Virus b.exe
Fermé
maggot26
Messages postés
63
Date d'inscription
lundi 21 juillet 2008
Statut
Membre
Dernière intervention
14 février 2014
-
1 oct. 2009 à 16:54
maggot26 Messages postés 63 Date d'inscription lundi 21 juillet 2008 Statut Membre Dernière intervention 14 février 2014 - 5 oct. 2009 à 00:10
maggot26 Messages postés 63 Date d'inscription lundi 21 juillet 2008 Statut Membre Dernière intervention 14 février 2014 - 5 oct. 2009 à 00:10
A voir également:
- Virus b.exe
- Svchost.exe virus - Guide
- Operagxsetup virus ✓ - Forum Virus
- Vérificateur de lien virus - Guide
- Produkey virus ✓ - Forum Windows 10
- Lien virus à envoyer - Forum Virus
7 réponses
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
1 oct. 2009 à 17:27
1 oct. 2009 à 17:27
salut,
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
@+
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
@+
maggot26
Messages postés
63
Date d'inscription
lundi 21 juillet 2008
Statut
Membre
Dernière intervention
14 février 2014
1
2 oct. 2009 à 04:34
2 oct. 2009 à 04:34
Je l'ai télécharger mais lorsque je lance le logiciel, rien ne se produit..
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
2 oct. 2009 à 12:09
2 oct. 2009 à 12:09
Salut maggot26,
Reglooks de Marcvn va me permettre d´établir un diagnostique de la machine en vu de la désinfecter.
Téléchargement : http://sd-1.archive-host.com/membres/up/1366464061/reglooks.exe
Une fois enregistré sur le bureau; double click sur la loupe pour lancer l´analyse.
Dés l´analyse terminé, un rapport va apparaitre; copie et colle son contenu sur le forum merci`
@+
Reglooks de Marcvn va me permettre d´établir un diagnostique de la machine en vu de la désinfecter.
Téléchargement : http://sd-1.archive-host.com/membres/up/1366464061/reglooks.exe
Une fois enregistré sur le bureau; double click sur la loupe pour lancer l´analyse.
Dés l´analyse terminé, un rapport va apparaitre; copie et colle son contenu sur le forum merci`
@+
maggot26
Messages postés
63
Date d'inscription
lundi 21 juillet 2008
Statut
Membre
Dernière intervention
14 février 2014
1
2 oct. 2009 à 15:11
2 oct. 2009 à 15:11
Ce logiciel fait la même chose, au début, une fenêtre rouge apparaît puis, elle disparaît et rien d'autre ne se produit..
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
2 oct. 2009 à 15:13
2 oct. 2009 à 15:13
ok
Fais un scan avec cet antispyware :
Telecharge malwarebytes + tutoriel :
-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examun rapide".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
@+
Fais un scan avec cet antispyware :
Telecharge malwarebytes + tutoriel :
-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examun rapide".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
@+
maggot26
Messages postés
63
Date d'inscription
lundi 21 juillet 2008
Statut
Membre
Dernière intervention
14 février 2014
1
4 oct. 2009 à 23:27
4 oct. 2009 à 23:27
À cause d'un autre problème relié à mon antivirus, j'ai ré essayé ta manip avec combix et ça a marché, alors je t'envoie le rapport.
ComboFix 09-10-04.01 - Francis Rouillier 2009-10-04 17:01.1.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.1023.587 [GMT -4:00]
Lancé depuis: d:\program files\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\1d31071.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\msa.exe
c:\windows\system32\muzapp.exe
C:\XES7.tmp
Une copie infectée de c:\windows\system32\eventlog.dll a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\eventlog.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-04 au 2009-10-04 ))))))))))))))))))))))))))))))))))))
.
2009-10-02 13:00 . 2009-10-02 13:10 -------- d-----w- c:\windows\RegLooks
2009-10-01 14:49 . 2009-10-01 14:49 -------- d-----w- c:\program files\Trend Micro
2009-09-30 23:54 . 2009-09-30 23:54 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-29 20:01 . 2009-09-29 20:01 -------- d-----w- C:\My Music
2009-09-29 19:47 . 2009-09-29 19:47 -------- d-----w- c:\program files\Fichiers communs\xing shared
2009-09-26 15:01 . 2009-09-26 15:01 -------- d-----w- c:\program files\iPod
2009-09-16 23:13 . 2009-09-16 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-16 23:09 . 2009-09-16 23:10 -------- d-----w- c:\program files\QuickTime
2009-09-08 19:59 . 2009-09-08 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-09-08 19:53 . 2009-09-08 19:53 -------- d-----w- c:\program files\STOPzilla!
