Petit problème de trojan

kodorduhl · Novembre 5, 2009, 3:07

Bonjour à tous!

Je tourne sous vista et hier pendant la mise à jour d’AVG un vilain trojan est venu s’immiscer dans les entrailles de mon ordinateur. Donc j’aimerais bien le supprimer. Après avoir galéré avec mon antivirus, puis après une grosse frayeur derrière un écran noir (windows plus accessible), j’ai finalement pu restaurer le système depuis le bios pour récupérer windows. Mais apparemment, comme on aurait pu s’en douter, le virus est toujours là!

La je viens de faire le rapport hijack.this, en espérant que quelqu’un puisse m’aider!

Merci d’avance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:56:36, on 05.11.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Windows\system32\conime.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Media player classic\media-player-classic_media_player_classic_6.4.9.1_build_20081210_francais_11019\mplayerc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ie.redirect.hp.com…
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.daemon-search.com…

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ie.redirect.hp.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ie.redirect.hp.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM…\Run: [DVDAgent] “C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe”
O4 - HKLM…\Run: [TSMAgent] “C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe”
O4 - HKLM…\Run: [CLMLServer for HP TouchSmart] “C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe”
O4 - HKLM…\Run: [UCam_Menu] “C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe” “C:\Program Files\Hewlett-Packard\Media\Webcam” update “Software\Hewlett-Packard\Media\Webcam”
O4 - HKLM…\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM…\Run: [UpdatePSTShortCut] “C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\DVD Suite” UpdateWithCreateOnce “Software\CyberLink\PowerStarter”
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM…\Run: [UpdateP2GoShortCut] “C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\Power2Go” UpdateWithCreateOnce “SOFTWARE\CyberLink\Power2Go\6.0”
O4 - HKLM…\Run: [UpdatePDIRShortCut] “C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\PowerDirector” UpdateWithCreateOnce “SOFTWARE\CyberLink\PowerDirector\7.0”
O4 - HKLM…\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM…\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM…\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM…\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM…\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM…\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU…\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU…\Run: [ISUSPM] “C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe” -scheduler
O4 - HKCU…\Run: [PC Suite Tray] “C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe” -onlytray
O4 - HKCU…\Run: [Google Update] “C:\Users\Michelet\AppData\Local\Google\Update\GoogleUpdate.exe” /c
O4 - HKCU…\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE RÉSEAU’)
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE…
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l’&image au périphérique Bluetooth… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra ‘Tools’ menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - C:\Program Files\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Service Google Update (gupdate1ca20c13978b770) (gupdate1ca20c13978b770) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

–
End of file - 12663 bytes

poisson9 · Novembre 5, 2009, 6:41

Salut, fais ceci stp :

télécharges --> Malwarebytes’ (mbam)

==>Malwarebytes

installes + mise a jour
et
Redémarre en “Mode sans échec”

tapote sur la touche F8 jusqu’à l’affichage du menu des options avancées de Windows, et sélectionne “Mode sans échec”.
Choisis ta session habituelle

Lances–> Malwarebytes (MBAM)
==> Puis vas dans l’onglet “Recherche”, coche “Exécuter un examen complet” puis “Rechercher”
==> Sélectionnes tes disques durs" puis clique sur “Lancer lexamen”
==> A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
==> Suppression des éléments détectés --> cliques sur Supprimer la sélection==>Important à faire
=> S’il t’ es demandé de redémarrer, clique sur "oui "

aprés la suppression(s) de ou des infections trouvées --> poste le rapport ici
Quel fichier détecter AVG ? Met a jour Internet Explorer vers la version 8
Bonne chance !:super:
Edité le 05/11/2009 à 19:43

kodorduhl · Novembre 6, 2009, 7:48

En fait pendant que j’ai posté mon 1er post, j’étais en train de faire une analyse AVG, et à la fin il a pu supprimer les fichiers défectueux. Mais par sécurité j’ai quand même fait l’analyse malwarebytes, et je crois que maintenant c’est tout bon, mon pc est comme neuf

En tout cas merci pour ton aide!

Voici quand même le rapport:

Malwarebytes’ Anti-Malware 1.41
Version de la base de données: 3111
Windows 6.0.6002 Service Pack 2 (Safe Mode)

06.11.2009 19:30:41
mbam-log-2009-11-06 (19-30-41).txt

Type de recherche: Examen complet (C:|D:|E:|)
Eléments examinés: 395510
Temps écoulé: 1 hour(s), 25 minute(s), 38 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\Temp\BN2CAA.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.

poisson9 · Novembre 6, 2009, 8:26

Ok,on vas quand même vérifier :

Fait stp :

1)Télécharge FindyKill

==>FindyKill

Fais un clic droit sur le lien, enregistrer sous …sur le bureau

==>FindyKill de Chiquitine29

Dézippe le sur le bureau

Entre dans le dossier FindyKill

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc…)

lance “FindyKill” : au menu principal choisis l’option " F " pour français et tape sur [entrée] .

Au second menu choisis l’option 2 (suppression) et tape sur [entrée]

Le pc va redémarrer automatiquement …

le programme va travailler , ne touche à rien … , ton bureau ne sera pas accessible c est normal !

–> Poste le rapport qui apparait à la fin ( le rapport est sauvegardé aussi sous C:\FindyKill.txt )

==> Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet “Fichier” , “Nouvelle tâche” , tape explorer.exe et valide

ensuite

Télécharge Winsockxpfix

sur ton bureau sans l executer au cas tu en aurai besoin aprés

==>Winsockxpfix

ensuite

Désactives ton antivirus et antispyware

Télécharge Combofix

==>Combofix

==>sur ton Bureau ==> et pas ailleurs et renomme le avant qu’il vienne sur ton bureau.
pour ce faire fait un clic droit sur Combofix.exe ,choisis “enregistrer la cible du lien sous…” et renomme le en==>ours27.com
==> et pour l’emplacement choisis ton bureau et cliques sur “enregistrer”
Fermez toutes les fenêtres ouvertes
Double clique==> kodorduhl.com ==>(Fichier renommé)
Tapes sur la touche1 pour démarrer le scan et suis les instructions indiquées par combofix.
Lorsque le scan sera terminé, un rapport apparaîtra. Copie/colle ce rapport ici même.
==>Le rapport se trouve également ici : C:\Combofix.txt
==> tu ne devras pas cliquer dans la fenêtre de Combofix pendant l’analyse ; ceci provoquerait le blocage du programme.

Réactives ton antivirus et antispyware

vista, tu dois donc aussi réactiver l’UAC
PS
si ta connexion internet n’est plus active après le redémarrage

Windows XP ==>Fais un double clic sur le fichier de WinsockXPFix
clique sur “Fix”

au cas faudra faire une réparation manuelle image ci dessous

3)Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

AD-Remover

Déconnecte-toi et ferme toutes applications en cours

Double-clique sur AD-Remover pour le lancer : au menu principal, choisis l’option B.

Choisis A

Puis choisis L (lancer le nettoyage) , le programme va travailler.

Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report.log)

Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr, Onglet “Fichier”, “Nouvelle tâche”, tape explorer.exe et valide)

4)télécharge GenProc sur ton bureau

==> GenProc

dézippe le dossier, double-clique sur GenProc.bat

réponds " oui" à la fenêtre qui apparait

poste le contenu du rapport qui s’ouvre

puis

5)télécharges et installes Ccleaner

==>Ccleaner

Une fois sur le bureau, clic sur l’install de CCleaner.
-> Mais avant de cliquer sur le bouton “installer”, décoche toutes les “options supplémentaires”.(install de la barre yahoo,etc…)

–>Ensuite, clique sur “Options”, “Avancé” et décoche la case
–>“Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures”.
–>Clique sur l’onglet Nettoyeur puis sur “Lancer le Nettoyage”.
–> Ensuite clique sur l’icone Registre, à droite, clique sur “Chercher des erreurs” puis sur “Réparer les erreurs sélectionnées”.

Accepte la sauvegarde, de la BDR (base de registre )qu’il propose .
Je te conseille de le repasser au moins deux fois,(ou + jusqu’à qu’il ne trouve plus d’erreurs.)

Redémarres ton PC

Tu me confirmes tout ça.
Edité le 08/11/2009 à 13:23

kodorduhl · Novembre 8, 2009, 2:48

Voila déja le rapport Findykill, je poste le reste demain, j’ai pas vraiment le temps aujourd hui

############################## | FindyKill V5.017 |

User : Michelet (Administrateurs) # PORTABLE_CECE

Update on 01/11/2009 by Chiquitine29

Start at: 12:30:20 | 08.11.2009

Website : pagesperso-orange.fr…

Contact : FindyKill.Contact@gmail.com

Intel® Core™2 Duo CPU P8600 @ 2.40GHz

Microsoft® Windows Vista Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2

Internet Explorer 7.0.6002.18005

Windows Firewall Status : Disabled

C:\ # Disque fixe local # 220.75 Go (65.88 Go free) [OS] # NTFS

D:\ # Disque fixe local # 232.88 Go (33.58 Go free) [DATA] # NTFS

E:\ # Disque fixe local # 12.14 Go (1.93 Go free) [RECOVERY] # NTFS

F:\ # Disque CD-ROM

G:\ # Disque fixe local # 931.28 Go (724.86 Go free) [Elements] # FAT32

H:\ # Disque CD-ROM

J:\ # Disque amovible # 1.96 Go (619.34 Mo free) # FAT

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\lpksetup.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Program Files\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\alg.exe

################## | C: |

Supprimé ! G:“autorun.inf”

################## | C:\Windows |

Supprimé ! C:\Windows\Prefetch\1011708.EXE-2B917FED.pf
Supprimé ! C:\Windows\Prefetch\3747782.EXE-9C4E5769.pf

################## | C:\Windows\system32 |

################## | C:\Windows\system32\drivers |

################## | C:\Users\Michelet\AppData\Roaming |

################## | Autres suppressions … |

################## | Temporary Internet Files |

################## | Registre / Clés infectieuses |

################## | Etat / Services / Informations |

Mode sans echec : OK

Affichage des fichiers cachés : OK

Uac : OK

Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )

EapHost -> Start = 2 ( Good = 2 | Bad = 4 )

Wlansvc -> Start = 2 ( Good = 2 | Bad = 4 )

SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )

windefend -> Start = 2 ( Good = 2 | Bad = 4 )

wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )

wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | PEH … |

################## | Cracks / Keygens / Serials |

“D:\Jeux\COD4\Call of duty 4 [PC-DVD] [English] [www.topetorrent.com]\crack\iw3sp.exe”
25.09.2009 20:17 |Size 3017216 |Crc32 4614c0e7 |Md5 77d460bfbfff90bcf930ecc654588000

“D:\Jeux\COD4\Call of duty 4 [PC-DVD] [English] [www.topetorrent.com]\crack\rzr-cod4.exe”
25.09.2009 20:17 |Size 98304 |Crc32 e7c94522 |Md5 8d87f601d5f583cdf02105c82bb7f675

“D:\Jeux\COD5\Call of duty 5 World at war [PC-DVD] [English] [www.divxatope.com]\rld-cod5\Crack\CoDWaW.exe”
07.11.2008 15:30 |Size 5488640 |Crc32 adf10d24 |Md5 430cb73d00d9bd35210f1b93f8cca573

