Analyse de rapport HIJACKTHIS
shamallow-56
-
shamallow-56 -
shamallow-56 -
Bonjour,
Voilà, a qui voudra bien m'aider sur ce sujet, MERCI d'avance.
Pour bien démarrer l'année, lol, j'ai quelques soucis avec mon pc.
Je vous poste ci-joint le rapport Hijackthis. En espérant y trouver une réponse.
pb : J'ai régulièrement un arret du pc du à un écran bleu, systeme à récupéré une erreur sérieuse.
voici mon rapport hijackthis.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:33:29, on 16/01/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
C:\Program Files\Fichiers communs\MAGIX Services\Database\bin\FABS.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\AMD\RAIDXpert\_jvm\bin\java.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Zune\ZuneBusEnum.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-1708537768-838170752-1606980848-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1708537768-838170752-1606980848-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrateur')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1273488138218
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_1_0_1.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown owner - C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Fichiers communs\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Fichiers communs\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
Voilà, a qui voudra bien m'aider sur ce sujet, MERCI d'avance.
Pour bien démarrer l'année, lol, j'ai quelques soucis avec mon pc.
Je vous poste ci-joint le rapport Hijackthis. En espérant y trouver une réponse.
pb : J'ai régulièrement un arret du pc du à un écran bleu, systeme à récupéré une erreur sérieuse.
voici mon rapport hijackthis.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:33:29, on 16/01/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
C:\Program Files\Fichiers communs\MAGIX Services\Database\bin\FABS.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\AMD\RAIDXpert\_jvm\bin\java.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Zune\ZuneBusEnum.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-1708537768-838170752-1606980848-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1708537768-838170752-1606980848-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrateur')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1273488138218
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_1_0_1.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown owner - C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Fichiers communs\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Fichiers communs\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
A voir également:
- Analyse de rapport HIJACKTHIS
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Plan rapport de stage - Guide
- Analyse composant pc - Guide
- Analyse performance pc - Guide
- Analyse disque dur - Télécharger - Informations & Diagnostic
86 réponses
et donc également le rapport d'ad-remover:
======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 15:43:41 le 16/01/2012, Mode normal
Microsoft Windows XP Édition familiale Service Pack 3 (X86)
Utilisateur@UTILISAT-CCDF9C ( )
============== RECHERCHE ==============
============== SCAN ADDITIONNEL ==============
**** Google Chrome Version [11.0.696.60] ****
Extension\lifbcibllhkdhoafpjfnlhfpfgnpldfl (C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx) (?)
-- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Google\Chrome\User Data\Default --
Preferences - default_search_provider: "Web Search" (Activé: true) (hxxp://www.searchqu.com/web?src=crb&appid=102&systemid=406&sr=0&q={searchTerms})
Preferences - homepage_is_newtabpage: false
========================================
**** Internet Explorer Version [8.0.6001.18702] ****
HKCU_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Start Page - hxxp://www.google.fr
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://www.msn.com/
HKCU_Toolbar\WebBrowser|{BA14329E-9550-4989-B3F2-9732E92D17CC} (x)
HKCU_Toolbar\WebBrowser|{F4E6547E-325B-403C-A3BB-AD29ED37A92F} (x)
HKCU_ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} - C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Google\Update\1.3.21.53\GoogleUpdateOnDemand.exe (x)
HKCU_ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55} - C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (x)
HKLM_ElevationPolicy\{B60B891F-C8D8-407E-A088-7502C5701D8B} - C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Conduit\CT2504091\Vuze_RemoteAutoUpdaterHelper.exe (x)
HKLM_ElevationPolicy\{B89A0F72-C1BD-4F42-A693-C2BCF24F7483} - C:\Program Files\Vuze_Remote\Vuze_RemoteToolbarHelper.exe (?)
HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - "Skype Browser Helper" (C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll)
========================================
C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)
C:\Ad-Report-SCAN[1].txt - 16/01/2012 15:44:55 (1972 Octet(s))
Fin à: 15:46:00, 16/01/2012
============== E.O.F ==============
Ca fait pas mal de lecture.
MerciDe votre aide.
======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 15:43:41 le 16/01/2012, Mode normal
Microsoft Windows XP Édition familiale Service Pack 3 (X86)
Utilisateur@UTILISAT-CCDF9C ( )
============== RECHERCHE ==============
============== SCAN ADDITIONNEL ==============
**** Google Chrome Version [11.0.696.60] ****
Extension\lifbcibllhkdhoafpjfnlhfpfgnpldfl (C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx) (?)
-- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Google\Chrome\User Data\Default --
Preferences - default_search_provider: "Web Search" (Activé: true) (hxxp://www.searchqu.com/web?src=crb&appid=102&systemid=406&sr=0&q={searchTerms})
Preferences - homepage_is_newtabpage: false
========================================
**** Internet Explorer Version [8.0.6001.18702] ****
HKCU_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Start Page - hxxp://www.google.fr
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://www.msn.com/
HKCU_Toolbar\WebBrowser|{BA14329E-9550-4989-B3F2-9732E92D17CC} (x)
HKCU_Toolbar\WebBrowser|{F4E6547E-325B-403C-A3BB-AD29ED37A92F} (x)
HKCU_ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} - C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Google\Update\1.3.21.53\GoogleUpdateOnDemand.exe (x)
HKCU_ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55} - C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (x)
HKLM_ElevationPolicy\{B60B891F-C8D8-407E-A088-7502C5701D8B} - C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Conduit\CT2504091\Vuze_RemoteAutoUpdaterHelper.exe (x)
HKLM_ElevationPolicy\{B89A0F72-C1BD-4F42-A693-C2BCF24F7483} - C:\Program Files\Vuze_Remote\Vuze_RemoteToolbarHelper.exe (?)
HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - "Skype Browser Helper" (C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll)
========================================
C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)
C:\Ad-Report-SCAN[1].txt - 16/01/2012 15:44:55 (1972 Octet(s))
Fin à: 15:46:00, 16/01/2012
============== E.O.F ==============
Ca fait pas mal de lecture.
MerciDe votre aide.
Je t'ai demandé de lancer ADWCleaner en mode suppression
Relance ADWCleaner puis clique sur le bouton "Suppression" et poste le rapport stp
Relance ADWCleaner puis clique sur le bouton "Suppression" et poste le rapport stp
désolé pour le contre temps Fish!
# AdwCleaner v1.406 - Rapport créé le 16/01/2012 à 16:23:24
# Mis à jour le 09/01/2012 par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : Utilisateur - UTILISAT-CCDF9C (Administrateur)
# Exécuté depuis : C:\Documents and Settings\Utilisateur\Mes documents\Downloads\adwcleaner.exe
# Option [Suppression]
***** [Services] *****
***** [Fichiers / Dossiers] *****
***** [Registre] *****
***** [Navigateurs] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Le registre ne contient aucune entrée illégitime.
-\\ Google Chrome v11.0.696.60
Fichier : C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
Supprimée : "name": "Web Search",
Supprimée : "search_url": "hxxp://www.searchqu.com/web?src=crb&appid=102&systemid=406&sr=0&q={searchTerms}[...]
*************************
AdwCleaner[R1].txt - [4216 octets] - [16/01/2012 13:56:06]
AdwCleaner[S1].txt - [4447 octets] - [16/01/2012 13:56:40]
AdwCleaner[S2].txt - [1064 octets] - [16/01/2012 16:23:24]
*************************
Dossier Temporaire : 2 dossier(s) et 6 fichier(s) supprimés
########## EOF - C:\AdwCleaner[S2].txt - [1284 octets] ##########
voilàle rapport!
# AdwCleaner v1.406 - Rapport créé le 16/01/2012 à 16:23:24
# Mis à jour le 09/01/2012 par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : Utilisateur - UTILISAT-CCDF9C (Administrateur)
# Exécuté depuis : C:\Documents and Settings\Utilisateur\Mes documents\Downloads\adwcleaner.exe
# Option [Suppression]
***** [Services] *****
***** [Fichiers / Dossiers] *****
***** [Registre] *****
***** [Navigateurs] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Le registre ne contient aucune entrée illégitime.
-\\ Google Chrome v11.0.696.60
Fichier : C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
Supprimée : "name": "Web Search",
Supprimée : "search_url": "hxxp://www.searchqu.com/web?src=crb&appid=102&systemid=406&sr=0&q={searchTerms}[...]
*************************
AdwCleaner[R1].txt - [4216 octets] - [16/01/2012 13:56:06]
AdwCleaner[S1].txt - [4447 octets] - [16/01/2012 13:56:40]
AdwCleaner[S2].txt - [1064 octets] - [16/01/2012 16:23:24]
*************************
Dossier Temporaire : 2 dossier(s) et 6 fichier(s) supprimés
########## EOF - C:\AdwCleaner[S2].txt - [1284 octets] ##########
voilàle rapport!
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bon et bien voilà!!!
j'ai fait un scan avec mbam!!
RIEN.
Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org
Version de la base de données: v2012.01.16.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Utilisateur :: UTILISAT-CCDF9C [administrateur]
Protection: Activé
16/01/2012 21:21:35
mbam-log-2012-01-16 (21-21-35).txt
Type d'examen: Examen complet
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 310387
Temps écoulé: 1 heure(s), 35 minute(s), 27 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)
(fin)
dois-je en conclure qu'il n'y a plus de menace???