2009-09-08 19:53 . 2009-09-08 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-09-08 19:53 . 2009-09-08 19:53 -------- d-----w- c:\program files\Fichiers communs\iS3
2009-09-06 15:10 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 21:16 . 2009-03-11 20:20 -------- d-----w- c:\documents and settings\Francis Rouillier\Application Data\WTablet
2009-09-29 19:49 . 2008-05-17 23:23 -------- d-----w- c:\program files\Fichiers communs\Real
2009-09-28 21:52 . 2009-04-24 21:37 -------- d-----w- c:\documents and settings\Francis Rouillier\Application Data\Vista Start Menu
2009-09-26 15:01 . 2008-04-27 23:33 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-09-23 02:54 . 2008-05-15 22:26 -------- d-----w- c:\documents and settings\Francis Rouillier\Application Data\LimeWire
2009-09-16 23:20 . 2008-04-27 23:36 -------- d-----w- c:\documents and settings\Francis Rouillier\Application Data\Apple Computer
2009-09-10 18:54 . 2008-10-13 15:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-10-13 15:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 14:10 . 2003-04-24 12:00 84526 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-10 14:10 . 2003-04-24 12:00 510324 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-10 14:05 . 2009-03-05 01:57 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-08 10:49 . 2008-04-27 22:24 -------- d-----w- c:\program files\Windows Live
2009-09-06 15:07 . 2008-04-27 22:24 -------- dcsh--w- c:\program files\Fichiers communs\WindowsLiveInstaller
2009-09-06 15:01 . 2008-04-27 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-09-06 14:33 . 2008-05-21 23:17 -------- d-----w- c:\program files\Windows Media Connect 2
2009-09-05 15:42 . 2008-04-27 22:22 36088 ----a-w- c:\documents and settings\Francis Rouillier\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-28 23:42 . 2009-06-05 19:12 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 23:42 . 2009-06-05 19:12 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 02:56 . 2009-07-31 05:45 183408 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-08-18 16:23 . 2009-07-26 14:36 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:00 . 2003-04-24 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-20 18:57 . 2009-07-20 18:57 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-07-20 18:56 . 2009-07-20 18:56 311296 ----a-r- c:\windows\system32\SZBase5.dll
2009-07-20 18:56 . 2009-07-20 18:56 540672 ----a-r- c:\windows\system32\SZComp5.dll
2009-07-17 19:03 . 2003-04-24 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-19 23:09 286208 ------w- c:\windows\system32\wmpdxm.dll
2009-07-09 19:52 . 2009-07-09 19:52 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll
2009-07-09 19:52 . 2009-07-09 19:52 393216 ----a-r- c:\windows\system32\IS3DBA5.dll
2009-07-09 19:51 . 2009-07-09 19:51 385024 ----a-r- c:\windows\system32\IS3UI5.dll
2009-07-09 19:51 . 2009-07-09 19:51 61440 ----a-r- c:\windows\system32\IS3Hks5.dll
2009-07-09 19:51 . 2009-07-09 19:51 23040 ----a-r- c:\windows\system32\IS3XDat5.dll
2009-07-09 19:50 . 2009-07-09 19:50 225280 ----a-r- c:\windows\system32\IS3Win325.dll
2009-07-09 19:50 . 2009-07-09 19:50 94208 ----a-r- c:\windows\system32\IS3Inet5.dll
2009-07-09 19:50 . 2009-07-09 19:50 90112 ----a-r- c:\windows\system32\IS3Svc5.dll
2009-07-09 19:47 . 2009-07-09 19:47 724992 ----a-r- c:\windows\system32\IS3Base5.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-28 68856]
"Netlog Music Tool"="c:\program files\Netlog Music Tool\NetlogMusicTool.exe" [2008-10-23 1728456]
"VistaStartMenu"="d:\program files\Vista Start Menu\VistaStartMenu.exe" [2009-04-14 2171392]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"d:\program files\NetMeter\NetMeter.exe"="d:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264]
"WeatherEye"="c:\program files\MétéoMédia\MétéoÉclair\WeatherEye.exe" [2009-01-16 4519832]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
"VX3000"="c:\windows\vVX3000.exe" [2008-08-04 721936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-12-10 86016]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"LyraHD2TrayApp"="c:\program files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" [2005-10-11 290816]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-06-01 1059720]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-09-29 198160]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 172544]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-12-10 1519616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Francis Rouillier\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-5-3 113664]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-5-3 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D:\Program Files
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d:\program files\NetMeter
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"d:\\Program Files\\Blazers Angel\\bin\\MainR.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-26 130424]
R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-05-12 61328]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-03-11 1373480]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2004-11-03 267136]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-03-26 348752]
.
Contenu du dossier 'Tâches planifiées'
2009-09-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
2009-10-04 c:\windows\Tasks\RegCure Program Check.job
- d:\program files\RegCure\RegCure.exe [2008-04-21 21:21]
2008-06-28 c:\windows\Tasks\RegCure.job
- d:\program files\RegCure\RegCure.exe [2008-04-21 21:21]
c:\windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?e55e44394b784609ad8c058ee768df07
IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?e55e44394b784609ad8c058ee768df07
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.com\download
FF - ProfilePath - c:\documents and settings\Francis Rouillier\Application Data\Mozilla\Firefox\Profiles\ulv9as6o.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - component: c:\documents and settings\Francis Rouillier\Application Data\Mozilla\Firefox\Profiles\ulv9as6o.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: d:\program files\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Francis Rouillier\Application Data\Mozilla\Firefox\Profiles\ulv9as6o.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Francis Rouillier\Application Data\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\program files\Netscape6\nppl3260.dll
FF - plugin: d:\program files\Netscape6\nppl3260.dll
FF - plugin: d:\program files\Netscape6\nprjplug.dll
FF - plugin: d:\program files\Netscape6\nprjplug.dll
FF - plugin: d:\program files\Netscape6\nprpjplug.dll
FF - plugin: d:\program files\Netscape6\nprpjplug.dll
FF - plugin: d:\program files\Nouveau dossier\nphardwaredetection.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
AddRemove-{F37167DD-4436-4641-90B6-329D60632DDA} - c:\program files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-04 17:16
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(272)
d:\program files\iTunes\iTunesMiniPlayer.dll
d:\program files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll
d:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
d:\program files\Vista Start Menu\VistaStartMenu.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\rundll32.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Heure de fin: 2009-10-04 17:24 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-04 21:24
Avant-CF: 18 643 038 208 octets libres
Après-CF: 19 670 077 440 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn
243 --- E O F --- 2009-10-04 21:20
ComboFix 09-10-04.01 - Francis Rouillier 2009-10-04 17:01.1.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.1023.587 [GMT -4:00]
Lancé depuis: d:\program files\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\1d31071.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\msa.exe
c:\windows\system32\muzapp.exe
C:\XES7.tmp
Une copie infectée de c:\windows\system32\eventlog.dll a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\eventlog.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-04 au 2009-10-04 ))))))))))))))))))))))))))))))))))))
.
2009-10-02 13:00 . 2009-10-02 13:10 -------- d-----w- c:\windows\RegLooks
2009-10-01 14:49 . 2009-10-01 14:49 -------- d-----w- c:\program files\Trend Micro
2009-09-30 23:54 . 2009-09-30 23:54 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-29 20:01 . 2009-09-29 20:01 -------- d-----w- C:\My Music
2009-09-29 19:47 . 2009-09-29 19:47 -------- d-----w- c:\program files\Fichiers communs\xing shared
2009-09-26 15:01 . 2009-09-26 15:01 -------- d-----w- c:\program files\iPod
2009-09-16 23:13 . 2009-09-16 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-16 23:09 . 2009-09-16 23:10 -------- d-----w- c:\program files\QuickTime
2009-09-08 19:59 . 2009-09-08 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-09-08 19:53 . 2009-09-08 19:53 -------- d-----w- c:\program files\STOPzilla!
