010 à 14:00
Alors Voilà...
ComboFix 10-02-12.01 - Alexandre 2010-02-13 7:45.1.2 - x86
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.2.1036.18.1978.799 [GMT -5:00]
Lancé depuis: c:\users\Alexandre\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\temp
c:\users\Alexandre\AppData\Roaming\inst.exe
c:\windows\system32\systeminfo3.dll
D:\install.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-01-13 au 2010-02-13 ))))))))))))))))))))))))))))))))))))
.
2010-02-10 21:54 . 2010-02-10 22:11 -------- d-----w- c:\program files\trend micro
2010-02-10 21:19 . 2010-02-10 22:20 -------- d-----w- c:\program files\a-squared Free
2010-02-10 21:11 . 2010-02-10 21:11 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-02-10 21:11 . 2010-02-10 21:11 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-02-10 21:11 . 2010-02-10 21:11 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-02-10 21:11 . 2010-02-10 23:31 -------- d-----w- c:\users\Alexandre\AppData\Roaming\Spyware Terminator
2010-02-10 21:11 . 2010-02-10 22:21 -------- d-----w- c:\programdata\Spyware Terminator
2010-02-10 21:11 . 2010-02-10 21:13 -------- d-----w- c:\program files\Spyware Terminator
2010-02-10 21:06 . 2010-02-10 21:06 -------- d-----w- c:\users\Alexandre\AppData\Roaming\Malwarebytes
2010-02-10 21:06 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-10 21:06 . 2010-02-10 21:06 -------- d-----w- c:\programdata\Malwarebytes
2010-02-10 21:06 . 2010-02-10 21:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-10 21:06 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-10 01:15 . 2010-02-11 20:57 -------- d-----w- C:\rsit
2010-02-09 23:33 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100204.001\IDSvix86.sys
2010-02-09 23:33 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100204.001\IDSXpx86.sys
2010-02-09 23:33 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100204.001\Scxpx86.dll
2010-02-09 23:33 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100204.001\IDSxpx86.dll
2010-02-09 23:33 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100204.001\IDSviA64.sys
2010-02-09 22:57 . 2009-12-10 03:16 784752 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
2010-02-09 22:56 . 2010-02-09 23:12 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-09 22:56 . 2010-02-09 22:56 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-09 22:56 . 2010-02-09 22:56 -------- d-----w- c:\program files\Symantec
2010-02-09 22:56 . 2010-02-09 23:37 968560 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\OCS\hsplayer.dll
2010-02-09 22:56 . 2009-08-30 00:16 164216 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
2010-02-09 22:56 . 2009-09-01 08:27 892272 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\CLT\cltLMSx.dll
2010-02-09 22:56 . 2010-02-10 23:27 -------- d-----w- c:\windows\system32\drivers\NIS
2010-02-09 22:56 . 2010-02-09 22:56 -------- d-----w- c:\program files\Norton Internet Security
2010-02-09 22:54 . 2010-02-09 22:54 -------- d-----w- c:\program files\NortonInstaller
2010-02-09 00:57 . 2010-02-09 22:13 -------- d-----w- c:\programdata\Kaspersky Lab
2010-02-09 00:57 . 2010-02-09 00:57 -------- d-----w- c:\program files\Kaspersky Lab
2010-02-06 19:11 . 2010-02-06 19:11 -------- d-----w- c:\users\Alexandre\AppData\Roaming\OtakuSoftware
2010-02-06 15:13 . 2010-02-06 15:15 -------- d-----w- c:\program files\Google
2010-02-06 14:30 . 2010-02-09 23:02 -------- d-----w- c:\programdata\Lavasoft
2010-02-06 14:12 . 2010-02-06 14:14 -------- d-----w- C:\.jagex_cache_32
2010-02-05 22:42 . 2010-02-05 22:42 -------- d-----w- c:\users\Alexandre\AppData\Roaming\PRMT
2010-02-05 22:42 . 2010-02-05 22:42 -------- d-----w- c:\users\Alexandre\AppData\Roaming\Softland
2010-02-05 22:40 . 2010-02-05 22:40 -------- d-----w- c:\users\Alexandre\AppData\Roaming\PROject MT
2010-02-05 22:39 . 2010-02-05 22:39 -------- d-----w- c:\windows\msagent
2010-02-05 22:36 . 2010-02-05 23:15 -------- d-----w- c:\windows\Lhsp
2010-02-05 22:36 . 2010-02-05 22:36 -------- d-----w- c:\programdata\PRMT
2010-02-05 22:34 . 2010-02-05 22:34 -------- d-----w- c:\users\Alexandre\AppData\Local\VS Revo Group
2010-02-05 22:23 . 2010-02-05 22:23 57344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{949133A8-69C9-1EB8-0049-53669B4D346E}-aswScan.dll
2010-02-04 21:39 . 2010-02-04 21:39 1024 ---h--r- c:\windows\system32\NTIOFM4.dll
2010-02-04 21:39 . 2010-02-04 21:39 1024 ---h--r- c:\windows\system32\NTIBUN5.dll
2010-02-04 21:39 . 2008-01-30 09:52 14848 ----a-w- c:\windows\system32\drivers\NTIDrvr.sys
2010-02-04 21:37 . 2010-02-12 20:40 -------- d-----w- c:\program files\NewTech Infosystems
2010-02-04 03:08 . 2010-02-04 03:08 -------- d-----w- c:\users\Alexandre\AppData\Roaming\Canneverbe Limited