“D:\Softs\Adobe.Photoshop.CS3.Extended.PROPER-SWAMP\Crack\Photoshop.exe”
18.04.2007 03:24 |Size 44834816 |Crc32 f1b6fa41 |Md5 f2bc756ff613a93ef024d1ee3d07d1c2

“D:\Softs\Deskspace\DeskSpace + Topdesk__RsS\DeskSpace 1.5.4\Crack\deskspace.exe”
27.06.2009 11:45 |Size 1659392 |Crc32 65eb2c40 |Md5 c7617dff78454b8cec673fe893e22848

“D:\Softs\Inventor 2009\Crack\XF-AIP2k9-32bit-KG.exe”
20.03.2008 11:29 |Size 82432 |Crc32 6a37870d |Md5 0144163c6831a89d4c0dd8e97a5ae4cc

“D:\Softs\Inventor 2009\Crack\XF-AIP2k9-64bit-KG.exe”
20.03.2008 11:31 |Size 82432 |Crc32 c2061d73 |Md5 13f6299ccf2ec7d2459f32fb349f1f27

“G:\inventor\keygen.exe”
31.03.2005 07:48 |Size 94720 |Crc32 93b60168 |Md5 07acfab3cdb8dc052477f5b10d436496

“G:\Mesdocs ASUS\Azureus Downloads\MacroMedia Flashpro8[++Keygen]\flashpro8-en.exe”
23.08.2008 18:11 |Size 113060248 |Crc32 9c0b455b |Md5 4366b8abb6c5cf54239954a2e89c4e97

“G:\Mesdocs ASUS\Azureus Downloads\MacroMedia Flashpro8[++Keygen]\Macromedia-MultiKeyGen.exe”
23.08.2008 18:08 |Size 629760 |Crc32 49aabc16 |Md5 b5dcd37334868ab294573c72436603b9

“G:\Mesdocs ASUS\Azureus Downloads\Adobe.Photoshop.CS3.v10.0.Extended.Keygen.Only.INTERNAL.READ.NFO-SSG\aps3ekg.exe”
26.04.2007 20:16 |Size 35328 |Crc32 8f256482 |Md5 e8fc1b958d2f79495f089bb922f2be58

“G:\Mesdocs ASUS\Azureus Downloads\Adobe.Photoshop.CS3.Extended.PROPER-SWAMP\Crack\Photoshop.exe”
18.04.2007 04:24 |Size 44814336 |Crc32 8d075606 |Md5 d450729171238e2ea26b74099327d7aa

“G:\Mesdocs ASUS\Azureus Downloads\Adobe.Flash.Media.Server2.Cracked-SystemGhost\FlashMediaServer2.exe”
19.06.2006 11:57 |Size 7606392 |Crc32 411b4da9 |Md5 ab307e3e04836bf5e430e88bb35e55f3

“G:\Mesdocs ASUS\inventor\keygen.exe”
31.03.2005 07:48 |Size 94720 |Crc32 93b60168 |Md5 07acfab3cdb8dc052477f5b10d436496

“G:\Mesdocs ASUS\jeux\Spore-RELOADED\Extract\Crack\rld-spor.exe”
02.09.2008 20:24 |Size 8192 |Crc32 eb2d0aa8 |Md5 302eef532707c32b2d6dccf06006a5fd

“G:\Mesdocs ASUS\jeux\Spore-RELOADED\Extract\Crack\SporeApp.exe”
02.09.2008 22:35 |Size 40633800 |Crc32 33986432 |Md5 f26ed9d6063f176c6f8b944eb0b7d0eb

“G:\Mesdocs ASUS\jeux\Lego.Indiana.Jones.[Multi5].[PCDVD].[www.tensiontorrent.com]\rld-lein\Crack\LEGOIndy.exe”
04.06.2008 04:13 |Size 70518186 |Crc32 c7cb33e4 |Md5 37b4d4eda449bf90283d7734958f1e68

“G:\Mesdocs ASUS\Mes fichiers re?us\keygen.exe”
01.11.2003 13:59 |Size 51973 |Crc32 4fb504bf |Md5 7d48dbe58c583b1313931a908f8fc3f9

“G:\COD4\crack\iw3sp.exe”
25.09.2009 21:17 |Size 3017216 |Crc32 4614c0e7 |Md5 77d460bfbfff90bcf930ecc654588000

“G:\COD4\crack\rzr-cod4.exe”
25.09.2009 21:17 |Size 98304 |Crc32 e7c94522 |Md5 8d87f601d5f583cdf02105c82bb7f675

################## | ! Fin du rapport # FindyKill V5.017 ! |

poisson9 · Novembre 8, 2009, 5:26

Salut,ok et prend ton temps.

kodorduhl · Novembre 9, 2009, 2:03

Salut!

Voici mon rapport combofix, mais j’ai un petit problème pour la suite, le lien vers AD-remover est mort! J’ai cherché sur plusieurs autres forum, et tjs la même chose, j’arrive sur une erreur 404!

Aurais-tu une solution, ou tout simplement est-ce que je peux sauter cette étape?

ComboFix 09-11-07.02 - Michelet 09.11.2009 11:14.1.2 - NTFSx86
Microsoft® Windows Vista Édition Familiale Premium 6.0.6002.2.1252.41.1036.18.3069.1459 [GMT 1:00]
Lancé depuis: c:\users\Michelet\Desktop\kodorduhl.com.exe
SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:$recycle.bin\S-1-5-21-2967930971-2189869607-64227303-500
c:$recycle.bin\S-1-5-21-3082474585-2865157143-1589036794-500
c:\windows\Downloaded Program Files\IDropPTB.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-09 au 2009-11-09 ))))))))))))))))))))))))))))))))))))
.

2009-11-09 10:23 . 2009-11-09 10:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-08 11:25 . 2009-11-08 12:04 4096 d-----w- C:\FindyKill
2009-11-06 16:36 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-06 16:36 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-05 13:55 . 2009-11-05 13:55 -------- d-----w- c:\program files\Trend Micro
2009-11-05 11:39 . 2009-11-05 11:48 -------- d-----w- C:$AVG
2009-11-05 11:37 . 2009-11-09 10:09 4096 d-----w- c:\programdata\avg9
2009-11-04 15:37 . 2009-11-04 15:37 -------- d-----w- c:\users\Michelet\AppData\Roaming\Malwarebytes
2009-11-04 15:36 . 2009-11-06 16:36 4096 d-----w- c:\program files\Malwarebytes’ Anti-Malware
2009-11-04 15:36 . 2009-11-04 15:36 -------- d-----w- c:\programdata\Malwarebytes
2009-11-01 22:31 . 2009-11-01 22:31 -------- d-----w- c:\program files\CHRYOPROD
2009-10-31 20:51 . 2009-11-01 13:28 8192 d-----w- c:\program files\Eufloria Demo
2009-10-27 08:03 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-27 08:03 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-27 08:03 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-27 08:03 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-27 08:03 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-27 08:03 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-27 08:03 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-27 08:03 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-27 08:03 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-21 17:06 . 2009-10-21 17:10 -------- d-----w- c:\windows\system32\ca-ES
2009-10-21 17:06 . 2009-10-21 17:10 -------- d-----w- c:\windows\system32\eu-ES
2009-10-21 17:06 . 2009-10-21 17:10 -------- d-----w- c:\windows\system32\vi-VN
2009-10-21 16:59 . 2009-07-21 20:33 490496 ------w- c:\windows\system32\stapi32.dll
2009-10-21 11:38 . 2009-10-21 11:38 4096 d-----w- c:\windows\system32\EventProviders
2009-10-21 10:44 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-10-21 10:42 . 2009-04-11 06:28 1183232 ----a-w- c:\windows\system32\msxml3.dll
2009-10-21 10:40 . 2009-04-11 06:28 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2009-10-21 10:39 . 2009-04-11 06:28 99840 ----a-w- c:\windows\system32\ulib.dll
2009-10-21 10:38 . 2009-04-11 06:28 68096 ----a-w- c:\windows\system32\fdSSDP.dll
2009-10-21 10:36 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-10-21 10:36 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-10-21 10:36 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-10-21 10:36 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-10-21 10:36 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-10-21 10:36 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-10-21 10:36 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-10-21 10:36 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-10-21 10:35 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-10-21 10:35 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-10-21 10:34 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-10-16 10:20 . 2009-10-16 10:20 -------- d-----w- c:\users\Michelet\AppData\Roaming\Unigraphics Solutions
2009-10-16 10:19 . 2009-10-16 10:20 4096 d-----w- C:\Solid Edge Standard Parts
2009-10-16 10:10 . 2009-10-16 10:10 -------- d-----w- c:\users\Michelet\AppData\Local\Femap
2009-10-16 10:02 . 2009-10-16 10:48 4096 d-----w- c:\program files\Solid Edge ST
2009-10-15 16:55 . 2009-10-15 16:55 -------- d-----w- c:\users\Michelet\AppData\Local\Activision
2009-10-15 16:40 . 2009-10-15 16:40 682280 ----a-w- c:\windows\system32\pbsvc.exe
2009-10-15 16:14 . 2009-10-15 16:14 -------- d-sh–w- c:\windows\ftpcache
2009-10-15 01:07 . 2009-10-15 01:07 8192 d-----w- c:\windows\SQLTools9_KB970892_ENU
2009-10-15 01:05 . 2009-10-15 01:05 8192 d-----w- c:\windows\SQL9_KB970892_ENU
2009-10-14 17:47 . 2009-10-14 17:47 -------- d-----w- c:\program files\Veetle
2009-10-14 17:36 . 2009-10-14 17:36 -------- d-----w- c:\users\Michelet\AppData\Local\TVU Networks
2009-10-14 17:36 . 2009-10-14 17:36 -------- d-----w- c:\programdata\TVU Networks
2009-10-14 17:36 . 2009-11-04 19:18 4096 d-----w- c:\program files\TVUPlayer
2009-10-14 10:32 . 2009-08-27 12:40 834048 ----a-w- c:\windows\system32\wininet.dll
2009-10-14 10:32 . 2009-08-27 13:29 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-14 08:14 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 08:14 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 07:38 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 06:54 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 06:52 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 06:41 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-10 23:31 . 2009-10-10 23:31 -------- d-----w- c:\users\Michelet\AppData\Local\Apple Computer
2009-10-10 22:37 . 2009-11-04 19:18 4096 d-----w- c:\program files\TVAnts

