Antimalwaredoctor
Résolu/Fermé11 réponses
Utilisateur anonyme
19 oct. 2010 à 19:56
19 oct. 2010 à 19:56
Relance MBAM ==> Onglet quarantaine et supprime tout....
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
---> Installe la console de récupération si l'outil te le propose.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
---> Installe la console de récupération si l'outil te le propose.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
Utilisateur anonyme
Modifié par archet9 le 19/10/2010 à 19:44
Modifié par archet9 le 19/10/2010 à 19:44
Salut,
Peux-tu montrer ton rapport Malwarebytes stp?
....."contributeur sécurité"..0'
Peux-tu montrer ton rapport Malwarebytes stp?
....."contributeur sécurité"..0'
j'en ai fait 3
merci
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4881
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
19/10/2010 17:12:22
mbam-log-2010-10-19 (17-12-22).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 155913
Temps écoulé: 12 minute(s), 2 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 43
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 21
Fichier(s) infecté(s): 19
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\Program Files\ShoppingReport\Bin\2.6.79\ShoppingReport.dll (Adware.SmartShopper) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\TypeLib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bardiscover (Adware.BarDiscover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OOO (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\BarDiscover (Adware.BarDiscover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\OOO (Rogue.LivePlayer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BARDISCOVER_SERVICE (Adware.BarDiscover) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fegxipa (Trojan.Agent.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\BarDiscover (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\Application Data (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\cs\Application Data (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\cs\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\cs\Poirieux (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\cs\res2 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\cs\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\Documents and Settings (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\Poirieux (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\BarDiscover (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport (Adware.ShopperReports) -> Delete on reboot.
C:\Program Files\ShoppingReport\Bin (Adware.ShopperReports) -> Delete on reboot.
C:\Program Files\ShoppingReport\Bin\2.6.58 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.6.79 (Adware.ShopperReports) -> Delete on reboot.
Fichier(s) infecté(s):
C:\Documents and Settings\Poirieux\Local Settings\Application Data\fegxipa_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Local Settings\Application Data\fegxipa_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Local Settings\Application Data\fegxipa.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.6.79\ShoppingReport.dll (Adware.SmartShopper) -> Delete on reboot.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\cs\res2\WhiteList.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\BarDiscover\uninstall.exe (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Uninst.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.6.58\ShoppingReport.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Menu Démarrer\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.
merci
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4881
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
19/10/2010 17:12:22
mbam-log-2010-10-19 (17-12-22).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 155913
Temps écoulé: 12 minute(s), 2 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 43
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 21
Fichier(s) infecté(s): 19
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\Program Files\ShoppingReport\Bin\2.6.79\ShoppingReport.dll (Adware.SmartShopper) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\TypeLib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bardiscover (Adware.BarDiscover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OOO (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\BarDiscover (Adware.BarDiscover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\OOO (Rogue.LivePlayer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BARDISCOVER_SERVICE (Adware.BarDiscover) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fegxipa (Trojan.Agent.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\BarDiscover (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\Application Data (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\cs\Application Data (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\cs\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\cs\Poirieux (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\cs\res2 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\cs\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\Documents and Settings (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\Poirieux (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\BarDiscover (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport (Adware.ShopperReports) -> Delete on reboot.
C:\Program Files\ShoppingReport\Bin (Adware.ShopperReports) -> Delete on reboot.
C:\Program Files\ShoppingReport\Bin\2.6.58 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.6.79 (Adware.ShopperReports) -> Delete on reboot.
Fichier(s) infecté(s):
C:\Documents and Settings\Poirieux\Local Settings\Application Data\fegxipa_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Local Settings\Application Data\fegxipa_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Local Settings\Application Data\fegxipa.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.6.79\ShoppingReport.dll (Adware.SmartShopper) -> Delete on reboot.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\ShoppingReport\cs\res2\WhiteList.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\BarDiscover\uninstall.exe (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Uninst.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.6.58\ShoppingReport.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Menu Démarrer\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Poirieux\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4881
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
19/10/2010 18:03:44
mbam-log-2010-10-19 (18-03-44).txt
Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|)
Elément(s) analysé(s): 214678
Temps écoulé: 45 minute(s), 12 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP11\Report\05\00000001_objdt.dat (Spyware.OnlineGames) -> Delete on reboot.
