Sujet Précédent Sujet Suivant

TR/Downloader.Gen

Résolu
Light-Yagami Messages postés 155 Statut Membre -  
Light-Yagami Messages postés 155 Statut Membre -
Bonjour, j'ai une saloprie qui revient tout le temps

TR/Downloader.Gen

j'ai avira antivir et à chaque demarrage de mon pc il me demande ce q'u il doit faire du trojan !! je dis acces denied et il revient

que faire svp ???????

Avira AntiVir Personal
Report file date: dimanche 16 novembre 2008 23:57

Scanning for 1036369 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC

Version information:
BUILD.DAT : 8.2.0.336 16933 Bytes 30/10/2008 11:40:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 10:45:20
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 9/11/2008 10:45:21
ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 16/11/2008 20:26:33
ANTIVIR3.VDF : 7.1.0.90 2048 Bytes 16/11/2008 20:26:34
Engineversion : 8.2.0.31
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 11:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 16/11/2008 10:45:30
AESCN.DLL : 8.1.1.5 123251 Bytes 16/11/2008 10:45:30
AERDL.DLL : 8.1.1.3 438645 Bytes 16/11/2008 10:45:29
AEPACK.DLL : 8.1.3.4 393591 Bytes 16/11/2008 10:45:28
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 16/11/2008 10:45:27
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 16/11/2008 10:45:26
AEHELP.DLL : 8.1.1.3 119157 Bytes 16/11/2008 10:45:25
AEGEN.DLL : 8.1.1.0 319859 Bytes 16/11/2008 10:45:24
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 11:05:56
AECORE.DLL : 8.1.4.1 172405 Bytes 16/11/2008 10:45:24
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 11:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 9/07/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 16/11/2008 10:45:23
AVREG.DLL : 8.0.0.1 33537 Bytes 9/05/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 16 novembre 2008 23:57

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'Azureus.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'nSvcIp.exe' - '1' Module(s) have been scanned
Scan process 'nSvcAppFlt.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'nTuneService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'VistaStartMenu.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'comrepl.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
53 processes with 53 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '35' files ).

Starting the file scan:

Begin scan in 'C:\' <HDD Western Digital>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!

End of the scan: lundi 17 novembre 2008 00:59
Used time: 1:02:15 Hour(s)

The scan has been done completely.

18125 Scanning directories
356005 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
356003 Files not concerned
1862 Archives were scanned
2 Warnings
0 Notes

97 réponses

Précédent
Réponse 61 / 97
Light-Yagami Messages postés 155 Statut Membre 1
 
ok merci bcp pour ton temps !!

c deja bien gentil de ta part !

+++
0
Réponse 62 / 97
Light-Yagami Messages postés 155 Statut Membre 1
 
je viens d'avoir encore 4 detections ...

Virus or unwanted program 'TR/Agent.iob [trojan]'
detected in file 'C:\Users\Kira\AppData\Local\Temp\~tmp\hmunmlcn21\svchost.exe.

Virus or unwanted program 'TR/Agent.iob [trojan]'
detected in file 'C:\Users\Kira\AppData\Local\Temp\~tmp\yunml03\svchost.exe.
Action performed: Move file to quarantine

elles vont par 2 ....

decidement ...
0
Réponse 63 / 97
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Fais la manip' avec OTMoveIt3 en mode sans échec.

---> Pour redémarrer en mode sans échec :
- Redémarre ton PC.
- Au démarrage, tapote sur F8 (F5 sur certains PC) juste après l'affichage du BIOS et juste avant le chargement de Windows.
- Dans le menu d'options avancées, choisis Mode sans échec.
- Choisis ta session.

En plus de la manip' avec OTMoveIt3, fais aussi ceci en mode sans échec :

● Télécharge ATF Cleaner sur ton Bureau.
● Double-clique sur le programme.
● Coche Select All et clique sur le bouton Empty Selected.

Si tu utilises le navigateur Firefox :
● Clique Firefox en haut et coche : Select All.
● Clique sur Empty Selected.
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :
● Clique Opera en haut et coche : Select All.
● Clique sur Empty Selected.
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

● Clique sur Exit du menu prinicipal pour fermer le programme.
0
Réponse 64 / 97
Light-Yagami Messages postés 155 Statut Membre 1
 
re , voila j'ai fais les manips , je vais lle laisser connecté jusque midi et qd je reviens je te dirai donc si j'ai encore eu des detections

encore merci pour tes conseils

bonne journee a toi
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 65 / 97
Light-Yagami Messages postés 155 Statut Membre 1
 
7 detections sur la matinée ...

tjrs les meme virus...

j'en reviens pas ^^
0
Réponse 66 / 97
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
/!\ Seul Light-Yagami peut suivre cette procédure /!\

1/

---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :

KillAll::

File::
c:\windows\System32\drivers\~GLH0014.TMP
c:\windows\System32\drivers\mqtgsvc.exe
c:\windows\cmstp.exe
c:\users\Kira\AppData\Roaming\MICROS~1\comrepl.exe

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"CmSTP"=-
[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"MqtgSVC"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ComRepl"=-

---> Colle la sélection dans le bloc-notes

---> Enregistre ce fichier sur le bureau (Impératif)

---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes

2/

---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix\Combofix.txt
0
Réponse 67 / 97
Light-Yagami Messages postés 155 Statut Membre 1
 
re :) voici le rapport :

merci à toi

ComboFix 08-11-27.03 - Kira 2008-11-27 21:43:26.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2180 [GMT 1:00]
Lancé depuis: c:\users\Kira\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Kira\Desktop\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\users\Kira\AppData\Roaming\MICROS~1\comrepl.exe
c:\windows\cmstp.exe
c:\windows\System32\drivers\~GLH0014.TMP
c:\windows\System32\drivers\mqtgsvc.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Kira\AppData\Roaming\MICROS~1\comrepl.exe
c:\windows\cmstp.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-27 au 2008-11-27 ))))))))))))))))))))))))))))))))))))
.