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-09 09:09 . 2008-11-24 12:02 699742 ----a-w- c:\windows\system32\perfh010.dat
2009-11-09 09:09 . 2008-11-24 12:02 137572 ----a-w- c:\windows\system32\perfc010.dat
2009-11-09 09:09 . 2008-11-24 11:57 654450 ----a-w- c:\windows\system32\perfh007.dat
2009-11-09 09:09 . 2008-11-24 11:57 140232 ----a-w- c:\windows\system32\perfc007.dat
2009-11-09 09:09 . 2008-11-24 11:52 716274 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-09 09:09 . 2008-11-24 11:52 141378 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-09 09:07 . 2009-06-06 03:08 124036 ----a-w- c:\programdata\nvModes.dat
2009-11-08 13:32 . 2009-08-08 09:41 4096 d-----w- c:\users\Michelet\AppData\Roaming\Winamp
2009-11-08 11:26 . 2008-11-24 03:41 1076 ----a-w- c:\windows\bthservsdp.dat
2009-11-08 11:26 . 2009-06-11 14:38 24576 d-----w- c:\users\Michelet\AppData\Roaming\Azureus
2009-11-07 13:37 . 2009-11-07 13:37 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryAccessories.exe
2009-11-06 16:51 . 2009-09-23 09:51 8268 ----a-w- c:\users\Michelet\AppData\Local\d3d9caps.dat
2009-11-05 11:37 . 2009-08-04 22:51 -------- d-----w- c:\program files\AVG
2009-11-04 19:19 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Sidebar
2009-11-04 19:19 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Photo Gallery
2009-11-04 19:19 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Journal
2009-11-04 19:19 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-04 12:16 . 2009-06-13 10:34 4096 d-----w- c:\users\Michelet\AppData\Roaming\Skype
2009-11-04 12:03 . 2009-06-13 10:35 4096 d-----w- c:\users\Michelet\AppData\Roaming\skypePM
2009-11-02 22:24 . 2009-06-29 18:43 4096 d-----w- c:\users\Michelet\AppData\Roaming\Autodesk
2009-11-02 22:22 . 2009-06-29 18:45 4096 d-----w- c:\programdata\Autodesk
2009-10-30 17:43 . 2009-09-30 10:35 138464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-30 17:42 . 2009-09-30 10:35 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-25 22:59 . 2009-06-11 14:37 4096 d-----w- c:\program files\Vuze
2009-10-22 12:18 . 2009-06-05 13:20 4096 d-----w- c:\program files\Common Files\Adobe
2009-10-21 17:27 . 2009-02-04 13:47 -------- d-----w- c:\programdata\NVIDIA
2009-10-21 17:12 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Calendar
2009-10-21 17:12 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Collaboration
2009-10-21 17:11 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Defender
2009-10-21 17:05 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-21 17:00 . 2009-10-21 17:00 0 —ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2009-10-16 11:33 . 2009-06-05 13:29 152616 ----a-w- c:\users\Michelet\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-16 07:45 . 2009-08-13 13:53 -------- d-----w- c:\program files\KeyToPlay
2009-10-16 07:19 . 2009-06-11 15:20 -------- d-----w- c:\programdata\Media Center Programs
2009-10-16 07:17 . 2008-11-24 04:18 16384 d–h--w- c:\program files\InstallShield Installation Information
2009-10-15 16:40 . 2009-09-30 10:35 22328 ----a-w- c:\users\Michelet\AppData\Roaming\PnkBstrK.sys
2009-10-15 16:40 . 2009-09-30 10:35 22328 ----a-w- c:\users\Michelet\AppData\Roaming\PnkBstrK.sys
2009-10-15 16:18 . 2009-09-30 10:14 4096 d-----w- c:\program files\Activision
2009-10-15 01:09 . 2009-06-05 13:21 12288 d-----w- c:\programdata\Microsoft Help
2009-10-15 01:07 . 2009-06-29 19:46 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-09 15:21 . 2009-10-09 15:17 4096 d-----w- c:\program files\Dr.Kawashima_Demo
2009-10-09 08:25 . 2009-02-04 13:40 -------- d-----w- c:\program files\DigitalPersona
2009-10-09 08:22 . 2009-10-09 08:22 -------- d-----w- c:\programdata\Downloaded Installations
2009-10-07 14:14 . 2009-10-07 14:14 -------- d-----w- c:\program files\SecureW2
2009-10-05 08:11 . 2009-10-03 14:21 4096 d-----w- c:\program files\Microsoft Silverlight
2009-10-04 12:22 . 2009-07-03 15:23 4096 d-----w- c:\users\Michelet\AppData\Roaming\Nokia
2009-10-03 20:22 . 2009-10-03 20:22 1793288 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-10-03 14:21 . 2009-06-06 12:36 4096 d-----w- c:\program files\Windows Live
2009-10-03 14:16 . 2009-10-03 14:16 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-03 14:12 . 2009-10-03 14:12 -------- d-----w- c:\program files\Microsoft
2009-10-02 13:20 . 2009-09-30 10:35 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-01 08:29 . 2009-10-02 18:50 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-29 17:00 . 2009-09-29 17:00 -------- d-----w- c:\programdata\Apple Computer
2009-09-29 16:58 . 2009-09-29 16:58 -------- d-----w- c:\program files\Common Files\Apple
2009-09-29 16:58 . 2009-09-29 16:58 4096 d-----w- c:\program files\Apple Software Update
2009-09-29 16:58 . 2009-09-29 16:58 -------- d-----w- c:\programdata\Apple
2009-09-29 06:52 . 2009-09-29 06:52 474176 ----a-w- c:\windows\system32\DPSDApi.dll
2009-09-29 06:52 . 2009-09-29 06:52 334912 ----a-w- c:\windows\system32\DPFPApi.dll
2009-09-29 06:52 . 2009-09-29 06:52 150592 ----a-w- c:\windows\system32\DpPwdFlt.dll
2009-09-29 06:52 . 2009-09-29 06:52 592960 ----a-w- c:\windows\system32\DPCrProv.dll
2009-09-29 06:52 . 2009-09-29 06:52 240704 ----a-w- c:\windows\system32\DpClback.dll
2009-09-24 13:31 . 2008-11-24 05:32 4096 d-----w- c:\program files\Java
2009-09-23 15:45 . 2009-09-23 15:45 -------- d-----w- c:\program files\Electronic Arts
2009-09-23 15:41 . 2009-09-23 15:41 8192 d-----w- c:\program files\AGEIA Technologies
2009-09-23 14:21 . 2009-09-23 14:21 -------- d-----w- c:\users\Michelet\AppData\Roaming\Talkback
2009-09-23 14:21 . 2009-09-23 14:21 0 ----a-w- c:\windows\nsreg.dat
2009-09-23 14:21 . 2009-09-23 14:21 -------- d-----w- c:\users\Michelet\AppData\Roaming\Thunderbird
2009-09-23 14:21 . 2009-09-23 14:21 8192 d-----w- c:\program files\Mozilla Thunderbird
2009-09-23 11:25 . 2009-07-26 08:55 10686001 ----a-w- c:\users\Michelet\AppData\Roaming\Azureus\plugins\azump\mplayer.exe
2009-09-22 19:18 . 2009-09-22 19:18 -------- d-----w- c:\program files\KONAMI
2009-09-21 21:02 . 2009-09-21 21:02 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-09-18 15:20 . 2009-07-22 17:56 -------- d-----w- c:\users\Michelet\AppData\Roaming\gtk-2.0
2009-09-17 09:54 . 2009-09-17 09:54 2491192 ----a-w- c:\users\Michelet\AppData\Roaming\Mozilla\Firefox\Profiles\cwkojmlr.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-09-15 18:53 . 2009-09-15 18:53 -------- d-----w- c:\users\Michelet\AppData\Roaming\StreamTorrent
2009-09-12 22:20 . 2009-09-12 22:20 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-09-12 22:04 . 2009-09-12 22:04 -------- d-----w- c:\program files\Fallout 3
2009-09-12 21:22 . 2009-06-09 09:21 4096 d-----w- c:\users\Michelet\AppData\Roaming\Bioshock
2009-09-11 15:17 . 2009-08-10 14:00 4096 d-----w- c:\programdata\TrackMania
2009-09-10 13:40 . 2009-09-10 13:39 4096 d-----w- c:\users\Michelet\AppData\Roaming\HpUpdate
2009-09-10 13:39 . 2008-11-24 05:54 -------- d-----w- c:\program files\HP
2009-08-29 00:27 . 2009-09-10 21:48 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-10 21:48 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:27 . 2009-09-09 15:52 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 15:52 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 15:52 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 15:52 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 15:52 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 15:52 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 15:52 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 15:52 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 15:52 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 15:52 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 15:52 105984 ----a-w- c:\windows\system32\netiohlp.dll
2008-11-24 12:22 . 2008-11-24 12:03 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ISUSPM”=“c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe” [2007-07-12 226904]
“PC Suite Tray”=“c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe” [2009-06-25 1414144]
“Google Update”=“c:\users\Michelet\AppData\Local\Google\Update\GoogleUpdate.exe” [2009-08-19 133104]
“ehTray.exe”=“c:\windows\ehome\ehTray.exe” [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“DVDAgent”=“c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe” [2008-09-26 1148200]
“TSMAgent”=“c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe” [2008-09-25 1152296]
“CLMLServer for HP TouchSmart”=“c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe” [2008-09-25 189736]
“UCam_Menu”=“c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe” [2008-06-13 210216]
“SmartMenu”=“c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe” [2008-09-23 912688]
“UpdatePSTShortCut”=“c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe” [2008-09-26 210216]
“Windows Defender”=“c:\program files\Windows Defender\MSASCui.exe” [2008-01-21 1008184]
“QlbCtrl.exe”=“c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe” [2008-08-01 202032]
“UpdateP2GoShortCut”=“c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe” [2008-06-13 210216]
“UpdatePDIRShortCut”=“c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe” [2008-06-13 210216]
“HP Health Check Scheduler”=“c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe” [2008-06-16 75008]
“hpWirelessAssistant”=“c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe” [2008-04-15 488752]
“WinampAgent”=“c:\program files\Winamp\winampa.exe” [2009-07-01 37888]
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2008-03-28 1045800]
“HP Software Update”=“c:\program files\Hp\HP Software Update\HPWuSchd2.exe” [2008-12-08 54576]
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-07-31 149280]
“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe” [2009-09-04 417792]
“DpAgent”=“c:\program files\DigitalPersona\Bin\dpagent.exe” [2009-09-29 842816]
“SysTrayApp”=“c:\program files\IDT\WDM\sttray.exe” [2009-07-21 458844]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2008-09-13 13584928]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2008-09-13 92704]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-10-03 35696]
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2009-09-04 935288]
“Malwarebytes Anti-Malware (reboot)”=“c:\program files\Malwarebytes’ Anti-Malware\mbam.exe” [2009-09-10 1312080]
“Kernel and Hardware Abstraction Layer”=“KHALMNPR.EXE” - c:\windows\KHALMNPR.Exe [2008-12-18 76304]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-19 727592]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-12 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableUIADesktopToggle”= 0 (0x0)
“UacDisableNotify”= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=“Driver”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=“Service”

[HKLM~\startupfolder\C:^Users^Michelet^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerMenu.lnk]
path=c:\users\Michelet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerMenu.lnk
backup=c:\windows\pss\PowerMenu.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
“VistaSp2”=hex(b):a8,ce,a3,15,73,52,ca,01

R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\Hewlett-Packard\Media\DVD\000.fcl [26.09.2008 02:36 59376]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21.01.2008 03:23 21504]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [18.03.2008 16:24 19456]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [24.11.2008 07:04 365952]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\System32\vfsFPService.exe [16.09.2008 10:33 599344]
R3 AVerAF15;HP DVB-T TV Tuner;c:\windows\System32\drivers\AVerAF15.sys [04.02.2009 13:48 280320]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [24.11.2008 05:33 193840]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [29.04.2008 02:54 54784]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17.11.2008 14:40 3668480]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [26.06.2009 21:55 66080]
R3 vfs101x;vfs101x;c:\windows\System32\drivers\vfs101x.sys [16.09.2008 10:33 40752]
S2 gupdate1ca20c13978b770;Service Google Update (gupdate1ca20c13978b770);c:\program files\Google\Update\GoogleUpdate.exe [19.08.2009 12:35 133104]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [21.07.2008 11:53 100184]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