2009-09-08 19:53 . 2009-09-08 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-09-08 19:53 . 2009-09-08 19:53 -------- d-----w- c:\program files\Fichiers communs\iS3
2009-09-06 15:10 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 21:16 . 2009-03-11 20:20 -------- d-----w- c:\documents and settings\Francis Rouillier\Application Data\WTablet
2009-09-29 19:49 . 2008-05-17 23:23 -------- d-----w- c:\program files\Fichiers communs\Real
2009-09-28 21:52 . 2009-04-24 21:37 -------- d-----w- c:\documents and settings\Francis Rouillier\Application Data\Vista Start Menu
2009-09-26 15:01 . 2008-04-27 23:33 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-09-23 02:54 . 2008-05-15 22:26 -------- d-----w- c:\documents and settings\Francis Rouillier\Application Data\LimeWire
2009-09-16 23:20 . 2008-04-27 23:36 -------- d-----w- c:\documents and settings\Francis Rouillier\Application Data\Apple Computer
2009-09-10 18:54 . 2008-10-13 15:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-10-13 15:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 14:10 . 2003-04-24 12:00 84526 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-10 14:10 . 2003-04-24 12:00 510324 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-10 14:05 . 2009-03-05 01:57 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-08 10:49 . 2008-04-27 22:24 -------- d-----w- c:\program files\Windows Live
2009-09-06 15:07 . 2008-04-27 22:24 -------- dcsh--w- c:\program files\Fichiers communs\WindowsLiveInstaller
2009-09-06 15:01 . 2008-04-27 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-09-06 14:33 . 2008-05-21 23:17 -------- d-----w- c:\program files\Windows Media Connect 2
2009-09-05 15:42 . 2008-04-27 22:22 36088 ----a-w- c:\documents and settings\Francis Rouillier\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-28 23:42 . 2009-06-05 19:12 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 23:42 . 2009-06-05 19:12 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 02:56 . 2009-07-31 05:45 183408 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-08-18 16:23 . 2009-07-26 14:36 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:00 . 2003-04-24 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-20 18:57 . 2009-07-20 18:57 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-07-20 18:56 . 2009-07-20 18:56 311296 ----a-r- c:\windows\system32\SZBase5.dll
2009-07-20 18:56 . 2009-07-20 18:56 540672 ----a-r- c:\windows\system32\SZComp5.dll
2009-07-17 19:03 . 2003-04-24 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-19 23:09 286208 ------w- c:\windows\system32\wmpdxm.dll
2009-07-09 19:52 . 2009-07-09 19:52 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll
2009-07-09 19:52 . 2009-07-09 19:52 393216 ----a-r- c:\windows\system32\IS3DBA5.dll
2009-07-09 19:51 . 2009-07-09 19:51 385024 ----a-r- c:\windows\system32\IS3UI5.dll
2009-07-09 19:51 . 2009-07-09 19:51 61440 ----a-r- c:\windows\system32\IS3Hks5.dll
2009-07-09 19:51 . 2009-07-09 19:51 23040 ----a-r- c:\windows\system32\IS3XDat5.dll
2009-07-09 19:50 . 2009-07-09 19:50 225280 ----a-r- c:\windows\system32\IS3Win325.dll
2009-07-09 19:50 . 2009-07-09 19:50 94208 ----a-r- c:\windows\system32\IS3Inet5.dll
2009-07-09 19:50 . 2009-07-09 19:50 90112 ----a-r- c:\windows\system32\IS3Svc5.dll
2009-07-09 19:47 . 2009-07-09 19:47 724992 ----a-r- c:\windows\system32\IS3Base5.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-28 68856]
"Netlog Music Tool"="c:\program files\Netlog Music Tool\NetlogMusicTool.exe" [2008-10-23 1728456]
"VistaStartMenu"="d:\program files\Vista Start Menu\VistaStartMenu.exe" [2009-04-14 2171392]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"d:\program files\NetMeter\NetMeter.exe"="d:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264]
"WeatherEye"="c:\program files\MétéoMédia\MétéoÉclair\WeatherEye.exe" [2009-01-16 4519832]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
"VX3000"="c:\windows\vVX3000.exe" [2008-08-04 721936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-12-10 86016]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"LyraHD2TrayApp"="c:\program files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" [2005-10-11 290816]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-06-01 1059720]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-09-29 198160]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 172544]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-12-10 1519616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Francis Rouillier\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-5-3 113664]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-5-3 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D:\Program Files
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d:\program files\NetMeter
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"d:\\Program Files\\Blazers Angel\\bin\\MainR.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-26 130424]
R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-05-12 61328]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-03-11 1373480]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2004-11-03 267136]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-03-26 348752]
.
Contenu du dossier 'Tâches planifiées'
2009-09-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
2009-10-04 c:\windows\Tasks\RegCure Program Check.job
- d:\program files\RegCure\RegCure.exe [2008-04-21 21:21]
2008-06-28 c:\windows\Tasks\RegCure.job
- d:\program files\RegCure\RegCure.exe [2008-04-21 21:21]
c:\windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?e55e44394b784609ad8c058ee768df07
IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?e55e44394b784609ad8c058ee768df07
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.com\download
FF - ProfilePath - c:\documents and settings\Francis Rouillier\Application Data\Mozilla\Firefox\Profiles\ulv9as6o.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - component: c:\documents and settings\Francis Rouillier\Application Data\Mozilla\Firefox\Profiles\ulv9as6o.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: d:\program files\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Francis Rouillier\Application Data\Mozilla\Firefox\Profiles\ulv9as6o.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Francis Rouillier\Application Data\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\program files\Netscape6\nppl3260.dll
FF - plugin: d:\program files\Netscape6\nppl3260.dll
FF - plugin: d:\program files\Netscape6\nprjplug.dll
FF - plugin: d:\program files\Netscape6\nprjplug.dll
FF - plugin: d:\program files\Netscape6\nprpjplug.dll
FF - plugin: d:\program files\Netscape6\nprpjplug.dll
FF - plugin: d:\program files\Nouveau dossier\nphardwaredetection.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
AddRemove-{F37167DD-4436-4641-90B6-329D60632DDA} - c:\program files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-04 17:16
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(272)
d:\program files\iTunes\iTunesMiniPlayer.dll
d:\program files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll
d:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
d:\program files\Vista Start Menu\VistaStartMenu.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\rundll32.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Heure de fin: 2009-10-04 17:24 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-04 21:24
Avant-CF: 18 643 038 208 octets libres
Après-CF: 19 670 077 440 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn
243 --- E O F --- 2009-10-04 21:20
maggot26
Messages postés
63
Date d'inscription
lundi 21 juillet 2008
Statut
Membre
Dernière intervention
14 février 2014
1
5 oct. 2009 à 00:10
5 oct. 2009 à 00:10
Depuis que combofix a scanné mon ordinateur, j'ai ré-essayé malware et reglooks et les deux ont fonctionné.