2099-11-11 20:58 . 2099-11-11 20:58 5,571 --a------ c:\windows\System32\vsconfig.xml
2008-11-27 08:43 . 2008-11-27 21:33 <REP> d-------- c:\users\Kira\AppData\Roaming\BitTorrent
2008-11-27 08:06 . 2008-10-20 18:04 81,920 --a------ c:\users\Kira\AppData\Roaming\clipsrv.exe
2008-11-26 22:52 . 2008-10-20 18:04 81,920 --a------ c:\users\Kira\AppData\Roaming\logman.exe
2008-11-26 22:49 . 2008-10-20 18:04 81,920 --a------ c:\users\Kira\AppData\Roaming\sessmgr.exe
2008-11-26 20:53 . 2008-11-26 20:54 <REP> d-------- c:\program files\GameHike
2008-11-26 20:52 . 2008-11-26 20:52 <REP> d-------- c:\program files\BitTorrent
2008-11-26 20:34 . 2008-11-26 20:34 <REP> d-------- C:\_OTMoveIt
2008-11-26 20:15 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 20:15 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 20:15 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 20:15 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 20:15 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-26 07:44 . 2008-11-26 07:47 <REP> d-------- c:\program files\UsbFix
2008-11-25 23:34 . 2008-11-25 23:34 <REP> d-------- c:\users\Kira\AppData\Roaming\Smart PC Solutions
2008-11-25 23:34 . 2008-11-25 23:34 <REP> d-------- c:\program files\Smart PC Solutions
2008-11-25 17:34 . 2008-11-25 17:34 <REP> d-------- c:\program files\PGWARE
2008-11-25 08:47 . 2008-11-25 08:47 <REP> d-------- c:\program files\RegCleaner
2008-11-24 19:08 . 2008-10-20 18:04 81,920 --a------ c:\users\Kira\AppData\Roaming\ieudinit.exe.vir
2008-11-24 19:06 . 2008-10-20 18:04 81,920 --a------ c:\users\Kira\AppData\Roaming\mstsc.exe
2008-11-24 17:23 . 2008-10-20 18:04 81,920 --a------ c:\users\Kira\AppData\Roaming\sessmgr.exe.vir
2008-11-24 12:36 . 2008-10-20 18:04 81,920 --a------ c:\users\Kira\AppData\Roaming\rsvp.exe
2008-11-24 12:16 . 2008-10-20 18:04 81,920 --a------ c:\users\Kira\AppData\Roaming\rsvp.exe.vir
2008-11-23 16:46 . 2008-11-23 16:48 <REP> d-------- c:\users\Kira\DoctorWeb
2008-11-23 16:43 . 2008-10-20 18:04 81,920 --a------ c:\users\Kira\AppData\Roaming\cisvc.exe
2008-11-23 16:41 . 2008-11-23 16:41 <REP> d-------- c:\users\Kira\AppData\Roaming\Simply Super Software
2008-11-23 16:41 . 2008-11-23 16:41 <REP> d-------- c:\users\All Users\Simply Super Software
2008-11-23 16:41 . 2008-11-23 16:41 <REP> d-------- c:\programdata\Simply Super Software
2008-11-23 16:41 . 2008-11-23 16:41 <REP> d-------- c:\program files\Trojan Remover
2008-11-23 16:41 . 2006-05-25 14:52 162,304 --a------ c:\windows\System32\ztvunrar36.dll
2008-11-23 16:41 . 2003-02-02 19:06 153,088 --a------ c:\windows\System32\UNRAR3.dll
2008-11-23 16:41 . 2005-08-26 00:50 77,312 --a------ c:\windows\System32\ztvunace26.dll
2008-11-23 16:41 . 2002-03-06 00:00 75,264 --a------ c:\windows\System32\unacev2.dll
2008-11-23 16:41 . 2006-06-19 12:01 69,632 --a------ c:\windows\System32\ztvcabinet.dll
2008-11-23 15:10 . 2008-11-23 15:10 <REP> d-------- c:\program files\Common Files\Adobe AIR
2008-11-23 15:07 . 2008-11-23 15:07 <REP> d-------- c:\program files\filehippo.com
2008-11-23 09:52 . 2008-11-23 09:52 <REP> d-------- c:\windows\65F1CF6331E0450B96F34A88BE7361A6.TMP
2008-11-23 02:20 . 2008-11-23 02:20 <REP> d-------- c:\program files\Lavasoft
2008-11-23 01:47 . 2008-11-23 01:47 0 --a------ C:\ARK8B11.tmp
2008-11-22 22:34 . 2008-11-10 23:26 <REP> d-a------ c:\program files\silent hill homecoming
2008-11-22 15:27 . 2008-11-22 15:27 <REP> d-------- c:\program files\MagicDisc
2008-11-22 15:27 . 2008-07-28 17:19 116,736 --a------ c:\windows\System32\drivers\mcdbus.sys
2008-11-19 23:47 . 2008-11-19 23:47 <REP> d-------- c:\users\Kira\AppData\Roaming\Malwarebytes
2008-11-19 23:47 . 2008-11-19 23:47 <REP> d-------- c:\users\All Users\Malwarebytes
2008-11-19 23:47 . 2008-11-19 23:47 <REP> d-------- c:\programdata\Malwarebytes
2008-11-19 23:47 . 2008-11-19 23:47 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-19 23:47 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-19 23:47 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-18 01:15 . 2008-11-24 19:14 <REP> d-------- c:\program files\DivX
2008-11-18 00:28 . 2008-11-18 00:28 <REP> d-------- c:\program files\Java
2008-11-17 20:12 . 2008-11-17 20:13 <REP> d-------- C:\rsit
2008-11-17 16:06 . 2008-11-17 16:06 <REP> d-------- c:\program files\Eidos
2008-11-17 06:36 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-17 06:36 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-17 06:36 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-17 06:36 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-17 06:35 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-17 06:35 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-17 06:35 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-17 06:35 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-17 06:35 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-16 13:22 . 2008-11-19 07:36 <REP> d-------- c:\users\Kira\PROGRAMMES COMPLETS
2008-11-16 13:03 . 2008-11-19 07:34 <REP> d-------- c:\users\Kira\AppData\Roaming\Micro Application