— Autres Services/Pilotes en mémoire —

NewlyCreated - MBR
NewlyCreated - PROCEXP113
Deregistered - AvgLdx86
Deregistered - mbr
Deregistered - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contenu du dossier ‘Tâches planifiées’

2009-11-09 c:\windows\Tasks\Google Software Updater.job

c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-19 11:35]

2009-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

c:\program files\Google\Update\GoogleUpdate.exe [2009-08-19 11:35]

2009-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

c:\program files\Google\Update\GoogleUpdate.exe [2009-08-19 11:35]

2009-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3082474585-2865157143-1589036794-1000Core.job

c:\users\Michelet\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-17 11:45]

2009-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3082474585-2865157143-1589036794-1000UA.job

c:\users\Michelet\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-17 11:45]

2009-11-09 c:\windows\Tasks\User_Feed_Synchronization-{ED9B0722-E0FF-41A6-B344-B1B9A7061F0C}.job

c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Examen supplémentaire -------
.
uStart Page = www.daemon-search.com…
mStart Page = ie.redirect.hp.com…
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l’&image au périphérique Bluetooth… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\users\Michelet\AppData\Roaming\Mozilla\Firefox\Profiles\cwkojmlr.default
FF - prefs.js: browser.search.defaulturl - www.fastbrowsersearch.com…
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Michelet\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\Michelet\AppData\Roaming\Mozilla\Firefox\Profiles\cwkojmlr.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref(“security.ssl3.rsa_seed_sha”, true);
.

- - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
AddRemove-AVerMedia A309 (MiniCard, DVB-T) - c:\program files\AVerMedia\AVerMedia A309 (MiniCard

Recherche de processus cachés …

Recherche d’éléments en démarrage automatique cachés …

Recherche de fichiers cachés …

Scan terminé avec succès
Fichiers cachés:

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
“ImagePath”=“c:\windows\system32\GameMon.des -service”

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services{55662437-DA8C-40c0-AADA-2C816A897A49}]
“ImagePath”="??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-3082474585-2865157143-1589036794-1000\Software\SecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*]
“??”=hex:27,be,bb,e8,96,b1,a5,b9,6b,3b,d9,0d,fc,88,fc,e2,3a,f9,96,91,c8,c1,93,
f5,25,3b,e7,e4,ab,b5,31,17,03,0c,39,1e,b2,d9,7a,c6,26,19,88,21,9a,77,49,8c,
“??”=hex:b8,a0,63,9b,9e,01,45,21,c2,b0,21,0b,c7,97,cd,27

[HKEY_USERS\S-1-5-21-3082474585-2865157143-1589036794-1000\Software\SecuROM\License information*]
“datasecu”=hex:98,f8,e9,96,74,ea,c8,e1,9d,f1,d6,38,89,0c,66,30,ad,90,13,b6,07,
14,6a,ae,55,e0,60,d5,f5,fe,82,35,99,37,dd,13,08,c8,de,19,45,b4,4d,2d,25,99,
“rkeysecu”=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - ‘lsass.exe’(720)
        c:\windows\system32\DPPWDFLT.dll
- - - - ‘Explorer.exe’(2216)
        c:\program files\DigitalPersona\Bin\DpoFeedb.dll
        c:\program files\Logitech\SetPoint\GameHook.dll
        c:\program files\Logitech\SetPoint\lgscroll.dll
        c:\windows\system32\btmmhook.dll
        c:\program files\DigitalPersona\Bin\DpoSet.dll
        .
        Heure de fin: 2009-11-09 11:29
        ComboFix-quarantined-files.txt 2009-11-09 10:27

Avant-CF: 84’904’976’384 octets libres
Après-CF: 86’301’319’168 octets libres

- End Of File - - B071A115A460FCF6EA66FCA131C4C721

poisson9 · Novembre 9, 2009, 6:19

Tiens pour AD-Remover : pagesperso-orange.fr…

kodorduhl · Novembre 11, 2009, 2:29

Voilà, j’ai tout fait ce que tu m’as dis voici les rapports:

Ad remover:

.
======= LOGFILE OF AD-REMOVER 1.1.4.6_B | ONLY XP/VISTA/7 =======
.
Updated by C_XX on 11.11.2009 at 0:24
Contact: AdRemover.contact@gmail.com
Website: pagesperso-orange.fr…
.
Launch at: 13:29:28, 11.11.2009 | Normal Boot | Option: CLEAN
Executed from: “C:\Program Files\Ad-Remover”
Operating system: Microsoft® Windows Vista Home Premium Service Pack 2 v6.0.6002
Computer Name: PORTABLE_CECE | Current user: Michelet
.
============== NEUTRALIZED ELEMENT(S) ==============
.

.

(!) – Temp files deleted.

.
============== Added scan ==============
.
.

Mozilla FireFox Version 3.5.5 [fr] *
.
ProfilePath: cwkojmlr.default (Michelet)
.
(Michelet, prefs.js) Browser.download.dir, C:\Users\Michelet\Downloads
(Michelet, prefs.js) Browser.download.lastDir, C:\Users\Michelet\Pictures\Tshirt
(Michelet, prefs.js) Browser.search.defaultenginename, Fast Browser Search
(Michelet, prefs.js) Browser.search.defaulturl, www.fastbrowsersearch.com…
(Michelet, prefs.js) Browser.search.selectedEngine, Google
.
(Michelet, prefs.js) ERASED - Browser.search.defaultenginename, Fast Browser Search
(Michelet, prefs.js) ERASED - Browser.search.defaulturl, www.fastbrowsersearch.com…
(Michelet, prefs.js) ERASED - Browser.search.order.1, Fast Browser Search
.
.
Internet Explorer Version 7.0.6002.18005 *
.
[HKEY_CURRENT_USER…\Internet Explorer\Main]
.
Start Page: fr.msn.com…
Search Page: www.microsoft.com…
Default_search_url: www.microsoft.com…
Default_page_url: www.microsoft.com…
Search bar: go.microsoft.com…
.
[HKEY_LOCAL_MACHINE…\Internet Explorer\Main]
.
Start Page: fr.msn.com…
Default_Page_URL: www.microsoft.com…
Default_Search_URL: www.microsoft.com…
Search Page: www.microsoft.com…
Search bar: search.msn.com…
.
[HKEY_LOCAL_MACHINE…\Internet Explorer\ABOUTURLS]
.
Tabs: ieframe.dll…
.
============== Suspect (Cracks, Serials, …) ==============
.
C:\Users\Michelet\AppData\Roaming\Azureus\torrents\Call Of Duty 4 [PCFullGame][Eng-DvD][CrackIncl]_KaYZ 2008 [mininova].torrent
.
===================================
.
2551 Byte(s) - C:\Ad-Report-CLEAN[1].log
.
461 File(s) - C:\Users\Michelet\AppData\Local\Temp
0 File(s) - C:\Windows\Temp
.
20 File(s) - C:\Program Files\Ad-Remover\BACKUP
0 File(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
End at: 13:48:38 | 11.11.2009 - CLEAN[1]
.
============== E.O.F ==============
.
Genproc :

Rapport GenProc 2.646 [1] - 11.11.2009 à 14:00:35
@ Windows Vista Service Pack 2 - Hewlett-Packard - Mode normal
@ Mozilla Firefox (3.5.5) [Navigateur par défaut]

GenProc n’a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :

Poste un rapport Nod32 www.eset-nod32.fr… (il faut utiliser Internet Explorer)