Alors je t'envois les deux rapports.
reglooks:
REGLOOKS logfile - version 0.982
Scan started: 2009-10-04 18:06:18,31
--- INFORMATION ---
Operating System: Microsoft Windows XP Professionnel - version 5.1.2600 - Service Pack 3
Bootmode: Normal boot
User: Francis Rouillier (Administrator account)
Total RAM: 1023 MB (free 554 MB - 54%)
Internet Explorer Version: 8.0.6001.18702
--- SIGCHECK ---
C:\WINDOWS\explorer.exe -- sigcheck OK
C:\WINDOWS\system32\ctfmon.exe -- sigcheck OK
C:\WINDOWS\system32\lsass.exe -- sigcheck OK
C:\WINDOWS\system32\ntkrnlpa.exe -- sigcheck OK
C:\WINDOWS\system32\ntoskrnl.exe -- sigcheck OK
C:\WINDOWS\system32\services.exe -- sigcheck OK
C:\WINDOWS\system32\sfcfiles.dll -- sigcheck OK
C:\WINDOWS\system32\spoolsv.exe -- sigcheck OK
C:\WINDOWS\system32\svchost.exe -- sigcheck OK
C:\WINDOWS\system32\termsrv.dll -- sigcheck OK
C:\WINDOWS\system32\user32.dll -- sigcheck OK
C:\WINDOWS\system32\userinit.exe -- sigcheck OK
C:\WINDOWS\system32\wininet.dll -- sigcheck OK
C:\WINDOWS\system32\winlogon.exe -- sigcheck OK
C:\WINDOWS\system32\ws2_32.dll -- sigcheck OK
C:\WINDOWS\system32\wuauclt.exe -- sigcheck OK
C:\WINDOWS\system32\drivers\ip6fw.sys -- sigcheck OK
C:\WINDOWS\system32\drivers\ndis.sys -- sigcheck OK
C:\WINDOWS\system32\drivers\tcpip.sys -- sigcheck OK
--- SSODL regkeys ---
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" -- File: %SystemRoot%\system32\SHELL32.dll -- [?]
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" -- File: %SystemRoot%\system32\SHELL32.dll -- [?]
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" -- File: C:\WINDOWS\system32\webcheck.dll -- [236544] -- [2009-03-08 04:34]
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" -- File: %systemroot%\system32\stobject.dll -- [?]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -- File: C:\WINDOWS\system32\WPDShServiceObj.dll -- [133632] -- [2006-10-18 21:47]
--- STS regkeys ---
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" -- File: %SystemRoot%\System32\browseui.dll -- [?]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" -- File: %SystemRoot%\System32\browseui.dll -- [?]
--- USERINIT regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
File: C:\WINDOWS\system32\userinit.exe -- [26624] -- [2008-04-13 22:34]
--- SHELL regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"
File: C:\WINDOWS\Explorer.exe -- [1037824] -- [2008-04-13 22:34]
--- SYSTEM regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
--- APPINIT_DLLS regkey ---
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
no AppInit_DLLs regkey found
--- NOTIFY regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
-- File: C:\WINDOWS\system32\crypt32.dll -- [606208] -- [2008-04-13 22:33]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
-- File: C:\WINDOWS\system32\cryptnet.dll -- [64512] -- [2008-04-13 22:33]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
-- File: C:\WINDOWS\system32\cscdll.dll -- [102912] -- [2008-04-13 22:33]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
-- File: %SystemRoot%\System32\dimsntfy.dll -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [94208] -- [2008-04-13 22:33]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [94208] -- [2008-04-13 22:33]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
-- File: C:\WINDOWS\system32\sclgntfy.dll -- [22016] -- [2008-04-13 22:33]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
-- File: C:\WINDOWS\system32\WlNotify.dll -- [94208] -- [2008-04-13 22:33]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [94208] -- [2008-04-13 22:33]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
-- File: C:\WINDOWS\system32\WgaLogon.dll -- [265088] -- [2009-03-10 22:18]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [94208] -- [2008-04-13 22:33]
--- RUN / LOAD regkeys ---
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
no run / load keys found
--- SHELLEXECUTEHOOKS regkey ---
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" -- File: shell32.dll -- [?]
--- HKLM AUTORUN regkeys ---
[HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor]
no AutoRun regkey found
--- HKCU AUTORUN regkeys ---
[HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
no AutoRun regkey found
--- HKLM\RUN regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon" -- File: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup -- [?]
"VX3000" -- File C:\WINDOWS\vVX3000.exe -- [721936] -- [2008-08-04 16:22]
"SunJavaUpdateSched" -- File "C:\Program Files\Java\jre6\bin\jusched.exe" -- [148888] -- [2009-03-09 05:19]
"nwiz" -- File: nwiz.exe /install -- [?]
"NvMediaCenter" -- File: RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit -- [?]
"McAfeeUpdaterUI" -- File: "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey -- [?]
"LyraHD2TrayApp" -- File "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" -- [290816] -- [2005-10-11 18:35]
"ISUSPM" -- File: "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler -- [?]
"Adobe Reader Speed Launcher" -- File "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" -- [39792] -- [2008-10-15 02:04]
"LifeCam" -- File "C:\Program Files\Microsoft LifeCam\LifeExp.exe" -- [160800] -- [2008-08-04 16:22]
"TrojanScanner" -- File: C:\Program Files\Trojan Remover\Trjscan.exe /boot -- [?]
"SMSTray" -- File C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe -- [132624] -- [2007-12-14 17:19]
"QuickTime Task" -- File: "C:\Program Files\QuickTime\qttask.exe" -atboottime -- [?]