2008-11-16 11:43 . 2008-11-16 11:43 <REP> d-------- c:\users\All Users\Avira
2008-11-16 11:43 . 2008-11-16 11:43 <REP> d-------- c:\programdata\Avira
2008-11-16 11:43 . 2008-11-16 11:43 <REP> d-------- c:\program files\Avira
2008-11-16 11:14 . 2008-11-27 21:46 0 --------- c:\windows\System32\Ikeext.etl
2008-11-16 08:39 . 2008-11-16 08:39 <REP> d-------- c:\program files\Hamachi
2008-11-15 22:21 . 2008-11-15 22:21 17,480 --a------ c:\windows\System32\drivers\hamachi.sys
2008-11-15 17:35 . 2008-11-15 17:35 <REP> d-------- c:\windows\System32\Service
2008-11-15 11:57 . 2008-11-25 01:08 <REP> d-------- c:\program files\Piratrax
2008-11-15 11:55 . 2008-11-15 11:55 <REP> d--hs---- C:\$RECYCLE.BIN
2008-11-13 18:24 . 2008-11-13 18:24 355,584 --a------ c:\windows\System32\TuneUpDefragService.exe
2008-11-13 18:24 . 2008-05-29 09:28 28,416 --a------ c:\windows\System32\uxtuneup.dll
2008-11-13 18:24 . 2008-05-29 09:28 16,640 --a------ c:\windows\System32\authuitu.dll
2008-11-13 18:23 . 2008-11-13 18:24 <REP> d-------- c:\program files\TuneUp Utilities 2008
2008-11-13 18:05 . 2008-11-13 18:11 <REP> d-------- c:\program files\Glary Utilities
2008-11-13 16:52 . 2008-11-13 16:52 <REP> d-------- c:\users\Kira\AppData\Roaming\SystemRequirementsLab
2008-11-13 16:52 . 2008-11-13 16:52 <REP> d-------- c:\program files\SystemRequirementsLab
2008-11-13 16:20 . 2008-11-13 16:20 203,540 --a------ c:\windows\System32\nvapps.xml
2008-11-13 07:48 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\System32\D3DX9_40.dll
2008-11-13 07:48 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\System32\D3DCompiler_40.dll
2008-11-13 07:48 . 2008-10-27 10:04 514,384 --a------ c:\windows\System32\XAudio2_3.dll
2008-11-13 07:48 . 2008-10-10 04:52 452,440 --a------ c:\windows\System32\d3dx10_40.dll
2008-11-13 07:48 . 2008-10-27 10:04 235,856 --a------ c:\windows\System32\xactengine3_3.dll
2008-11-13 07:48 . 2008-10-27 10:04 70,992 --a------ c:\windows\System32\XAPOFX1_2.dll
2008-11-13 07:48 . 2008-10-27 10:04 23,376 --a------ c:\windows\System32\X3DAudio1_5.dll
2008-11-12 21:38 . 2008-11-12 21:38 <REP> d-------- c:\users\Kira\AppData\Roaming\Uniblue
2008-11-12 08:25 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-12 08:25 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-12 08:25 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-11 13:15 . 2008-11-13 17:56 <REP> d-------- c:\program files\VS Revo Group
2008-11-11 10:19 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-11-11 10:19 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-11-11 09:14 . 2008-11-11 09:14 <REP> d-------- C:\Intel
2008-11-10 21:25 . 2008-11-10 21:25 <REP> d-------- c:\windows\A7E07C2B2220441587E3784D5814BC93.TMP
2008-11-10 19:59 . 2008-11-10 19:59 <REP> d-------- c:\users\Kira\AppData\Roaming\FlashGet
2008-11-10 01:46 . 2008-11-16 11:41 <REP> d-------- c:\program files\Trend Micro
2008-11-08 20:50 . 2008-11-08 20:50 7 --a------ c:\windows\sbacknt.bin
2008-11-08 19:38 . 2008-11-26 19:27 <REP> d-------- C:\Fraps
2008-11-08 16:08 . 2008-11-08 16:08 65,536 --------- c:\windows\SPInstall.etl
2008-11-08 15:30 . 2008-11-08 15:30 <REP> d-------- c:\users\Kira\AppData\Roaming\Avanquest
2008-11-08 15:30 . 2008-11-08 15:30 <REP> d-------- c:\users\All Users\Avanquest
2008-11-08 15:30 . 2008-11-08 15:30 <REP> d-------- c:\programdata\Avanquest
2008-11-08 13:23 . 2008-11-08 13:23 <REP> d-------- c:\users\Kira\AppData\Roaming\RTPlayer
2008-11-08 13:06 . 2008-11-08 13:07 <REP> d-------- c:\users\All Users\RapidSolution
2008-11-08 13:06 . 2008-11-08 13:07 <REP> d-------- c:\programdata\RapidSolution
2008-11-08 12:15 . 2008-11-08 12:15 <REP> d-------- c:\users\All Users\BVRP Software
2008-11-08 12:15 . 2008-11-08 12:15 <REP> d-------- c:\programdata\BVRP Software
2008-11-08 12:14 . 2008-11-08 12:14 <REP> dr-hs---- C:\_Backup.RC
2008-11-08 12:14 . 2008-11-08 20:36 <REP> d--h----- C:\_Backup
2008-11-08 12:13 . 2008-11-08 12:13 <REP> d-------- c:\users\Kira\AppData\Roaming\VCOM
2008-11-08 12:13 . 2008-11-08 12:13 <REP> d-------- c:\users\All Users\VCOM
2008-11-08 12:13 . 2008-11-08 12:13 <REP> d-------- c:\programdata\VCOM
2008-11-08 12:12 . 2008-11-08 12:12 <REP> d-------- c:\program files\VCOM
2008-11-04 17:24 . 2008-11-04 17:24 56 --ah----- c:\windows\System32\ezsidmv.dat
2008-11-04 16:42 . 2008-11-04 16:42 40 --a------ c:\windows\TSC.INI
2008-11-04 14:46 . 2008-11-18 00:29 410,976 --a------ c:\windows\System32\deploytk.dll
2008-11-04 07:57 . 2008-11-19 12:53 <REP> d-------- c:\users\Kira\.housecall6.6
2008-11-04 07:53 . 2008-11-04 07:53 507,904 --a------ c:\windows\TMUPDATE.DLL
2008-11-04 07:53 . 2008-11-04 07:53 286,720 --a------ c:\windows\PATCH.EXE
2008-11-04 07:53 . 2008-11-04 07:53 69,689 --a------ c:\windows\UNZIP.DLL
2008-11-01 09:01 . 2008-11-01 09:01 <REP> d-------- c:\users\Kira\AppData\Roaming\Activision
2008-11-01 09:01 . 2008-11-01 09:01 <REP> d-------- c:\users\All Users\Activision
2008-11-01 09:01 . 2008-11-01 09:01 <REP> d-------- c:\programdata\Activision