coche toutes les cases à chaque fois, et lorsque c’est terminé, colle le rapport :
C:\Program Files\EsetOnlineScanner\log.txt

~~~~ INFORMATION COMPLEMENTAIRE ~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:03:33, on 11.11.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\GenProc\Outil\Michelet_GenProc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = go.microsoft.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = fr.msn.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = fr.msn.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM…\Run: [DVDAgent] “C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe”
O4 - HKLM…\Run: [TSMAgent] “C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe”
O4 - HKLM…\Run: [CLMLServer for HP TouchSmart] “C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe”
O4 - HKLM…\Run: [UCam_Menu] “C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe” “C:\Program Files\Hewlett-Packard\Media\Webcam” update “Software\Hewlett-Packard\Media\Webcam”
O4 - HKLM…\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM…\Run: [UpdatePSTShortCut] “C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\DVD Suite” UpdateWithCreateOnce “Software\CyberLink\PowerStarter”
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM…\Run: [UpdateP2GoShortCut] “C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\Power2Go” UpdateWithCreateOnce “SOFTWARE\CyberLink\Power2Go\6.0”
O4 - HKLM…\Run: [UpdatePDIRShortCut] “C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\PowerDirector” UpdateWithCreateOnce “SOFTWARE\CyberLink\PowerDirector\7.0”
O4 - HKLM…\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM…\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM…\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM…\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM…\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM…\Run: [Malwarebytes Anti-Malware (reboot)] “C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe” /runcleanupscript
O4 - HKLM…\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKCU…\Run: [ISUSPM] “C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe” -scheduler
O4 - HKCU…\Run: [PC Suite Tray] “C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe” -onlytray
O4 - HKCU…\Run: [Google Update] “C:\Users\Michelet\AppData\Local\Google\Update\GoogleUpdate.exe” /c
O4 - HKCU…\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE…
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l’&image au périphérique Bluetooth… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra ‘Tools’ menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - C:\Program Files\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Service Google Update (gupdate1ca20c13978b770) (gupdate1ca20c13978b770) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

–
End of file - 11235 bytes

Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com

~~ Fin à 14:03:44 ~~

poisson9 · Novembre 11, 2009, 3:05

ok rien de maichant fais :

"Poste un rapport Nod32 www.eset-nod32.fr… (il faut utiliser Internet Explorer)

coche toutes les cases à chaque fois, et lorsque c’est terminé, colle le rapport :
C:\Program Files\EsetOnlineScanner\log.txt"
( fais ce que dit Genproc)

kodorduhl · Novembre 12, 2009, 11:16

Voila c’est fait, il m’a trouvé 14 erreurs qu’il a apparemment supprimé! voici le rapport

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251

version=7

iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)

OnlineScanner.ocx=1.0.0.6211

api_version=3.0.2

EOSSerial=807493ffec02264f9ed62111249c36f7

end=finished

remove_checked=true

archives_checked=true

unwanted_checked=true

unsafe_checked=false

antistealth_checked=true

utc_time=2009-11-11 10:50:25

local_time=2009-11-11 11:50:25 (+0100, Europe de l’Ouest)

country=“Switzerland”

lang=1036

osver=6.0.6002 NT Service Pack 2

compatibility_mode=512 16777215 100 0 529881 529881 0 0

compatibility_mode=1024 16777215 100 0 538142 538142 0 0

compatibility_mode=5892 16776574 100 100 538104 95488313 0 0

compatibility_mode=8192 67108863 100 0 3945 3945 0 0

scanned=266226

found=14

cleaned=14

scan_time=24239

D:\Softs\Inventor 2009\EdmPrechecks\EDMWrapper_x64.exe Win32/Virut.NBP virus (nettoyé - mis en quarantaine) 00000000000000000000000000000000 C
D:\Softs\Inventor 2009\support\DWGViewer\x64\Windows\System32\AcSignOpt.exe Win32/Virut.NBP virus (nettoyé - mis en quarantaine) 00000000000000000000000000000000 C
D:\Softs\Inventor 2009\support\InventorView\x64\Program Files\Autodesk\Inventor 2009\Bin\ApprenticeRegSvr.exe Win32/Virut.NBP virus (nettoyé - mis en quarantaine) 00000000000000000000000000000000 C
D:\Softs\Inventor 2009\support\InventorView\x64\Program Files\Autodesk\Inventor 2009\Bin\DTCPexe.exe Win32/Virut.NBP virus (nettoyé - mis en quarantaine) 00000000000000000000000000000000 C
D:\Softs\Inventor 2009\support\InventorView\x64\Program Files\Autodesk\Inventor 2009\Bin\DtDv.exe Win32/Virut.NBP virus (nettoyé - mis en quarantaine) 00000000000000000000000000000000 C
D:\Softs\Inventor 2009\support\InventorView\x64\Program Files\Autodesk\Inventor 2009\Bin\InventorView.exe Win32/Virut.NBP virus (nettoyé - mis en quarantaine) 00000000000000000000000000000000 C
D:\Softs\Inventor 2009\support\InventorView\x64\Program Files\Autodesk\Inventor 2009\Bin\Ipj.exe Win32/Virut.NBP virus (nettoyé - mis en quarantaine) 00000000000000000000000000000000 C
D:\Softs\Inventor 2009\support\InventorView\x64\Program Files\Autodesk\Inventor 2009\Setup\Setup.exe Win32/Virut.NBP virus (nettoyé - mis en quarantaine) 00000000000000000000000000000000 C
D:\Softs\Inventor 2009\support\OemViewer\x64\program files\aoemview 2009\addplwiz.exe Win32/Virut.NBP virus (nettoyé - mis en quarantaine) 00000000000000000000000000000000 C
D:\Softs\Inventor 2009\support\OemViewer\x64\program files\aoemview 2009\pc3exe.exe Win32/Virut.NBP virus (nettoyé - mis en quarantaine) 00000000000000000000000000000000 C
D:\Softs\Inventor 2009\support\OemViewer\x64\program files\aoemview 2009\styexe.exe Win32/Virut.NBP virus (nettoyé - mis en quarantaine) 00000000000000000000000000000000 C
D:\Softs\Inventor 2009\support\OemViewer\x64\program files\aoemview 2009\styshwiz.exe Win32/Virut.NBP virus (nettoyé - mis en quarantaine) 00000000000000000000000000000000 C
D:\Softs\Inventor 2009\support\OemViewer\x64\program files\aoemview 2009\unlocked\AoVw2009.exe Win32/Virut.NBP virus (nettoyé - mis en quarantaine) 00000000000000000000000000000000 C
D:\Softs\Inventor 2009\support\OemViewer\x64\windows\system32\AcSignOpt.exe Win32/Virut.NBP virus (nettoyé - mis en quarantaine) 00000000000000000000000000000000 C

poisson9 · Novembre 12, 2009, 1:01

Redémarre en “Mode sans échec”

tapote sur la touche F8 jusqu’à l’affichage du menu des options avancées de Windows, et sélectionne “Mode sans échec”.
Choisis ta session habituelle

Lances–> Malwarebytes (MBAM)
==> Puis vas dans l’onglet “Recherche”, coche “Exécuter un examen complet” puis “Rechercher”
==> Sélectionnes tes disques durs" puis clique sur “Lancer lexamen”
==> A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
==> Suppression des éléments détectés --> cliques sur Supprimer la sélection tu sais comment faire maintenant
=> S’il t’ es demandé de redémarrer, clique sur "oui "

après la suppression(s) de ou des infections trouvées --> poste le rapport ici

après

tu feras également

télécharges Kaspersky Virus Removal Tool.

==> Kaspersky Virus removal Tool

aprés

Redémarre en mode Sans Échec ==> imprime toi ceci avant

Connecte clés USB et disques externes.

Lance “setup_7.0xxxxx” en double-cliquant dessus

Réponds “Oui” à la question “Do you want to continue installation?”

Clique sur “Next” pour les deux fenêtres suivantes: AVP TOOL s’installe sur ton Bureau dans un dossier nommé “Kaspersky Lab Tool”

L’outil se lance tout seul: coche toutes les cases dans l’onglet “Automatic Scan”.

Clique maintenant sur “Security Level”: une fenêtre de configuration s’ouvre:

paramètre le scanner comme sur l’image :

http://img381.imageshack.us/img381/2184/kas1lt6rk1gw5.png

Valide avec “Apply” puis “OK”

L’outil est maintenant configuré : dans la fenêtre principale, clique sur “Scan”. Le scan commence, une nouvelle fenêtre s’ouvre indiquant la progression du balayage en pourcentage.
A la fin du scan, AVP Tool signale les objets infectés par l’intermédiaire d’une pop-up: coche alors “Apply to all” et clique sur “Delete” ou “Disinfect” selon ce que propose la fenêtre

kodorduhl · Novembre 18, 2009, 1:20

Bonjour!

Voilà j’ai tout fini, j’espère que ça sera tout cette fois^^ dsl pour le temps de réponse, mais il a fallut que je trouve un créneau pour lancer une analyse de plus de 15h! c’est long kaspersky… voici les rapports

Malwarebytes’ Anti-Malware 1.41
Version de la base de données: 3111
Windows 6.0.6002 Service Pack 2 (Safe Mode)

15.11.2009 17:12:49
mbam-log-2009-11-15 (17-12-49).txt

Type de recherche: Examen complet (C:|D:|E:|)
Eléments examinés: 390324
Temps écoulé: 1 hour(s), 22 minute(s), 16 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Scan

Scanned: 2343078
Detected: 2
Untreated: 0
Start time: 17.11.2009 20:44:16
Duration: 15:20:02
Finish time: 18.11.2009 12:04:18

Detected

Status Object

not found: virus Heur.Invader (modification) File: C:\Users\Michelet\Desktop\kodorduhl.com.exe//PE_Patch.UPX/32788R22FWJFW\catchme.cfxxe
not found: virus Heur.Invader (modification) File: C:\Users\Michelet\Desktop\kodorduhl.com.exe//PE_Patch.UPX/32788R22FWJFW\FileKill.cfxxe

Events

Time Name Status Reason

17.11.2009 20:43:20 Running module: smss.exe\smss.exe ok scanned
17.11.2009 20:43:20 File: C:\Windows\System32\smss.exe ok iChecker
17.11.2009 20:43:20 Running module: smss.exe\ntdll.dll ok scanned
17.11.2009 20:43:20 File: C:\Windows\system32\ntdll.dll ok iChecker
17.11.2009 20:43:20 Running module: csrss.exe\csrss.exe ok scanned
17.11.2009 20:43:20 File: C:\Windows\system32\csrss.exe ok iChecker
17.11.2009 20:43:20 Running module: csrss.exe\ntdll.dll ok scanned
17.11.2009 20:43:20 Running module: csrss.exe\CSRSRV.dll ok scanned
17.11.2009 20:43:20 File: C:\Windows\system32\CSRSRV.dll ok scanned
17.11.2009 20:43:20 Running module: csrss.exe\basesrv.dll ok scanned
17.11.2009 20:43:20 File: C:\Windows\system32\basesrv.dll ok iChecker
17.11.2009 20:43:20 Running module: csrss.exe\winsrv.dll ok scanned
17.11.2009 20:43:20 File: C:\Windows\system32\winsrv.dll ok scanned
17.11.2009 20:43:20 Running module: csrss.exe\USER32.dll ok scanned
17.11.2009 20:43:20 File: C:\Windows\system32\USER32.dll ok iChecker
17.11.2009 20:43:20 Running module: csrss.exe\KERNEL32.dll ok scanned
17.11.2009 20:43:21 File: C:\Windows\system32\KERNEL32.dll ok scanned