2010-02-03 23:32 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-03 23:32 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-03 23:32 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-03 23:32 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-03 23:32 . 2010-02-11 18:38 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-02-03 23:31 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-03 23:31 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-03 23:31 . 2010-02-03 23:31 -------- d-----w- c:\programdata\Alwil Software
2010-02-03 23:31 . 2010-02-03 23:31 -------- d-----w- c:\program files\Alwil Software
2010-02-02 21:00 . 2010-02-06 16:41 -------- d-----w- c:\users\Alexandre\AppData\Local\Google
2010-02-02 20:58 . 2010-02-02 20:58 102400 --sha-r- c:\windows\system32\msexch401.dll
2010-02-01 21:47 . 2010-02-01 21:47 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-31 22:58 . 2010-01-31 22:58 0 ----a-w- c:\windows\nsreg.dat
2010-01-31 22:58 . 2010-02-01 21:48 -------- d-----w- c:\users\Alexandre\AppData\Local\Thunderbird
2010-01-31 22:58 . 2010-02-01 21:11 -------- d-----w- c:\users\Alexandre\AppData\Roaming\Thunderbird
2010-01-30 07:31 . 2010-01-30 07:31 668720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100130.002\BHDrvx64.sys
2010-01-30 07:31 . 2010-01-30 07:31 610704 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100130.002\bbRGen.dll
2010-01-30 07:31 . 2010-01-30 07:31 529456 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100130.002\BHDrvx86.sys
2010-01-30 07:31 . 2010-01-30 07:31 201616 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100130.002\BHRules.dll
2010-01-30 07:31 . 2010-01-30 07:31 1405840 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100130.002\BHEngine.dll
2010-01-28 23:03 . 2010-01-29 23:16 10128 ----a-w- c:\programdata\DVDXStudio\CloneDVD4\MainApp.dll
2010-01-28 23:03 . 2010-01-28 23:03 -------- d-----w- c:\program files\CloneDVD
2010-01-28 23:03 . 2010-01-28 23:03 -------- d-----w- c:\programdata\DVDXStudio
2010-01-28 20:54 . 2010-01-29 22:20 -------- d-----w- c:\programdata\SlySoft
2010-01-28 20:46 . 2010-01-29 22:20 -------- d-----w- c:\program files\SlySoft
2010-01-28 00:59 . 2010-01-28 23:03 -------- d-----w- c:\users\Alexandre\AppData\Roaming\Vso
2010-01-28 00:59 . 2010-01-28 23:03 47360 ----a-w- c:\users\Alexandre\AppData\Roaming\pcouffin.sys
2010-01-28 00:59 . 2010-01-28 00:59 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-01-26 20:57 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-01-26 20:57 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-01-25 13:33 . 2010-01-25 13:33 -------- d-----w- c:\users\Alexandre\AppData\Local\Apps
2010-01-25 13:33 . 2010-01-30 00:09 -------- d-----w- c:\users\Alexandre\AppData\Local\Deployment
2010-01-23 01:24 . 2010-02-05 21:33 -------- d-----w- c:\users\Alexandre\AppData\Roaming\FileZilla
2010-01-23 01:23 . 2010-01-23 01:23 -------- d-----w- c:\program files\FileZilla FTP Client
2010-01-21 20:58 . 2009-12-19 09:02 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-19 23:38 . 2010-01-19 23:38 -------- d-----w- c:\program files\DVD Decrypter
2010-01-19 22:14 . 2010-01-19 22:14 -------- d-----w- c:\users\Alexandre\AppData\Roaming\Canneverbe_Limited
2010-01-19 22:14 . 2010-01-19 22:14 -------- d-----w- c:\programdata\Canneverbe Limited
2010-01-19 21:48 . 2009-11-12 18:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-01-19 21:48 . 2010-02-04 12:43 -------- d-----w- c:\program files\CDBurnerXP
2010-01-18 00:03 . 2010-01-18 00:03 -------- d-----w- c:\programdata\Symantec
2010-01-17 15:58 . 2010-01-25 22:41 -------- d-----w- c:\programdata\eMule
2010-01-17 15:56 . 2010-02-04 22:48 -------- d-----w- c:\programdata\DVD Shrink
2010-01-17 15:56 . 2010-01-17 15:56 -------- d-----w- c:\program files\DVD Shrink
2010-01-17 15:43 . 2010-01-17 15:43 -------- d-----w- c:\program files\Orbitdownloader
2010-01-16 15:17 . 2010-01-16 15:17 -------- d-----w- c:\users\Alexandre\AppData\Local\CyberLink
2010-01-16 15:16 . 2010-01-16 15:17 -------- d-----w- c:\users\Alexandre\AppData\Local\PlayMovie
2010-01-16 15:16 . 2010-01-16 15:17 -------- d-----w- c:\users\Alexandre\AppData\Local\SoftDMA
2010-01-16 15:16 . 2010-01-16 15:16 -------- d-----w- c:\users\Alexandre\AppData\Local\Acer Arcade Deluxe
2010-01-16 15:16 . 2010-01-16 15:17 -------- d-----w- c:\users\Alexandre\AppData\Roaming\CyberLink
2010-01-15 00:10 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-15 00:10 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-12 22:02 . 2009-10-30 14:41 1 ----a-w- c:\users\Alexandre\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-12 20:41 . 2009-11-10 21:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-12 20:28 . 2009-11-12 23:37 -------- d-----w- c:\users\Alexandre\AppData\Roaming\CoreFTP
2010-02-12 14:52 . 2009-07-14 08:39 695004 ----a-w- c:\windows\system32\perfh00C.dat
2010-02-12 14:52 . 2009-07-14 08:39 127684 ----a-w- c:\windows\system32\perfc00C.dat
2010-02-12 14:51 . 2009-10-29 23:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-09 23:32 . 2010-02-13 12:08 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100212.039\NAVENG.SYS