@+
j'ai fait un scan avec mbam!!
RIEN.
Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org
Version de la base de données: v2012.01.16.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Utilisateur :: UTILISAT-CCDF9C [administrateur]
Protection: Activé
16/01/2012 21:21:35
mbam-log-2012-01-16 (21-21-35).txt
Type d'examen: Examen complet
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 310387
Temps écoulé: 1 heure(s), 35 minute(s), 27 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)
(fin)
dois-je en conclure qu'il n'y a plus de menace???
@+
Re,
On va voir ce qui nous reste :
Lance ZHPDiag depuis le bureau et prépare stp un nouveau
rapport ZHPDiag (à héberger)
@+
On va voir ce qui nous reste :
Lance ZHPDiag depuis le bureau et prépare stp un nouveau
rapport ZHPDiag (à héberger)
@+
bonjour Fish,
je t'envoie le lien d'hébergement du rapport zhpdiag:
http://pjjoint.malekal.com/files.php?id=ZHPDiag_20120117_s15l6g10y8r14
En espérant que se soit fructueux.
merci!
@+
je t'envoie le lien d'hébergement du rapport zhpdiag:
http://pjjoint.malekal.com/files.php?id=ZHPDiag_20120117_s15l6g10y8r14
En espérant que se soit fructueux.
merci!
@+
bon voilà!
Ca n'a pas été simple!
Le pc a planté au premier rapport combofix : pas de rapport dans C:. Cependant il semblerait ( puisque j'ai suivi les évènement) qu'il y ait eu suppression de certains fichiers . Après redémarrage j'ai donc refais un scan et il m'a inscrit le rapport suivant.
ComboFix 12-01-17.01 - Utilisateur 17/01/2012 15:25:09.3.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2047.1568 [GMT 1:00]
Lancé depuis: c:\documents and settings\Utilisateur\Bureau\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
c:\documents and settings\Utilisateur\Application Data\vso_ts_preview.xml
c:\program files\cdbxp_setup_4.3.6.2284.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\FirewallInstallHelper.dll
c:\windows\system32\roboot.exe
c:\windows\system32\SET110.tmp
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-12-17 au 2012-01-17 ))))))))))))))))))))))))))))))))))))
.
.
2012-01-17 10:52 . 2012-01-17 10:52 388096 ----a-r- c:\documents and settings\Utilisateur\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-16 14:43 . 2012-01-16 14:43 -------- d-----w- c:\program files\Ad-Remover
2012-01-16 13:09 . 2012-01-17 11:55 -------- d-----w- C:\ZHP
2012-01-16 13:09 . 2012-01-17 11:55 -------- d-----w- c:\program files\ZHPDiag
2012-01-16 12:09 . 2012-01-16 12:09 -------- d-----w- C:\VundoFix Backups
2012-01-16 11:26 . 2012-01-16 22:06 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-15 20:17 . 2012-01-15 20:17 -------- d-----w- c:\documents and settings\Administrateur
2012-01-15 18:59 . 2012-01-15 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2012-01-15 18:59 . 2012-01-15 18:59 -------- d-----w- c:\program files\Security Task Manager
2012-01-15 17:11 . 2012-01-15 17:11 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\SUPERAntiSpyware.com
2012-01-15 17:10 . 2012-01-15 17:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-15 17:10 . 2012-01-15 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-01-15 15:42 . 2012-01-15 15:47 3096 ----a-w- c:\windows\system32\ASOROSet.bin
2012-01-15 15:16 . 2012-01-15 15:53 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Systweak
2012-01-12 16:56 . 2012-01-12 16:56 -------- d-----w- c:\program files\Trend Micro
2012-01-12 06:14 . 2012-01-12 06:17 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\ApplicationHistory
2012-01-06 16:14 . 2012-01-06 16:14 -------- d-----w- c:\program files\Atari
2012-01-03 07:22 . 2012-01-03 07:22 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-05 21:18 . 2011-06-04 09:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 14:24 . 2011-09-19 20:56 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2008-04-13 17:33 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2008-04-13 16:58 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2008-04-13 17:34 61952 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:22 . 2008-04-13 17:33 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:22 . 2008-04-13 17:33 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:13 . 2008-04-13 17:33 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2008-04-13 17:34 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:13 . 2008-04-13 17:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 11:24 . 2008-04-13 17:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2008-04-13 17:33 387072 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2008-04-13 17:33 1298432 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2008-04-13 17:33 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-04-13 17:33 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2008-04-13 19:07 2071424 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:50 . 2008-04-13 17:08 2194816 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-07-02 11:22 . 2010-07-02 11:22 1439379 ----a-w- c:\program files\wrar392fr.exe
2010-05-24 16:01 . 2010-05-24 16:01 5839872 ----a-w- c:\program files\MAXFR_eMule0.50a-Installer.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-17_14.15.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-17 14:19 . 2012-01-17 14:19 16384 c:\windows\Temp\Perflib_Perfdata_630.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NDAS Device Management.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\NDAS Device Management.lnk
backup=c:\windows\pss\NDAS Device Management.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Utilisateur^Menu Démarrer^Programmes^Démarrage^Logitech . Enregistrement du produit.lnk]
path=c:\documents and settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\Logitech . Enregistrement du produit.lnk
backup=c:\windows\pss\Logitech . Enregistrement du produit.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07 843712 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2010-11-03 16:13 64104 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22 59240 ----a-w- c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- d:\xavier\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HijackThis startup scan]
2010-03-25 17:42 388096 ----a-w- c:\program files\Trend Micro\HiJackThis\HiJackThis.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-03-25 19:27 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-03-13 07:34 81920 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-11-16 12:55 226224 ----a-w- c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-11-16 12:55 86960 ----a-w- c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 01:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-07-16 13:35 5458704 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 11:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-12-24 16:50 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-10-08 04:50 16744256 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-09-04 17:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-10-08 04:50 203072 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2011-08-09 14:14 20055144 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
c:\program files\Spybot - Search & Destroy\TeaTimer.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
c:\program files\Logitech\Gaming Software\LWEMon.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 13:49 249064 ----a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-12-09 00:44 4616064 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-05-24 10:56 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBDetector]
2003-04-01 09:33 53248 ----a-w- c:\usbstorage\USBDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
c:\program files\uTorrent\uTorrent.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2011-08-05 10:29 159456 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\PES2009.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"d:\\Xavier\\jeux\\age3.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"d:\\Xavier\\age of empire 2\\empires2.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010c\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010c\\WNt500x86\\sandra.0C.mui"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010c\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"d:\\Xavier\\jeux\\UBISOFT\\SCRABBLE® Interactif EDITION 2007\\Scrabble2007.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"d:\\pro evolution soccer 2012\\pes2012.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11080:TCP"= 11080:TCP:e-mule
"11090:UDP"= 11090:UDP:e-mule
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [27/07/2007 09:13 330144]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [27/07/2007 11:46 251680]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [11/09/2010 19:40 20328]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Fichiers communs\MAGIX Services\Database\bin\FABS.exe [27/08/2009 17:09 1253376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19/09/2011 21:57 652872]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [15/07/2011 10:34 2253120]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22/04/2011 13:21 92592]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [27/07/2005 16:25 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [27/07/2005 16:25 36352]
R3 FIXUSTOR;FIXUSTOR;c:\windows\system32\drivers\fixustor.sys [05/05/2011 06:33 12416]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19/09/2011 21:56 20464]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [27/07/2005 16:25 77056]
S2 AMDRAIDXpert;AMD RAIDXpert;c:\program files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe [29/09/2003 08:30 110592]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24/05/2010 11:57 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/01/2011 14:29 1691480]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [12/11/2008 13:54 37888]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 09:58 11336]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Fichiers communs\MAGIX Services\Database\bin\fbserver.exe [07/08/2008 11:10 3276800]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [24/05/2010 11:57 135664]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [25/11/2011 16:36 311928]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys --> c:\windows\system32\DRIVERS\RTL8192su.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe [10/09/2011 06:52 93336]
S3 TNET1130;IEEE 802.11g Wireless Cardbus/PCI Adapter;c:\windows\system32\drivers\TNET1130.sys [26/05/2011 07:31 386688]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [05/08/2011 11:30 268512]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18/12/2010 21:16 691696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
HPService REG_MULTI_SZ HPSLPSVC
.
Contenu du dossier 'Tâches planifiées'
.
2012-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 10:56]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 10:56]
.
2012-01-17 c:\windows\Tasks\User_Feed_Synchronization-{AFC5B6B4-62FC-46F5-81F7-3C9FA04D2E0B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Examen supplémentaire -------
.
IE: E&xporter vers Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
.
- - - - ORPHELINS SUPPRIMES - - - -
.
