Virus "antivirus trigger"

jlpjlp, le 11 jan 2009 à 17:25:36

Slt,

smit fraud fix (colle le rapport)

1/ telecharger :

http://siri.urz.free.fr/Fix/SmitfraudFix.php

2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.

Répondre à jlpjlp

2

lulu06250, le 11 jan 2009 à 17:43:17

Salut! Merci à toi de m'aider!!
Voila le rapport:

SmitFraudFix v2.388

Scan done at 17:36:11,35, 11/01/2009
Run from L:\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\hp\support\hpsysdrv.exe
C:\hp\KBD\KbdStub.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\vVX3000.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Kiwee Toolbar2\1.5.131\kwtbaim.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Lucie

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Lucie\AppData\Local\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Lucie\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Lucie\FAVORI~1

C:\Users\Lucie\FAVORI~1\Antivirus Scan.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
Suspicious item found: 94EA2A293D28D1E9

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~2\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Répondre à lulu06250

3

jlpjlp, le 11 jan 2009 à 18:22:15

Redemarre en mode sans echec, choisi l'option 2 et colle le rapport

http://www.pcloisirs.eu/mode_sans_echec.htm

puis télécharge malwarebyte, mets le a jour et colles un rapport avec:
http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php

Répondre à jlpjlp

4

lulu06250, le 11 jan 2009 à 18:43:22

SmitFraudFix v2.388

Scan done at 18:38:53,41, 11/01/2009
Run from L:\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
::1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
Suspicious item found: 94EA2A293D28D1E9

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Répondre à lulu06250

5

jlpjlp, le 11 jan 2009 à 18:57:09

Ok

télécharge malwarebyte, mets le a jour et colles un rapport avec:
http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php

Répondre à jlpjlp

6

lulu06250, le 11 jan 2009 à 20:23:48

Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1643
Windows 6.0.6000

11/01/2009 20:15:15
mbam-log-2009-01-11 (20-15-15).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 179186
Temps écoulé: 48 minute(s), 29 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 76
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 216

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\adpanel.panel1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adpanel.panel1.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dc_ads.ads (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dc_ads.ads.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\iebrowsercmp.browsercmp (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\iebrowsercmp.browsercmp.1 (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rotator.gizmo3 (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rotator.gizmo3.1 (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sidepanel.logic (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sidepanel.logic.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sidepanel.panel (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sidepanel.panel.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c1a6d8b8-93c3-4186-9dd1-13983f9f1d9b} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1d8282e6-bc4f-469b-aaed-7e4ff077ad93} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3160f356-e8c3-4de2-a698-92eeeb3d3400} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d8282e6-bc4f-469b-aaed-7e4ff077ad93} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fc3c36d-7635-4d43-ba62-0d9d2f2cd06e} (Adware.Fotomoto) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3a267370-076e-4af4-b986-77626b8e89df} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64466b8e-20a7-4a4a-aff4-aad9ca68b52c} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2eef94df-75f6-42e9-b7fb-af5a170a6e2e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sk9ou0s (Worm.Bagel) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sk9ou0s (Worm.Bagel) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sk9ou0s (Worm.Bagel) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\superiorads (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MySidesearchSearchAssistant (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MySidesearch (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dcadssearchassistant (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AdvRemoteDbg (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dcadssocial (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\webmedia.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Online Alert Manager (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer add-on (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Toolbar (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2eef94df-75f6-42e9-b7fb-af5a170a6e2e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AvirTr (Rogue.VirusTrigger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld (Trojan.Agent) -> Delete on reboot.
C:\Users\Lucie\AppData\Roaming\m (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Users\Lucie\AppData\Local\Temp\xrg2.exe (Zlob.Agent) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Temp\ShprInstaller.exe (Adware.Shopper) -> Quarantined and deleted successfully.
C:\Users\Lucie\Desktop\94EA2A293D28D1E9\94EA2A293D28D1E9 (Rootkit.Zlob) -> Quarantined and deleted successfully.
C:\Users\Lucie\Desktop\94EA2A293D28D1E9\94EA2A293D28D1E9.x86 (Rootkit.Zlob) -> Quarantined and deleted successfully.
C:\Windows\System32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\srosa2.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\100012.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\102742.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\104068.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\105425.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\105472.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\108826.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1110539.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\111135.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1121584.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1123035.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1128948.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1139306.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\115456.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\115612.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1172628.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1183439.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1213906.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1258600.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1264575.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\129855.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1319097.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1331655.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\133458.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\136750.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\141648.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\142241.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1447938.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1454646.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1457938.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1471697.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1487641.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1488826.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14974520.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14981384.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15036390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15050102.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15104204.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1513552.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15145544.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\151913.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15203919.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15225260.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1525112.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15278784.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1532382.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\153317.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15345053.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\154316.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\155548.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\158637.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\158684.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1608292.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1611849.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\165673.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1697930.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1732157.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\174362.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\175735.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\177544.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\177607.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\180040.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\185438.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\186857.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\187435.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\192536.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\199431.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\203674.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\205219.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\210897.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\214438.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\215452.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\217465.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\217824.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\221100.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\22605246.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\226092.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\22613499.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\22698582.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\22703324.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\22730734.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\22741279.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\22803898.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\22842352.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\22883693.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\22887015.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\22898372.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\22955328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\22987496.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\246809.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\257963.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\265544.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\267323.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\271394.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\271597.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\272783.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\275014.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\275279.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\281987.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\284967.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\286480.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\288289.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\305902.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\306167.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\310582.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\312298.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\319224.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\322828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\337242.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\342546.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\345994.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\349411.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\354871.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\361360.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\364137.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\37434701.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\37455871.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\37460442.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\37537085.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\37575102.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\37635397.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\37646270.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\37797669.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\37827621.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\382483.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\383840.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\388348.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\390626.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\391016.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\395322.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\395665.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\401187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\412700.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\424509.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\428659.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\429564.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\432060.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\433901.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\437676.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\439314.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\446069.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\44647.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\450281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\452044.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\461513.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\465709.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\466552.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\473478.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\481029.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\486379.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\489733.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\505505.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\50591.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\513914.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\51573.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\56004.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\56659.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\57236.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\57579.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\579325.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\601539.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\606188.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\609995.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\61682.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\62431.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\64022.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\641647.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\648854.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\661740.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\680398.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\68125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\692348.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\71698.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\727276.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\738820.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\74194.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\75816.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\77158.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\7796071.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\7797569.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\7825337.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\78343.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\7864572.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\7901856.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\7978702.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\7988920.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\79966.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\8052069.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\8105468.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\82212.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\88421.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\92134.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\92648.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\93569.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\98062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\a.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Roaming\m\data.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Roaming\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Roaming\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Windows\System32\dcads_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Windows\System32\superiorads-uninst.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Windows\System32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\Windows\System32\wintems.exe (Trojan.Spammer) -> Delete on reboot.
C:\Windows\System32\DcadsSocial-uninstall.exe (Adware.RightOnAds) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Roaming\m\flec006.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Lucie\AppData\Roaming\urlredir.cfg (Adware.RightOnAds) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Temp\xrg3.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Online Antispyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Lucie\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\srosa.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.