"iTunesHelper" -- File "D:\Program Files\iTunes\iTunesHelper.exe" -- [305440] -- [2009-09-21 16:36]
"TkBellExe" -- File: "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot -- [?]
"Malwarebytes Anti-Malware (reboot)" -- File: "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript -- [?]
--- HKLM\RUNONCE regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
no runonce values found
--- HKLM\RUNONCEEX regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
no runonceex values found
--- HKLM\RUNSERVICES regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
no runservices values found
--- HKLM\RUNSERVICESONCE regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
no runservicesonce values found
--- HKCU\RUN regkey ---
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg" -- File C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -- [68856] -- [2008-04-27 20:22]
"Netlog Music Tool" -- File "C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe" -- [1728456] -- [2008-10-23 19:21]
"VistaStartMenu" -- File "D:\Program Files\Vista Start Menu\VistaStartMenu.exe" -- [2171392] -- [2009-04-13 20:21]
"msnmsgr" -- File: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background -- [?]
"D:\Program Files\NetMeter\NetMeter.exe" -- File D:\Program Files\NetMeter\NetMeter.exe -- [331264] -- [2007-08-11 15:50]
"WeatherEye" -- File -- C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe -- [X]
"ctfmon.exe" -- File C:\WINDOWS\system32\ctfmon.exe -- [15360] -- [2008-04-13 22:33]
hidden keys:
"D:\\Program Files\\NetMeter\\NetMeter.exe"="D:\\Program Files\\NetMeter\\NetMeter.exe"
--- HKCU\RUNONCE regkey ---
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
no runonce values found
--- HKCU\RUNONCEEX regkey ---
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
key not found
--- HKCU\RUNSERVICES regkey ---
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
no runservices values found
--- HKCU\RUNSERVICESONCE regkey ---
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
no runservicesonce values found
--- HKU\.DEFAULT\Run regkeys - Default user ---
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE" -- File C:\WINDOWS\System32\CTFMON.EXE -- [15360] -- [2008-04-13 22:33]
--- HKU\S-1-5-18\Run regkeys - user SYSTEM ---
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE" -- File C:\WINDOWS\System32\CTFMON.EXE -- [15360] -- [2008-04-13 22:33]
--- HKU\S-1-5-19\Run regkeys - User Lokale service ---
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
key not found
--- HKU\S-1-5-20\Run regkeys - User Lokale service ---
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
key not found
--- HKLM\Explorer\Run regkeys ---
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
no run values found
--- HKCU\Explorer\Run regkeys ---
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
no run values found
--- Image File Execution regkeys ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
no debuggers found
--- BROWSER HELPER OBJECTS regkeys ---
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
-- File: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll -- [440384] -- [2006-10-26 11:28]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
-- File: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll -- [62080] -- [2006-10-23 00:08]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1827766B-9F49-4854-8034-F6EE26FCB1EC}]
-- File: C:\Program Files\STOPzilla!\SZSG.dll -- [259520] -- [2009-08-18 16:09]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
-- File: d:\program files\rpbrowserrecordplugin.dll -- [329312] -- [2009-09-29 15:49]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
-- File: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll -- [137600] -- [2009-05-19 11:36]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
-- CLSID not found
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
-- File: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll -- [408448] -- [2009-01-22 16:41]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
-- File: c:\program files\google\googletoolbar1.dll -- [2436160] -- [2008-04-27 18:29]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
-- File: C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll -- [737776] -- [2008-09-22 19:00]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
-- File: C:\Program Files\Java\jre6\bin\jp2ssv.dll -- [35840] -- [2009-03-09 05:18]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}]
-- File: C:\Program Files\STOPzilla!\SZIEBHO.dll -- [222656] -- [2009-08-18 16:09]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
-- File: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll -- [73728] -- [2009-03-09 05:18]
--- TOOLBAR regkeys ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -- File: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll -- [440384] -- [2006-10-26 11:28]
{98828DED-A591-462F-83BA-D2F62A68B8B8} -- File: C:\Program Files\STOPzilla!\SZSG.dll -- [259520] -- [2009-08-18 16:09]
--- HKLM\URLSEARCHHOOKS regkeys ---
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
no urlsearchhooks found
--- HKCU\URLSEARCHHOOKS regkeys ---
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} -- File: C:\WINDOWS\system32\ieframe.dll -- [11067392] -- [2009-07-19 18:45]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -- File: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll -- [440384] -- [2006-10-26 11:28]
--- SRCEENSAVER regkey ---
[HKEY_CURRENT_USER\Control Panel\Desktop]
scrnsave.exe value not found
--- ALTERNATESHELL regkey ---
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
File: C:\WINDOWS\system32\cmd.exe -- [401408] -- [2008-04-13 22:33]
--- SECURITYPROVIDERS regkey ---
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
File: C:\WINDOWS\system32\msapsspc.dll -- [86016] -- [2008-04-13 22:33]
File: C:\WINDOWS\system32\schannel.dll -- [144896] -- [2008-12-05 02:57]
File: C:\WINDOWS\system32\digest.dll -- [68608] -- [2008-04-13 22:33]
File: C:\WINDOWS\system32\msnsspc.dll -- [290816] -- [2008-04-13 22:33]
--- Active Setup\Installed Components regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
-- File: C:\WINDOWS\system32\ieudinit.exe -- [36864] -- [2009-03-08 04:32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
-- File: C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
-- File: %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{CB58DED6-4AF3-4080-9DF1-DEE72075169F}]
-- File: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1325db73-d9f1-48f8-8895-6d814ec58889}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
-- File: %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3F7924B9-D148-3141-87B1-68F36043A940}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
-- File: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
-- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4d64f3ba-f112-4efe-a02e-96680859937c}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{50D96BEC-03A8-F0AE-6A6B-7A6EFCF4DEFE}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
-- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5b7bf89d-d196-4c32-a303-a57b8ab7f18d}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
-- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
-- File: regsvr32.exe /s /n /i:U shell32.dll -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
-- File: C:\WINDOWS\system32\ie4uinit.exe -BaseSettings -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
-- File: C:\WINDOWS\system32\ie4uinit.exe -BaseSettings -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
-- File: C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{dd772a76-bef3-44d7-8b39-502c8504c1f1}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{f15ee071-deb7-4cbb-951f-431c98338d8e}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]
-- filepath not found
--- Services regkey ---
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\driverhardwarev2]
-- File: \??\D:\Program Files\Nouveau dossier\Drivers\driverhardwarev2.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IviRegMgr]
-- File: C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe -- [112152] -- [2007-01-04 19:48]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JavaQuickStarterService]
-- File: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSCamSvc]
-- File: "C:\Program Files\Microsoft LifeCam\MSCamS32.exe" -- [164896] -- [2008-08-04 16:22]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetTcpPortSharing]
-- File: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" -- [132096] -- [2008-07-29 19:16]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCTCore]
-- File: system32\drivers\PCTCore.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sbhips]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SeaPort]
-- File: "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" -- [240512] -- [2009-05-19 11:36]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SiS7012]
-- File: system32\drivers\sis7012.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swwd]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\szkg5]
-- File: system32\DRIVERS\szkg.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\szserver]
-- File: "C:\Program Files\Fichiers communs\iS3\Anti-Spyware\SZServer.exe" -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TabletServicePen]
-- File: C:\WINDOWS\system32\Pen_Tablet.exe -- [1373480] -- [2007-09-07 14:16]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VX3000]
-- File: system32\DRIVERS\VX3000.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VxD]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wacommousefilter]
-- File: system32\DRIVERS\wacommousefilter.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wacomvhid]
-- File: system32\DRIVERS\wacomvhid.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WacomVKHid]
-- File: system32\DRIVERS\WacomVKHid.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{3C23CB85-1365-4B87-8F34-203301293409}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{62607FA8-E1FF-4237-9300-B963EF721C7E}]
-- filepath not found
--- SAFEBOOT MINIMAL SERVICES ---
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
{533C5B84-EC70-11D2-9505-00C04F79DEAF}
--- SAFEBOOT Network SERVICES ---
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
DnsCache
vsmon
--- BOOTEXECUTE regkey ---
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"= autocheck autochk *\0\0
--- PENDINGFILERENAMEOPERATIONS regkey ---
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
PendingFileRenameOperations key not found
--- WOW-CMDLINE regkeys ---
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW]
"cmdline" = %SystemRoot%\system32\ntvdm.exe
"cmdline" = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
--- NETSVCS regkey ---
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- NETSVCS
0WmdmPmSN
--- DNS SERVER regkeys ---
no "NameServer" values found
--- File associations ---
.BAT files: ("%1" %*)
.COM files: ("%1" %*)
.EXE files: ("%1" %*)
.HLP files: (%SystemRoot%\System32\winhlp32.exe %1)
.INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.JS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
.PIF files: ("%1" %*)
.REG files: (regedit.exe "%1")
.SCR files: ("%1" /S)
.TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1)
.VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
--- STARTUP FOLDERS ---
--- TASK SCHEDULER JOBS ---
C:\WINDOWS\tasks\AppleSoftwareUpdate.job -- [284] -- [2009-09-16 17:44]
C:\WINDOWS\tasks\RegCure Program Check.job -- [462] -- [2009-10-04 17:49]
C:\WINDOWS\tasks\RegCure.job -- [396] -- [2008-06-27 22:07]
Scan completed: 2009-10-04 18:07:24,90
FINISHED
Anti-Malware
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2907
Windows 5.1.2600 Service Pack 3
2009-10-04 17:46:56
malware
Type de recherche: Examen rapide
Eléments examinés: 97941
Temps écoulé: 7 minute(s), 29 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> No action taken.
Alors je t'envois les deux rapports.
reglooks:
REGLOOKS logfile - version 0.982
Scan started: 2009-10-04 18:06:18,31
--- INFORMATION ---
Operating System: Microsoft Windows XP Professionnel - version 5.1.2600 - Service Pack 3
Bootmode: Normal boot
User: Francis Rouillier (Administrator account)
Total RAM: 1023 MB (free 554 MB - 54%)
Internet Explorer Version: 8.0.6001.18702
--- SIGCHECK ---
C:\WINDOWS\explorer.exe -- sigcheck OK
C:\WINDOWS\system32\ctfmon.exe -- sigcheck OK
C:\WINDOWS\system32\lsass.exe -- sigcheck OK
C:\WINDOWS\system32\ntkrnlpa.exe -- sigcheck OK
C:\WINDOWS\system32\ntoskrnl.exe -- sigcheck OK
C:\WINDOWS\system32\services.exe -- sigcheck OK
C:\WINDOWS\system32\sfcfiles.dll -- sigcheck OK
C:\WINDOWS\system32\spoolsv.exe -- sigcheck OK
C:\WINDOWS\system32\svchost.exe -- sigcheck OK
C:\WINDOWS\system32\termsrv.dll -- sigcheck OK
C:\WINDOWS\system32\user32.dll -- sigcheck OK
C:\WINDOWS\system32\userinit.exe -- sigcheck OK
C:\WINDOWS\system32\wininet.dll -- sigcheck OK
C:\WINDOWS\system32\winlogon.exe -- sigcheck OK
C:\WINDOWS\system32\ws2_32.dll -- sigcheck OK
C:\WINDOWS\system32\wuauclt.exe -- sigcheck OK
C:\WINDOWS\system32\drivers\ip6fw.sys -- sigcheck OK
C:\WINDOWS\system32\drivers\ndis.sys -- sigcheck OK
C:\WINDOWS\system32\drivers\tcpip.sys -- sigcheck OK
--- SSODL regkeys ---
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" -- File: %SystemRoot%\system32\SHELL32.dll -- [?]
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" -- File: %SystemRoot%\system32\SHELL32.dll -- [?]
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" -- File: C:\WINDOWS\system32\webcheck.dll -- [236544] -- [2009-03-08 04:34]
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" -- File: %systemroot%\system32\stobject.dll -- [?]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -- File: C:\WINDOWS\system32\WPDShServiceObj.dll -- [133632] -- [2006-10-18 21:47]
--- STS regkeys ---
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" -- File: %SystemRoot%\System32\browseui.dll -- [?]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" -- File: %SystemRoot%\System32\browseui.dll -- [?]