17.11.2009 20:43:21 Running module: csrss.exe\GDI32.dll ok scanned
17.11.2009 20:43:21 File: C:\Windows\system32\GDI32.dll ok iChecker
17.11.2009 20:43:21 Running module: csrss.exe\ADVAPI32.dll ok scanned
17.11.2009 20:43:21 File: C:\Windows\system32\ADVAPI32.dll ok scanned
17.11.2009 20:43:21 Running module: csrss.exe\RPCRT4.dll ok scanned
17.11.2009 20:43:21 File: C:\Windows\system32\RPCRT4.dll ok iChecker
17.11.2009 20:43:21 Running module: csrss.exe\LPK.DLL ok scanned
17.11.2009 20:43:21 File: C:\Windows\system32\LPK.DLL ok iChecker
17.11.2009 20:43:21 Running module: csrss.exe\USP10.dll ok scanned
17.11.2009 20:43:21 File: C:\Windows\system32\USP10.dll ok iChecker
17.11.2009 20:43:21 Running module: csrss.exe\msvcrt.dll ok scanned
17.11.2009 20:43:21 File: C:\Windows\system32\msvcrt.dll ok iChecker
17.11.2009 20:43:21 Running module: csrss.exe\sxs.dll ok scanned
17.11.2009 20:43:21 File: C:\Windows\system32\sxs.dll ok scanned
17.11.2009 20:43:21 Running module: csrss.exe\csrss.exe ok scanned
17.11.2009 20:43:21 Running module: csrss.exe\ntdll.dll ok scanned
17.11.2009 20:43:21 Running module: csrss.exe\CSRSRV.dll ok scanned
17.11.2009 20:43:21 Running module: csrss.exe\basesrv.dll ok scanned
17.11.2009 20:43:21 Running module: csrss.exe\winsrv.dll ok scanned
17.11.2009 20:43:21 Running module: csrss.exe\USER32.dll ok scanned
17.11.2009 20:43:21 Running module: csrss.exe\KERNEL32.dll ok scanned
17.11.2009 20:43:21 Running module: csrss.exe\GDI32.dll ok scanned
17.11.2009 20:43:21 Running module: csrss.exe\ADVAPI32.dll ok scanned
17.11.2009 20:43:21 Running module: csrss.exe\RPCRT4.dll ok scanned
17.11.2009 20:43:21 Running module: csrss.exe\LPK.DLL ok scanned
17.11.2009 20:43:21 Running module: csrss.exe\USP10.dll ok scanned
17.11.2009 20:43:21 Running module: csrss.exe\msvcrt.dll ok scanned
17.11.2009 20:43:21 Running module: csrss.exe\sxs.dll ok scanned
17.11.2009 20:43:21 Running module: wininit.exe\wininit.exe ok scanned
17.11.2009 20:43:21 File: C:\Windows\system32\wininit.exe ok iChecker
17.11.2009 20:43:21 Running module: wininit.exe\ntdll.dll ok scanned
17.11.2009 20:43:21 Running module: wininit.exe\kernel32.dll ok scanned
17.11.2009 20:43:21 File: C:\Windows\system32\kernel32.dll ok iChecker
17.11.2009 20:43:21 Running module: wininit.exe\ADVAPI32.dll ok scanned
17.11.2009 20:43:21 Running module: wininit.exe\RPCRT4.dll ok scanned
17.11.2009 20:43:21 Running module: wininit.exe\USER32.dll ok scanned
17.11.2009 20:43:21 Running module: wininit.exe\GDI32.dll ok scanned
17.11.2009 20:43:21 Running module: wininit.exe\msvcrt.dll ok scanned
17.11.2009 20:43:21 Running module: wininit.exe\USERENV.dll ok scanned
17.11.2009 20:43:21 File: C:\Windows\system32\USERENV.dll ok scanned
17.11.2009 20:43:21 Running module: wininit.exe\Secur32.dll ok scanned
17.11.2009 20:43:21 File: C:\Windows\system32\Secur32.dll ok scanned
17.11.2009 20:43:21 Running module: wininit.exe\IMM32.DLL ok scanned
17.11.2009 20:43:21 File: C:\Windows\system32\IMM32.DLL ok scanned
17.11.2009 20:43:21 Running module: wininit.exe\MSCTF.dll ok scanned
17.11.2009 20:43:21 File: C:\Windows\system32\MSCTF.dll ok iChecker
17.11.2009 20:43:21 Running module: wininit.exe\LPK.DLL ok scanned
17.11.2009 20:43:21 Running module: wininit.exe\USP10.dll ok scanned
17.11.2009 20:43:21 Running module: wininit.exe\WS2_32.dll ok scanned
17.11.2009 20:43:21 File: C:\Windows\system32\WS2_32.dll ok iChecker
17.11.2009 20:43:21 Running module: wininit.exe\NSI.dll ok scanned
17.11.2009 20:43:21 File: C:\Windows\system32\NSI.dll ok scanned
17.11.2009 20:43:21 Running module: wininit.exe\mswsock.dll ok scanned
17.11.2009 20:43:21 File: C:\Windows\system32\mswsock.dll ok iChecker
17.11.2009 20:43:21 Running module: wininit.exe\wshtcpip.dll ok scanned
17.11.2009 20:43:21 File: C:\Windows\System32\wshtcpip.dll ok scanned
17.11.2009 20:43:21 Running module: wininit.exe\wship6.dll ok scanned
17.11.2009 20:43:21 File: C:\Windows\System32\wship6.dll ok iChecker
17.11.2009 20:43:21 Running module: wininit.exe\CRYPT32.dll ok scanned
17.11.2009 20:43:21 File: C:\Windows\system32\CRYPT32.dll ok scanned
17.11.2009 20:43:21 Running module: wininit.exe\MSASN1.dll ok scanned
17.11.2009 20:43:21 File: C:\Windows\system32\MSASN1.dll ok scanned
17.11.2009 20:43:21 Running module: wininit.exe\credssp.dll ok scanned
17.11.2009 20:43:21 File: C:\Windows\system32\credssp.dll ok scanned
17.11.2009 20:43:21 Running module: wininit.exe\schannel.dll ok scanned
17.11.2009 20:43:21 File: C:\Windows\system32\schannel.dll ok iChecker
17.11.2009 20:43:21 Running module: wininit.exe\NETAPI32.dll ok scanned
17.11.2009 20:43:21 File: C:\Windows\system32\NETAPI32.dll ok iChecker
17.11.2009 20:43:21 Running module: wininit.exe\PSAPI.DLL ok scanned
17.11.2009 20:43:22 File: C:\Windows\system32\PSAPI.DLL ok scanned
17.11.2009 20:43:22 Running module: winlogon.exe\winlogon.exe ok scanned
17.11.2009 20:43:22 File: C:\Windows\system32\winlogon.exe ok iChecker
17.11.2009 20:43:22 Running module: winlogon.exe\ntdll.dll ok scanned
17.11.2009 20:43:22 Running module: winlogon.exe\kernel32.dll ok scanned
17.11.2009 20:43:22 Running module: winlogon.exe\ADVAPI32.dll ok scanned
17.11.2009 20:43:22 Running module: winlogon.exe\RPCRT4.dll ok scanned
17.11.2009 20:43:22 Running module: winlogon.exe\USER32.dll ok scanned
17.11.2009 20:43:22 Running module: winlogon.exe\GDI32.dll ok scanned
17.11.2009 20:43:22 Running module: winlogon.exe\msvcrt.dll ok scanned
17.11.2009 20:43:22 Running module: winlogon.exe\Secur32.dll ok scanned
17.11.2009 20:43:22 Running module: winlogon.exe\WINSTA.dll ok scanned
17.11.2009 20:43:22 File: C:\Windows\system32\WINSTA.dll ok iChecker
17.11.2009 20:43:22 Running module: winlogon.exe\PSAPI.DLL ok scanned
17.11.2009 20:43:22 Running module: winlogon.exe\USERENV.dll ok scanned
17.11.2009 20:43:22 Running module: winlogon.exe\IMM32.DLL ok scanned
17.11.2009 20:43:22 Running module: winlogon.exe\MSCTF.dll ok scanned
17.11.2009 20:43:22 Running module: winlogon.exe\LPK.DLL ok scanned
17.11.2009 20:43:22 Running module: winlogon.exe\USP10.dll ok scanned
17.11.2009 20:43:22 Running module: winlogon.exe\NTMARTA.DLL ok scanned
17.11.2009 20:43:22 File: C:\Windows\system32\NTMARTA.DLL ok scanned
17.11.2009 20:43:22 Running module: winlogon.exe\WLDAP32.dll ok scanned
17.11.2009 20:43:22 File: C:\Windows\system32\WLDAP32.dll ok scanned
17.11.2009 20:43:22 Running module: winlogon.exe\WS2_32.dll ok scanned
17.11.2009 20:43:22 Running module: winlogon.exe\NSI.dll ok scanned
17.11.2009 20:43:22 Running module: winlogon.exe\SAMLIB.dll ok scanned
17.11.2009 20:43:22 File: C:\Windows\system32\SAMLIB.dll ok scanned
17.11.2009 20:43:22 Running module: winlogon.exe\ole32.dll ok scanned
17.11.2009 20:43:22 File: C:\Windows\system32\ole32.dll ok iChecker
17.11.2009 20:43:22 Running module: winlogon.exe\SHSVCS.dll ok scanned
17.11.2009 20:43:22 File: C:\Windows\system32\SHSVCS.dll ok iChecker
17.11.2009 20:43:22 Running module: winlogon.exe\NETAPI32.dll ok scanned
17.11.2009 20:43:22 Running module: winlogon.exe\slc.dll ok scanned
17.11.2009 20:43:23 File: C:\Windows\system32\slc.dll ok scanned
17.11.2009 20:43:23 Running module: winlogon.exe\MPR.dll ok scanned
17.11.2009 20:43:23 File: C:\Windows\system32\MPR.dll ok scanned
17.11.2009 20:43:23 Running module: services.exe\services.exe ok scanned
17.11.2009 20:43:23 File: C:\Windows\system32\services.exe ok scanned
17.11.2009 20:43:23 Running module: services.exe\ntdll.dll ok scanned
17.11.2009 20:43:23 Running module: services.exe\kernel32.dll ok scanned
17.11.2009 20:43:23 Running module: services.exe\ADVAPI32.dll ok scanned
17.11.2009 20:43:23 Running module: services.exe\RPCRT4.dll ok scanned
17.11.2009 20:43:23 Running module: services.exe\USER32.dll ok scanned
17.11.2009 20:43:23 Running module: services.exe\GDI32.dll ok scanned
17.11.2009 20:43:23 Running module: services.exe\msvcrt.dll ok scanned
17.11.2009 20:43:23 Running module: services.exe\USERENV.dll ok scanned
17.11.2009 20:43:23 Running module: services.exe\Secur32.dll ok scanned
17.11.2009 20:43:23 Running module: services.exe\SCESRV.dll ok scanned
17.11.2009 20:43:23 File: C:\Windows\system32\SCESRV.dll ok iChecker
17.11.2009 20:43:23 Running module: services.exe\AUTHZ.dll ok scanned
17.11.2009 20:43:23 File: C:\Windows\system32\AUTHZ.dll ok scanned
17.11.2009 20:43:23 Running module: services.exe\NETAPI32.dll ok scanned
17.11.2009 20:43:23 Running module: services.exe\PSAPI.DLL ok scanned
17.11.2009 20:43:23 Running module: services.exe\NCObjAPI.DLL ok scanned
17.11.2009 20:43:23 File: C:\Windows\system32\NCObjAPI.DLL ok iChecker
17.11.2009 20:43:23 Running module: services.exe\IMM32.DLL ok scanned
17.11.2009 20:43:23 Running module: services.exe\MSCTF.dll ok scanned
17.11.2009 20:43:23 Running module: services.exe\LPK.DLL ok scanned
17.11.2009 20:43:23 Running module: services.exe\USP10.dll ok scanned
17.11.2009 20:43:23 Running module: services.exe\CRYPT32.dll ok scanned
17.11.2009 20:43:23 Running module: services.exe\MSASN1.dll ok scanned
17.11.2009 20:43:23 Running module: services.exe\credssp.dll ok scanned
17.11.2009 20:43:23 Running module: services.exe\schannel.dll ok scanned
17.11.2009 20:43:23 Running module: services.exe\NTMARTA.DLL ok scanned
17.11.2009 20:43:23 Running module: services.exe\WLDAP32.dll ok scanned
17.11.2009 20:43:23 Running module: services.exe\WS2_32.dll ok scanned
17.11.2009 20:43:23 Running module: services.exe\NSI.dll ok scanned
17.11.2009 20:43:23 Running module: services.exe\SAMLIB.dll ok scanned
17.11.2009 20:43:23 Running module: services.exe\ole32.dll ok scanned
17.11.2009 20:43:23 Running module: services.exe\mswsock.dll ok scanned
17.11.2009 20:43:23 Running module: services.exe\wshtcpip.dll ok scanned
17.11.2009 20:43:23 Running module: services.exe\wship6.dll ok scanned
17.11.2009 20:43:23 Running module: lsass.exe\lsass.exe ok scanned
17.11.2009 20:43:23 File: C:\Windows\system32\lsass.exe ok iChecker
17.11.2009 20:43:23 Running module: lsass.exe\ntdll.dll ok scanned
17.11.2009 20:43:23 Running module: lsass.exe\kernel32.dll ok scanned
17.11.2009 20:43:23 Running module: lsass.exe\ADVAPI32.dll ok scanned
17.11.2009 20:43:23 Running module: lsass.exe\RPCRT4.dll ok scanned
17.11.2009 20:43:23 Running module: lsass.exe\msvcrt.dll ok scanned
17.11.2009 20:43:23 Running module: lsass.exe\LSASRV.dll ok scanned
17.11.2009 20:43:23 File: C:\Windows\system32\LSASRV.dll ok scanned
17.11.2009 20:43:23 Running module: lsass.exe\Secur32.dll ok scanned
17.11.2009 20:43:23 Running module: lsass.exe\USER32.dll ok scanned
17.11.2009 20:43:23 Running module: lsass.exe\GDI32.dll ok scanned
17.11.2009 20:43:23 Running module: lsass.exe\SAMSRV.dll ok scanned
17.11.2009 20:43:23 File: C:\Windows\system32\SAMSRV.dll ok iChecker