Répondre à lulu06250

7

lulu06250, le 11 jan 2009 à 20:23:50

Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1643
Windows 6.0.6000

11/01/2009 20:15:15
mbam-log-2009-01-11 (20-15-15).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 179186
Temps écoulé: 48 minute(s), 29 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 76
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 216

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\adpanel.panel1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adpanel.panel1.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dc_ads.ads (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dc_ads.ads.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\iebrowsercmp.browsercmp (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\iebrowsercmp.browsercmp.1 (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rotator.gizmo3 (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rotator.gizmo3.1 (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sidepanel.logic (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sidepanel.logic.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sidepanel.panel (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sidepanel.panel.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c1a6d8b8-93c3-4186-9dd1-13983f9f1d9b} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1d8282e6-bc4f-469b-aaed-7e4ff077ad93} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3160f356-e8c3-4de2-a698-92eeeb3d3400} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d8282e6-bc4f-469b-aaed-7e4ff077ad93} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fc3c36d-7635-4d43-ba62-0d9d2f2cd06e} (Adware.Fotomoto) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3a267370-076e-4af4-b986-77626b8e89df} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64466b8e-20a7-4a4a-aff4-aad9ca68b52c} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2eef94df-75f6-42e9-b7fb-af5a170a6e2e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sk9ou0s (Worm.Bagel) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sk9ou0s (Worm.Bagel) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sk9ou0s (Worm.Bagel) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\superiorads (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MySidesearchSearchAssistant (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MySidesearch (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dcadssearchassistant (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AdvRemoteDbg (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dcadssocial (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\webmedia.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Online Alert Manager (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer add-on (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Toolbar (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2eef94df-75f6-42e9-b7fb-af5a170a6e2e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AvirTr (Rogue.VirusTrigger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld (Trojan.Agent) -> Delete on reboot.
C:\Users\Lucie\AppData\Roaming\m (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Users\Lucie\AppData\Local\Temp\xrg2.exe (Zlob.Agent) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Temp\ShprInstaller.exe (Adware.Shopper) -> Quarantined and deleted successfully.
C:\Users\Lucie\Desktop\94EA2A293D28D1E9\94EA2A293D28D1E9 (Rootkit.Zlob) -> Quarantined and deleted successfully.
C:\Users\Lucie\Desktop\94EA2A293D28D1E9\94EA2A293D28D1E9.x86 (Rootkit.Zlob) -> Quarantined and deleted successfully.
C:\Windows\System32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\srosa2.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\100012.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\102742.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\104068.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\105425.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\105472.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\108826.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1110539.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\111135.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1121584.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1123035.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1128948.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1139306.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\115456.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\115612.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1172628.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1183439.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1213906.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1258600.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1264575.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\129855.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1319097.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1331655.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\133458.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\136750.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\141648.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\142241.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1447938.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1454646.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1457938.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1471697.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1487641.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1488826.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14974520.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\14981384.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15036390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15050102.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15104204.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1513552.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15145544.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\151913.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15203919.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15225260.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1525112.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15278784.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1532382.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\153317.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\15345053.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\154316.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\155548.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\158637.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\158684.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1608292.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1611849.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\165673.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1697930.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1732157.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\174362.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\175735.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\177544.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\177607.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\180040.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\185438.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\186857.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\187435.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\192536.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\199431.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\203674.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\205219.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\210897.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\214438.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\215452.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\217465.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\217824.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\221100.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\22605246.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\226092.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\22613499.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\22698582.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\22703324.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\22730734.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\22741279.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\22803898.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\22842352.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\22883693.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\22887015.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\22898372.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\22955328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\22987496.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\246809.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\257963.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\265544.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\267323.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\271394.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\271597.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\272783.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\275014.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\275279.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\281987.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\284967.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\286480.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\288289.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\305902.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\306167.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\310582.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\312298.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\319224.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\322828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\337242.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\342546.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\345994.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\349411.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\354871.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\361360.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\364137.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\37434701.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\37455871.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\37460442.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\37537085.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\37575102.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\37635397.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\37646270.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\37797669.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\37827621.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\382483.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\383840.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\388348.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\390626.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\391016.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\395322.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\395665.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\401187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\412700.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\424509.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\428659.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\429564.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\432060.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\433901.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\437676.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\439314.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\446069.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\44647.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\450281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\452044.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\461513.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\465709.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\466552.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\473478.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\481029.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\486379.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\489733.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\505505.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\50591.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\513914.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\51573.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\56004.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\56659.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\57236.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\57579.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\579325.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\601539.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\606188.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\609995.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\61682.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\62431.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\64022.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\641647.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\648854.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\661740.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\680398.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\68125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\692348.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\71698.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\727276.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\738820.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\74194.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\75816.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\77158.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\7796071.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\7797569.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\7825337.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\78343.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\7864572.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\7901856.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\7978702.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\7988920.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\79966.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\8052069.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\8105468.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\82212.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\88421.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\92134.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\92648.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\93569.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\98062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\a.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Roaming\m\data.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Roaming\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Roaming\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Windows\System32\dcads_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Windows\System32\superiorads-uninst.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Windows\System32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\Windows\System32\wintems.exe (Trojan.Spammer) -> Delete on reboot.
C:\Windows\System32\DcadsSocial-uninstall.exe (Adware.RightOnAds) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Roaming\m\flec006.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Lucie\AppData\Roaming\urlredir.cfg (Adware.RightOnAds) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Temp\xrg3.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Online Antispyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Lucie\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\srosa.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.