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-27 20:47 --------- d-----w c:\users\Kira\AppData\Roaming\DNA
2008-11-27 07:36 --------- d---a-w c:\programdata\TEMP
2008-11-26 20:01 --------- d-----w c:\program files\Activision
2008-11-26 18:04 --------- d-----w c:\users\Kira\AppData\Roaming\Skype
2008-11-26 17:37 --------- d-----w c:\users\Kira\AppData\Roaming\skypePM
2008-11-26 08:00 --------- d-----w c:\programdata\Spybot - Search & Destroy
2008-11-26 07:58 --------- d-----w c:\program files\Microsoft Games
2008-11-26 07:52 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-26 07:52 --------- d-----w c:\program files\Ubisoft
2008-11-26 07:24 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-26 06:44 --------- d-----w c:\users\Kira\AppData\Roaming\Azureus
2008-11-24 18:16 --------- d-----w c:\program files\ma-config.com
2008-11-24 17:25 --------- d-----w c:\programdata\NVIDIA
2008-11-23 14:12 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-23 11:15 22,328 ----a-w c:\users\Kira\AppData\Roaming\PnkBstrK.sys
2008-11-23 01:20 --------- d-----w c:\programdata\Lavasoft
2008-11-23 01:17 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-20 06:33 --------- d-----w c:\users\Kira\AppData\Roaming\Desktopicon
2008-11-18 00:40 --------- d-----w c:\programdata\Apple Computer
2008-11-17 15:18 --------- d-----w c:\programdata\Media Center Programs
2008-11-16 10:08 --------- d-----w c:\users\Kira\AppData\Roaming\Hamachi
2008-11-12 21:49 --------- d-----w c:\program files\Windows Mail
2008-11-12 21:48 --------- d-----w c:\program files\NVIDIA Corporation
2008-11-12 13:54 7,611,360 ----a-w c:\windows\system32\drivers\nvlddmkm.sys
2008-11-12 13:54 4,160 ----a-w c:\windows\system32\drivers\nvBridge.kmd
2008-11-12 07:38 --------- d-----w c:\users\Kira\AppData\Roaming\vghd
2008-11-06 06:45 --------- dc-h--w c:\programdata\~0
2008-11-01 22:55 --------- d-----w c:\program files\Yahoo!
2008-10-30 16:40 --------- d-----w c:\program files\GameSpy Arcade
2008-10-26 10:47 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-26 10:22 --------- d-----w c:\program files\MagicISO
2008-10-26 08:03 --------- d-----w c:\users\Kira\AppData\Roaming\Capcom
2008-10-25 22:42 --------- d-----w c:\users\Kira\AppData\Roaming\GetRight
2008-10-25 20:43 --------- d-----w c:\program files\Futuremark
2008-10-25 19:39 --------- d-----w c:\program files\AGEIA Technologies
2008-10-23 21:19 --------- d-----w c:\program files\Electronic Arts
2008-10-22 15:30 --------- d-----w c:\users\Kira\AppData\Roaming\NewsLeecher
2008-10-20 17:04 81,920 ----a-w c:\users\Kira\AppData\Roaming\esentutl.exe
2008-10-20 06:23 --------- d-----w c:\programdata\THQ
2008-10-20 06:08 --------- d-----w c:\program files\Tomb Raider - Legend
2008-10-19 11:36 --------- d-----w c:\programdata\eMule
2008-10-19 11:35 --------- d-----w c:\program files\eMule
2008-10-16 23:00 --------- d-----w c:\users\Kira\AppData\Roaming\OpenOffice.org
2008-10-15 10:31 --------- d-----w c:\program files\City Interactive
2008-10-13 05:54 --------- d-----w c:\program files\OpenAL
2008-10-12 20:58 --------- d-----w c:\users\Kira\AppData\Roaming\Pro Cycling Manager 2008
2008-10-12 13:50 --------- d-----w c:\program files\OpenOffice.org 3
2008-10-12 13:49 --------- d-----w c:\program files\OpenOffice.org 2.4
2008-10-12 13:44 --------- d-----w c:\programdata\Skype
2008-10-12 13:44 --------- d-----w c:\program files\Common Files\Skype
2008-10-12 13:44 --------- d-----r c:\program files\Skype
2008-10-12 13:35 --------- d-----w c:\users\Kira\AppData\Roaming\KC Softwares
2008-10-12 05:07 --------- d-----w c:\users\Kira\AppData\Roaming\OpenOffice.org2
2008-10-11 16:05 --------- d-----w c:\program files\FIFA 09
2008-10-11 07:31 --------- d-----w c:\program files\Messenger Plus! Live
2008-10-09 21:52 --------- d-----w c:\programdata\Azureus
2008-10-09 21:44 --------- d-----w c:\users\Kira\AppData\Roaming\teamspeak2
2008-10-09 21:42 --------- d-----w c:\program files\Windows Live
2008-10-09 21:41 --------- d-----w c:\program files\Microsoft
2008-10-09 21:38 --------- d-----w c:\program files\Common Files\Windows Live
2008-10-09 21:24 --------- d-----w c:\programdata\LookMyPC
2008-10-08 21:01 --------- d-----w c:\program files\NVIDIA nTune Performance Application
2008-10-04 19:47 --------- d-----w c:\programdata\SymplisIT
2008-10-04 19:42 --------- d-----w c:\users\Kira\AppData\Roaming\ESTsoft
2008-10-04 19:42 --------- d-----w c:\program files\ESTsoft
2008-10-04 14:13 --------- d-----w c:\programdata\Symantec
2008-10-04 13:36 --------- d-----w c:\users\Kira\AppData\Roaming\PCToolsFirewallPlus
2008-10-04 12:36 --------- d-----w c:\users\Kira\AppData\Roaming\GetRightToGo
2008-10-04 10:47 --------- d-----w c:\programdata\CheckPoint
2008-10-04 10:02 --------- d-----w c:\users\Kira\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-10-04 06:29 --------- d-----w c:\users\Kira\AppData\Roaming\Pro Cycling Manager 2007
2008-10-03 19:14 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-03 17:08 --------- d-----w c:\programdata\Apple
2008-10-03 17:08 --------- d-----w c:\program files\Apple Software Update
2008-10-03 16:55 --------- d-----w c:\program files\Common Files\Adobe
2008-10-03 16:54 --------- d-----w c:\programdata\NOS
2008-10-03 16:36 --------- d-----w c:\program files\NOS
2008-10-01 17:32 --------- d-----w c:\users\Kira\AppData\Roaming\Leadertech
2008-09-30 15:47 --------- d-----w c:\users\Kira\AppData\Roaming\TeamViewer
2008-09-28 07:35 --------- d-----w c:\users\Kira\AppData\Roaming\mIRC
2008-09-27 22:23 --------- d-----w c:\programdata\Kaspersky Lab Setup Files
2008-09-18 21:21 657,408 ----a-w c:\windows\is-UMHNL.exe
2008-08-21 16:49 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 81920]
"VistaStartMenu"="c:\program files\Vista Start Menu\VistaStartMenu.exe" [2008-10-08 2145792]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"BitTorrent DNA"="c:\users\Kira\Program Files\DNA\btdna.exe" [2008-11-26 342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13675040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"TrojanScanner"=c:\program files\Trojan Remover\Trjscan.exe /boot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3DAC8051-29D5-4F8E-8423-9ED9689558CA}"= UDP:c:\program files\Midway Games\BlackSite\Binaries\BlackSite.exe:Blacksite Area 51
"{386D2038-8116-4E4A-96CB-962CA89200F8}"= TCP:c:\program files\Midway Games\BlackSite\Binaries\BlackSite.exe:Blacksite Area 51
"TCP Query User{DBFA6D53-432E-4F73-991A-75F22D88D401}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{9976211F-DE07-401C-878E-2EE5D8951283}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{2DC2CF80-F6DE-4339-B587-F9BC3EA722DB}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{6B0772E5-FFBE-41C0-BA98-F3C7A42BC30A}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{9D96E382-762C-405F-B90B-37B281580A1C}c:\\users\\kira\\program files\\dna\\btdna.exe"= UDP:c:\users\kira\program files\dna\btdna.exe:btdna.exe