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{F4E6547E-325B-403C-A3BB-AD29ED37A92F} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-17 15:32
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1708537768-838170752-1606980848-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1708537768-838170752-1606980848-1004\Software\SecuROM\License information*]
"datasecu"=hex:9e,bf,b6,e9,55,49,90,42,3d,4f,7a,7b,90,c6,30,e4,e9,34,c2,e2,8c,
20,3a,14,38,01,e9,a6,09,d5,5f,56,b8,96,a4,80,db,99,8b,d2,c9,aa,c5,2a,12,2d,\
"rkeysecu"=hex:f3,4d,7c,2a,9c,42,0c,6c,3e,67,c1,24,db,82,da,dd
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\0a\02\04\06*+?"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(532)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(2184)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
.
Heure de fin: 2012-01-17 15:34:39
ComboFix-quarantined-files.txt 2012-01-17 14:34
ComboFix2.txt 2011-09-19 20:38
.
Avant-CF: 10 283 114 496 octets libres
Après-CF: 10 270 961 664 octets libres
.
- - End Of File - - 80D3851AC70E11CBBED8855EC6AC614C
Du coup je ne sais pas si vous en tirerez quelque chose.
Merci.
@+
Ca n'a pas été simple!
Le pc a planté au premier rapport combofix : pas de rapport dans C:. Cependant il semblerait ( puisque j'ai suivi les évènement) qu'il y ait eu suppression de certains fichiers . Après redémarrage j'ai donc refais un scan et il m'a inscrit le rapport suivant.
ComboFix 12-01-17.01 - Utilisateur 17/01/2012 15:25:09.3.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2047.1568 [GMT 1:00]
Lancé depuis: c:\documents and settings\Utilisateur\Bureau\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
c:\documents and settings\Utilisateur\Application Data\vso_ts_preview.xml
c:\program files\cdbxp_setup_4.3.6.2284.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\FirewallInstallHelper.dll
c:\windows\system32\roboot.exe
c:\windows\system32\SET110.tmp
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-12-17 au 2012-01-17 ))))))))))))))))))))))))))))))))))))
.
.
2012-01-17 10:52 . 2012-01-17 10:52 388096 ----a-r- c:\documents and settings\Utilisateur\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-16 14:43 . 2012-01-16 14:43 -------- d-----w- c:\program files\Ad-Remover
2012-01-16 13:09 . 2012-01-17 11:55 -------- d-----w- C:\ZHP
2012-01-16 13:09 . 2012-01-17 11:55 -------- d-----w- c:\program files\ZHPDiag
2012-01-16 12:09 . 2012-01-16 12:09 -------- d-----w- C:\VundoFix Backups
2012-01-16 11:26 . 2012-01-16 22:06 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-15 20:17 . 2012-01-15 20:17 -------- d-----w- c:\documents and settings\Administrateur
2012-01-15 18:59 . 2012-01-15 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2012-01-15 18:59 . 2012-01-15 18:59 -------- d-----w- c:\program files\Security Task Manager
2012-01-15 17:11 . 2012-01-15 17:11 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\SUPERAntiSpyware.com
2012-01-15 17:10 . 2012-01-15 17:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-15 17:10 . 2012-01-15 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-01-15 15:42 . 2012-01-15 15:47 3096 ----a-w- c:\windows\system32\ASOROSet.bin
2012-01-15 15:16 . 2012-01-15 15:53 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Systweak
2012-01-12 16:56 . 2012-01-12 16:56 -------- d-----w- c:\program files\Trend Micro
2012-01-12 06:14 . 2012-01-12 06:17 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\ApplicationHistory
2012-01-06 16:14 . 2012-01-06 16:14 -------- d-----w- c:\program files\Atari
2012-01-03 07:22 . 2012-01-03 07:22 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-05 21:18 . 2011-06-04 09:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 14:24 . 2011-09-19 20:56 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2008-04-13 17:33 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2008-04-13 16:58 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2008-04-13 17:34 61952 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:22 . 2008-04-13 17:33 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:22 . 2008-04-13 17:33 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:13 . 2008-04-13 17:33 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2008-04-13 17:34 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:13 . 2008-04-13 17:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 11:24 . 2008-04-13 17:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2008-04-13 17:33 387072 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2008-04-13 17:33 1298432 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2008-04-13 17:33 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-04-13 17:33 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2008-04-13 19:07 2071424 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:50 . 2008-04-13 17:08 2194816 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-07-02 11:22 . 2010-07-02 11:22 1439379 ----a-w- c:\program files\wrar392fr.exe
2010-05-24 16:01 . 2010-05-24 16:01 5839872 ----a-w- c:\program files\MAXFR_eMule0.50a-Installer.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-17_14.15.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-17 14:19 . 2012-01-17 14:19 16384 c:\windows\Temp\Perflib_Perfdata_630.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w- c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NDAS Device Management.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\NDAS Device Management.lnk
backup=c:\windows\pss\NDAS Device Management.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Utilisateur^Menu Démarrer^Programmes^Démarrage^Logitech . Enregistrement du produit.lnk]
path=c:\documents and settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\Logitech . Enregistrement du produit.lnk
backup=c:\windows\pss\Logitech . Enregistrement du produit.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07 843712 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2010-11-03 16:13 64104 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22 59240 ----a-w- c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- d:\xavier\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HijackThis startup scan]
2010-03-25 17:42 388096 ----a-w- c:\program files\Trend Micro\HiJackThis\HiJackThis.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-03-25 19:27 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-03-13 07:34 81920 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-11-16 12:55 226224 ----a-w- c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-11-16 12:55 86960 ----a-w- c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 01:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-07-16 13:35 5458704 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 11:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-12-24 16:50 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-10-08 04:50 16744256 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-09-04 17:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-10-08 04:50 203072 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2011-08-09 14:14 20055144 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
c:\program files\Spybot - Search & Destroy\TeaTimer.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
c:\program files\Logitech\Gaming Software\LWEMon.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 13:49 249064 ----a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-12-09 00:44 4616064 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-05-24 10:56 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBDetector]
2003-04-01 09:33 53248 ----a-w- c:\usbstorage\USBDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
c:\program files\uTorrent\uTorrent.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2011-08-05 10:29 159456 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\PES2009.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"d:\\Xavier\\jeux\\age3.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"d:\\Xavier\\age of empire 2\\empires2.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010c\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010c\\WNt500x86\\sandra.0C.mui"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010c\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"d:\\Xavier\\jeux\\UBISOFT\\SCRABBLE® Interactif EDITION 2007\\Scrabble2007.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"d:\\pro evolution soccer 2012\\pes2012.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11080:TCP"= 11080:TCP:e-mule
"11090:UDP"= 11090:UDP:e-mule
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [27/07/2007 09:13 330144]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [27/07/2007 11:46 251680]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [11/09/2010 19:40 20328]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Fichiers communs\MAGIX Services\Database\bin\FABS.exe [27/08/2009 17:09 1253376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19/09/2011 21:57 652872]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [15/07/2011 10:34 2253120]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22/04/2011 13:21 92592]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [27/07/2005 16:25 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [27/07/2005 16:25 36352]
R3 FIXUSTOR;FIXUSTOR;c:\windows\system32\drivers\fixustor.sys [05/05/2011 06:33 12416]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19/09/2011 21:56 20464]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [27/07/2005 16:25 77056]
S2 AMDRAIDXpert;AMD RAIDXpert;c:\program files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe [29/09/2003 08:30 110592]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24/05/2010 11:57 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/01/2011 14:29 1691480]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [12/11/2008 13:54 37888]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 09:58 11336]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Fichiers communs\MAGIX Services\Database\bin\fbserver.exe [07/08/2008 11:10 3276800]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [24/05/2010 11:57 135664]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [25/11/2011 16:36 311928]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys --> c:\windows\system32\DRIVERS\RTL8192su.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe [10/09/2011 06:52 93336]
S3 TNET1130;IEEE 802.11g Wireless Cardbus/PCI Adapter;c:\windows\system32\drivers\TNET1130.sys [26/05/2011 07:31 386688]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [05/08/2011 11:30 268512]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18/12/2010 21:16 691696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
HPService REG_MULTI_SZ HPSLPSVC
.
Contenu du dossier 'Tâches planifiées'
.
2012-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 10:56]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 10:56]
.
2012-01-17 c:\windows\Tasks\User_Feed_Synchronization-{AFC5B6B4-62FC-46F5-81F7-3C9FA04D2E0B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Examen supplémentaire -------
.
IE: E&xporter vers Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
.
- - - - ORPHELINS SUPPRIMES - - - -
.
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{F4E6547E-325B-403C-A3BB-AD29ED37A92F} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-17 15:32
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1708537768-838170752-1606980848-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1708537768-838170752-1606980848-1004\Software\SecuROM\License information*]
"datasecu"=hex:9e,bf,b6,e9,55,49,90,42,3d,4f,7a,7b,90,c6,30,e4,e9,34,c2,e2,8c,
20,3a,14,38,01,e9,a6,09,d5,5f,56,b8,96,a4,80,db,99,8b,d2,c9,aa,c5,2a,12,2d,\
"rkeysecu"=hex:f3,4d,7c,2a,9c,42,0c,6c,3e,67,c1,24,db,82,da,dd
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\0a\02\04\06*+?"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(532)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(2184)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
.
Heure de fin: 2012-01-17 15:34:39
ComboFix-quarantined-files.txt 2012-01-17 14:34
ComboFix2.txt 2011-09-19 20:38
.