Répondre à lulu06250

8

lulu06250, le 12 jan 2009 à 01:51:46

ça y est ça remarche!! ^^
Merci pour votre aide elle m'a été très efficace!

Répondre à lulu06250

9

jlpjlp, le 12 jan 2009 à 09:26:01

Attends c'est pas fnit! car tu avais uneinfection par bagle!!!

alors vire tes cracks a son origine

puis

Telecharge FindyKill sur ton bureau :

--> http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

--> Lance l installation avec les parametres par default

--> Double clic sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisi l option 1 (Recherche)

--> Post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

Répondre à jlpjlp

10

lulu06250, le 12 jan 2009 à 13:17:09

Ah ok j'ai été trop vite lol ^^

Virer les cracks à son origine c'est bien avec malwarebytes?

----------------- FindyKill V4.711 ------------------

* User : SYSTEM - PC-DE-LUCIE
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 12:43:58 le 12/01/2009
* Windows Vista - Internet Explorer 7.0.6000.16757

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.EXE

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

»»»» Presence des fichiers dans C:\Windows

»»»» Presence des fichiers dans C:\Windows\Prefetch

Found ! - C:\Windows\prefetch\88421.EXE-662E12B1.pf
Found ! - C:\Windows\prefetch\93569.EXE-BDD667C6.pf
Found ! - C:\Windows\prefetch\FLEC006.EXE-2D4EA1CB.pf

»»»» Presence des fichiers dans C:\Windows\system32

Found ! [12/01/2009 12:12] - C:\Windows\system32\mdelk.exe
Found ! [12/01/2009 12:12] - C:\Windows\system32\wintems.exe
Found ! [12/01/2009 12:12] - C:\Windows\system32\ban_list.txt

»»»» Presence des fichiers dans C:\Windows\system32\drivers

Found ! [11/01/2009 22:31] - C:\Windows\system32\drivers\srosa.sys
Found ! [11/01/2009 22:31] - C:\Windows\system32\drivers\srosa2.sys
Found ! [10/01/2004 03:07] - C:\Windows\system32\drivers\winfilse.exe
Found ! [12/01/2009 12:16] - "C:\Windows\system32\drivers\downld"

»»»» Presence des fichiers dans

»»»» Presence des fichiers dans C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp

»»»» Presence des fichiers dans C:\Windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5

Found ! [16/02/2007 13:00] - C:\Program Files\EasyBits\KidsReady\Files\MLS\License_dan.txt
Found ! [16/02/2007 13:00] - C:\Program Files\EasyBits\KidsReady\Files\MLS\License_deu.txt
Found ! [16/02/2007 13:00] - C:\Program Files\EasyBits\KidsReady\Files\MLS\License_enu.txt
Found ! [16/02/2007 13:00] - C:\Program Files\EasyBits\KidsReady\Files\MLS\License_esp.txt
Found ! [16/02/2007 13:00] - C:\Program Files\EasyBits\KidsReady\Files\MLS\License_fin.txt
Found ! [16/02/2007 13:00] - C:\Program Files\EasyBits\KidsReady\Files\MLS\License_fra.txt
Found ! [16/02/2007 13:00] - C:\Program Files\EasyBits\KidsReady\Files\MLS\License_ita.txt
Found ! [16/02/2007 13:00] - C:\Program Files\EasyBits\KidsReady\Files\MLS\License_jpn.txt
Found ! [16/02/2007 13:00] - C:\Program Files\EasyBits\KidsReady\Files\MLS\License_nld.txt
Found ! [16/02/2007 13:00] - C:\Program Files\EasyBits\KidsReady\Files\MLS\License_nor.txt
Found ! [16/02/2007 13:00] - C:\Program Files\EasyBits\KidsReady\Files\MLS\License_ptb.txt
Found ! [16/02/2007 13:00] - C:\Program Files\EasyBits\KidsReady\Files\MLS\License_sve.txt
Found ! [17/11/2007 13:39] - C:\Program Files\LogicNP Software\Shell MegaPack ActiveX 9.0\FileView ActiveX Control 9.0\License.txt
Found ! [17/11/2007 13:39] - C:\Program Files\LogicNP Software\Shell MegaPack ActiveX 9.0\FileView ActiveX Control 9.0\ReadMe.txt
Found ! [10/05/2007 14:44] - C:\Program Files\LogicNP Software\Shell MegaPack ActiveX 9.0\FileView ActiveX Control 9.0\Samples\C++ Samples\BackForwardNavigation\ReadMe.txt
Found ! [14/06/2005 11:26] - C:\Program Files\LogicNP Software\Shell MegaPack ActiveX 9.0\FileView ActiveX Control 9.0\Samples\C++ Samples\BehaviorControl\ReadMe.txt
Found ! [17/06/2005 15:13] - C:\Program Files\LogicNP Software\Shell MegaPack ActiveX 9.0\FileView ActiveX Control 9.0\Samples\C++ Samples\Customization\ReadMe.txt
Found ! [08/06/2005 12:06] - C:\Program Files\LogicNP Software\Shell MegaPack ActiveX 9.0\FileView ActiveX Control 9.0\Samples\C++ Samples\eventlogsample\ReadMe.txt
Found ! [13/06/2005 14:16] - C:\Program Files\LogicNP Software\Shell MegaPack ActiveX 9.0\FileView ActiveX Control 9.0\Samples\C++ Samples\ItemEnumeration\ReadMe.txt
Found ! [10/06/2005 16:30] - C:\Program Files\LogicNP Software\Shell MegaPack ActiveX 9.0\FileView ActiveX Control 9.0\Samples\C++ Samples\ListItemInformation\ReadMe.txt
Found ! [10/01/2002 14:55] - C:\Program Files\LogicNP Software\Shell MegaPack ActiveX 9.0\FileView ActiveX Control 9.0\Samples\C++ Samples\VCExplorer\ReadMe.txt
Found ! [10/01/2002 14:57] - C:\Program Files\LogicNP Software\Shell MegaPack ActiveX 9.0\FileView ActiveX Control 9.0\Samples\C++ Samples\VCSample\ReadMe.txt
Found ! [11/01/2009 20:41] - C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27JDYRYM\b64_5[1].jpg
Found ! [12/01/2009 12:13] - C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\89QGHQ1P\b64[1].jpg
Found ! [12/01/2009 12:11] - C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\89QGHQ1P\b64_2[1].jpg
Found ! [12/01/2009 12:12] - C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\89QGHQ1P\b64_2[2].jpg
Found ! [12/01/2009 12:12] - C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\89QGHQ1P\b64_3[1].jpg
Found ! [12/01/2009 12:11] - C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\89QGHQ1P\b64_5[1].jpg
Found ! [12/01/2009 12:12] - C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\89QGHQ1P\ffl[2].htm
Found ! [12/01/2009 12:13] - C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\89QGHQ1P\ffl[3].htm
Found ! [12/01/2009 12:14] - C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\89QGHQ1P\ffl[4].htm
Found ! [30/11/2008 08:56] - C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\89QGHQ1P\mxd[1].jpg
Found ! [12/01/2009 12:12] - C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NF0QUZ5Z\b64[1].jpg
Found ! [12/01/2009 12:11] - C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NF0QUZ5Z\ffl[1].htm
Found ! [12/01/2009 12:13] - C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NF0QUZ5Z\ffl[2].htm
Found ! [12/01/2009 12:14] - C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NF0QUZ5Z\ffl[3].htm
Found ! [12/01/2009 12:12] - C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NF0QUZ5Z\file[1].txt
Found ! [11/01/2009 20:37] - C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NF0QUZ5Z\mxd[2].jpg
Found ! [29/11/2008 09:26] - C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF0UD1A\mxd[1].jpg
Found ! [29/11/2008 19:06] - C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAF0UD1A\mxd[2].jpg
Found ! [12/01/2009 12:14] - C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SGC7T2EC\ffl[1].htm
Found ! [12/12/2008 21:00] - C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SGC7T2EC\mxd[1].jpg