www.malwarebytes.org
Version de la base de données: 4881
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
19/10/2010 18:03:44
mbam-log-2010-10-19 (18-03-44).txt
Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|)
Elément(s) analysé(s): 214678
Temps écoulé: 45 minute(s), 12 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP11\Report\05\00000001_objdt.dat (Spyware.OnlineGames) -> Delete on reboot.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
ComboFix 10-10-18.06 - Poirieux 19/10/2010 20:20:52.1.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1470.1013 [GMT 2:00]
Lancé depuis: c:\documents and settings\Poirieux\Bureau\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Poirieux\Application Data\A06E95485158C461074CC4E5EEE48A68
c:\documents and settings\Poirieux\Application Data\A06E95485158C461074CC4E5EEE48A68\enemies-names.txt
c:\documents and settings\Poirieux\Application Data\A06E95485158C461074CC4E5EEE48A68\local.ini
c:\documents and settings\Poirieux\Application Data\A06E95485158C461074CC4E5EEE48A68\lsrslt.ini
c:\documents and settings\Poirieux\Application Data\A06E95485158C461074CC4E5EEE48A68\mediarealease70x700hh.exe
c:\windows\system32\_000110_.tmp.dll
c:\windows\system32\Ijl11.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-09-19 au 2010-10-19 ))))))))))))))))))))))))))))))))))))
.
2010-10-19 17:56 . 2010-10-19 17:58 -------- d-----w- c:\program files\ZHPDiag
2010-10-19 14:59 . 2010-10-19 14:59 -------- d-----w- c:\documents and settings\Poirieux\Application Data\Malwarebytes
2010-10-19 14:58 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-19 14:58 . 2010-10-19 14:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-19 14:58 . 2010-10-19 14:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-19 14:58 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-17 11:37 . 2010-10-17 11:37 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-10-17 11:37 . 2010-10-17 11:37 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-10-17 11:35 . 2010-10-17 11:35 -------- d-----w- c:\program files\Kaspersky Lab
2010-10-17 08:55 . 2010-10-17 08:55 -------- d-----w- c:\program files\Alwil Software
2010-10-17 08:55 . 2010-10-17 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-14 06:43 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 06:43 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 06:41 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-08 06:32 . 2010-10-08 06:33 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-10-05 19:27 . 2010-10-05 19:27 228024 ----a-w- c:\windows\system32\klogon.dll
2010-10-04 09:34 . 2010-10-04 09:34 -------- d-----w- c:\documents and settings\Application Data
2010-10-03 19:30 . 2010-10-03 19:30 -------- d-----w- C:\ShoppingReport
2010-10-03 19:30 . 2010-10-03 19:30 -------- d-----w- c:\documents and settings\cs
2010-09-29 06:58 . 2010-09-29 06:58 7168 ----a-w- c:\windows\system32\drivers\utiyodu4.sys
2010-09-22 16:10 . 2010-09-22 16:10 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-09-22 16:07 . 2010-09-22 16:07 -------- d-----w- c:\program files\SFR
2010-09-22 15:41 . 2010-09-22 15:41 -------- d-----w- c:\documents and settings\Poirieux\Application Data\Ahead
2010-09-22 15:41 . 2010-09-22 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
2009-10-15 08:53 165184 ----a-w- c:\program files\SFR\Kit\SFRNavErrorHelper.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-22 39408]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]
"Connexion SFR 9props.exe"="c:\program files\SFR\Kit\9props.exe" [2009-10-15 959808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-10-05 361216]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Poirieux\Menu D'marrer\Programmes\D'marrage\
Notification de cadeaux MSN.lnk - c:\documents and settings\Poirieux\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-4-5 135680]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:33 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-05-15 13:55 1057328 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 20:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-04-19 11:26 484904 ----a-w- c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 13:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-05-15 13:55 1628208 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 13:28 577536 ----a-w- c:\windows\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 10:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [09/06/2010 17:43 11352]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [08/04/2009 12:38 92008]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [07/05/2010 12:06 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20:27 19472]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [26/06/2008 09:13 576680]
S3 sagmx08bus;Sagem Mobile Platform MX2008 driver (WDM);c:\windows\system32\drivers\sagmx08bus.sys [01/05/2008 11:51 88960]
S3 sagmx08mdfl;Sagem MX2008 WMC CDC Modem Filter;c:\windows\system32\drivers\sagmx08mdfl.sys [01/05/2008 11:51 14976]