Avant-CF: 10 283 114 496 octets libres
Après-CF: 10 270 961 664 octets libres
.
- - End Of File - - 80D3851AC70E11CBBED8855EC6AC614C
Du coup je ne sais pas si vous en tirerez quelque chose.
Merci.
@+
bonjour Fish!
j'ai fait comme tu as dit! impossible de supprimer vuze toolbar.
Voilà toujours le rapport ZHp :
Rapport de ZHPFix 1.12.3378 par Nicolas Coolman, Update du 10/01/2011
Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-18-01-2012-09-37-46.txt
Run by Utilisateur at 18/01/2012 09:37:46
Windows XP Home Edition Service Pack 3 (Build 2600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Web site : http://nicolascoolman.skyrock.com/
========== Clé(s) du Registre ==========
SUPPRIME Key: HKLM\Software\BrowserChoice
========== Valeur(s) du Registre ==========
ABSENT AAKE KeyValue: D:\Xavier\pes 2010\BAZOOKA\pes2010.exe
ABSENT AAKE KeyValue: D:\Xavier\pes 2011\Crack\PES2011.exe
ABSENT AAKE KeyValue: D:\Xavier\PES 2011 FR\Crack\PES2011.exe
SUPPRIME FirewallRaz (SP) : C:\Program Files\eMule\emule.exe
SUPPRIME FirewallRaz (SP) : C:\Program Files\Vuze\Azureus.exe
SUPPRIME FirewallRaz (DP) : C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
SUPPRIME FirewallRaz (DP) : C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
SUPPRIME FirewallRaz (DP) : C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe
Aucune valeur présente dans la clé d'exception du registre (FirewallRaz)
========== Dossier(s) ==========
SUPPRIME Folder: C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Ilivid Player
SUPPRIME Flash Cookies: 1
========== Fichier(s) ==========
SUPPRIME Flash Cookies: 0
========== Récapitulatif ==========
1 : Clé(s) du Registre
9 : Valeur(s) du Registre
2 : Dossier(s)
1 : Fichier(s)
End of clean in 00mn 02s
========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 18/01/2012 09:37:46 [1511]
je m'occupe d'OTM
@+
j'ai fait comme tu as dit! impossible de supprimer vuze toolbar.
Voilà toujours le rapport ZHp :
Rapport de ZHPFix 1.12.3378 par Nicolas Coolman, Update du 10/01/2011
Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-18-01-2012-09-37-46.txt
Run by Utilisateur at 18/01/2012 09:37:46
Windows XP Home Edition Service Pack 3 (Build 2600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Web site : http://nicolascoolman.skyrock.com/
========== Clé(s) du Registre ==========
SUPPRIME Key: HKLM\Software\BrowserChoice
========== Valeur(s) du Registre ==========
ABSENT AAKE KeyValue: D:\Xavier\pes 2010\BAZOOKA\pes2010.exe
ABSENT AAKE KeyValue: D:\Xavier\pes 2011\Crack\PES2011.exe
ABSENT AAKE KeyValue: D:\Xavier\PES 2011 FR\Crack\PES2011.exe
SUPPRIME FirewallRaz (SP) : C:\Program Files\eMule\emule.exe
SUPPRIME FirewallRaz (SP) : C:\Program Files\Vuze\Azureus.exe
SUPPRIME FirewallRaz (DP) : C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
SUPPRIME FirewallRaz (DP) : C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
SUPPRIME FirewallRaz (DP) : C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe
Aucune valeur présente dans la clé d'exception du registre (FirewallRaz)
========== Dossier(s) ==========
SUPPRIME Folder: C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Ilivid Player
SUPPRIME Flash Cookies: 1
========== Fichier(s) ==========
SUPPRIME Flash Cookies: 0
========== Récapitulatif ==========
1 : Clé(s) du Registre
9 : Valeur(s) du Registre
2 : Dossier(s)
1 : Fichier(s)
End of clean in 00mn 02s
========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 18/01/2012 09:37:46 [1511]
je m'occupe d'OTM
@+
a propos d'Otm :
combien de temps met-il a supprimer les lignes précédement citée?
pour l'instant ça fait 20 bonnes minutes, et le pc est bloqué!
La je suis sur le portable.
P s : j'ai lancé otm hors connexion, et sans antivirus.
@+
combien de temps met-il a supprimer les lignes précédement citée?
pour l'instant ça fait 20 bonnes minutes, et le pc est bloqué!
La je suis sur le portable.
P s : j'ai lancé otm hors connexion, et sans antivirus.
@+
en mode sans echec c ok!
Voici le rapport :
All processes killed
========== FILES ==========
C:\Program Files\Enigma Software Group\SpyHunter\mon folder moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter\Log folder moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter\Downloads folder moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter\Defs folder moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter\Data folder moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 10674723 bytes
->Flash cache emptied: 456 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Utilisateur
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3811175 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9646693 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 23,00 mb
OTM by OldTimer - Version 3.1.19.0 log created on 01182012_110649
Files moved on Reboot...
File C:\WINDOWS\temp\hsperfdata_SYSTEM\732 not found!
Registry entries deleted on Reboot...
@+
Voici le rapport :
All processes killed
========== FILES ==========
C:\Program Files\Enigma Software Group\SpyHunter\mon folder moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter\Log folder moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter\Downloads folder moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter\Defs folder moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter\Data folder moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 10674723 bytes
->Flash cache emptied: 456 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Utilisateur
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3811175 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9646693 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 23,00 mb
OTM by OldTimer - Version 3.1.19.0 log created on 01182012_110649
Files moved on Reboot...
File C:\WINDOWS\temp\hsperfdata_SYSTEM\732 not found!
Registry entries deleted on Reboot...
@+
Re,
1/
Redémarre ton PC en mode normal puis utilise le logiciel ci-dessous
pour désinstaller : vuze toolbar.
Télécharge Revo-uninstaller
Exécute ce fichier pour installation
*******Aide Revo-uninstaller*******
2/
Lance ZHPDiag depuis le bureau et prépare stp un nouveau rapport ZHPDiag
@+
_ _ _ Fish66_ _ _ I''"""""I_ _ membre contributeur sécurité_ _I''"""""I_ _ _
¤¤¤ Le meilleur remède pour tous les problèmes, c'est la patience.... ¤¤¤
1/
Redémarre ton PC en mode normal puis utilise le logiciel ci-dessous
pour désinstaller : vuze toolbar.
Télécharge Revo-uninstaller
Exécute ce fichier pour installation
*******Aide Revo-uninstaller*******
2/
Lance ZHPDiag depuis le bureau et prépare stp un nouveau rapport ZHPDiag
@+
_ _ _ Fish66_ _ _ I''"""""I_ _ membre contributeur sécurité_ _I''"""""I_ _ _
¤¤¤ Le meilleur remède pour tous les problèmes, c'est la patience.... ¤¤¤
bon apparemment c bon pour vuze remote toolbar!
voilà le lien pour le dernier rapport ZHP!
http://pjjoint.malekal.com/files.php?id=ZHPDiag_20120118_c13w11f12g15l6
@+
voilà le lien pour le dernier rapport ZHP!