17.11.2009 20:43:23 Running module: lsass.exe\cryptdll.dll ok scanned
17.11.2009 20:43:23 File: C:\Windows\system32\cryptdll.dll ok scanned
17.11.2009 20:43:23 Running module: lsass.exe\DNSAPI.dll ok scanned
17.11.2009 20:43:23 File: C:\Windows\system32\DNSAPI.dll ok iChecker
17.11.2009 20:43:23 Running module: lsass.exe\WS2_32.dll ok scanned
17.11.2009 20:43:23 Running module: lsass.exe\NSI.dll ok scanned
17.11.2009 20:43:23 Running module: lsass.exe\NETAPI32.dll ok scanned
17.11.2009 20:43:23 Running module: lsass.exe\PSAPI.DLL ok scanned
17.11.2009 20:43:23 Running module: lsass.exe\SAMLIB.dll ok scanned
17.11.2009 20:43:23 Running module: lsass.exe\MSASN1.dll ok scanned
17.11.2009 20:43:23 Running module: lsass.exe\NTDSAPI.dll ok scanned
17.11.2009 20:43:23 File: C:\Windows\system32\NTDSAPI.dll ok iChecker
17.11.2009 20:43:23 Running module: lsass.exe\WLDAP32.dll ok scanned
17.11.2009 20:43:23 Running module: lsass.exe\FeClient.dll ok scanned
17.11.2009 20:43:23 File: C:\Windows\system32\FeClient.dll ok scanned
17.11.2009 20:43:23 Running module: lsass.exe\MPR.dll ok scanned
17.11.2009 20:43:23 Running module: lsass.exe\USERENV.dll ok scanned
17.11.2009 20:43:23 Running module: lsass.exe\CRYPT32.dll ok scanned
17.11.2009 20:43:23 Running module: lsass.exe\slc.dll ok scanned
17.11.2009 20:43:23 Running module: lsass.exe\SYSNTFY.dll ok scanned
17.11.2009 20:43:23 File: C:\Windows\system32\SYSNTFY.dll ok scanned
17.11.2009 20:43:23 Running module: lsass.exe\wevtapi.dll ok scanned
17.11.2009 20:43:24 File: C:\Windows\system32\wevtapi.dll ok iChecker
17.11.2009 20:43:24 Running module: lsass.exe\IPHLPAPI.DLL ok scanned
17.11.2009 20:43:24 File: C:\Windows\system32\IPHLPAPI.DLL ok iChecker
17.11.2009 20:43:24 Running module: lsass.exe\dhcpcsvc.DLL ok scanned
17.11.2009 20:43:24 File: C:\Windows\system32\dhcpcsvc.DLL ok scanned
17.11.2009 20:43:24 Running module: lsass.exe\WINNSI.DLL ok scanned
17.11.2009 20:43:24 File: C:\Windows\system32\WINNSI.DLL ok iChecker
17.11.2009 20:43:24 Running module: lsass.exe\dhcpcsvc6.DLL ok scanned
17.11.2009 20:43:24 File: C:\Windows\system32\dhcpcsvc6.DLL ok iChecker
17.11.2009 20:43:24 Running module: lsass.exe\IMM32.DLL ok scanned
17.11.2009 20:43:24 Running module: lsass.exe\MSCTF.dll ok scanned
17.11.2009 20:43:24 Running module: lsass.exe\LPK.DLL ok scanned
17.11.2009 20:43:24 Running module: lsass.exe\USP10.dll ok scanned
17.11.2009 20:43:24 Running module: lsass.exe\cngaudit.dll ok scanned
17.11.2009 20:43:24 File: C:\Windows\system32\cngaudit.dll ok iChecker
17.11.2009 20:43:24 Running module: lsass.exe\AUTHZ.dll ok scanned
17.11.2009 20:43:24 Running module: lsass.exe\ncrypt.dll ok scanned
17.11.2009 20:43:24 File: C:\Windows\system32\ncrypt.dll ok iChecker
17.11.2009 20:43:24 Running module: lsass.exe\BCRYPT.dll ok scanned
17.11.2009 20:43:24 File: C:\Windows\system32\BCRYPT.dll ok iChecker
17.11.2009 20:43:24 Running module: lsass.exe\credssp.dll ok scanned
17.11.2009 20:43:24 Running module: lsass.exe\msprivs.dll ok scanned
17.11.2009 20:43:24 File: C:\Windows\system32\msprivs.dll ok iChecker
17.11.2009 20:43:24 Running module: lsass.exe\kerberos.dll ok scanned
17.11.2009 20:43:24 File: C:\Windows\system32\kerberos.dll ok iChecker
17.11.2009 20:43:24 Running module: lsass.exe\mswsock.dll ok scanned
17.11.2009 20:43:24 Running module: lsass.exe\wship6.dll ok scanned
17.11.2009 20:43:24 Running module: lsass.exe\msv1_0.dll ok scanned
17.11.2009 20:43:24 File: C:\Windows\system32\msv1_0.dll ok iChecker
17.11.2009 20:43:24 Running module: lsass.exe\netlogon.dll ok scanned
17.11.2009 20:43:24 File: C:\Windows\system32\netlogon.dll ok iChecker
17.11.2009 20:43:24 Running module: lsass.exe\WINBRAND.dll ok scanned
17.11.2009 20:43:25 File: C:\Windows\system32\WINBRAND.dll ok scanned
17.11.2009 20:43:25 Running module: lsass.exe\schannel.dll ok scanned
17.11.2009 20:43:25 Running module: lsass.exe\wdigest.dll ok scanned
17.11.2009 20:43:25 File: C:\Windows\system32\wdigest.dll ok scanned
17.11.2009 20:43:25 Running module: lsass.exe\rsaenh.dll ok scanned
17.11.2009 20:43:25 File: C:\Windows\system32\rsaenh.dll ok iChecker
17.11.2009 20:43:25 Running module: lsass.exe\tspkg.dll ok scanned
17.11.2009 20:43:25 File: C:\Windows\system32\tspkg.dll ok scanned
17.11.2009 20:43:25 Running module: lsass.exe\GPAPI.dll ok scanned
17.11.2009 20:43:25 File: C:\Windows\system32\GPAPI.dll ok iChecker
17.11.2009 20:43:25 Running module: lsass.exe\setupapi.dll ok scanned
17.11.2009 20:43:25 File: C:\Windows\system32\setupapi.dll ok scanned
17.11.2009 20:43:25 Running module: lsass.exe\OLEAUT32.dll ok scanned
17.11.2009 20:43:25 File: C:\Windows\system32\OLEAUT32.dll ok scanned
17.11.2009 20:43:25 Running module: lsass.exe\ole32.dll ok scanned
17.11.2009 20:43:25 Running module: lsass.exe\scecli.dll ok scanned
17.11.2009 20:43:25 File: C:\Windows\system32\scecli.dll ok scanned
17.11.2009 20:43:25 Running module: lsass.exe\DPPWDFLT.dll ok scanned
17.11.2009 20:43:25 File: C:\Windows\system32\DPPWDFLT.dll ok iChecker
17.11.2009 20:43:25 Running module: lsass.exe\keyiso.dll ok scanned
17.11.2009 20:43:25 File: C:\Windows\system32\keyiso.dll ok scanned
17.11.2009 20:43:25 Running module: lsass.exe\wshtcpip.dll ok scanned
17.11.2009 20:43:25 Running module: lsm.exe\lsm.exe ok scanned
17.11.2009 20:43:25 File: C:\Windows\system32\lsm.exe ok scanned
17.11.2009 20:43:25 Running module: lsm.exe\ntdll.dll ok scanned
17.11.2009 20:43:25 Running module: lsm.exe\kernel32.dll ok scanned
17.11.2009 20:43:25 Running module: lsm.exe\ADVAPI32.dll ok scanned
17.11.2009 20:43:25 Running module: lsm.exe\RPCRT4.dll ok scanned
17.11.2009 20:43:25 Running module: lsm.exe\msvcrt.dll ok scanned
17.11.2009 20:43:25 Running module: lsm.exe\SYSNTFY.dll ok scanned
17.11.2009 20:43:25 Running module: lsm.exe\WMsgAPI.dll ok scanned
17.11.2009 20:43:25 File: C:\Windows\system32\WMsgAPI.dll ok iChecker
17.11.2009 20:43:26 Running module: lsm.exe\secur32.dll ok scanned
17.11.2009 20:43:26 File: C:\Windows\system32\secur32.dll ok iChecker
17.11.2009 20:43:26 Running module: lsm.exe\CRYPT32.dll ok scanned
17.11.2009 20:43:26 Running module: lsm.exe\USER32.dll ok scanned
17.11.2009 20:43:26 Running module: lsm.exe\GDI32.dll ok scanned
17.11.2009 20:43:26 Running module: lsm.exe\MSASN1.dll ok scanned
17.11.2009 20:43:26 Running module: lsm.exe\USERENV.dll ok scanned
17.11.2009 20:43:26 Running module: lsm.exe\IMM32.DLL ok scanned
17.11.2009 20:43:26 Running module: lsm.exe\MSCTF.dll ok scanned
17.11.2009 20:43:26 Running module: lsm.exe\LPK.DLL ok scanned
17.11.2009 20:43:26 Running module: lsm.exe\USP10.dll ok scanned
17.11.2009 20:43:26 Running module: lsm.exe\credssp.dll ok scanned
17.11.2009 20:43:26 Running module: lsm.exe\schannel.dll ok scanned
17.11.2009 20:43:26 Running module: lsm.exe\NETAPI32.dll ok scanned
17.11.2009 20:43:26 Running module: lsm.exe\PSAPI.DLL ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\svchost.exe ok scanned
17.11.2009 20:43:26 File: C:\Windows\system32\svchost.exe ok iChecker
17.11.2009 20:43:26 Running module: svchost.exe\ntdll.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\kernel32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\msvcrt.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\ADVAPI32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\RPCRT4.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\umpnpmgr.dll ok scanned
17.11.2009 20:43:26 File: c:\windows\system32\umpnpmgr.dll ok iChecker
17.11.2009 20:43:26 Running module: svchost.exe\USER32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\GDI32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\USERENV.dll ok scanned
17.11.2009 20:43:26 File: c:\windows\system32\USERENV.dll ok iChecker
17.11.2009 20:43:26 Running module: svchost.exe\Secur32.dll ok scanned
17.11.2009 20:43:26 File: c:\windows\system32\Secur32.dll ok iChecker
17.11.2009 20:43:26 Running module: svchost.exe\IMM32.DLL ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\MSCTF.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\LPK.DLL ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\USP10.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\POWRPROF.dll ok scanned
17.11.2009 20:43:26 File: C:\Windows\system32\POWRPROF.dll ok iChecker
17.11.2009 20:43:26 Running module: svchost.exe\GPAPI.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\slc.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\rpcss.dll ok scanned
17.11.2009 20:43:26 File: c:\windows\system32\rpcss.dll ok iChecker
17.11.2009 20:43:26 Running module: svchost.exe\WS2_32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\NSI.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\FirewallAPI.dll ok scanned
17.11.2009 20:43:26 File: c:\windows\system32\FirewallAPI.dll ok iChecker
17.11.2009 20:43:26 Running module: svchost.exe\OLEAUT32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\ole32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\VERSION.dll ok scanned
17.11.2009 20:43:26 File: c:\windows\system32\VERSION.dll ok iChecker
17.11.2009 20:43:26 Running module: svchost.exe\CRYPT32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\MSASN1.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\credssp.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\schannel.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\NETAPI32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\PSAPI.DLL ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\SETUPAPI.dll ok scanned
17.11.2009 20:43:26 File: C:\Windows\system32\SETUPAPI.dll ok iChecker
17.11.2009 20:43:26 Running module: svchost.exe\CLBCatQ.DLL ok scanned
17.11.2009 20:43:26 File: C:\Windows\system32\CLBCatQ.DLL ok iChecker
17.11.2009 20:43:26 Running module: svchost.exe\Cabinet.dll ok scanned
17.11.2009 20:43:26 File: C:\Windows\system32\Cabinet.dll ok iChecker
17.11.2009 20:43:26 Running module: svchost.exe\NTMARTA.DLL ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\WLDAP32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\SAMLIB.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\WINSTA.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\WTSAPI32.dll ok scanned