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
hpsysdrv=c:\hp\support\hpsysdrv.exe
KBD=C:\HP\KBD\KbdStub.EXE
OsdMaestro="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
NvSvc=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
RtHDVCpl=RtHDVCpl.exe
HP Health Check Scheduler=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
SunJavaUpdateReg="C:\Windows\system32\jureg.exe"
HP Software Update=c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
<NO NAME>=
SearchSettings=C:\Program Files\Search Settings\SearchSettings.exe
NeroFilterCheck=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
NBKeyScan="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
LifeCam="C:\Program Files\Microsoft LifeCam\LifeExp.exe"
VX3000=C:\Windows\vVX3000.exe
KiweeHook="C:\Program Files\Kiwee Toolbar2\1.5.131\kwtbaim.exe"
SweetIM=C:\Program Files\SweetIM\Messenger\SweetIM.exe
Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

--------------- [ Registre / Clés infectieuses ] ----------------

Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1

--------------- [ Etat / Services ] ----------------

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

Wlansvc - Type de démarrage = 3

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4

/!\ WinDefend - Type de démarrage = 4

/!\ UAC is Disable

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - Lecteur fixe
D: - Lecteur fixe
K: - Lecteur de CD-ROM
L: - Lecteur amovible

+- Contenu de l'autorun : K:\autorun.inf

[AutoRun]
open=LaunchU3.exe -a
icon=LaunchU3.exe,0

[Definitions]
Launchpad=LaunchPad.exe
Vtype=2

[CopyFiles]
FileNumber=1
File1=LaunchPad.zip

[Update]
URL=http://u3.sandisk.com/download/lp_installer.asp?custom=1.4.0.4&brand=cruzer

[Comment]
brand=cruzer

+- presence des fichiers :

Found ! [12/02/2007 20:53][-r-------] - K:\autorun.inf

--------------- [ Registre / Mountpoint2 ] ----------------

-> Not found !

------------------- ! Fin du rapport ! --------------------

Répondre à lulu06250

11

jlpjlp, le 12 jan 2009 à 13:19:37

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

--> Double clic sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisi l option 2 (Suppression)

/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"

/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !

-------> ensuite post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides

____________________

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau

sous le nom de antibagle. Fais le avant que le fichier ne soit enregistré sur le bureau]

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

_____________________

colle un rapport hijackthis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

http://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."