S3 sagmx08mdm;Sagem MX2008 WMC CDC Modem Driver;c:\windows\system32\drivers\sagmx08mdm.sys [01/05/2008 11:51 120448]
S3 sagmx08mgmt;Sagem MX2008 Device Management Drivers (WDM);c:\windows\system32\drivers\sagmx08mgmt.sys [01/05/2008 11:51 113920]
S3 sagmx08obex;Sagem MX2008 WMC OBEX;c:\windows\system32\drivers\sagmx08obex.sys [01/05/2008 11:51 110336]
S3 utiyodu4;AVZ Kernel Driver;c:\windows\system32\drivers\utiyodu4.sys [29/09/2010 08:58 7168]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 11:23 452136 ----a-w- c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
2010-10-19 c:\windows\Tasks\User_Feed_Synchronization-{594AD815-502E-4D80-BACB-11B0E8252C6B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
2010-10-19 c:\windows\Tasks\User_Feed_Synchronization-{A2403A94-0CF3-41B8-9611-76382195616F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.sfr.fr/kit/adsl/
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Ajouter à l'Anti-bannière - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-Locked - (no file)
HKCU-Run-mediarealease70x700hh.exe - c:\documents and settings\Poirieux\Application Data\A06E95485158C461074CC4E5EEE48A68\mediarealease70x700hh.exe
HKLM-Run-StandardInstall - (no file)
AddRemove-fegxipa - c:\documents and settings\poirieux\local settings\application data\fegxipa.exe
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\GTGina.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(5588)
c:\program files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2010-10-19 20:35:56 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-10-19 18:35
Avant-CF: 304 929 120 256 octets libres
Après-CF: 305 373 970 432 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn
- - End Of File - - BF72AFFE417A026E51AF995366272E1B
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1470.1013 [GMT 2:00]
Lancé depuis: c:\documents and settings\Poirieux\Bureau\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Poirieux\Application Data\A06E95485158C461074CC4E5EEE48A68
c:\documents and settings\Poirieux\Application Data\A06E95485158C461074CC4E5EEE48A68\enemies-names.txt
c:\documents and settings\Poirieux\Application Data\A06E95485158C461074CC4E5EEE48A68\local.ini
c:\documents and settings\Poirieux\Application Data\A06E95485158C461074CC4E5EEE48A68\lsrslt.ini
c:\documents and settings\Poirieux\Application Data\A06E95485158C461074CC4E5EEE48A68\mediarealease70x700hh.exe
c:\windows\system32\_000110_.tmp.dll
c:\windows\system32\Ijl11.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-09-19 au 2010-10-19 ))))))))))))))))))))))))))))))))))))
.
2010-10-19 17:56 . 2010-10-19 17:58 -------- d-----w- c:\program files\ZHPDiag
2010-10-19 14:59 . 2010-10-19 14:59 -------- d-----w- c:\documents and settings\Poirieux\Application Data\Malwarebytes
2010-10-19 14:58 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-19 14:58 . 2010-10-19 14:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-19 14:58 . 2010-10-19 14:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-19 14:58 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-17 11:37 . 2010-10-17 11:37 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-10-17 11:37 . 2010-10-17 11:37 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-10-17 11:35 . 2010-10-17 11:35 -------- d-----w- c:\program files\Kaspersky Lab
2010-10-17 08:55 . 2010-10-17 08:55 -------- d-----w- c:\program files\Alwil Software
2010-10-17 08:55 . 2010-10-17 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-14 06:43 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 06:43 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 06:41 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-08 06:32 . 2010-10-08 06:33 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-10-05 19:27 . 2010-10-05 19:27 228024 ----a-w- c:\windows\system32\klogon.dll
2010-10-04 09:34 . 2010-10-04 09:34 -------- d-----w- c:\documents and settings\Application Data
2010-10-03 19:30 . 2010-10-03 19:30 -------- d-----w- C:\ShoppingReport
2010-10-03 19:30 . 2010-10-03 19:30 -------- d-----w- c:\documents and settings\cs
2010-09-29 06:58 . 2010-09-29 06:58 7168 ----a-w- c:\windows\system32\drivers\utiyodu4.sys
2010-09-22 16:10 . 2010-09-22 16:10 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-09-22 16:07 . 2010-09-22 16:07 -------- d-----w- c:\program files\SFR
2010-09-22 15:41 . 2010-09-22 15:41 -------- d-----w- c:\documents and settings\Poirieux\Application Data\Ahead
2010-09-22 15:41 . 2010-09-22 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
2009-10-15 08:53 165184 ----a-w- c:\program files\SFR\Kit\SFRNavErrorHelper.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-22 39408]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]
"Connexion SFR 9props.exe"="c:\program files\SFR\Kit\9props.exe" [2009-10-15 959808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-10-05 361216]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Poirieux\Menu D'marrer\Programmes\D'marrage\