http://pjjoint.malekal.com/files.php?id=ZHPDiag_20120118_c13w11f12g15l6
@+
voici le rapport ZHPfix après suppression:
Rapport de ZHPFix 1.12.3378 par Nicolas Coolman, Update du 10/01/2011
Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-18-01-2012-13-45-33.txt
Run by Utilisateur at 18/01/2012 13:45:33
Windows XP Home Edition Service Pack 3 (Build 2600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Web site : http://nicolascoolman.skyrock.com/
========== Clé(s) du Registre ==========
SUPPRIME Key: StartupReg: SpybotSD TeaTimer
SUPPRIME Key: Mozilla Plugin: @tools.google.com/Google Update;version=3
SUPPRIME Key: Mozilla Plugin: @tools.google.com/Google Update;version=9
========== Préférences navigateur ==========
ABSENT Chrome File:
========== Dossier(s) ==========
SUPPRIME Folder: C:\Program Files\Spybot - Search & Destroy
========== Fichier(s) ==========
ABSENT File: c:\program files\spybot - search & destroy\teatimer.exe
ABSENT File: c:\documents and settings\utilisateur\local settings\application data\google\update\1.3.21.53\npgoogleupdate3.dll
========== Récapitulatif ==========
3 : Clé(s) du Registre
1 : Dossier(s)
2 : Fichier(s)
1 : Préférences navigateur
End of clean in 00mn 02s
Rapport de ZHPFix 1.12.3378 par Nicolas Coolman, Update du 10/01/2011
Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-18-01-2012-13-45-33.txt
Run by Utilisateur at 18/01/2012 13:45:33
Windows XP Home Edition Service Pack 3 (Build 2600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Web site : http://nicolascoolman.skyrock.com/
========== Clé(s) du Registre ==========
SUPPRIME Key: StartupReg: SpybotSD TeaTimer
SUPPRIME Key: Mozilla Plugin: @tools.google.com/Google Update;version=3
SUPPRIME Key: Mozilla Plugin: @tools.google.com/Google Update;version=9
========== Préférences navigateur ==========
ABSENT Chrome File:
========== Dossier(s) ==========
SUPPRIME Folder: C:\Program Files\Spybot - Search & Destroy
========== Fichier(s) ==========
ABSENT File: c:\program files\spybot - search & destroy\teatimer.exe
ABSENT File: c:\documents and settings\utilisateur\local settings\application data\google\update\1.3.21.53\npgoogleupdate3.dll
========== Récapitulatif ==========
3 : Clé(s) du Registre
1 : Dossier(s)
2 : Fichier(s)
1 : Préférences navigateur
End of clean in 00mn 02s
et voici le rapport OTM :
========== FILES ==========
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\UserDefinedItems folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\SearchInNewTab folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Rss folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Repository\conduit_CT2504091_en-us\ToolbarTranslation folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Repository\conduit_CT2504091_en-us folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Repository\conduit_CT2504091_CT2504091\ToolbarTranslation folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Repository\conduit_CT2504091_CT2504091\ToolbarSettings folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Repository\conduit_CT2504091_CT2504091\ToolbarLogin folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Repository\conduit_CT2504091_CT2504091\DynamicDialogs folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Repository\conduit_CT2504091_CT2504091\AppsMetaData folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Repository\conduit_CT2504091_CT2504091 folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Repository folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\MyStuffComponents folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\MyStuffApps folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Logs folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\LanguagePack\en-us folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\LanguagePack folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\ExternalComponent folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\EmailNotifier folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\UntrustedAppPendingDialog folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\UntrustedAppApprovalDialog folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\UntrustedAddedAppDialog folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\UninstallDialog folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\ToolbarUntrustedAppsApprovalDialog folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\ToolbarFirstTimeDialog\images folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\ToolbarFirstTimeDialog folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\SearchProtectorDialog\Images folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\SearchProtectorDialog folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\SearchProtectorBubbleDialog\images folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\SearchProtectorBubbleDialog folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\NewSearchProtectorDialog\images folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\NewSearchProtectorDialog folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\EngineFirstTimeDialog folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\DetectedAppDialog folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\DefualtImages folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\AddedAppDialog folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\CacheIcons folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote folder moved successfully.
OTM by OldTimer - Version 3.1.19.0 log created on 01182012_142049
========== FILES ==========
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\UserDefinedItems folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\SearchInNewTab folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Rss folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Repository\conduit_CT2504091_en-us\ToolbarTranslation folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Repository\conduit_CT2504091_en-us folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Repository\conduit_CT2504091_CT2504091\ToolbarTranslation folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Repository\conduit_CT2504091_CT2504091\ToolbarSettings folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Repository\conduit_CT2504091_CT2504091\ToolbarLogin folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Repository\conduit_CT2504091_CT2504091\DynamicDialogs folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Repository\conduit_CT2504091_CT2504091\AppsMetaData folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Repository\conduit_CT2504091_CT2504091 folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Repository folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\MyStuffComponents folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\MyStuffApps folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Logs folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\LanguagePack\en-us folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\LanguagePack folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\ExternalComponent folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\EmailNotifier folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\UntrustedAppPendingDialog folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\UntrustedAppApprovalDialog folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\UntrustedAddedAppDialog folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\UninstallDialog folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\ToolbarUntrustedAppsApprovalDialog folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\ToolbarFirstTimeDialog\images folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\ToolbarFirstTimeDialog folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\SearchProtectorDialog\Images folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\SearchProtectorDialog folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\SearchProtectorBubbleDialog\images folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\SearchProtectorBubbleDialog folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\NewSearchProtectorDialog\images folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\NewSearchProtectorDialog folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\EngineFirstTimeDialog folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\DetectedAppDialog folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\DefualtImages folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs\AddedAppDialog folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\Dialogs folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\CacheIcons folder moved successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote folder moved successfully.
OTM by OldTimer - Version 3.1.19.0 log created on 01182012_142049
Voilà!
Le scan est terminé!
voici le rapport!
Avira AntiVir Personal
Report file date: mercredi 18 janvier 2012 15:30
Scanning for 3160726 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Safe mode with network
Username : Administrateur
Computer name : UTILISAT-CCDF9C
Version information:
BUILD.DAT : 10.2.0.703 35935 Bytes 29/08/2011 16:39:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 21/07/2011 11:12:28
AVSCAN.DLL : 10.0.5.0 47464 Bytes 21/07/2011 11:15:00
LUKE.DLL : 10.3.0.5 45416 Bytes 21/07/2011 11:13:59
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 23:40:49
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 21/07/2011 11:12:28
AVREG.DLL : 10.3.0.9 90472 Bytes 21/07/2011 11:12:21
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 09:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 06:53:55
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 12:42:10
VBASE003.VDF : 7.11.19.171 2048 Bytes 20/12/2011 12:42:10
VBASE004.VDF : 7.11.19.172 2048 Bytes 20/12/2011 12:42:10
VBASE005.VDF : 7.11.19.173 2048 Bytes 20/12/2011 12:42:10
VBASE006.VDF : 7.11.19.174 2048 Bytes 20/12/2011 12:42:10
VBASE007.VDF : 7.11.19.175 2048 Bytes 20/12/2011 12:42:10
VBASE008.VDF : 7.11.19.176 2048 Bytes 20/12/2011 12:42:10
VBASE009.VDF : 7.11.19.177 2048 Bytes 20/12/2011 12:42:11
VBASE010.VDF : 7.11.19.178 2048 Bytes 20/12/2011 12:42:11
VBASE011.VDF : 7.11.19.179 2048 Bytes 20/12/2011 12:42:11
VBASE012.VDF : 7.11.19.180 2048 Bytes 20/12/2011 12:42:11
VBASE013.VDF : 7.11.19.217 182784 Bytes 22/12/2011 12:42:11
VBASE014.VDF : 7.11.19.255 148480 Bytes 24/12/2011 12:42:12
VBASE015.VDF : 7.11.20.29 164352 Bytes 27/12/2011 12:42:12
VBASE016.VDF : 7.11.20.70 180224 Bytes 29/12/2011 12:42:13
VBASE017.VDF : 7.11.20.102 240640 Bytes 02/01/2012 12:42:13
VBASE018.VDF : 7.11.20.139 164864 Bytes 04/01/2012 12:42:14
VBASE019.VDF : 7.11.20.178 167424 Bytes 06/01/2012 12:42:15
VBASE020.VDF : 7.11.20.207 230400 Bytes 10/01/2012 12:42:16
VBASE021.VDF : 7.11.20.236 150528 Bytes 11/01/2012 12:42:17
VBASE022.VDF : 7.11.21.13 135168 Bytes 13/01/2012 12:42:17
VBASE023.VDF : 7.11.21.40 163840 Bytes 16/01/2012 12:42:18
VBASE024.VDF : 7.11.21.65 1001472 Bytes 17/01/2012 12:42:21
VBASE025.VDF : 7.11.21.66 2048 Bytes 17/01/2012 12:42:21
VBASE026.VDF : 7.11.21.67 2048 Bytes 17/01/2012 12:42:22
VBASE027.VDF : 7.11.21.68 2048 Bytes 17/01/2012 12:42:22
VBASE028.VDF : 7.11.21.69 2048 Bytes 17/01/2012 12:42:22
VBASE029.VDF : 7.11.21.70 2048 Bytes 17/01/2012 12:42:22
VBASE030.VDF : 7.11.21.71 2048 Bytes 17/01/2012 12:42:22
VBASE031.VDF : 7.11.21.80 65536 Bytes 18/01/2012 12:42:22
Engineversion : 8.2.8.28
AEVDF.DLL : 8.1.2.2 106868 Bytes 18/01/2012 12:42:36
AESCRIPT.DLL : 8.1.3.97 426363 Bytes 18/01/2012 12:42:36
AESCN.DLL : 8.1.7.2 127349 Bytes 21/04/2011 06:53:27
AESBX.DLL : 8.2.4.5 434549 Bytes 18/01/2012 12:42:37
AERDL.DLL : 8.1.9.15 639348 Bytes 18/01/2012 12:42:35
AEPACK.DLL : 8.2.16.1 799094 Bytes 18/01/2012 12:42:33
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 18/01/2012 12:42:32
AEHEUR.DLL : 8.1.3.18 4297079 Bytes 18/01/2012 12:42:31
AEHELP.DLL : 8.1.18.0 254327 Bytes 18/01/2012 12:42:24
AEGEN.DLL : 8.1.5.17 405877 Bytes 18/01/2012 12:42:24
AEEMU.DLL : 8.1.3.0 393589 Bytes 21/04/2011 06:53:14
AECORE.DLL : 8.1.24.3 201079 Bytes 18/01/2012 12:42:23
AEBB.DLL : 8.1.1.0 53618 Bytes 21/04/2011 06:53:14
AVWINLL.DLL : 10.0.0.0 19304 Bytes 21/04/2011 06:53:36
AVPREF.DLL : 10.0.3.2 44904 Bytes 21/07/2011 11:12:20
AVREP.DLL : 10.0.0.10 174120 Bytes 21/07/2011 11:12:22
AVARKT.DLL : 10.0.26.1 255336 Bytes 21/07/2011 11:12:00
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 21/07/2011 11:12:10
SQLITE3.DLL : 3.6.19.0 355688 Bytes 21/07/2011 14:12:31
AVSMTP.DLL : 10.0.0.17 63848 Bytes 21/04/2011 06:53:36
NETNT.DLL : 10.0.0.0 11624 Bytes 21/04/2011 06:53:46
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 21/07/2011 11:15:09
RCTEXT.DLL : 10.0.64.0 97640 Bytes 21/07/2011 11:15:09
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: Default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Advanced
Start of the scan: mercredi 18 janvier 2012 15:30
Starting search for hidden objects.