Répondre à jlpjlp

13

lulu06250, le 13 jan 2009 à 02:07:33

ComboFix 09-01-11.04 - Lucie 2009-01-13 1:49:09.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.3070.2289 [GMT 1:00]
Lancé depuis: c:\users\Lucie\Desktop\Antibagle.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DAEMON Tools Lite\daemon.exe
c:\users\Lucie\AppData\Roaming\m
c:\users\Lucie\AppData\Roaming\m\flec006.exe
c:\users\Lucie\AppData\Roaming\m\list.oct
c:\windows\system32\drivers\downld
c:\windows\system32\drivers\downld\21873056.exe
c:\windows\system32\drivers\downld\3667099.exe
c:\windows\system32\drivers\downld\3670547.exe
c:\windows\system32\drivers\downld\3675820.exe
c:\windows\system32\drivers\downld\3677239.exe
c:\windows\system32\drivers\downld\3684306.exe
c:\windows\system32\drivers\downld\3744850.exe
c:\windows\system32\drivers\downld\3772556.exe
c:\windows\system32\drivers\downld\3788281.exe
c:\windows\system32\drivers\downld\3792977.exe
c:\windows\system32\drivers\downld\3843100.exe
c:\windows\system32\drivers\downld\3854535.exe
c:\windows\system32\drivers\downld\50154.exe
c:\windows\system32\drivers\srosa.sys
c:\windows\system32\drivers\srosa2.sys
c:\windows\system32\drivers\winfilse.exe
.
---- Previous Run -------
.
c:\program files\DAEMON Tools Lite\daemon.exe
c:\programdata\HotbarSA
c:\programdata\HotbarSA\HotbarSA.dat
c:\programdata\HotbarSA\HotbarSA_kyf.dat
c:\programdata\HotbarSA\HotbarSAAbout.mht
c:\programdata\HotbarSA\HotbarSAau.dat
c:\programdata\HotbarSA\HotbarSAEULA.mht
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\About Hotbar.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Reset Cursor.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Uninstall Hotbar.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Weather.lnk
c:\users\Lucie\AppData\Roaming\hidires
c:\users\Lucie\AppData\Roaming\hidires\flec003.exe
c:\users\Lucie\AppData\Roaming\hidires\names.txt
c:\users\Lucie\AppData\Roaming\m
c:\users\Lucie\AppData\Roaming\m\data.oct
c:\users\Lucie\AppData\Roaming\m\flec006.exe
c:\users\Lucie\AppData\Roaming\m\list.oct
c:\users\Lucie\AppData\Roaming\m\shared\642-611 Practice Exam Testing Engine Software 1.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\70-223 Microsoft MCSE Windows 2000 Cluster 7.05.05.zip
c:\users\Lucie\AppData\Roaming\m\shared\a Motorola Siemens 128x128 128x160.zip
c:\users\Lucie\AppData\Roaming\m\shared\ABC Amber Word2Excel Converter 4.01.zip
c:\users\Lucie\AppData\Roaming\m\shared\Aberrater 3.0 beta.zip
c:\users\Lucie\AppData\Roaming\m\shared\Address Wizard Pro 4.23.zip
c:\users\Lucie\AppData\Roaming\m\shared\ADSS Charts Control 1.5.zip
c:\users\Lucie\AppData\Roaming\m\shared\Advanced Data Finder 1.2.zip
c:\users\Lucie\AppData\Roaming\m\shared\Aplus Video to Xbox 8.68.zip
c:\users\Lucie\AppData\Roaming\m\shared\ASP.NET Maker 3.3.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\ASWSystems Toolbars Pack - Animals 1.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\Athlon CPU SoftCooler XMas Edition 1.5 Build 101.zip
c:\users\Lucie\AppData\Roaming\m\shared\AUAU WMV MP4 ASF FLV to AVI Converter 4.4.zip
c:\users\Lucie\AppData\Roaming\m\shared\Audio Editor 1.0.0.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\B&G Calculator 1.10.zip
c:\users\Lucie\AppData\Roaming\m\shared\Beach Clock Screensaver 1.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\BlankIE 1.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\Bluetooth Framework ActiveX 5.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\BuddyVision 1.5.zip
c:\users\Lucie\AppData\Roaming\m\shared\CastlePaste PRO 2.01.1p.zip
c:\users\Lucie\AppData\Roaming\m\shared\Christmas Countdown 1.0.3.zip
c:\users\Lucie\AppData\Roaming\m\shared\clker.com openoffice.org addon 0.1.zip
c:\users\Lucie\AppData\Roaming\m\shared\CONCEPT X7 5.21.zip
c:\users\Lucie\AppData\Roaming\m\shared\Countdown Redux 1.0.1.zip
c:\users\Lucie\AppData\Roaming\m\shared\CurrProcess 1.13.zip
c:\users\Lucie\AppData\Roaming\m\shared\CZ-Xls2Csv 1.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\Daniusoft Video Converter 2.0.1.8.zip
c:\users\Lucie\AppData\Roaming\m\shared\Database Software Icons 2008.1.zip
c:\users\Lucie\AppData\Roaming\m\shared\DotNetScanner 1.6.zip
c:\users\Lucie\AppData\Roaming\m\shared\Drink Prog 2.0.3.zip
c:\users\Lucie\AppData\Roaming\m\shared\Easy GIF Animator 4.81.zip
c:\users\Lucie\AppData\Roaming\m\shared\Easy HR Popup Calendar Lite 1.05.zip
c:\users\Lucie\AppData\Roaming\m\shared\ewido.anti-malware.3.5+.witamina.zip
c:\users\Lucie\AppData\Roaming\m\shared\Excel Export To XML Software 1.1.zip
c:\users\Lucie\AppData\Roaming\m\shared\Expression Media Encoder 2.0.1406.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\FAAD 2 Binaries for Win32.zip
c:\users\Lucie\AppData\Roaming\m\shared\FastCap 1.4.7.zip
c:\users\Lucie\AppData\Roaming\m\shared\Flash MP3 Player 1.1.4.zip
c:\users\Lucie\AppData\Roaming\m\shared\Floyd-Steinberg dithering 1.2.zip
c:\users\Lucie\AppData\Roaming\m\shared\Gift Baskets Screensaver 1.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\HandyCrypto 3.10.298.zip
c:\users\Lucie\AppData\Roaming\m\shared\hashr 0.2.zip
c:\users\Lucie\AppData\Roaming\m\shared\HP0-795 Downloadable Exam Simulator 2.1.zip
c:\users\Lucie\AppData\Roaming\m\shared\HYMN 1.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\ImageWalker 2.31.zip
c:\users\Lucie\AppData\Roaming\m\shared\Induction Motor Data 1.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\Instrumentation Widgets for Mobile Devices 1.2.zip
c:\users\Lucie\AppData\Roaming\m\shared\InvoicePal for GoldMine Corporate Edition 1.3.zip
c:\users\Lucie\AppData\Roaming\m\shared\Jedi Console 1.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\JPdfBookmarks 1.2.2.zip
c:\users\Lucie\AppData\Roaming\m\shared\Kaspersky.Antivirus.Personal.v5.0.388-Fr.Incl-Keys.Par.Emule-Paradise.zip
c:\users\Lucie\AppData\Roaming\m\shared\KeyEcho 2.3.zip
c:\users\Lucie\AppData\Roaming\m\shared\Kid's Abacus 2.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\KKFI 90.1FM RADIO 1.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\Learn How To Play The Guitar 1.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\ler.zip
c:\users\Lucie\AppData\Roaming\m\shared\LingvoSoft Learning Voice 2007 French Romanian 2.3.86.zip
c:\users\Lucie\AppData\Roaming\m\shared\Logitech Mobile Video 7.04.zip
c:\users\Lucie\AppData\Roaming\m\shared\Magicbit MP4 Video Converter 4.5.20.0927.zip
c:\users\Lucie\AppData\Roaming\m\shared\makebootfat 1.4.zip
c:\users\Lucie\AppData\Roaming\m\shared\Maximize Message Pane 0.9.100.zip
c:\users\Lucie\AppData\Roaming\m\shared\Memscope 1.10.zip
c:\users\Lucie\AppData\Roaming\m\shared\Mesh To Solid for AutoCAD 1.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\MLB News 2.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\Mobile Music Polyphonic 2.63.zip