2010-02-09 23:32 . 2010-02-13 12:08 1324720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100212.039\NAVEX15.SYS
2010-02-09 23:32 . 2010-02-13 12:08 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100212.039\ECMSVR32.DLL
2010-02-09 23:32 . 2010-02-13 12:08 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100212.039\CCERASER.DLL
2010-02-09 22:56 . 2010-02-09 22:56 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-02-09 22:56 . 2010-02-09 22:56 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-02-09 22:56 . 2009-11-01 18:42 -------- d-----w- c:\programdata\Norton
2010-02-09 22:54 . 2009-11-01 18:41 -------- d-----w- c:\programdata\NortonInstaller
2010-02-09 16:41 . 2009-11-14 15:10 -------- d-----w- c:\program files\Glary Utilities
2010-02-05 23:01 . 2009-10-27 14:26 116920 ----a-w- c:\users\Alexandre\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-05 22:56 . 2009-10-30 02:36 -------- d-----w- c:\users\Alexandre\AppData\Roaming\uTorrent
2010-02-05 22:33 . 2010-01-14 00:45 -------- d-----w- c:\users\Alexandre\AppData\Roaming\Orbit
2010-02-05 22:23 . 2010-02-05 22:23 202752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{EB19C8E3-BBEB-A399-4E44-B3E3472886C8}-aswCmnBS.dll
2010-02-04 22:00 . 2009-11-03 23:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-04 03:05 . 2009-11-06 19:10 -------- d-----w- c:\users\Alexandre\AppData\Roaming\LimeWire
2010-02-03 22:21 . 2009-10-27 22:58 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-02-03 22:21 . 2009-10-27 22:58 573760 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-02-03 22:05 . 2009-10-30 02:37 -------- d-----w- c:\program files\uTorrent
2010-01-31 22:33 . 2009-11-08 21:40 -------- d-----w- c:\programdata\Microsoft Help
2010-01-31 00:06 . 2009-11-29 21:33 -------- d-----w- c:\users\Alexandre\AppData\Roaming\U3
2010-01-22 00:38 . 2009-10-31 15:27 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-01-22 00:38 . 2009-10-31 15:27 573760 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-01-20 21:57 . 2009-10-27 22:50 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 23:29 . 2010-02-10 21:01 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 21:01 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 21:01 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 21:01 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 21:01 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 21:01 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 21:01 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 21:01 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-18 00:01 . 2009-11-10 21:31 -------- d-----w- c:\programdata\CyberLink
2010-01-14 16:12 . 2009-10-27 14:14 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-14 00:45 . 2010-01-14 00:45 -------- d-----w- c:\users\Alexandre\AppData\Roaming\GrabPro
2010-01-11 00:54 . 2010-01-11 00:53 -------- d-----w- c:\program files\LimeWire
2010-01-10 19:15 . 2010-01-10 19:04 -------- d-----w- c:\programdata\PassMark
2010-01-09 20:13 . 2010-01-09 20:13 65536 ----a-w- c:\windows\system32\buxegeh.dll
2010-01-08 03:18 . 2010-02-10 21:01 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-10 21:01 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-27 21:09 . 2009-10-30 23:25 -------- d-----w- c:\program files\FreeTime
2009-12-27 15:28 . 2009-11-14 01:46 -------- d-----w- c:\users\Alexandre\AppData\Roaming\gtk-2.0
2009-12-19 18:22 . 2009-12-19 18:22 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-12-19 09:02 . 2010-02-10 21:01 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02 . 2010-02-10 21:01 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02 . 2010-02-10 21:01 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02 . 2010-02-10 21:01 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02 . 2010-02-10 21:01 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02 . 2010-02-10 21:01 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02 . 2010-02-10 21:01 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02 . 2010-02-10 21:01 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-12-17 22:25 . 2009-12-17 22:25 26024 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2009-12-08 11:40 . 2010-02-10 21:01 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 11:40 . 2010-02-10 21:01 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 11:32 . 2010-02-10 21:01 292864 ----a-w- c:\windows\system32\apphelp.dll