The driver could not be initialized.
The scan of running processes will be started
Scan process 'avscan.exe' - '59' Module(s) have been scanned
Scan process 'avcenter.exe' - '63' Module(s) have been scanned
Scan process 'Explorer.EXE' - '86' Module(s) have been scanned
Scan process 'svchost.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'svchost.exe' - '113' Module(s) have been scanned
Scan process 'svchost.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'lsass.exe' - '48' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '68' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Master boot sector HD5
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '1166' files ).
Starting the file scan:
Begin scan in 'C:\' <Système>
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\hpqmodelver.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\B8500\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\B8800\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\C4340\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\C4400\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\C4500\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\C5300\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\C5500\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\C6300\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\D1500\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\D2500\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\D4300\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\D5400\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\D730\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\D7500\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\F2200\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\F4200\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\F735\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\generic\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\movies\movies_version.dll
[WARNING] The file could not be opened!
C:\Program Files\Ad-Remover\Backup\C_XX_AD-R.exe
[WARNING] The file could not be opened!
C:\Program Files\Google\GoogleToolbarNotifier\swg-5.6.5612.1312\SearchWithGoogleUpdate.exe
[WARNING] The file could not be opened!
C:\Program Files\ImageScape LT\PROGRAM\POSITION.EXE
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\TorrentEasy\extensions.exe.vir
[DETECTION] Contains virus patterns of Adware ADWARE/GoodMedia.A.35
C:\WINDOWS\system32\SONYHCY.DLL
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sonyhcb.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sonyhcc.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\Sonyhcp.dll
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sonyhcs.sys
[WARNING] The file could not be opened!
C:\_OTM\MovedFiles\01182012_142049\C_Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\ldrtbVuz0.dll
[WARNING] The file could not be opened!
C:\_OTM\MovedFiles\01182012_142049\C_Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\ldrtbVuz2.dll
[WARNING] The file could not be opened!
C:\_OTM\MovedFiles\01182012_142049\C_Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\tbVuz0.dll
[WARNING] The file could not be opened!
C:\_OTM\MovedFiles\01182012_142049\C_Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\tbVuz1.dll
[WARNING] The file could not be opened!
C:\_OTM\MovedFiles\01182012_142049\C_Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\tbVuz2.dll
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Données>
Beginning disinfection:
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\TorrentEasy\extensions.exe.vir
[DETECTION] Contains virus patterns of Adware ADWARE/GoodMedia.A.35
[NOTE] The file was moved to the quarantine directory under the name '4cef4286.qua'.
C:\Program Files\ImageScape LT\PROGRAM\POSITION.EXE
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '549b6ed8.qua'.
End of the scan: mercredi 18 janvier 2012 16:30
Used time: 59:22 Minute(s)
The scan has been done completely.
9010 Scanned directories
615354 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
33 Files cannot be scanned
615319 Files not concerned
4617 Archives were scanned
33 Warnings
2 Notes
Je repasse en mode normal.
Merci de votre aide.
@+
Le scan est terminé!
voici le rapport!
Avira AntiVir Personal
Report file date: mercredi 18 janvier 2012 15:30
Scanning for 3160726 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Safe mode with network
Username : Administrateur
Computer name : UTILISAT-CCDF9C
Version information:
BUILD.DAT : 10.2.0.703 35935 Bytes 29/08/2011 16:39:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 21/07/2011 11:12:28
AVSCAN.DLL : 10.0.5.0 47464 Bytes 21/07/2011 11:15:00
LUKE.DLL : 10.3.0.5 45416 Bytes 21/07/2011 11:13:59
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 23:40:49
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 21/07/2011 11:12:28
AVREG.DLL : 10.3.0.9 90472 Bytes 21/07/2011 11:12:21
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 09:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 06:53:55
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 12:42:10
VBASE003.VDF : 7.11.19.171 2048 Bytes 20/12/2011 12:42:10
VBASE004.VDF : 7.11.19.172 2048 Bytes 20/12/2011 12:42:10
VBASE005.VDF : 7.11.19.173 2048 Bytes 20/12/2011 12:42:10
VBASE006.VDF : 7.11.19.174 2048 Bytes 20/12/2011 12:42:10
VBASE007.VDF : 7.11.19.175 2048 Bytes 20/12/2011 12:42:10
VBASE008.VDF : 7.11.19.176 2048 Bytes 20/12/2011 12:42:10
VBASE009.VDF : 7.11.19.177 2048 Bytes 20/12/2011 12:42:11
VBASE010.VDF : 7.11.19.178 2048 Bytes 20/12/2011 12:42:11
VBASE011.VDF : 7.11.19.179 2048 Bytes 20/12/2011 12:42:11
VBASE012.VDF : 7.11.19.180 2048 Bytes 20/12/2011 12:42:11
VBASE013.VDF : 7.11.19.217 182784 Bytes 22/12/2011 12:42:11
VBASE014.VDF : 7.11.19.255 148480 Bytes 24/12/2011 12:42:12
VBASE015.VDF : 7.11.20.29 164352 Bytes 27/12/2011 12:42:12
VBASE016.VDF : 7.11.20.70 180224 Bytes 29/12/2011 12:42:13
VBASE017.VDF : 7.11.20.102 240640 Bytes 02/01/2012 12:42:13
VBASE018.VDF : 7.11.20.139 164864 Bytes 04/01/2012 12:42:14
VBASE019.VDF : 7.11.20.178 167424 Bytes 06/01/2012 12:42:15
VBASE020.VDF : 7.11.20.207 230400 Bytes 10/01/2012 12:42:16
VBASE021.VDF : 7.11.20.236 150528 Bytes 11/01/2012 12:42:17
VBASE022.VDF : 7.11.21.13 135168 Bytes 13/01/2012 12:42:17
VBASE023.VDF : 7.11.21.40 163840 Bytes 16/01/2012 12:42:18
VBASE024.VDF : 7.11.21.65 1001472 Bytes 17/01/2012 12:42:21
VBASE025.VDF : 7.11.21.66 2048 Bytes 17/01/2012 12:42:21
VBASE026.VDF : 7.11.21.67 2048 Bytes 17/01/2012 12:42:22
VBASE027.VDF : 7.11.21.68 2048 Bytes 17/01/2012 12:42:22
VBASE028.VDF : 7.11.21.69 2048 Bytes 17/01/2012 12:42:22
VBASE029.VDF : 7.11.21.70 2048 Bytes 17/01/2012 12:42:22
VBASE030.VDF : 7.11.21.71 2048 Bytes 17/01/2012 12:42:22
VBASE031.VDF : 7.11.21.80 65536 Bytes 18/01/2012 12:42:22
Engineversion : 8.2.8.28
AEVDF.DLL : 8.1.2.2 106868 Bytes 18/01/2012 12:42:36
AESCRIPT.DLL : 8.1.3.97 426363 Bytes 18/01/2012 12:42:36
AESCN.DLL : 8.1.7.2 127349 Bytes 21/04/2011 06:53:27
AESBX.DLL : 8.2.4.5 434549 Bytes 18/01/2012 12:42:37
AERDL.DLL : 8.1.9.15 639348 Bytes 18/01/2012 12:42:35
AEPACK.DLL : 8.2.16.1 799094 Bytes 18/01/2012 12:42:33
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 18/01/2012 12:42:32
AEHEUR.DLL : 8.1.3.18 4297079 Bytes 18/01/2012 12:42:31
AEHELP.DLL : 8.1.18.0 254327 Bytes 18/01/2012 12:42:24
AEGEN.DLL : 8.1.5.17 405877 Bytes 18/01/2012 12:42:24
AEEMU.DLL : 8.1.3.0 393589 Bytes 21/04/2011 06:53:14
AECORE.DLL : 8.1.24.3 201079 Bytes 18/01/2012 12:42:23
AEBB.DLL : 8.1.1.0 53618 Bytes 21/04/2011 06:53:14
AVWINLL.DLL : 10.0.0.0 19304 Bytes 21/04/2011 06:53:36
AVPREF.DLL : 10.0.3.2 44904 Bytes 21/07/2011 11:12:20
AVREP.DLL : 10.0.0.10 174120 Bytes 21/07/2011 11:12:22
AVARKT.DLL : 10.0.26.1 255336 Bytes 21/07/2011 11:12:00
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 21/07/2011 11:12:10
SQLITE3.DLL : 3.6.19.0 355688 Bytes 21/07/2011 14:12:31
AVSMTP.DLL : 10.0.0.17 63848 Bytes 21/04/2011 06:53:36
NETNT.DLL : 10.0.0.0 11624 Bytes 21/04/2011 06:53:46
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 21/07/2011 11:15:09
RCTEXT.DLL : 10.0.64.0 97640 Bytes 21/07/2011 11:15:09
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: Default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Advanced
Start of the scan: mercredi 18 janvier 2012 15:30
Starting search for hidden objects.