c:\users\Lucie\AppData\Roaming\m\shared\Mooma DVD Creator 2.00.zip
c:\users\Lucie\AppData\Roaming\m\shared\moreTunes 2.04.zip
c:\users\Lucie\AppData\Roaming\m\shared\Motion JPEG Camera 2.1.zip
c:\users\Lucie\AppData\Roaming\m\shared\Movie411 1.2.zip
c:\users\Lucie\AppData\Roaming\m\shared\MSTS-Dictionary Extension for Firefox 2.0.1.zip
c:\users\Lucie\AppData\Roaming\m\shared\My Expose 2006 CTP.zip
c:\users\Lucie\AppData\Roaming\m\shared\ne.zip
c:\users\Lucie\AppData\Roaming\m\shared\NotesHolder 1.65 Build 114.zip
c:\users\Lucie\AppData\Roaming\m\shared\Opel Speedster Screensaver.zip
c:\users\Lucie\AppData\Roaming\m\shared\Override Compatibility 1.25.zip
c:\users\Lucie\AppData\Roaming\m\shared\Password Recovery Bar 1.2.5 build 35.zip
c:\users\Lucie\AppData\Roaming\m\shared\PasswordDock 5.0.50.zip
c:\users\Lucie\AppData\Roaming\m\shared\Polestar Virtual Printer 1.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\PPT2Flash SDK 3.2.8.zip
c:\users\Lucie\AppData\Roaming\m\shared\Print HTML 1.5.zip
c:\users\Lucie\AppData\Roaming\m\shared\Qlock Lite 1.86.zip
c:\users\Lucie\AppData\Roaming\m\shared\Read to Me Text to Speech 1.1.zip
c:\users\Lucie\AppData\Roaming\m\shared\Reasy 0.0.4.zip
c:\users\Lucie\AppData\Roaming\m\shared\RingtonEditor 1 build 20070320.zip
c:\users\Lucie\AppData\Roaming\m\shared\RM to FLV Converter 1.00.zip
c:\users\Lucie\AppData\Roaming\m\shared\Russian Girls 3D additional pack 1.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\Rusty Meeting 1.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\Sanmaxi Access File Recovery 5.0.1.zip
c:\users\Lucie\AppData\Roaming\m\shared\SaveCD 0.9 0.9 Beta.zip
c:\users\Lucie\AppData\Roaming\m\shared\SearchGun 1.3.1.zip
c:\users\Lucie\AppData\Roaming\m\shared\Security23 1.8.zip
c:\users\Lucie\AppData\Roaming\m\shared\SelfImage 1.2.1.92.zip
c:\users\Lucie\AppData\Roaming\m\shared\Shaana Sidebar Calculator 1.14.zip
c:\users\Lucie\AppData\Roaming\m\shared\ShellBrowser Components for Delphi Win32 6.12.zip
c:\users\Lucie\AppData\Roaming\m\shared\Shuttle FTP Suite 3.7.zip
c:\users\Lucie\AppData\Roaming\m\shared\Skuld Video Converter 1.1.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\Smarky 0.9.6.4.zip
c:\users\Lucie\AppData\Roaming\m\shared\SoftPepper DVD to PSP Video Suite 1.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\Sothink DVD to iPod Converter 2.5 Build 70208.zip
c:\users\Lucie\AppData\Roaming\m\shared\Space Flight 3D Screensaver 1.4.zip
c:\users\Lucie\AppData\Roaming\m\shared\Spam Crusher for Outlook 1.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\SpartacusFilter for Exchange Server 1.0.11.zip
c:\users\Lucie\AppData\Roaming\m\shared\Stormy Screen Savers 2 1.zip
c:\users\Lucie\AppData\Roaming\m\shared\SUN Java for SCJP 5.0 8.05.05.zip
c:\users\Lucie\AppData\Roaming\m\shared\Tavrida PERL Editor 3.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\Tessela 0.2.zip
c:\users\Lucie\AppData\Roaming\m\shared\The Free Awesome Dates Collection 2.1.zip
c:\users\Lucie\AppData\Roaming\m\shared\Thumb Creator 1.0.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\TimeTracker 1.2.4.zip
c:\users\Lucie\AppData\Roaming\m\shared\Tiny Spy Agent 2.1.118.zip
c:\users\Lucie\AppData\Roaming\m\shared\TM Desktop Currency Converter 1.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\TTMaker 1.87c.zip
c:\users\Lucie\AppData\Roaming\m\shared\Turtle 1.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\Ubercode 1.2.zip
c:\users\Lucie\AppData\Roaming\m\shared\University of Tampa Mail Checker 1.0.1.zip
c:\users\Lucie\AppData\Roaming\m\shared\USA Geography Tutor 1.1.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\UserTable 1.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\Vcard Studio Express 1.0.0.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\Video Ghost 1.0 Beta.zip
c:\users\Lucie\AppData\Roaming\m\shared\VOM - Venci Orders Manager 1.1.zip
c:\users\Lucie\AppData\Roaming\m\shared\VTExture 1.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\Webation Active 1.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\Whizlabs RHCE (Red Hat Linux Certification) Exam Simulator 4.0.0.zip
c:\users\Lucie\AppData\Roaming\m\shared\WMS Log Storage Standard Edition 1.5 Build 0075.zip
c:\users\Lucie\AppData\Roaming\m\shared\XiaLaiKan 1.0.0.zip
c:\users\Lucie\AppData\Roaming\m\srvlist.oct
c:\users\Lucie\AppData\Roaming\WeatherDPA
c:\users\Lucie\AppData\Roaming\WeatherDPA\Weather\WeatherStartup.xml
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\ban_list.txt
c:\windows\system32\dcads-remove.exe
c:\windows\system32\drivers\downld
c:\windows\system32\drivers\downld\104099.exe
c:\windows\system32\drivers\downld\115861.exe
c:\windows\system32\drivers\downld\127406.exe
c:\windows\system32\drivers\downld\145236.exe
c:\windows\system32\drivers\downld\147280.exe
c:\windows\system32\drivers\downld\154643.exe
c:\windows\system32\drivers\downld\155501.exe
c:\windows\system32\drivers\downld\156625.exe
c:\windows\system32\drivers\downld\164752.exe
c:\windows\system32\drivers\downld\166874.exe
c:\windows\system32\drivers\downld\187232.exe
c:\windows\system32\drivers\downld\192645.exe
c:\windows\system32\drivers\downld\203035.exe
c:\windows\system32\drivers\downld\216685.exe
c:\windows\system32\drivers\downld\218073.exe
c:\windows\system32\drivers\downld\219618.exe
c:\windows\system32\drivers\downld\220460.exe
c:\windows\system32\drivers\downld\223923.exe
c:\windows\system32\drivers\downld\236091.exe
c:\windows\system32\drivers\downld\240678.exe
c:\windows\system32\drivers\downld\240943.exe
c:\windows\system32\drivers\downld\252425.exe
c:\windows\system32\drivers\downld\277525.exe
c:\windows\system32\drivers\downld\278477.exe
c:\windows\system32\drivers\downld\291113.exe
c:\windows\system32\drivers\downld\314872.exe
c:\windows\system32\drivers\downld\346493.exe
c:\windows\system32\drivers\downld\356992.exe
c:\windows\system32\drivers\downld\46269.exe
c:\windows\system32\drivers\downld\57143.exe
c:\windows\system32\drivers\downld\57564.exe
c:\windows\system32\drivers\downld\62150.exe
c:\windows\system32\drivers\downld\64022.exe
c:\windows\system32\drivers\downld\66628.exe
c:\windows\system32\drivers\downld\66799.exe
c:\windows\system32\drivers\downld\69358.exe
c:\windows\system32\drivers\downld\69514.exe
c:\windows\system32\drivers\downld\70933.exe
c:\windows\system32\drivers\downld\72618.exe
c:\windows\system32\drivers\downld\78640.exe
c:\windows\system32\drivers\downld\89575.exe
c:\windows\system32\drivers\srosa.sys
c:\windows\system32\drivers\srosa2.sys
c:\windows\system32\drivers\winfilse.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\mdelk.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\wintems.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SROSA
-------\Legacy_SROSA
-------\Legacy_SK9OU0S
-------\Legacy_SK9OU0S
-------\Legacy_SROSA
-------\Service_sK9Ou0s
-------\Legacy_SROSA