2009-12-08 08:05 . 2010-02-10 21:01 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-08 08:05 . 2010-02-10 21:01 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-02-10 3037696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-29 1468296]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-14 1048392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-14 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-14 167424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-14 144384]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-07-24 167936]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-30 7289376]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-30 1833504]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-01-28 2757512]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-02-10 2166784]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-02-10 3037696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Users^Alexandre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Alexandre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2009-11-08 17:03 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2009-12-28 14:22 3214272 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glary Memory Optimizer]
2010-01-15 04:01 102712 ----a-w- c:\program files\Glary Utilities\memdefrag.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-27 23:38 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-01-29 21:24 319280 ----a-w- c:\program files\uTorrent\uTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"Ginipic"="c:\program files\Ginipic\Ginipic.Bootstrapper.exe" -startup
"server.exe"=c:\windows\server.exe
R0 SymDS;Symantec Data Store;c:\windows\System32\drivers\NIS\1105000.07F\symds.sys [2010-02-10 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1105000.07F\symefa.sys [2010-02-10 172592]
R1 anf0100.sys;anf0100.sys;c:\windows\System32\drivers\anf0100.sys [2009-11-15 9728]
R1 aswSP;aswSP;c:\windows\System32\drivers\aswSP.sys [2010-02-03 162512]
R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100130.002\BHDrvx86.sys [2010-01-30 529456]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1105000.07F\cchpx86.sys [2010-02-10 501888]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100210.001\IDSvix86.sys [2010-02-13 343088]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [2010-02-10 142592]
R1 SymIRON;Symantec Iron Driver;c:\windows\System32\drivers\NIS\1105000.07F\ironx86.sys [2010-02-10 116272]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\drivers\NIS\1105000.07F\symtdiv.sys [2010-02-10 340016]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [2009-07-13 48128]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2009-11-10 61424]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2010-02-10 1858144]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2010-02-03 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2010-02-03 51792]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-11-10 81504]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.5.0.127\ccsvchst.exe [2010-02-10 126392]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2009-11-10 122368]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-10-29 1153368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-02-10 102448]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [2009-06-18 42480]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [2009-03-02 139776]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
S3 fssfltr;fssfltr;c:\windows\System32\drivers\fssfltr.sys [2009-10-27 54632]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-08-06 704864]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [2008-08-15 93968]
.
Contenu du dossier 'Tâches planifiées'
2010-02-07 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2009-12-02 17:37]
2010-02-11 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-11-14 04:01]
2010-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 15:13]
2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 15:13]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyServer = socks=
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xporter vers Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\Alexandre\AppData\Roaming\Mozilla\Firefox\Profiles\ydlezdoe.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&q=
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.5.0.127\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-2319197388-584443319-777709610-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EE2AB201-FF59-FF34-C7AB-7E9FD06A3FB9}*]
"pafkdlnijjplgnndjnphgnpoejclmjnp"=hex:69,61,61,6f,64,70,63,6f,62,61,64,6a,6e,
69,6b,63,65,6b,00,00
"abpijhnfckhbcnckbdclolfepnkmfddpln"=hex:69,61,70,6e,67,70,62,64,6e,63,69,69,
61,64,6a,67,64,6d,00,00
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2010-02-13 07:57:32
ComboFix-quarantined-files.txt 2010-02-13 12:57
Avant-CF: 93 422 575 616 octets libres
Après-CF: 93 352 181 760 octets libres
- - End Of File - - 2969F9A2455DE34B2796161FBCA17581
ComboFix 10-02-12.01 - Alexandre 2010-02-13 7:45.1.2 - x86
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.2.1036.18.1978.799 [GMT -5:00]
Lancé depuis: c:\users\Alexandre\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\temp
c:\users\Alexandre\AppData\Roaming\inst.exe
c:\windows\system32\systeminfo3.dll
D:\install.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-01-13 au 2010-02-13 ))))))))))))))))))))))))))))))))))))
.