"UDP Query User{CA4665A2-5FB0-4583-A135-455AB1AD42AE}c:\\users\\kira\\program files\\dna\\btdna.exe"= TCP:c:\users\kira\program files\dna\btdna.exe:btdna.exe
"TCP Query User{3FDB0094-150D-4F61-9CCB-C6D444799493}c:\\ut2004\\system\\ut2004.exe"= UDP:c:\ut2004\system\ut2004.exe:UT2004
"UDP Query User{0A7A163E-DE10-4041-A697-38A417B6AFC8}c:\\ut2004\\system\\ut2004.exe"= TCP:c:\ut2004\system\ut2004.exe:UT2004
"TCP Query User{B896ED7F-C996-4A2C-BE31-3C61A0F401D8}c:\\users\\kira\\program files\\dna\\btdna.exe"= UDP:c:\users\kira\program files\dna\btdna.exe:btdna.exe
"UDP Query User{5B56DB5E-6C79-4B67-8BFC-D80890F73205}c:\\users\\kira\\program files\\dna\\btdna.exe"= TCP:c:\users\kira\program files\dna\btdna.exe:btdna.exe
"{79D50BE3-2094-437E-BB67-094F160C9983}"= UDP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{858A84C7-EED9-46AF-9551-739FD8C9127E}"= TCP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{87D95160-F0E9-4938-925B-FC1BF628F934}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{4BF9162D-D3C7-47A3-A61F-A3E773202FCE}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{1029986B-C769-42AC-94C6-4AD8A28F5B7B}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{C6672546-A206-4396-933E-EDF22C48D4E6}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{886396D6-CD2F-4600-95E9-A0707A1B3E3A}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{505CA8C1-FBC5-4291-9C7C-DBCEFA617338}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{D26BDBF9-6796-4A1C-AA0A-68EB400F8146}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= Disabled:UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{C7DD501B-A3B7-45A5-98D1-161582164F6B}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= Disabled:TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{28A28131-A83C-4D8D-AD52-0592B3364A68}c:\\users\\kira\\downloads\\[pc] pro evolution soccer 2008 [eng] [dopeman]\\pro evolution soccer 2008\\pes2008.exe"= Disabled:UDP:c:\users\kira\downloads\[pc] pro evolution soccer 2008 [eng] [dopeman]\pro evolution soccer 2008\pes2008.exe:pes2008.exe
"UDP Query User{041E6705-01C9-4CB1-BCB9-6056DB7FFF11}c:\\users\\kira\\downloads\\[pc] pro evolution soccer 2008 [eng] [dopeman]\\pro evolution soccer 2008\\pes2008.exe"= Disabled:TCP:c:\users\kira\downloads\[pc] pro evolution soccer 2008 [eng] [dopeman]\pro evolution soccer 2008\pes2008.exe:pes2008.exe
"TCP Query User{975C9B39-D553-439C-A07C-3D28E6A95690}c:\\program files\\test drive\\testdriveunlimited.exe"= Disabled:UDP:c:\program files\test drive\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{A79433B7-43E9-42E2-A4A7-C04288A40BCA}c:\\program files\\test drive\\testdriveunlimited.exe"= Disabled:TCP:c:\program files\test drive\testdriveunlimited.exe:Test Drive Unlimited
"TCP Query User{E2596F1C-9AF5-425B-949D-7B2E93EEDAE1}c:\\users\\kira\\downloads\\[pc] test drive unlimited [proper] [rip] [dopeman]\\tdu\\testdriveunlimited.exe"= Disabled:UDP:c:\users\kira\downloads\[pc] test drive unlimited [proper] [rip] [dopeman]\tdu\testdriveunlimited.exe:testdriveunlimited.exe
"UDP Query User{2C47CDED-27E7-4747-B15B-CFAFB0387F5E}c:\\users\\kira\\downloads\\[pc] test drive unlimited [proper] [rip] [dopeman]\\tdu\\testdriveunlimited.exe"= Disabled:TCP:c:\users\kira\downloads\[pc] test drive unlimited [proper] [rip] [dopeman]\tdu\testdriveunlimited.exe:testdriveunlimited.exe
"TCP Query User{EE46C2EB-107C-4ACD-8DFC-C84C3B997148}c:\\downloads\\pure\\pure.exe"= UDP:c:\downloads\pure\pure.exe:Pure
"UDP Query User{A1A99B27-A07B-4709-A85D-6ED658598A89}c:\\downloads\\pure\\pure.exe"= TCP:c:\downloads\pure\pure.exe:Pure
"TCP Query User{6E61BA7C-E927-4457-BC95-4844189D8972}c:\\users\\kira\\temp\\teamviewer3\\teamviewer.exe"= UDP:c:\users\kira\temp\teamviewer3\teamviewer.exe:teamviewer.exe
"UDP Query User{285FC2E2-507C-4010-9FFA-DBE6C9258137}c:\\users\\kira\\temp\\teamviewer3\\teamviewer.exe"= TCP:c:\users\kira\temp\teamviewer3\teamviewer.exe:teamviewer.exe
"TCP Query User{8424F0F5-B81E-4602-8DB0-51D1F91D3E71}c:\\program files\\pure\\pure.exe"= UDP:c:\program files\pure\pure.exe:Pure
"UDP Query User{8FA20348-9A10-4613-ABEF-084D32E6ED04}c:\\program files\\pure\\pure.exe"= TCP:c:\program files\pure\pure.exe:Pure
"{D129AE45-C3A3-4BF5-B50E-F61B55B42A4C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{FE342F5E-9749-4B52-82A1-7B53869B943D}c:\\program files\\ea sports\\fifa 09\\fifa09.exe"= UDP:c:\program files\ea sports\fifa 09\fifa09.exe:FIFA09
"UDP Query User{8B214BF3-B7F0-44BB-9E73-ACED25FEEF21}c:\\program files\\ea sports\\fifa 09\\fifa09.exe"= TCP:c:\program files\ea sports\fifa 09\fifa09.exe:FIFA09
"{792DFF95-8470-47AC-8F47-A2BC6F067167}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{64393ABF-1EE9-4447-AA01-6C60413F6311}"= TCP:c:\program files\DNA\btdna.exe:DNA
"TCP Query User{70E97436-85A2-4F38-ABE5-C675239DBDDA}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{60E3FF6B-9E51-4815-8C9E-F477DBD2D8D6}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{C774582C-2469-4559-B62B-4890C72E45B3}c:\\program files\\ubisoft\\gearbox software\\brothers in arms - hell's highway\\binaries\\biahh.exe"= UDP:c:\program files\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe:biahh
"UDP Query User{021ACB04-07DD-4A45-BFE5-36160B4200F0}c:\\program files\\ubisoft\\gearbox software\\brothers in arms - hell's highway\\binaries\\biahh.exe"= TCP:c:\program files\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe:biahh
"TCP Query User{A15E98DB-AF3A-4EFA-B14E-02CBECB32C9A}c:\\program files\\thq\\dawn of war - dark crusade demo\\darkcrusade.exe"= UDP:c:\program files\thq\dawn of war - dark crusade demo\darkcrusade.exe:DarkCrusade
"UDP Query User{C7F83D13-E660-4DCC-82C3-E1C96CF0F8F9}c:\\program files\\thq\\dawn of war - dark crusade demo\\darkcrusade.exe"= TCP:c:\program files\thq\dawn of war - dark crusade demo\darkcrusade.exe:DarkCrusade
"TCP Query User{0E64EF0F-E89D-4FAA-B285-DC99CE7767CF}c:\\program files\\electronic arts\\dead space\\dead space.exe"= UDP:c:\program files\electronic arts\dead space\dead space.exe:Dead Space ™
"UDP Query User{592966EB-E00C-49AE-B4F5-871ED3A1A5F7}c:\\program files\\electronic arts\\dead space\\dead space.exe"= TCP:c:\program files\electronic arts\dead space\dead space.exe:Dead Space ™