Notification de cadeaux MSN.lnk - c:\documents and settings\Poirieux\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-4-5 135680]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:33 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-05-15 13:55 1057328 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 20:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-04-19 11:26 484904 ----a-w- c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 13:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-05-15 13:55 1628208 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 13:28 577536 ----a-w- c:\windows\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 10:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [09/06/2010 17:43 11352]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [08/04/2009 12:38 92008]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [07/05/2010 12:06 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20:27 19472]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [26/06/2008 09:13 576680]
S3 sagmx08bus;Sagem Mobile Platform MX2008 driver (WDM);c:\windows\system32\drivers\sagmx08bus.sys [01/05/2008 11:51 88960]
S3 sagmx08mdfl;Sagem MX2008 WMC CDC Modem Filter;c:\windows\system32\drivers\sagmx08mdfl.sys [01/05/2008 11:51 14976]
S3 sagmx08mdm;Sagem MX2008 WMC CDC Modem Driver;c:\windows\system32\drivers\sagmx08mdm.sys [01/05/2008 11:51 120448]
S3 sagmx08mgmt;Sagem MX2008 Device Management Drivers (WDM);c:\windows\system32\drivers\sagmx08mgmt.sys [01/05/2008 11:51 113920]
S3 sagmx08obex;Sagem MX2008 WMC OBEX;c:\windows\system32\drivers\sagmx08obex.sys [01/05/2008 11:51 110336]
S3 utiyodu4;AVZ Kernel Driver;c:\windows\system32\drivers\utiyodu4.sys [29/09/2010 08:58 7168]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 11:23 452136 ----a-w- c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
2010-10-19 c:\windows\Tasks\User_Feed_Synchronization-{594AD815-502E-4D80-BACB-11B0E8252C6B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
2010-10-19 c:\windows\Tasks\User_Feed_Synchronization-{A2403A94-0CF3-41B8-9611-76382195616F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.sfr.fr/kit/adsl/
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Ajouter à l'Anti-bannière - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-Locked - (no file)
HKCU-Run-mediarealease70x700hh.exe - c:\documents and settings\Poirieux\Application Data\A06E95485158C461074CC4E5EEE48A68\mediarealease70x700hh.exe
HKLM-Run-StandardInstall - (no file)
AddRemove-fegxipa - c:\documents and settings\poirieux\local settings\application data\fegxipa.exe
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\GTGina.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(5588)
c:\program files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2010-10-19 20:35:56 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-10-19 18:35
Avant-CF: 304 929 120 256 octets libres
Après-CF: 305 373 970 432 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn
- - End Of File - - BF72AFFE417A026E51AF995366272E1B
Utilisateur anonyme
19 oct. 2010 à 20:49
19 oct. 2010 à 20:49
Impec..
Je suppose que ton pc va déja mieux !!!!
Il reste un m**de de ShoppingReport .... Donc on va faire ceci:
Télécharge AD-Remover sur ton Bureau. (Merci à C_XX)
http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe
Miroir:
https://www.androidworld.fr/
/!\ Ferme toutes applications en cours /!\
/!\ Désactive provisoirement et seulement le temps de l'utilisation de AD-Remover, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
- Double-clique sur l'icône Ad-remover située sur ton Bureau.
- Sur la page, clique sur le bouton « Nettoyer »- Confirme lancement du scan
- Laisse travailler l'outil.
- Poste le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)
Je suppose que ton pc va déja mieux !!!!
Il reste un m**de de ShoppingReport .... Donc on va faire ceci:
Télécharge AD-Remover sur ton Bureau. (Merci à C_XX)
http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe
Miroir:
https://www.androidworld.fr/
/!\ Ferme toutes applications en cours /!\
/!\ Désactive provisoirement et seulement le temps de l'utilisation de AD-Remover, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
- Double-clique sur l'icône Ad-remover située sur ton Bureau.
- Sur la page, clique sur le bouton « Nettoyer »- Confirme lancement du scan
- Laisse travailler l'outil.
- Poste le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)
il m'a demander de redemarer l'ordi, g eu les fois car il a bugger apres, mais ouf il a redemarer...
======= RAPPORT D'AD-REMOVER 2.0.0.2,A | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 19/10/10 à 20:10
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 20:58:59 le 19/10/2010, Mode normal
Microsoft Windows XP Édition familiale Service Pack 3 (X86)
Poirieux@USER-8516EFA03A ( )
============== ACTION(S) ==============
(!) -- Fichiers temporaires supprimés.