2010-02-10 21:54 . 2010-02-10 22:11 -------- d-----w- c:\program files\trend micro
2010-02-10 21:19 . 2010-02-10 22:20 -------- d-----w- c:\program files\a-squared Free
2010-02-10 21:11 . 2010-02-10 21:11 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-02-10 21:11 . 2010-02-10 21:11 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-02-10 21:11 . 2010-02-10 21:11 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-02-10 21:11 . 2010-02-10 23:31 -------- d-----w- c:\users\Alexandre\AppData\Roaming\Spyware Terminator
2010-02-10 21:11 . 2010-02-10 22:21 -------- d-----w- c:\programdata\Spyware Terminator
2010-02-10 21:11 . 2010-02-10 21:13 -------- d-----w- c:\program files\Spyware Terminator
2010-02-10 21:06 . 2010-02-10 21:06 -------- d-----w- c:\users\Alexandre\AppData\Roaming\Malwarebytes
2010-02-10 21:06 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-10 21:06 . 2010-02-10 21:06 -------- d-----w- c:\programdata\Malwarebytes
2010-02-10 21:06 . 2010-02-10 21:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-10 21:06 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-10 01:15 . 2010-02-11 20:57 -------- d-----w- C:\rsit
2010-02-09 23:33 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100204.001\IDSvix86.sys
2010-02-09 23:33 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100204.001\IDSXpx86.sys
2010-02-09 23:33 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100204.001\Scxpx86.dll
2010-02-09 23:33 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100204.001\IDSxpx86.dll
2010-02-09 23:33 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100204.001\IDSviA64.sys
2010-02-09 22:57 . 2009-12-10 03:16 784752 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
2010-02-09 22:56 . 2010-02-09 23:12 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-09 22:56 . 2010-02-09 22:56 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-09 22:56 . 2010-02-09 22:56 -------- d-----w- c:\program files\Symantec
2010-02-09 22:56 . 2010-02-09 23:37 968560 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\OCS\hsplayer.dll
2010-02-09 22:56 . 2009-08-30 00:16 164216 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
2010-02-09 22:56 . 2009-09-01 08:27 892272 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\CLT\cltLMSx.dll
2010-02-09 22:56 . 2010-02-10 23:27 -------- d-----w- c:\windows\system32\drivers\NIS
2010-02-09 22:56 . 2010-02-09 22:56 -------- d-----w- c:\program files\Norton Internet Security
2010-02-09 22:54 . 2010-02-09 22:54 -------- d-----w- c:\program files\NortonInstaller
2010-02-09 00:57 . 2010-02-09 22:13 -------- d-----w- c:\programdata\Kaspersky Lab
2010-02-09 00:57 . 2010-02-09 00:57 -------- d-----w- c:\program files\Kaspersky Lab
2010-02-06 19:11 . 2010-02-06 19:11 -------- d-----w- c:\users\Alexandre\AppData\Roaming\OtakuSoftware
2010-02-06 15:13 . 2010-02-06 15:15 -------- d-----w- c:\program files\Google
2010-02-06 14:30 . 2010-02-09 23:02 -------- d-----w- c:\programdata\Lavasoft
2010-02-06 14:12 . 2010-02-06 14:14 -------- d-----w- C:\.jagex_cache_32
2010-02-05 22:42 . 2010-02-05 22:42 -------- d-----w- c:\users\Alexandre\AppData\Roaming\PRMT
2010-02-05 22:42 . 2010-02-05 22:42 -------- d-----w- c:\users\Alexandre\AppData\Roaming\Softland
2010-02-05 22:40 . 2010-02-05 22:40 -------- d-----w- c:\users\Alexandre\AppData\Roaming\PROject MT
2010-02-05 22:39 . 2010-02-05 22:39 -------- d-----w- c:\windows\msagent
2010-02-05 22:36 . 2010-02-05 23:15 -------- d-----w- c:\windows\Lhsp
2010-02-05 22:36 . 2010-02-05 22:36 -------- d-----w- c:\programdata\PRMT
2010-02-05 22:34 . 2010-02-05 22:34 -------- d-----w- c:\users\Alexandre\AppData\Local\VS Revo Group
2010-02-05 22:23 . 2010-02-05 22:23 57344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{949133A8-69C9-1EB8-0049-53669B4D346E}-aswScan.dll
2010-02-04 21:39 . 2010-02-04 21:39 1024 ---h--r- c:\windows\system32\NTIOFM4.dll
2010-02-04 21:39 . 2010-02-04 21:39 1024 ---h--r- c:\windows\system32\NTIBUN5.dll
2010-02-04 21:39 . 2008-01-30 09:52 14848 ----a-w- c:\windows\system32\drivers\NTIDrvr.sys
2010-02-04 21:37 . 2010-02-12 20:40 -------- d-----w- c:\program files\NewTech Infosystems
2010-02-04 03:08 . 2010-02-04 03:08 -------- d-----w- c:\users\Alexandre\AppData\Roaming\Canneverbe Limited
2010-02-03 23:32 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-03 23:32 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-03 23:32 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-03 23:32 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-03 23:32 . 2010-02-11 18:38 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-02-03 23:31 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-03 23:31 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-03 23:31 . 2010-02-03 23:31 -------- d-----w- c:\programdata\Alwil Software
2010-02-03 23:31 . 2010-02-03 23:31 -------- d-----w- c:\program files\Alwil Software
2010-02-02 21:00 . 2010-02-06 16:41 -------- d-----w- c:\users\Alexandre\AppData\Local\Google
2010-02-02 20:58 . 2010-02-02 20:58 102400 --sha-r- c:\windows\system32\msexch401.dll