"{69A74109-4CE3-4FF0-A6A1-BF0B6E3C5E2C}"= Disabled:UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{4C435405-22A5-4560-86C5-BE875D84D96C}"= Disabled:TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"TCP Query User{B5F33037-7932-4DF5-A7E9-816437DFEF40}c:\\program files\\mirc\\mirc.exe"= Disabled:UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{27E58189-DB07-47BB-8575-031D31E6B619}c:\\program files\\mirc\\mirc.exe"= Disabled:TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{190AA832-F2D3-4FB7-A481-2B58166FD6F7}c:\\users\\kira\\desktop\\pes 2009\\pes2009.exe"= Disabled:UDP:c:\users\kira\desktop\pes 2009\pes2009.exe:pes2009.exe
"UDP Query User{E4EECA24-21F5-439B-9905-62CC230C78F7}c:\\users\\kira\\desktop\\pes 2009\\pes2009.exe"= Disabled:TCP:c:\users\kira\desktop\pes 2009\pes2009.exe:pes2009.exe
"TCP Query User{2C105DC6-F389-45B3-B9A4-CD450BBB7DE5}c:\\program files\\mc2\\sniper elite\\sniperelite.exe"= Disabled:UDP:c:\program files\mc2\sniper elite\sniperelite.exe:SniperElite
"UDP Query User{A6091787-3623-454E-A004-2D57330099AC}c:\\program files\\mc2\\sniper elite\\sniperelite.exe"= Disabled:TCP:c:\program files\mc2\sniper elite\sniperelite.exe:SniperElite
"TCP Query User{740FD6B4-B819-4BFF-8572-FF1243B92579}c:\\program files\\timeshift\\bin\\timeshift.exe"= Disabled:UDP:c:\program files\timeshift\bin\timeshift.exe:TimeShift
"UDP Query User{CC09F86B-99B3-47FD-AF88-34B7D6EF24E5}c:\\program files\\timeshift\\bin\\timeshift.exe"= Disabled:TCP:c:\program files\timeshift\bin\timeshift.exe:TimeShift
"TCP Query User{4ABC1FDE-DAEB-4882-8EBB-913B5D7E99BB}c:\\ut2003demo\\system\\ut2003.exe"= Disabled:UDP:c:\ut2003demo\system\ut2003.exe:UT2003
"UDP Query User{9096F62F-A566-4AC2-93BC-46E00F1A5F99}c:\\ut2003demo\\system\\ut2003.exe"= Disabled:TCP:c:\ut2003demo\system\ut2003.exe:UT2003
"TCP Query User{F1B27B34-CA30-49D3-B3A3-6EDC2227D7B5}c:\\users\\kira\\downloads\\call.of.duty.world.at.war.full-rip.skullptura\\call of duty - world at war\\codwaw.exe"= UDP:c:\users\kira\downloads\call.of.duty.world.at.war.full-rip.skullptura\call of duty - world at war\codwaw.exe:codwaw.exe
"UDP Query User{F46C778A-B50C-46FE-B3F9-FA7437700F55}c:\\users\\kira\\downloads\\call.of.duty.world.at.war.full-rip.skullptura\\call of duty - world at war\\codwaw.exe"= TCP:c:\users\kira\downloads\call.of.duty.world.at.war.full-rip.skullptura\call of duty - world at war\codwaw.exe:codwaw.exe
"{6434E51E-6DBA-4113-BD80-BA5211617048}"= Disabled:UDP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{3B4AD44F-5D4B-4C33-83F9-DAA55D98E82E}"= Disabled:TCP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{A073E5C2-F729-4345-845F-AA268C3CCBA0}"= Disabled:UDP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"{F7EB1B02-8165-4174-A502-4FEFF2640D6E}"= Disabled:TCP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"{EAD1067F-9B59-4FED-9F59-D472DD817251}"= Disabled:UDP:c:\program files\SEGA\SEGA Rally\SEGA Rally.exe:SEGA Rally
"{A1D391C4-04FA-4106-9848-23D6F0BDC459}"= Disabled:TCP:c:\program files\SEGA\SEGA Rally\SEGA Rally.exe:SEGA Rally
"{C5DCE331-05ED-4C51-A01F-441716DC40BF}"= Disabled:UDP:c:\program files\SEGA\SEGA Rally\SEGA Rally_SSE1.exe:SEGA Rally
"{BDD2211F-C661-4567-A8F6-9CFD38EA9AC9}"= Disabled:TCP:c:\program files\SEGA\SEGA Rally\SEGA Rally_SSE1.exe:SEGA Rally
"TCP Query User{B433C55A-4133-468B-861E-8ABC5CE99353}c:\\program files\\electronic arts\\eadm\\core.exe"= Disabled:UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{214862FA-5A1A-4F39-A140-8DFFE19BD563}c:\\program files\\electronic arts\\eadm\\core.exe"= Disabled:TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{973841E0-28CE-4078-BCF9-B9BD301E061B}c:\\users\\kira\\downloads\\call of duty 4 modern warfare full-rip skullptura\\call of duty 4 - modern warfare\\iw3mp.exe"= Disabled:UDP:c:\users\kira\downloads\call of duty 4 modern warfare full-rip skullptura\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe
"UDP Query User{5E398CF3-1DBC-433B-BC79-761E10FED140}c:\\users\\kira\\downloads\\call of duty 4 modern warfare full-rip skullptura\\call of duty 4 - modern warfare\\iw3mp.exe"= Disabled:TCP:c:\users\kira\downloads\call of duty 4 modern warfare full-rip skullptura\call of duty 4 - modern warfare\iw3mp.exe:iw3mp.exe
"TCP Query User{54CA1F91-7AC2-49E5-935F-BE2ED72352AB}c:\\users\\kira\\downloads\\lookmypc.exe"= Disabled:UDP:c:\users\kira\downloads\lookmypc.exe:lookmypc.exe
"UDP Query User{4BAC6530-B25A-459C-88B2-2730A3F73F49}c:\\users\\kira\\downloads\\lookmypc.exe"= Disabled:TCP:c:\users\kira\downloads\lookmypc.exe:lookmypc.exe
"TCP Query User{FE4741BA-F98A-48D5-BE0F-11915B33E8C5}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{9020187E-C2E6-4FDE-95CA-A52CBD19DB22}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"{A6A8C5A6-AA77-4D25-BEEC-E7E807B626EA}"= TCP:7777:port ut
"{F922BE39-CCC5-4F96-B9CB-4B3F83006C70}"= TCP:7788:port ut
"{E25DD557-26E7-4E4D-859F-A0D2C5413648}"= TCP:7778:port ut
"{9F7913E7-DE1A-48E3-8968-A766B7529953}"= TCP:7787:port ut
"{548CECED-9492-46FE-B1D3-5251A974D061}"= UDP:28902:port ut
"{6CEE6955-66F4-47CA-8E38-5CF1BD9199E7}"= UDP:42292:port ut
"{40E429AC-D2C8-4079-BA94-A9C6FC877000}"= UDP:27900:port ut
"TCP Query User{714F0F29-2842-47F8-8275-3E772B31544F}c:\\program files\\flashget\\flashget.exe"= Disabled:UDP:c:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{939F1181-C87F-44B0-B292-5C010BAEED21}c:\\program files\\flashget\\flashget.exe"= Disabled:TCP:c:\program files\flashget\flashget.exe:FlashGet
"{6FD48C82-7465-4314-897C-428D0162306E}"= Disabled:UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{EB778DEA-9FBA-4F5B-9C3A-2E33A696B619}"= Disabled:TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"TCP Query User{E0F4DE70-CDEA-44BF-B5F1-05A3C7AE3E78}c:\\program files\\thq\\motogp 2007\\motogp.exe"= Disabled:UDP:c:\program files\thq\motogp 2007\motogp.exe:motogp
"UDP Query User{B44CA411-F0A2-46E1-9E7D-D154E342E026}c:\\program files\\thq\\motogp 2007\\motogp.exe"= Disabled:TCP:c:\program files\thq\motogp 2007\motogp.exe:motogp
"TCP Query User{5924AE53-6DE3-4D81-A310-364F97222C41}c:\\program files\\electronic arts\\dead space\\dead space.exe"= UDP:c:\program files\electronic arts\dead space\dead space.exe:Dead Space ™
"UDP Query User{AC2FBFB0-7A84-4179-8343-63C08CEF88C1}c:\\program files\\electronic arts\\dead space\\dead space.exe"= TCP:c:\program files\electronic arts\dead space\dead space.exe:Dead Space ™
"{25824AD1-6FB2-40B8-BCED-4694EE4B237D}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{B245EF24-68E4-457B-880C-8C00A544F77D}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2008-07-25 212008]
R1 ElRawDisk;ElRawDisk;\??\c:\windows\system32\drivers\elrawdsk.sys [2008-09-20 12800]
R2 SuperRam;SuperRam Service Mémoire;c:\program files\PGWARE\SuperRam\SuperRamService.exe [2008-11-25 1341632]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-03 33752]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'