The driver could not be initialized.
The scan of running processes will be started
Scan process 'avscan.exe' - '59' Module(s) have been scanned
Scan process 'avcenter.exe' - '63' Module(s) have been scanned
Scan process 'Explorer.EXE' - '86' Module(s) have been scanned
Scan process 'svchost.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'svchost.exe' - '113' Module(s) have been scanned
Scan process 'svchost.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'lsass.exe' - '48' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '68' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Master boot sector HD5
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '1166' files ).
Starting the file scan:
Begin scan in 'C:\' <Système>
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\hpqmodelver.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\B8500\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\B8800\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\C4340\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\C4400\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\C4500\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\C5300\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\C5500\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\C6300\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\D1500\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\D2500\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\D4300\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\D5400\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\D730\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\D7500\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\F2200\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\F4200\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\F735\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\images\generic\model_version.dll
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\HP\LGT\Data\Models\movies\movies_version.dll
[WARNING] The file could not be opened!
C:\Program Files\Ad-Remover\Backup\C_XX_AD-R.exe
[WARNING] The file could not be opened!
C:\Program Files\Google\GoogleToolbarNotifier\swg-5.6.5612.1312\SearchWithGoogleUpdate.exe
[WARNING] The file could not be opened!
C:\Program Files\ImageScape LT\PROGRAM\POSITION.EXE
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\TorrentEasy\extensions.exe.vir
[DETECTION] Contains virus patterns of Adware ADWARE/GoodMedia.A.35
C:\WINDOWS\system32\SONYHCY.DLL
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sonyhcb.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sonyhcc.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\Sonyhcp.dll
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sonyhcs.sys
[WARNING] The file could not be opened!
C:\_OTM\MovedFiles\01182012_142049\C_Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\ldrtbVuz0.dll
[WARNING] The file could not be opened!
C:\_OTM\MovedFiles\01182012_142049\C_Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\ldrtbVuz2.dll
[WARNING] The file could not be opened!
C:\_OTM\MovedFiles\01182012_142049\C_Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\tbVuz0.dll
[WARNING] The file could not be opened!
C:\_OTM\MovedFiles\01182012_142049\C_Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\tbVuz1.dll
[WARNING] The file could not be opened!
C:\_OTM\MovedFiles\01182012_142049\C_Documents and Settings\Utilisateur\Local Settings\Application Data\Vuze_Remote\tbVuz2.dll
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Données>
Beginning disinfection:
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\TorrentEasy\extensions.exe.vir
[DETECTION] Contains virus patterns of Adware ADWARE/GoodMedia.A.35
[NOTE] The file was moved to the quarantine directory under the name '4cef4286.qua'.
C:\Program Files\ImageScape LT\PROGRAM\POSITION.EXE
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '549b6ed8.qua'.
End of the scan: mercredi 18 janvier 2012 16:30
Used time: 59:22 Minute(s)
The scan has been done completely.
9010 Scanned directories
615354 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
33 Files cannot be scanned
615319 Files not concerned
4617 Archives were scanned
33 Warnings
2 Notes
Je repasse en mode normal.
Merci de votre aide.
@+
J'étais en train de faire un scan avec Mbam!
et voilà qu'avira me sonne!
detection de TR\Dropper.gen qu'il a mis en quarantaine:
Je vous envoie le rapport :
Avira AntiVir Personal
Report file date: mercredi 18 janvier 2012 18:10
Scanning for 3160726 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : UTILISAT-CCDF9C
Version information:
BUILD.DAT : 10.2.0.703 35935 Bytes 29/08/2011 16:39:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 21/07/2011 11:12:28
AVSCAN.DLL : 10.0.5.0 47464 Bytes 21/07/2011 11:15:00
LUKE.DLL : 10.3.0.5 45416 Bytes 21/07/2011 11:13:59
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 23:40:49
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 21/07/2011 11:12:28
AVREG.DLL : 10.3.0.9 90472 Bytes 21/07/2011 11:12:21
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 09:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 06:53:55
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 12:42:10
VBASE003.VDF : 7.11.19.171 2048 Bytes 20/12/2011 12:42:10
VBASE004.VDF : 7.11.19.172 2048 Bytes 20/12/2011 12:42:10
VBASE005.VDF : 7.11.19.173 2048 Bytes 20/12/2011 12:42:10
VBASE006.VDF : 7.11.19.174 2048 Bytes 20/12/2011 12:42:10
VBASE007.VDF : 7.11.19.175 2048 Bytes 20/12/2011 12:42:10
VBASE008.VDF : 7.11.19.176 2048 Bytes 20/12/2011 12:42:10
VBASE009.VDF : 7.11.19.177 2048 Bytes 20/12/2011 12:42:11
VBASE010.VDF : 7.11.19.178 2048 Bytes 20/12/2011 12:42:11
VBASE011.VDF : 7.11.19.179 2048 Bytes 20/12/2011 12:42:11
VBASE012.VDF : 7.11.19.180 2048 Bytes 20/12/2011 12:42:11
VBASE013.VDF : 7.11.19.217 182784 Bytes 22/12/2011 12:42:11
VBASE014.VDF : 7.11.19.255 148480 Bytes 24/12/2011 12:42:12
VBASE015.VDF : 7.11.20.29 164352 Bytes 27/12/2011 12:42:12
VBASE016.VDF : 7.11.20.70 180224 Bytes 29/12/2011 12:42:13
VBASE017.VDF : 7.11.20.102 240640 Bytes 02/01/2012 12:42:13
VBASE018.VDF : 7.11.20.139 164864 Bytes 04/01/2012 12:42:14
VBASE019.VDF : 7.11.20.178 167424 Bytes 06/01/2012 12:42:15
VBASE020.VDF : 7.11.20.207 230400 Bytes 10/01/2012 12:42:16
VBASE021.VDF : 7.11.20.236 150528 Bytes 11/01/2012 12:42:17
VBASE022.VDF : 7.11.21.13 135168 Bytes 13/01/2012 12:42:17
VBASE023.VDF : 7.11.21.40 163840 Bytes 16/01/2012 12:42:18
VBASE024.VDF : 7.11.21.65 1001472 Bytes 17/01/2012 12:42:21
VBASE025.VDF : 7.11.21.66 2048 Bytes 17/01/2012 12:42:21
VBASE026.VDF : 7.11.21.67 2048 Bytes 17/01/2012 12:42:22
VBASE027.VDF : 7.11.21.68 2048 Bytes 17/01/2012 12:42:22
VBASE028.VDF : 7.11.21.69 2048 Bytes 17/01/2012 12:42:22
VBASE029.VDF : 7.11.21.70 2048 Bytes 17/01/2012 12:42:22
VBASE030.VDF : 7.11.21.71 2048 Bytes 17/01/2012 12:42:22
VBASE031.VDF : 7.11.21.80 65536 Bytes 18/01/2012 12:42:22
Engineversion : 8.2.8.28
AEVDF.DLL : 8.1.2.2 106868 Bytes 18/01/2012 12:42:36
AESCRIPT.DLL : 8.1.3.97 426363 Bytes 18/01/2012 12:42:36
AESCN.DLL : 8.1.7.2 127349 Bytes 21/04/2011 06:53:27
AESBX.DLL : 8.2.4.5 434549 Bytes 18/01/2012 12:42:37
AERDL.DLL : 8.1.9.15 639348 Bytes 18/01/2012 12:42:35
AEPACK.DLL : 8.2.16.1 799094 Bytes 18/01/2012 12:42:33
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 18/01/2012 12:42:32
AEHEUR.DLL : 8.1.3.18 4297079 Bytes 18/01/2012 12:42:31
AEHELP.DLL : 8.1.18.0 254327 Bytes 18/01/2012 12:42:24
AEGEN.DLL : 8.1.5.17 405877 Bytes 18/01/2012 12:42:24
AEEMU.DLL : 8.1.3.0 393589 Bytes 21/04/2011 06:53:14
AECORE.DLL : 8.1.24.3 201079 Bytes 18/01/2012 12:42:23
AEBB.DLL : 8.1.1.0 53618 Bytes 21/04/2011 06:53:14
AVWINLL.DLL : 10.0.0.0 19304 Bytes 21/04/2011 06:53:36
AVPREF.DLL : 10.0.3.2 44904 Bytes 21/07/2011 11:12:20
AVREP.DLL : 10.0.0.10 174120 Bytes 21/07/2011 11:12:22
AVARKT.DLL : 10.0.26.1 255336 Bytes 21/07/2011 11:12:00
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 21/07/2011 11:12:10
SQLITE3.DLL : 3.6.19.0 355688 Bytes 21/07/2011 14:12:31
AVSMTP.DLL : 10.0.0.17 63848 Bytes 21/04/2011 06:53:36
NETNT.DLL : 10.0.0.0 11624 Bytes 21/04/2011 06:53:46
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 21/07/2011 11:15:09
RCTEXT.DLL : 10.0.64.0 97640 Bytes 21/07/2011 11:15:09
Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_4f547d98\guard_slideup.avp
Logging.............................: Default
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete
Start of the scan: mercredi 18 janvier 2012 18:10
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'mbam.exe' - '1' Module(s) have been scanned
Scan process 'msdtc.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'ZuneBusEnum.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'TomTomHOMEService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'daemonu.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'nTuneService.exe' - '1' Module(s) have been scanned
Scan process 'java.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mbamservice.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'FABS.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'Wrapper.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Starting the file scan:
Begin scan in 'C:\System Volume Information\_restore{74590097-99FB-44E9-9DF1-C2D450346927}\RP731\A0279267.EXE'
C:\System Volume Information\_restore{74590097-99FB-44E9-9DF1-C2D450346927}\RP731\A0279267.EXE
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4d0c5c53.qua'.