2010-02-01 21:47 . 2010-02-01 21:47 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-31 22:58 . 2010-01-31 22:58 0 ----a-w- c:\windows\nsreg.dat
2010-01-31 22:58 . 2010-02-01 21:48 -------- d-----w- c:\users\Alexandre\AppData\Local\Thunderbird
2010-01-31 22:58 . 2010-02-01 21:11 -------- d-----w- c:\users\Alexandre\AppData\Roaming\Thunderbird
2010-01-30 07:31 . 2010-01-30 07:31 668720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100130.002\BHDrvx64.sys
2010-01-30 07:31 . 2010-01-30 07:31 610704 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100130.002\bbRGen.dll
2010-01-30 07:31 . 2010-01-30 07:31 529456 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100130.002\BHDrvx86.sys
2010-01-30 07:31 . 2010-01-30 07:31 201616 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100130.002\BHRules.dll
2010-01-30 07:31 . 2010-01-30 07:31 1405840 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100130.002\BHEngine.dll
2010-01-28 23:03 . 2010-01-29 23:16 10128 ----a-w- c:\programdata\DVDXStudio\CloneDVD4\MainApp.dll
2010-01-28 23:03 . 2010-01-28 23:03 -------- d-----w- c:\program files\CloneDVD
2010-01-28 23:03 . 2010-01-28 23:03 -------- d-----w- c:\programdata\DVDXStudio
2010-01-28 20:54 . 2010-01-29 22:20 -------- d-----w- c:\programdata\SlySoft
2010-01-28 20:46 . 2010-01-29 22:20 -------- d-----w- c:\program files\SlySoft
2010-01-28 00:59 . 2010-01-28 23:03 -------- d-----w- c:\users\Alexandre\AppData\Roaming\Vso
2010-01-28 00:59 . 2010-01-28 23:03 47360 ----a-w- c:\users\Alexandre\AppData\Roaming\pcouffin.sys
2010-01-28 00:59 . 2010-01-28 00:59 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-01-26 20:57 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-01-26 20:57 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-01-25 13:33 . 2010-01-25 13:33 -------- d-----w- c:\users\Alexandre\AppData\Local\Apps
2010-01-25 13:33 . 2010-01-30 00:09 -------- d-----w- c:\users\Alexandre\AppData\Local\Deployment
2010-01-23 01:24 . 2010-02-05 21:33 -------- d-----w- c:\users\Alexandre\AppData\Roaming\FileZilla
2010-01-23 01:23 . 2010-01-23 01:23 -------- d-----w- c:\program files\FileZilla FTP Client
2010-01-21 20:58 . 2009-12-19 09:02 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-19 23:38 . 2010-01-19 23:38 -------- d-----w- c:\program files\DVD Decrypter
2010-01-19 22:14 . 2010-01-19 22:14 -------- d-----w- c:\users\Alexandre\AppData\Roaming\Canneverbe_Limited
2010-01-19 22:14 . 2010-01-19 22:14 -------- d-----w- c:\programdata\Canneverbe Limited
2010-01-19 21:48 . 2009-11-12 18:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-01-19 21:48 . 2010-02-04 12:43 -------- d-----w- c:\program files\CDBurnerXP
2010-01-18 00:03 . 2010-01-18 00:03 -------- d-----w- c:\programdata\Symantec
2010-01-17 15:58 . 2010-01-25 22:41 -------- d-----w- c:\programdata\eMule
2010-01-17 15:56 . 2010-02-04 22:48 -------- d-----w- c:\programdata\DVD Shrink
2010-01-17 15:56 . 2010-01-17 15:56 -------- d-----w- c:\program files\DVD Shrink
2010-01-17 15:43 . 2010-01-17 15:43 -------- d-----w- c:\program files\Orbitdownloader
2010-01-16 15:17 . 2010-01-16 15:17 -------- d-----w- c:\users\Alexandre\AppData\Local\CyberLink
2010-01-16 15:16 . 2010-01-16 15:17 -------- d-----w- c:\users\Alexandre\AppData\Local\PlayMovie
2010-01-16 15:16 . 2010-01-16 15:17 -------- d-----w- c:\users\Alexandre\AppData\Local\SoftDMA
2010-01-16 15:16 . 2010-01-16 15:16 -------- d-----w- c:\users\Alexandre\AppData\Local\Acer Arcade Deluxe
2010-01-16 15:16 . 2010-01-16 15:17 -------- d-----w- c:\users\Alexandre\AppData\Roaming\CyberLink
2010-01-15 00:10 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-15 00:10 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-12 22:02 . 2009-10-30 14:41 1 ----a-w- c:\users\Alexandre\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-12 20:41 . 2009-11-10 21:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-12 20:28 . 2009-11-12 23:37 -------- d-----w- c:\users\Alexandre\AppData\Roaming\CoreFTP
2010-02-12 14:52 . 2009-07-14 08:39 695004 ----a-w- c:\windows\system32\perfh00C.dat
2010-02-12 14:52 . 2009-07-14 08:39 127684 ----a-w- c:\windows\system32\perfc00C.dat
2010-02-12 14:51 . 2009-10-29 23:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-09 23:32 . 2010-02-13 12:08 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100212.039\NAVENG.SYS
2010-02-09 23:32 . 2010-02-13 12:08 1324720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100212.039\NAVEX15.SYS
2010-02-09 23:32 . 2010-02-13 12:08 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100212.039\ECMSVR32.DLL
2010-02-09 23:32 . 2010-02-13 12:08 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100212.039\CCERASER.DLL
2010-02-09 22:56 . 2010-02-09 22:56 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-02-09 22:56 . 2010-02-09 22:56 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-02-09 22:56 . 2009-11-01 18:42 -------- d-----w- c:\programdata\Norton
2010-02-09 22:54 . 2009-11-01 18:41 -------- d-----w- c:\programdata\NortonInstaller
2010-02-09 16:41 . 2009-11-14 15:10 -------- d-----w- c:\program files\Glary Utilities