Clé supprimée: HKLM\Software\Classes\CLSID\{47C6C527-6204-4F91-849D-66E234DEE015}
Clé supprimée: HKLM\Software\Classes\CLSID\{9461b922-3c5a-11d2-bf8b-00c04fb93661}
Clé supprimée: HKLM\Software\Classes\CLSID\{B791A095-A4AC-4312-8894-5B7E8FF5B3CD}
Clé supprimée: HKLM\Software\Classes\TypeLib\{ECA4E801-17AE-4863-9F5C-AF4047AABEE0}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\live-player
Clé supprimée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E6A6A4A475FCE37F8B5AC2F1244DEB2BFCA5615A
Clé supprimée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo jimddp
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo hpfanicgkffmccehnpkikogcffaepkfp
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo dgnckdmmolaijpbbakmplfhlfpdhglgc
============== SCAN ADDITIONNEL ==============
** Mozilla Firefox Version [Impossible d'obtenir la version] **
-- C:\Documents and Settings\Poirieux\Application Data\Mozilla\FireFox\Profiles\92yjzu1j.default\User.js --
keyword.URL, hxxp://redirecterror.sfr.fr/?q=
-- C:\Documents and Settings\Poirieux\Application Data\Mozilla\FireFox\Profiles\92yjzu1j.default\Prefs.js --
browser.search.defaultenginename, Yahoo
browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
browser.search.selectedEngine, Yahoo
browser.startup.homepage, hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
browser.startup.homepage_override.mstone, rv:1.8.1
browser.startup.homepage, hxxp://www.msn.fr/
keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA1&q=
browser.search.selectedEngine, Live Search
browser.startup.homepage, hxxp://fr.msn.com/
keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA1&q=
browser.search.selectedEngine, Live Search
========================================
** Internet Explorer Version [8.0.6001.18702] **
[HKCU\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
========================================
C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 14 Fichier(s)
C:\Ad-Report-CLEAN[1].txt - 19/10/2010 (4079 Octet(s))
C:\Ad-Report-SCAN[1].txt - 19/10/2010 (3950 Octet(s))
Fin à: 21:00:14, 19/10/2010
============== E.O.F ==============
======= RAPPORT D'AD-REMOVER 2.0.0.2,A | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 19/10/10 à 20:10
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 20:58:59 le 19/10/2010, Mode normal
Microsoft Windows XP Édition familiale Service Pack 3 (X86)
Poirieux@USER-8516EFA03A ( )
============== ACTION(S) ==============
(!) -- Fichiers temporaires supprimés.
Clé supprimée: HKLM\Software\Classes\CLSID\{47C6C527-6204-4F91-849D-66E234DEE015}
Clé supprimée: HKLM\Software\Classes\CLSID\{9461b922-3c5a-11d2-bf8b-00c04fb93661}
Clé supprimée: HKLM\Software\Classes\CLSID\{B791A095-A4AC-4312-8894-5B7E8FF5B3CD}
Clé supprimée: HKLM\Software\Classes\TypeLib\{ECA4E801-17AE-4863-9F5C-AF4047AABEE0}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\live-player
Clé supprimée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E6A6A4A475FCE37F8B5AC2F1244DEB2BFCA5615A
Clé supprimée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo jimddp
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo hpfanicgkffmccehnpkikogcffaepkfp
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo dgnckdmmolaijpbbakmplfhlfpdhglgc
============== SCAN ADDITIONNEL ==============
** Mozilla Firefox Version [Impossible d'obtenir la version] **
-- C:\Documents and Settings\Poirieux\Application Data\Mozilla\FireFox\Profiles\92yjzu1j.default\User.js --
keyword.URL, hxxp://redirecterror.sfr.fr/?q=
-- C:\Documents and Settings\Poirieux\Application Data\Mozilla\FireFox\Profiles\92yjzu1j.default\Prefs.js --
browser.search.defaultenginename, Yahoo
browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
browser.search.selectedEngine, Yahoo
browser.startup.homepage, hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
browser.startup.homepage_override.mstone, rv:1.8.1
browser.startup.homepage, hxxp://www.msn.fr/
keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA1&q=
browser.search.selectedEngine, Live Search
browser.startup.homepage, hxxp://fr.msn.com/
keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA1&q=
browser.search.selectedEngine, Live Search
========================================
** Internet Explorer Version [8.0.6001.18702] **
[HKCU\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
========================================
C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 14 Fichier(s)
C:\Ad-Report-CLEAN[1].txt - 19/10/2010 (4079 Octet(s))
C:\Ad-Report-SCAN[1].txt - 19/10/2010 (3950 Octet(s))
Fin à: 21:00:14, 19/10/2010
============== E.O.F ==============