End of the scan: mercredi 18 janvier 2012 18:10
Used time: 00:08 Minute(s)
The scan has been done completely.
0 Scanned directories
42 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
41 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes
Il doit pas être facile à enlever celui-là!!!
@+ avec le rapport Mbam
et voilà qu'avira me sonne!
detection de TR\Dropper.gen qu'il a mis en quarantaine:
Je vous envoie le rapport :
Avira AntiVir Personal
Report file date: mercredi 18 janvier 2012 18:10
Scanning for 3160726 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : UTILISAT-CCDF9C
Version information:
BUILD.DAT : 10.2.0.703 35935 Bytes 29/08/2011 16:39:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 21/07/2011 11:12:28
AVSCAN.DLL : 10.0.5.0 47464 Bytes 21/07/2011 11:15:00
LUKE.DLL : 10.3.0.5 45416 Bytes 21/07/2011 11:13:59
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 23:40:49
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 21/07/2011 11:12:28
AVREG.DLL : 10.3.0.9 90472 Bytes 21/07/2011 11:12:21
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 09:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 06:53:55
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 12:42:10
VBASE003.VDF : 7.11.19.171 2048 Bytes 20/12/2011 12:42:10
VBASE004.VDF : 7.11.19.172 2048 Bytes 20/12/2011 12:42:10
VBASE005.VDF : 7.11.19.173 2048 Bytes 20/12/2011 12:42:10
VBASE006.VDF : 7.11.19.174 2048 Bytes 20/12/2011 12:42:10
VBASE007.VDF : 7.11.19.175 2048 Bytes 20/12/2011 12:42:10
VBASE008.VDF : 7.11.19.176 2048 Bytes 20/12/2011 12:42:10
VBASE009.VDF : 7.11.19.177 2048 Bytes 20/12/2011 12:42:11
VBASE010.VDF : 7.11.19.178 2048 Bytes 20/12/2011 12:42:11
VBASE011.VDF : 7.11.19.179 2048 Bytes 20/12/2011 12:42:11
VBASE012.VDF : 7.11.19.180 2048 Bytes 20/12/2011 12:42:11
VBASE013.VDF : 7.11.19.217 182784 Bytes 22/12/2011 12:42:11
VBASE014.VDF : 7.11.19.255 148480 Bytes 24/12/2011 12:42:12
VBASE015.VDF : 7.11.20.29 164352 Bytes 27/12/2011 12:42:12
VBASE016.VDF : 7.11.20.70 180224 Bytes 29/12/2011 12:42:13
VBASE017.VDF : 7.11.20.102 240640 Bytes 02/01/2012 12:42:13
VBASE018.VDF : 7.11.20.139 164864 Bytes 04/01/2012 12:42:14
VBASE019.VDF : 7.11.20.178 167424 Bytes 06/01/2012 12:42:15
VBASE020.VDF : 7.11.20.207 230400 Bytes 10/01/2012 12:42:16
VBASE021.VDF : 7.11.20.236 150528 Bytes 11/01/2012 12:42:17
VBASE022.VDF : 7.11.21.13 135168 Bytes 13/01/2012 12:42:17
VBASE023.VDF : 7.11.21.40 163840 Bytes 16/01/2012 12:42:18
VBASE024.VDF : 7.11.21.65 1001472 Bytes 17/01/2012 12:42:21
VBASE025.VDF : 7.11.21.66 2048 Bytes 17/01/2012 12:42:21
VBASE026.VDF : 7.11.21.67 2048 Bytes 17/01/2012 12:42:22
VBASE027.VDF : 7.11.21.68 2048 Bytes 17/01/2012 12:42:22
VBASE028.VDF : 7.11.21.69 2048 Bytes 17/01/2012 12:42:22
VBASE029.VDF : 7.11.21.70 2048 Bytes 17/01/2012 12:42:22
VBASE030.VDF : 7.11.21.71 2048 Bytes 17/01/2012 12:42:22
VBASE031.VDF : 7.11.21.80 65536 Bytes 18/01/2012 12:42:22
Engineversion : 8.2.8.28
AEVDF.DLL : 8.1.2.2 106868 Bytes 18/01/2012 12:42:36
AESCRIPT.DLL : 8.1.3.97 426363 Bytes 18/01/2012 12:42:36
AESCN.DLL : 8.1.7.2 127349 Bytes 21/04/2011 06:53:27
AESBX.DLL : 8.2.4.5 434549 Bytes 18/01/2012 12:42:37
AERDL.DLL : 8.1.9.15 639348 Bytes 18/01/2012 12:42:35
AEPACK.DLL : 8.2.16.1 799094 Bytes 18/01/2012 12:42:33
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 18/01/2012 12:42:32
AEHEUR.DLL : 8.1.3.18 4297079 Bytes 18/01/2012 12:42:31
AEHELP.DLL : 8.1.18.0 254327 Bytes 18/01/2012 12:42:24
AEGEN.DLL : 8.1.5.17 405877 Bytes 18/01/2012 12:42:24
AEEMU.DLL : 8.1.3.0 393589 Bytes 21/04/2011 06:53:14
AECORE.DLL : 8.1.24.3 201079 Bytes 18/01/2012 12:42:23
AEBB.DLL : 8.1.1.0 53618 Bytes 21/04/2011 06:53:14
AVWINLL.DLL : 10.0.0.0 19304 Bytes 21/04/2011 06:53:36
AVPREF.DLL : 10.0.3.2 44904 Bytes 21/07/2011 11:12:20
AVREP.DLL : 10.0.0.10 174120 Bytes 21/07/2011 11:12:22
AVARKT.DLL : 10.0.26.1 255336 Bytes 21/07/2011 11:12:00
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 21/07/2011 11:12:10
SQLITE3.DLL : 3.6.19.0 355688 Bytes 21/07/2011 14:12:31
AVSMTP.DLL : 10.0.0.17 63848 Bytes 21/04/2011 06:53:36
NETNT.DLL : 10.0.0.0 11624 Bytes 21/04/2011 06:53:46
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 21/07/2011 11:15:09
RCTEXT.DLL : 10.0.64.0 97640 Bytes 21/07/2011 11:15:09
Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_4f547d98\guard_slideup.avp
Logging.............................: Default
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete
Start of the scan: mercredi 18 janvier 2012 18:10
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'mbam.exe' - '1' Module(s) have been scanned
Scan process 'msdtc.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'ZuneBusEnum.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'TomTomHOMEService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'daemonu.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'nTuneService.exe' - '1' Module(s) have been scanned
Scan process 'java.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mbamservice.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'FABS.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'Wrapper.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Starting the file scan:
Begin scan in 'C:\System Volume Information\_restore{74590097-99FB-44E9-9DF1-C2D450346927}\RP731\A0279267.EXE'
C:\System Volume Information\_restore{74590097-99FB-44E9-9DF1-C2D450346927}\RP731\A0279267.EXE
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4d0c5c53.qua'.
End of the scan: mercredi 18 janvier 2012 18:10
Used time: 00:08 Minute(s)
The scan has been done completely.
0 Scanned directories
42 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
41 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes
Il doit pas être facile à enlever celui-là!!!
@+ avec le rapport Mbam
bon voilà! c'était un peu plus rapide que prévu.
rapport Mbam :
Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org
Version de la base de données: v2012.01.18.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Utilisateur :: UTILISAT-CCDF9C [administrateur]
Protection: Désactivé
18/01/2012 17:10:15
mbam-log-2012-01-18 (17-10-15).txt
Type d'examen: Examen complet
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 309992
Temps écoulé: 1 heure(s), 40 minute(s), 6 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)
(fin)
a voir !
j'avais aussi un probleme avec ccleaner! il plantait en mode outils, et en mode registre.
je vous tient au courant!
@+
rapport Mbam :
Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org
Version de la base de données: v2012.01.18.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Utilisateur :: UTILISAT-CCDF9C [administrateur]
Protection: Désactivé
18/01/2012 17:10:15
mbam-log-2012-01-18 (17-10-15).txt
Type d'examen: Examen complet
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 309992
Temps écoulé: 1 heure(s), 40 minute(s), 6 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)
(fin)
a voir !
j'avais aussi un probleme avec ccleaner! il plantait en mode outils, et en mode registre.
je vous tient au courant!
@+