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-13 au 2009-01-13 ))))))))))))))))))))))))))))))))))))
.

2009-01-13 01:53 . 2009-01-13 01:53 <REP> d-------- c:\windows\System32\drivers\downld
2009-01-12 17:57 . 2009-01-12 17:57 343,392,249 --a------ c:\windows\MEMORY.DMP
2009-01-12 17:12 . 2009-01-12 17:31 69 --a------ c:\windows\NeroDigital.ini
2009-01-12 12:29 . 2009-01-12 14:44 <REP> d-------- c:\program files\FindyKill
2009-01-11 19:05 . 2009-01-11 19:05 <REP> d-------- c:\users\Lucie\AppData\Roaming\Malwarebytes
2009-01-11 19:05 . 2009-01-11 19:05 <REP> d-------- c:\users\All Users\Malwarebytes
2009-01-11 19:05 . 2009-01-11 19:05 <REP> d-------- c:\programdata\Malwarebytes
2009-01-11 19:05 . 2009-01-11 19:10 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-11 19:05 . 2009-01-04 18:38 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-11 19:05 . 2009-01-04 18:38 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-30 18:17 . 2008-12-30 18:20 <REP> d--h----- c:\windows\msdownld.tmp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-13 00:54 --------- d-----w c:\program files\DAEMON Tools Lite
2008-12-30 17:38 --------- d-----w c:\program files\Common Files\BitDefender
2008-12-12 20:01 --------- d-----w c:\programdata\BitDefender
2008-12-12 20:01 --------- d-----w c:\program files\BitDefender
2008-11-30 16:24 --------- d---a-w c:\programdata\TEMP
2008-10-22 14:45 21,248 ----a-w c:\windows\Help\OEM\scripts\HPScript.exe
2008-10-22 03:43 95,232 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll
2008-10-22 03:43 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-22 03:43 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll
2008-10-21 05:16 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-07-10 01:08 174 --sha-w c:\program files\desktop.ini
2008-05-12 02:04 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-02-28 20:19 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-02-28 20:19 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-02-28 20:19 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-02-28 20:19 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-02-28 20:19 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "c:\program files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll" [2008-04-03 265360]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-03-27 173368]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
2008-04-03 09:52 265360 --a------ c:\program files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
2007-12-06 11:58 1198432 --a------ c:\program files\Search Settings\kb125\SearchSettings.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-03-27 13:12 1164600 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "c:\program files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll" [2008-04-03 265360]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "c:\program files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll" [2008-04-03 265360]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-09 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-09 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-09 81920]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2007-12-06 1069920]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"KiweeHook"="c:\program files\Kiwee Toolbar2\1.5.131\kwtbaim.exe" [2008-04-03 56456]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 111928]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-12 29744]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-491465651-3313389990-2482465319-1000]
"EnableNotificationsRef"=dword:00000003