--- USERINIT regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
File: C:\WINDOWS\system32\userinit.exe -- [26624] -- [2008-04-13 22:34]
--- SHELL regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"
File: C:\WINDOWS\Explorer.exe -- [1037824] -- [2008-04-13 22:34]
--- SYSTEM regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
--- APPINIT_DLLS regkey ---
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
no AppInit_DLLs regkey found
--- NOTIFY regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
-- File: C:\WINDOWS\system32\crypt32.dll -- [606208] -- [2008-04-13 22:33]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
-- File: C:\WINDOWS\system32\cryptnet.dll -- [64512] -- [2008-04-13 22:33]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
-- File: C:\WINDOWS\system32\cscdll.dll -- [102912] -- [2008-04-13 22:33]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
-- File: %SystemRoot%\System32\dimsntfy.dll -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [94208] -- [2008-04-13 22:33]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [94208] -- [2008-04-13 22:33]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
-- File: C:\WINDOWS\system32\sclgntfy.dll -- [22016] -- [2008-04-13 22:33]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
-- File: C:\WINDOWS\system32\WlNotify.dll -- [94208] -- [2008-04-13 22:33]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [94208] -- [2008-04-13 22:33]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
-- File: C:\WINDOWS\system32\WgaLogon.dll -- [265088] -- [2009-03-10 22:18]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [94208] -- [2008-04-13 22:33]
--- RUN / LOAD regkeys ---
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
no run / load keys found
--- SHELLEXECUTEHOOKS regkey ---
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" -- File: shell32.dll -- [?]
--- HKLM AUTORUN regkeys ---
[HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor]
no AutoRun regkey found
--- HKCU AUTORUN regkeys ---
[HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
no AutoRun regkey found
--- HKLM\RUN regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon" -- File: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup -- [?]
"VX3000" -- File C:\WINDOWS\vVX3000.exe -- [721936] -- [2008-08-04 16:22]
"SunJavaUpdateSched" -- File "C:\Program Files\Java\jre6\bin\jusched.exe" -- [148888] -- [2009-03-09 05:19]
"nwiz" -- File: nwiz.exe /install -- [?]
"NvMediaCenter" -- File: RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit -- [?]
"McAfeeUpdaterUI" -- File: "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey -- [?]
"LyraHD2TrayApp" -- File "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" -- [290816] -- [2005-10-11 18:35]
"ISUSPM" -- File: "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler -- [?]
"Adobe Reader Speed Launcher" -- File "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" -- [39792] -- [2008-10-15 02:04]
"LifeCam" -- File "C:\Program Files\Microsoft LifeCam\LifeExp.exe" -- [160800] -- [2008-08-04 16:22]
"TrojanScanner" -- File: C:\Program Files\Trojan Remover\Trjscan.exe /boot -- [?]
"SMSTray" -- File C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe -- [132624] -- [2007-12-14 17:19]
"QuickTime Task" -- File: "C:\Program Files\QuickTime\qttask.exe" -atboottime -- [?]
"iTunesHelper" -- File "D:\Program Files\iTunes\iTunesHelper.exe" -- [305440] -- [2009-09-21 16:36]
"TkBellExe" -- File: "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot -- [?]
"Malwarebytes Anti-Malware (reboot)" -- File: "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript -- [?]
--- HKLM\RUNONCE regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
no runonce values found
--- HKLM\RUNONCEEX regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
no runonceex values found
--- HKLM\RUNSERVICES regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
no runservices values found
--- HKLM\RUNSERVICESONCE regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
no runservicesonce values found
--- HKCU\RUN regkey ---
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg" -- File C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -- [68856] -- [2008-04-27 20:22]
"Netlog Music Tool" -- File "C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe" -- [1728456] -- [2008-10-23 19:21]
"VistaStartMenu" -- File "D:\Program Files\Vista Start Menu\VistaStartMenu.exe" -- [2171392] -- [2009-04-13 20:21]
"msnmsgr" -- File: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background -- [?]
"D:\Program Files\NetMeter\NetMeter.exe" -- File D:\Program Files\NetMeter\NetMeter.exe -- [331264] -- [2007-08-11 15:50]
"WeatherEye" -- File -- C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe -- [X]
"ctfmon.exe" -- File C:\WINDOWS\system32\ctfmon.exe -- [15360] -- [2008-04-13 22:33]
hidden keys:
"D:\\Program Files\\NetMeter\\NetMeter.exe"="D:\\Program Files\\NetMeter\\NetMeter.exe"
--- HKCU\RUNONCE regkey ---
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
no runonce values found
--- HKCU\RUNONCEEX regkey ---
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
key not found
--- HKCU\RUNSERVICES regkey ---
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
no runservices values found
--- HKCU\RUNSERVICESONCE regkey ---
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
no runservicesonce values found
--- HKU\.DEFAULT\Run regkeys - Default user ---
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE" -- File C:\WINDOWS\System32\CTFMON.EXE -- [15360] -- [2008-04-13 22:33]
--- HKU\S-1-5-18\Run regkeys - user SYSTEM ---
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE" -- File C:\WINDOWS\System32\CTFMON.EXE -- [15360] -- [2008-04-13 22:33]
--- HKU\S-1-5-19\Run regkeys - User Lokale service ---
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
key not found
--- HKU\S-1-5-20\Run regkeys - User Lokale service ---
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
key not found
--- HKLM\Explorer\Run regkeys ---
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
no run values found
--- HKCU\Explorer\Run regkeys ---
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
no run values found
--- Image File Execution regkeys ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
no debuggers found
--- BROWSER HELPER OBJECTS regkeys ---
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
-- File: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll -- [440384] -- [2006-10-26 11:28]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
-- File: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll -- [62080] -- [2006-10-23 00:08]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1827766B-9F49-4854-8034-F6EE26FCB1EC}]
-- File: C:\Program Files\STOPzilla!\SZSG.dll -- [259520] -- [2009-08-18 16:09]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
-- File: d:\program files\rpbrowserrecordplugin.dll -- [329312] -- [2009-09-29 15:49]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
-- File: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll -- [137600] -- [2009-05-19 11:36]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
-- CLSID not found
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
-- File: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll -- [408448] -- [2009-01-22 16:41]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
-- File: c:\program files\google\googletoolbar1.dll -- [2436160] -- [2008-04-27 18:29]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
-- File: C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll -- [737776] -- [2008-09-22 19:00]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