2010-02-05 23:01 . 2009-10-27 14:26 116920 ----a-w- c:\users\Alexandre\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-05 22:56 . 2009-10-30 02:36 -------- d-----w- c:\users\Alexandre\AppData\Roaming\uTorrent
2010-02-05 22:33 . 2010-01-14 00:45 -------- d-----w- c:\users\Alexandre\AppData\Roaming\Orbit
2010-02-05 22:23 . 2010-02-05 22:23 202752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{EB19C8E3-BBEB-A399-4E44-B3E3472886C8}-aswCmnBS.dll
2010-02-04 22:00 . 2009-11-03 23:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-04 03:05 . 2009-11-06 19:10 -------- d-----w- c:\users\Alexandre\AppData\Roaming\LimeWire
2010-02-03 22:21 . 2009-10-27 22:58 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-02-03 22:21 . 2009-10-27 22:58 573760 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-02-03 22:05 . 2009-10-30 02:37 -------- d-----w- c:\program files\uTorrent
2010-01-31 22:33 . 2009-11-08 21:40 -------- d-----w- c:\programdata\Microsoft Help
2010-01-31 00:06 . 2009-11-29 21:33 -------- d-----w- c:\users\Alexandre\AppData\Roaming\U3
2010-01-22 00:38 . 2009-10-31 15:27 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-01-22 00:38 . 2009-10-31 15:27 573760 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-01-20 21:57 . 2009-10-27 22:50 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 23:29 . 2010-02-10 21:01 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 21:01 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 21:01 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 21:01 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 21:01 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 21:01 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 21:01 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 21:01 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-18 00:01 . 2009-11-10 21:31 -------- d-----w- c:\programdata\CyberLink
2010-01-14 16:12 . 2009-10-27 14:14 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-14 00:45 . 2010-01-14 00:45 -------- d-----w- c:\users\Alexandre\AppData\Roaming\GrabPro
2010-01-11 00:54 . 2010-01-11 00:53 -------- d-----w- c:\program files\LimeWire
2010-01-10 19:15 . 2010-01-10 19:04 -------- d-----w- c:\programdata\PassMark
2010-01-09 20:13 . 2010-01-09 20:13 65536 ----a-w- c:\windows\system32\buxegeh.dll
2010-01-08 03:18 . 2010-02-10 21:01 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-10 21:01 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-27 21:09 . 2009-10-30 23:25 -------- d-----w- c:\program files\FreeTime
2009-12-27 15:28 . 2009-11-14 01:46 -------- d-----w- c:\users\Alexandre\AppData\Roaming\gtk-2.0
2009-12-19 18:22 . 2009-12-19 18:22 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-12-19 09:02 . 2010-02-10 21:01 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02 . 2010-02-10 21:01 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02 . 2010-02-10 21:01 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02 . 2010-02-10 21:01 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02 . 2010-02-10 21:01 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02 . 2010-02-10 21:01 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02 . 2010-02-10 21:01 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02 . 2010-02-10 21:01 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-12-17 22:25 . 2009-12-17 22:25 26024 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2009-12-08 11:40 . 2010-02-10 21:01 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 11:40 . 2010-02-10 21:01 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 11:32 . 2010-02-10 21:01 292864 ----a-w- c:\windows\system32\apphelp.dll
2009-12-08 08:05 . 2010-02-10 21:01 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-08 08:05 . 2010-02-10 21:01 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-02-10 3037696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-29 1468296]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-14 1048392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-14 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-14 167424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-14 144384]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-07-24 167936]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-30 7289376]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-30 1833504]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-01-28 2757512]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-02-10 2166784]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-02-10 3037696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Users^Alexandre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Alexandre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2009-11-08 17:03 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2009-12-28 14:22 3214272 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glary Memory Optimizer]