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D4224847-3077-4636-9FD7-3264BB6C592A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{ADF2D612-AF53-4F5E-B13F-5D1FB5F4898A}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{0CA19D1F-BB8F-4D06-A799-B2D5AD0AC3E6}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{DDA9613B-FC64-4976-BFF8-C05C797A897E}"= UDP:c:\program files\eMule\emule.exe:eMule
"{CDEE7F01-B820-4154-B7FF-7043FFDA9843}"= TCP:c:\program files\eMule\emule.exe:eMule
"TCP Query User{52DFF08D-0849-4DED-871C-415B411A420D}c:\\program files\\goa\\gunbound\\gunbound.gme"= UDP:c:\program files\goa\gunbound\gunbound.gme:GunBound
"UDP Query User{F80A09A9-D554-4F5B-93DC-8FA0A4B51806}c:\\program files\\goa\\gunbound\\gunbound.gme"= TCP:c:\program files\goa\gunbound\gunbound.gme:GunBound
"TCP Query User{936525A4-F801-431A-A4A5-E43A80FB5F19}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{D33181E0-C1DB-48FB-A906-8041DA010081}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{39301DF4-EB0A-4F35-B430-3E65D3A27300}c:\\program files\\freeplayer\\vlc\\vlc.exe"= UDP:c:\program files\freeplayer\vlc\vlc.exe:VLC media player
"UDP Query User{874D5571-A30E-42D0-9254-6DD671FCDAE6}c:\\program files\\freeplayer\\vlc\\vlc.exe"= TCP:c:\program files\freeplayer\vlc\vlc.exe:VLC media player
"{72F6E230-D73B-45D3-9801-3F7FBCE6B6BC}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{74E1B2D0-6F44-4535-BDFA-0FFF81D4C40E}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{4ED259DC-E8F2-477A-AB88-B345441BA7E5}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{3E2DEFBA-B4F2-4AAE-94AD-67F881BFD5BF}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-12 29744]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{196ca5c4-af03-11dc-9b07-001bb9d83f67}]
\shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3e1a2d3-b45d-11dc-a65f-001bb9d83f67}]
\shell\AutoRun\command - J:\AUTOTMM.EXE Ver40
.
Contenu du dossier 'Tâches planifiées'

2009-01-12 c:\windows\Tasks\User_Feed_Synchronization-{A348B083-754D-4FEC-8FA5-0744A7E6643B}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 10:45]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-MsnMsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe

.
------- Examen supplémentaire -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/...{moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-13 01:54:00
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\rundll32.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\schtasks.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\hp\KBD\kbd.exe
c:\windows\System32\conime.exe
.
**************************************************************************
.
Heure de fin: 2009-01-13 1:57:38 - La machine a redémarré [Lucie]
ComboFix-quarantined-files.txt 2009-01-13 00:57:34

Avant-CF: 74,044,755,968 octets libres
Après-CF: 74,022,322,176 octets libres

471 --- E O F --- 2009-01-12 13:28:53

Répondre à lulu06250

14

jlpjlp, le 13 jan 2009 à 09:06:54

Colle un rapport hijackthis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

http://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."

Répondre à jlpjlp

15

lulu06250, le 13 jan 2009 à 14:05:45

Je n'arrive pas à installer Hijackthis je m'y prend peut etre mal?

Répondre à lulu06250

16

jlpjlp, le 13 jan 2009 à 14:17:16

Colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Kaspersky en ligne
http://webscanner.kaspersky.fr/

Panda en ligne :
http://www.pandasoftware.fr/Activescan/Activescan.html

Répondre à jlpjlp

17

lulu06250, le 14 jan 2009 à 02:52:33

Aucun des liens que vous m'avez donné ne veut s'installer!!
J'ai essayé d'installer d'autres antivirus rien ne marche!
Et quand j'essaye de faire fonctionner "Hijackthis" une fenetre s'ouvre
en me disant: (X) C:\Program Files\trend Micro\Hijack This\Hijack This.exe n'est pas une application Win32 valide.

Répondre à lulu06250

18

lulu06250, le 14 jan 2009 à 03:08:17

Aucun des liens que vous m'avez donné ne veut s'installer!!
J'ai essayé d'installer d'autres antivirus trouvé sur le net mais
rien ne marche!
Et quand j'essaye de faire fonctionner "Hijackthis" une fenetre s'ouvre en me disant:
(X) C:\Program Files\Trend Micro\Hijack This\Hijack This.exe n'est pas une application Win32 valide.

Répondre à lulu06250

19

lulu06250, le 14 jan 2009 à 03:24:01

Aucun des liens que vous m'avez donné ne veut s'installer!!
J'ai essayé d'installer d'autres antivirus que j'ai trouvé sur le net mais
rien ne marche!
Et quand j'essaye de faire fonctionner "Hijackthis" une fenetre s'ouvre en me disant:
(X) C:\Program Files\Trend Micro\Hijack This\Hijack This.exe n'est pas une application Win32 valide.

Répondre à lulu06250