2008-11-27 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-10-29 17:58]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-27 21:47:03
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(1336)
c:\program files\Vista Start Menu\VistaStartMenu.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Heure de fin: 2008-11-27 21:50:37 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-27 20:50:20
ComboFix2.txt 2008-11-21 17:24:50

Avant-CF: 182.242.693.120 octets libres
Après-CF: 182,519,894,016 octets libres

400 --- E O F --- 2008-11-26 19:15:54
0
Réponse 68 / 97
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
- Fais un scan en ligne ici https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr (Avec Internet Explorer).

- En bas à droite, clique sur Démarrer Online-scanner.

- Dans la nouvelle fenêtre qui s'affiche, clique sur J'accepte.

- Accepte les Contrôles ActiveX.

- Choisis Poste de travail pour le scan.

- Celui-ci terminé, sauvegarde (Choisis fichier texte) et poste le rapport.

- Pour t'aider à utiliser le scan en ligne :
https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId291566

NOTE : Si tu reçois le message La licence de Kaspersky On-line Scanner est périmée, va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.

- Lis ceci en cas de problème d'installation du Contrôle ActiveX :
http://cybersecurite.xooit.com/t123-Les-controles-ActiveX.htm
0
Réponse 69 / 97
Light-Yagami Messages postés 155 Statut Membre 1
 
je n'arrive pas faire la mise a jour de "kaspersky online" il me dit que des composants "de la mise à jour" sont endommagés et que je dois reessayer mais idem les fois suivante ....

mais je n'ai plus eu de dectections ! et ce n'etais plus arrivé depuis bientot 2 semaines...

deja bon signe !! merci bcp !!! :)

que faire pour kaspersky ?

je dois aller bosser je re vers 19h30 :(

merci encore !! tu es un père pour moi ;) ^^

bonne journée

Yagami
0
Réponse 70 / 97
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Voici un autre scan en ligne :
https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
0
Réponse 71 / 97
Light-Yagami Messages postés 155 Statut Membre 1
 
merci , voila le scan est en route ...