2010-01-15 04:01 102712 ----a-w- c:\program files\Glary Utilities\memdefrag.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-27 23:38 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-01-29 21:24 319280 ----a-w- c:\program files\uTorrent\uTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"Ginipic"="c:\program files\Ginipic\Ginipic.Bootstrapper.exe" -startup
"server.exe"=c:\windows\server.exe
R0 SymDS;Symantec Data Store;c:\windows\System32\drivers\NIS\1105000.07F\symds.sys [2010-02-10 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1105000.07F\symefa.sys [2010-02-10 172592]
R1 anf0100.sys;anf0100.sys;c:\windows\System32\drivers\anf0100.sys [2009-11-15 9728]
R1 aswSP;aswSP;c:\windows\System32\drivers\aswSP.sys [2010-02-03 162512]
R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100130.002\BHDrvx86.sys [2010-01-30 529456]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1105000.07F\cchpx86.sys [2010-02-10 501888]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100210.001\IDSvix86.sys [2010-02-13 343088]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [2010-02-10 142592]
R1 SymIRON;Symantec Iron Driver;c:\windows\System32\drivers\NIS\1105000.07F\ironx86.sys [2010-02-10 116272]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\drivers\NIS\1105000.07F\symtdiv.sys [2010-02-10 340016]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [2009-07-13 48128]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2009-11-10 61424]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2010-02-10 1858144]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2010-02-03 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2010-02-03 51792]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-11-10 81504]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.5.0.127\ccsvchst.exe [2010-02-10 126392]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2009-11-10 122368]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-10-29 1153368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-02-10 102448]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [2009-06-18 42480]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [2009-03-02 139776]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
S3 fssfltr;fssfltr;c:\windows\System32\drivers\fssfltr.sys [2009-10-27 54632]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-08-06 704864]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [2008-08-15 93968]
.
Contenu du dossier 'Tâches planifiées'
2010-02-07 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2009-12-02 17:37]
2010-02-11 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-11-14 04:01]
2010-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 15:13]
2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 15:13]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyServer = socks=
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xporter vers Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\Alexandre\AppData\Roaming\Mozilla\Firefox\Profiles\ydlezdoe.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&q=
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.5.0.127\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-2319197388-584443319-777709610-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EE2AB201-FF59-FF34-C7AB-7E9FD06A3FB9}*]
"pafkdlnijjplgnndjnphgnpoejclmjnp"=hex:69,61,61,6f,64,70,63,6f,62,61,64,6a,6e,
69,6b,63,65,6b,00,00
"abpijhnfckhbcnckbdclolfepnkmfddpln"=hex:69,61,70,6e,67,70,62,64,6e,63,69,69,
61,64,6a,67,64,6d,00,00
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2010-02-13 07:57:32
ComboFix-quarantined-files.txt 2010-02-13 12:57
Avant-CF: 93 422 575 616 octets libres
Après-CF: 93 352 181 760 octets libres
- - End Of File - - 2969F9A2455DE34B2796161FBCA17581
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
dédétraqué
Messages postés
4384
Date d'inscription
vendredi 5 septembre 2008
Statut
Contributeur sécurité
Dernière intervention
4 février 2013
286
13 févr. 2010 à 17:38
13 févr. 2010 à 17:38
Salut wellan
Faire un scan de ce fichier msexch401.dll ici :
https://www.virustotal.com/gui/
Clique sur Parcourir et copie/colle ceci :
c:\windows\system32\msexch401.dll
Après tu clique sur Envoyer le fichier et attendre le résultat de l’analyse.
Si il te dit que le fichier a déjà été analysé, sélectionne le bouton :
Reanalyse le fichier maintenant et attendre le résultat de l'analyse, poste le résultat au complet.
Poste le résultat au complet
Aide : http://bibou0007.com/scans-en-ligne-f75/tutorial-sur-virustotal-t190.htm
Faire également un scan de ce fichier :
c:\windows\system32\buxegeh.dll
@++ :)
Faire un scan de ce fichier msexch401.dll ici :
https://www.virustotal.com/gui/
Clique sur Parcourir et copie/colle ceci :
c:\windows\system32\msexch401.dll
Après tu clique sur Envoyer le fichier et attendre le résultat de l’analyse.
Si il te dit que le fichier a déjà été analysé, sélectionne le bouton :
Reanalyse le fichier maintenant et attendre le résultat de l'analyse, poste le résultat au complet.
Poste le résultat au complet
Aide : http://bibou0007.com/scans-en-ligne-f75/tutorial-sur-virustotal-t190.htm
Faire également un scan de ce fichier :
c:\windows\system32\buxegeh.dll
@++ :)