-- File: C:\Program Files\Java\jre6\bin\jp2ssv.dll -- [35840] -- [2009-03-09 05:18]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}]
-- File: C:\Program Files\STOPzilla!\SZIEBHO.dll -- [222656] -- [2009-08-18 16:09]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
-- File: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll -- [73728] -- [2009-03-09 05:18]
--- TOOLBAR regkeys ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -- File: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll -- [440384] -- [2006-10-26 11:28]
{98828DED-A591-462F-83BA-D2F62A68B8B8} -- File: C:\Program Files\STOPzilla!\SZSG.dll -- [259520] -- [2009-08-18 16:09]
--- HKLM\URLSEARCHHOOKS regkeys ---
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
no urlsearchhooks found
--- HKCU\URLSEARCHHOOKS regkeys ---
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} -- File: C:\WINDOWS\system32\ieframe.dll -- [11067392] -- [2009-07-19 18:45]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -- File: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll -- [440384] -- [2006-10-26 11:28]
--- SRCEENSAVER regkey ---
[HKEY_CURRENT_USER\Control Panel\Desktop]
scrnsave.exe value not found
--- ALTERNATESHELL regkey ---
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
File: C:\WINDOWS\system32\cmd.exe -- [401408] -- [2008-04-13 22:33]
--- SECURITYPROVIDERS regkey ---
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
File: C:\WINDOWS\system32\msapsspc.dll -- [86016] -- [2008-04-13 22:33]
File: C:\WINDOWS\system32\schannel.dll -- [144896] -- [2008-12-05 02:57]
File: C:\WINDOWS\system32\digest.dll -- [68608] -- [2008-04-13 22:33]
File: C:\WINDOWS\system32\msnsspc.dll -- [290816] -- [2008-04-13 22:33]
--- Active Setup\Installed Components regkey ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
-- File: C:\WINDOWS\system32\ieudinit.exe -- [36864] -- [2009-03-08 04:32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
-- File: C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
-- File: %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{CB58DED6-4AF3-4080-9DF1-DEE72075169F}]
-- File: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1325db73-d9f1-48f8-8895-6d814ec58889}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
-- File: %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3F7924B9-D148-3141-87B1-68F36043A940}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
-- File: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
-- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4d64f3ba-f112-4efe-a02e-96680859937c}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{50D96BEC-03A8-F0AE-6A6B-7A6EFCF4DEFE}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
-- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5b7bf89d-d196-4c32-a303-a57b8ab7f18d}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
-- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
-- File: regsvr32.exe /s /n /i:U shell32.dll -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
-- File: C:\WINDOWS\system32\ie4uinit.exe -BaseSettings -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
-- File: C:\WINDOWS\system32\ie4uinit.exe -BaseSettings -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
-- File: C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{dd772a76-bef3-44d7-8b39-502c8504c1f1}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{f15ee071-deb7-4cbb-951f-431c98338d8e}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]
-- filepath not found
--- Services regkey ---
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\driverhardwarev2]
-- File: \??\D:\Program Files\Nouveau dossier\Drivers\driverhardwarev2.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IviRegMgr]
-- File: C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe -- [112152] -- [2007-01-04 19:48]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JavaQuickStarterService]
-- File: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSCamSvc]
-- File: "C:\Program Files\Microsoft LifeCam\MSCamS32.exe" -- [164896] -- [2008-08-04 16:22]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetTcpPortSharing]
-- File: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" -- [132096] -- [2008-07-29 19:16]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCTCore]
-- File: system32\drivers\PCTCore.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sbhips]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SeaPort]
-- File: "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" -- [240512] -- [2009-05-19 11:36]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SiS7012]
-- File: system32\drivers\sis7012.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swwd]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\szkg5]
-- File: system32\DRIVERS\szkg.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\szserver]
-- File: "C:\Program Files\Fichiers communs\iS3\Anti-Spyware\SZServer.exe" -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TabletServicePen]
-- File: C:\WINDOWS\system32\Pen_Tablet.exe -- [1373480] -- [2007-09-07 14:16]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VX3000]
-- File: system32\DRIVERS\VX3000.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VxD]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wacommousefilter]
-- File: system32\DRIVERS\wacommousefilter.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wacomvhid]
-- File: system32\DRIVERS\wacomvhid.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WacomVKHid]
-- File: system32\DRIVERS\WacomVKHid.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{3C23CB85-1365-4B87-8F34-203301293409}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{62607FA8-E1FF-4237-9300-B963EF721C7E}]
-- filepath not found
--- SAFEBOOT MINIMAL SERVICES ---
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
{533C5B84-EC70-11D2-9505-00C04F79DEAF}
--- SAFEBOOT Network SERVICES ---
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
DnsCache
vsmon
--- BOOTEXECUTE regkey ---
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"= autocheck autochk *\0\0
--- PENDINGFILERENAMEOPERATIONS regkey ---
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
PendingFileRenameOperations key not found
--- WOW-CMDLINE regkeys ---
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW]
"cmdline" = %SystemRoot%\system32\ntvdm.exe
"cmdline" = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
--- NETSVCS regkey ---
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- NETSVCS
0WmdmPmSN
--- DNS SERVER regkeys ---
no "NameServer" values found
--- File associations ---
.BAT files: ("%1" %*)
.COM files: ("%1" %*)
.EXE files: ("%1" %*)
.HLP files: (%SystemRoot%\System32\winhlp32.exe %1)
.INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.JS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
.PIF files: ("%1" %*)
.REG files: (regedit.exe "%1")
.SCR files: ("%1" /S)
.TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1)
.VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
--- STARTUP FOLDERS ---
--- TASK SCHEDULER JOBS ---
C:\WINDOWS\tasks\AppleSoftwareUpdate.job -- [284] -- [2009-09-16 17:44]
C:\WINDOWS\tasks\RegCure Program Check.job -- [462] -- [2009-10-04 17:49]
C:\WINDOWS\tasks\RegCure.job -- [396] -- [2008-06-27 22:07]
Scan completed: 2009-10-04 18:07:24,90
FINISHED
Anti-Malware
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2907
Windows 5.1.2600 Service Pack 3
2009-10-04 17:46:56
malware
Type de recherche: Examen rapide
Eléments examinés: 97941
Temps écoulé: 7 minute(s), 29 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> No action taken.