16% deja un fichier infecté ... :( mais bon p-e une connerie .... on verra ... :)

te poste le rapport en rentrant

+++
0
Réponse 72 / 97
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Sûrement des cookies ^^
0
Réponse 73 / 97
Light-Yagami Messages postés 155 Statut Membre 1
 
21% 5 fichiers infectés ... :(

aie aie aie ...
0
Réponse 74 / 97
Light-Yagami Messages postés 155 Statut Membre 1
 
voila et c pas beau... on dirait ... lol

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-11-28 18:31:40
PROTECTIONS: 1
MALWARE: 5
SUSPECTS: 32
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender 1.1.4104.0 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Users\Kira\AppData\Roaming\Microsoft\Windows\Cookies\Low\kira@metriweb[1].txt
00366244 Application/NirCmd.A HackTools No 0 Yes No C:\Program Files\UsbFix\Tools\nircmd.exe
01048936 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
01185375 Application/Psexec.A HackTools No 0 Yes No C:\Users\Kira\DoctorWeb\Quarantine\PSEXESVC.EXE
02870155 Application/VirusRanger HackTools No 0 Yes No C:\Program Files\Smart PC Solutions\Magic Speed\asc4.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location �>F`��s
C5
;===================================================================================================================================================================================
No C:\Qoobox\Quarantine\C\Users\Kira\AppData\Roaming\MICROS~1\comrepl.exe.vir �>F`��s
C5
No C:\Qoobox\Quarantine\C\Windows\cmstp.exe.vir �>F`��s
C5
No C:\Users\Kira\AppData\Local\cisvc.exe �>F`��s
C5
No C:\Users\Kira\AppData\Local\dllhst3g.exe �>F`��s
C5
No C:\Users\Kira\AppData\Local\Microsoft\clipsrv.exe �>F`��s
C5
No C:\Users\Kira\AppData\Local\Microsoft\comrepl.exe �>F`��s
C5
No C:\Users\Kira\AppData\Local\Microsoft\comrepl.exe.vir �>F`��s
C5
No C:\Users\Kira\AppData\Local\Microsoft\mstinit.exe �>F`��s
C5
No C:\Users\Kira\AppData\Local\Microsoft\sessmgr.exe �>F`��s
C5
No C:\Users\Kira\AppData\Local\Microsoft\spoolsv.exe �>F`��s
C5
No C:\Users\Kira\AppData\Local\mstsc.exe �>F`��s
C5
No C:\Users\Kira\AppData\Local\spoolsv.exe �>F`��s
C5
No C:\Users\Kira\AppData\Roaming\cisvc.exe �>F`��s
C5
No C:\Users\Kira\AppData\Roaming\clipsrv.exe �>F`��s
C5
No C:\Users\Kira\AppData\Roaming\esentutl.exe �>F`��s
C5
No C:\Users\Kira\AppData\Roaming\ieudinit.exe.vir �>F`��s
C5
No C:\Users\Kira\AppData\Roaming\logman.exe �>F`��s
C5
No C:\Users\Kira\AppData\Roaming\Microsoft\cisvc.exe �>F`��s
C5
No C:\Users\Kira\AppData\Roaming\Microsoft\cmstp.exe �>F`��s
C5
No C:\Users\Kira\AppData\Roaming\Microsoft\ieudinit.exe �>F`��s
C5
No C:\Users\Kira\AppData\Roaming\Microsoft\mqtgsvc.exe �>F`��s
C5
No C:\Users\Kira\AppData\Roaming\Microsoft\spoolsv.exe �>F`��s
C5
No C:\Users\Kira\AppData\Roaming\mstsc.exe �>F`��s
C5
No C:\Users\Kira\AppData\Roaming\rsvp.exe �>F`��s
C5
No C:\Users\Kira\AppData\Roaming\rsvp.exe.vir �>F`��s
C5
No C:\Users\Kira\AppData\Roaming\sessmgr.exe �>F`��s
C5
No C:\Users\Kira\AppData\Roaming\sessmgr.exe.vir �>F`��s
C5
No C:\Users\Kira\Desktop\ComboFix.exe �>F`��s
C5
No C:\Users\Kira\Desktop\ComboFix.exe[32788R22FWJFW\psexec.cfexe] �>F`��s
C5
No C:\Users\Kira\Desktop\ComboFix.exe[32788R22FWJFW\psexec.cfexe] �>F`��s
C5
No C:\Users\Kira\Desktop\ComboFix.exe[32788R22FWJFW\psexec.cfexe] �>F`��s
C5
No C:\_OTMoveIt\MovedFiles\11262008_203429\Users\Kira\AppData\Local\Temp\esentutl.exe �>F`��s
C5
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description �>F`��s
C5
;===================================================================================================================================================================================
;===================================================================================================================================================================================
0
Réponse 75 / 97
Light-Yagami Messages postés 155 Statut Membre 1
 
bizarre c rapport ... mais il me dit que j'ai encore "Generic Malware" ici

1. C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
Only available for registered

1. C:\Users\Kira\DoctorWeb\Quarantine\PSEXESVC.EXE

1. C:\Program Files\UsbFix\Tools\nircmd.exe

1. C:\Program Files\Smart PC Solutions\Magic Speed\asc4.dll

1. C:\Users\Kira\AppData\Roaming\Microsoft\Windows\Cookies\Low\kira@metriweb[1].txt

doctorweb plus besoin je peux desinstaller?
usb fix " " " " " " " " " " " ?
magicspeed """ "" "" ?
0
Réponse 76 / 97
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Je vais en parler avec les autres.
0
Réponse 77 / 97
Light-Yagami Messages postés 155 Statut Membre 1
 
ok merci :)
0
Réponse 78 / 97
Light-Yagami Messages postés 155 Statut Membre 1
 
re! voila des news ...

suite à une mise à jour "ad aware" suivi d'un scan rapide il ma detecté et elevé 10 fichiers considéres comme "trojan"

pour ce programme ça ne m'etait jamais arrivé des suppressions pareil !!! lol

suite à ça j'ai fais un spybot SD ,avec un Ccleaner pour commencer, je pense donc que le scan PANDA est faussé ...

mais bon je suis pas expert non plus ... :(

je dois refaire un scan online ??
0
Réponse 79 / 97
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Mets à jour MBAM, fais un scan rapide et poste le rapport.
0
Réponse 80 / 97
Light-Yagami Messages postés 155 Statut Membre 1
 
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1433
Windows 6.0.6001 Service Pack 1

28/11/2008 21:14:42
mbam-log-2008-11-28 (21-14-42).txt

Type de recherche: Examen rapide
Eléments examinés: 41925
Temps écoulé: 1 minute(s), 43 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\Kira\Local Settings\Application Data\Microsoft\sessmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Kira\Local Settings\Application Data\Microsoft\spoolsv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Kira\Local Settings\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Users\Kira\Local Settings\Application Data\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Users\Kira\AppData\Roaming\Microsoft\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
0

Discussions similaires

Signification "TR"
andromeid -
matrix4422 -

3 réponses
Signification des abréviations RE: et TR:
La Salamandre -
Iolose -

19 réponses
Sa veux dire koi??Subject: FW: Tr :FW: TR: TR
france22 -
ghano0666545160 -

12 réponses
casque sans fil Sennheiser TR 4200 ne fonctionne plus
jcb83400 -
DIY -

3 réponses
Problème casque sennheiser 4200
barbie35 -
Beenaxa -

1 réponse