17.11.2009 20:43:26 File: C:\Windows\system32\WTSAPI32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\svchost.exe ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\ntdll.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\kernel32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\msvcrt.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\ADVAPI32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\RPCRT4.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\rpcss.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\WS2_32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\NSI.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\Secur32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\FirewallAPI.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\USER32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\GDI32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\OLEAUT32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\ole32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\VERSION.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\IMM32.DLL ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\MSCTF.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\LPK.DLL ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\USP10.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\CRYPT32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\MSASN1.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\USERENV.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\credssp.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\schannel.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\NETAPI32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\PSAPI.DLL ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\rsaenh.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\mswsock.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\wshtcpip.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\wship6.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\CLBCatQ.DLL ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\fwpuclnt.dll ok scanned
17.11.2009 20:43:26 File: C:\Windows\system32\fwpuclnt.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\svchost.exe ok scanned
17.11.2009 20:43:26 File: C:\Windows\System32\svchost.exe ok iChecker
17.11.2009 20:43:26 Running module: svchost.exe\ntdll.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\kernel32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\msvcrt.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\ADVAPI32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\RPCRT4.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\wevtsvc.dll ok scanned
17.11.2009 20:43:26 File: c:\windows\system32\wevtsvc.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\USERENV.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\Secur32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\USER32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\GDI32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\VERSION.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\GPAPI.dll ok scanned
17.11.2009 20:43:26 File: c:\windows\system32\GPAPI.dll ok iChecker
17.11.2009 20:43:26 Running module: svchost.exe\slc.dll ok scanned
17.11.2009 20:43:26 File: c:\windows\system32\slc.dll ok iChecker
17.11.2009 20:43:26 Running module: svchost.exe\IMM32.DLL ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\MSCTF.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\LPK.DLL ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\USP10.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\CRYPT32.dll ok scanned
17.11.2009 20:43:26 File: C:\Windows\System32\CRYPT32.dll ok iChecker
17.11.2009 20:43:26 Running module: svchost.exe\MSASN1.dll ok scanned
17.11.2009 20:43:26 File: C:\Windows\System32\MSASN1.dll ok iChecker
17.11.2009 20:43:26 Running module: svchost.exe\credssp.dll ok scanned
17.11.2009 20:43:26 File: C:\Windows\System32\credssp.dll ok iChecker
17.11.2009 20:43:26 Running module: svchost.exe\schannel.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\NETAPI32.dll ok scanned
17.11.2009 20:43:26 File: C:\Windows\System32\NETAPI32.dll ok iChecker
17.11.2009 20:43:26 Running module: svchost.exe\PSAPI.DLL ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\WS2_32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\NSI.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\mswsock.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\wshtcpip.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\wship6.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\lmhsvc.dll ok scanned
17.11.2009 20:43:26 File: c:\windows\system32\lmhsvc.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\IPHLPAPI.DLL ok scanned
17.11.2009 20:43:26 File: c:\windows\system32\IPHLPAPI.DLL ok iChecker
17.11.2009 20:43:26 Running module: svchost.exe\dhcpcsvc.DLL ok scanned
17.11.2009 20:43:26 File: c:\windows\system32\dhcpcsvc.DLL ok iChecker
17.11.2009 20:43:26 Running module: svchost.exe\DNSAPI.dll ok scanned
17.11.2009 20:43:26 File: c:\windows\system32\DNSAPI.dll ok iChecker
17.11.2009 20:43:26 Running module: svchost.exe\WINNSI.DLL ok scanned
17.11.2009 20:43:26 File: c:\windows\system32\WINNSI.DLL ok iChecker
17.11.2009 20:43:26 Running module: svchost.exe\dhcpcsvc6.DLL ok scanned
17.11.2009 20:43:26 File: c:\windows\system32\dhcpcsvc6.DLL ok iChecker
17.11.2009 20:43:26 Running module: svchost.exe\svchost.exe ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\ntdll.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\kernel32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\msvcrt.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\ADVAPI32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\RPCRT4.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\NTMARTA.DLL ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\USER32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\GDI32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\WLDAP32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\WS2_32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\NSI.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\PSAPI.DLL ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\SAMLIB.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\ole32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\IMM32.DLL ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\MSCTF.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\LPK.DLL ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\USP10.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\profsvc.dll ok scanned
17.11.2009 20:43:26 File: c:\windows\system32\profsvc.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\SYSNTFY.dll ok scanned
17.11.2009 20:43:26 File: c:\windows\system32\SYSNTFY.dll ok iChecker
17.11.2009 20:43:26 Running module: svchost.exe\USERENV.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\Secur32.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\nlaapi.dll ok scanned
17.11.2009 20:43:26 File: c:\windows\system32\nlaapi.dll ok iChecker
17.11.2009 20:43:26 Running module: svchost.exe\IPHLPAPI.DLL ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\dhcpcsvc.DLL ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\DNSAPI.dll ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\WINNSI.DLL ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\dhcpcsvc6.DLL ok scanned
17.11.2009 20:43:26 Running module: svchost.exe\ATL.DLL ok scanned
17.11.2009 20:43:26 File: c:\windows\system32\ATL.DLL ok iChecker
17.11.2009 20:43:26 Running module: svchost.exe\eapsvc.dll ok scanned
17.11.2009 20:43:27 File: c:\windows\system32\eapsvc.dll ok scanned
17.11.2009 20:43:27 Running module: svchost.exe\eapphost.dll ok scanned
17.11.2009 20:43:27 File: C:\Windows\system32\eapphost.dll ok scanned
17.11.2009 20:43:27 Running module: svchost.exe\OLEAUT32.dll ok scanned
17.11.2009 20:43:27 Running module: svchost.exe\rsaenh.dll ok scanned
17.11.2009 20:43:27 Running module: svchost.exe\CLBCatQ.DLL ok scanned
17.11.2009 20:43:27 Running module: svchost.exe\umb.dll ok scanned
17.11.2009 20:43:27 File: C:\Windows\system32\umb.dll ok iChecker
17.11.2009 20:43:27 Running module: svchost.exe\SETUPAPI.dll ok scanned
17.11.2009 20:43:27 Running module: svchost.exe\WINTRUST.dll ok scanned
17.11.2009 20:43:27 File: C:\Windows\system32\WINTRUST.dll ok iChecker
17.11.2009 20:43:27 Running module: svchost.exe\CRYPT32.dll ok scanned
17.11.2009 20:43:27 Running module: svchost.exe\MSASN1.dll ok scanned
17.11.2009 20:43:27 Running module: svchost.exe\imagehlp.dll ok scanned
17.11.2009 20:43:27 File: C:\Windows\system32\imagehlp.dll ok iChecker
17.11.2009 20:43:27 Running module: svchost.exe\ikeext.dll ok scanned
17.11.2009 20:43:27 File: c:\windows\system32\ikeext.dll ok scanned
17.11.2009 20:43:27 Running module: svchost.exe\AUTHZ.dll ok scanned
17.11.2009 20:43:27 File: c:\windows\system32\AUTHZ.dll ok iChecker
17.11.2009 20:43:27 Running module: svchost.exe\fwpuclnt.dll ok scanned
17.11.2009 20:43:27 File: c:\windows\system32\fwpuclnt.dll ok iChecker
17.11.2009 20:43:27 Running module: svchost.exe\wmisvc.dll ok scanned
17.11.2009 20:43:27 File: c:\windows\system32\wbem\wmisvc.dll ok iChecker
17.11.2009 20:43:27 Running module: svchost.exe\wbemcomn.dll ok scanned
17.11.2009 20:43:27 File: C:\Windows\system32\wbemcomn.dll ok scanned
17.11.2009 20:43:27 Running module: svchost.exe\ncrypt.dll ok scanned
17.11.2009 20:43:27 Running module: svchost.exe\BCRYPT.dll ok scanned
17.11.2009 20:43:27 Running module: svchost.exe\mswsock.dll ok scanned
17.11.2009 20:43:27 Running module: svchost.exe\wshtcpip.dll ok scanned
17.11.2009 20:43:27 Running module: svchost.exe\wship6.dll ok scanned
17.11.2009 20:43:27 Running module: svchost.exe\VSSAPI.DLL ok scanned
17.11.2009 20:43:28 File: C:\Windows\system32\VSSAPI.DLL ok scanned
17.11.2009 20:43:28 Running module: svchost.exe\vsstrace.dll ok scanned
17.11.2009 20:43:28 File: C:\Windows\system32\vsstrace.dll ok scanned
17.11.2009 20:43:28 Running module: svchost.exe\XmlLite.dll ok scanned
17.11.2009 20:43:28 File: C:\Windows\system32\XmlLite.dll ok scanned
17.11.2009 20:43:28 Running module: svchost.exe\NETAPI32.dll ok scanned
17.11.2009 20:43:28 Running module: svchost.exe\MPR.dll ok scanned
17.11.2009 20:43:28 Running module: svchost.exe\wbemcore.dll ok scanned
17.11.2009 20:43:28 File: C:\Windows\system32\wbem\wbemcore.dll ok scanned
17.11.2009 20:43:28 Running module: svchost.exe\esscli.dll ok scanned
17.11.2009 20:43:28 File: C:\Windows\system32\wbem\esscli.dll ok scanned
17.11.2009 20:43:28 Running module: svchost.exe\FastProx.dll ok scanned
17.11.2009 20:43:28 File: C:\Windows\system32\wbem\FastProx.dll ok scanned
17.11.2009 20:43:28 Running module: svchost.exe\NTDSAPI.dll ok scanned
17.11.2009 20:43:28 Running module: svchost.exe\wbemsvc.dll ok scanned
17.11.2009 20:43:28 File: C:\Windows\system32\wbem\wbemsvc.dll ok scanned
17.11.2009 20:43:28 Running module: svchost.exe\wmiutils.dll ok scanned
17.11.2009 20:43:28 File: C:\Windows\system32\wbem\wmiutils.dll ok iChecker
17.11.2009 20:43:28 Running module: svchost.exe\repdrvfs.dll ok scanned
17.11.2009 20:43:28 File: C:\Windows\system32\wbem\repdrvfs.dll ok iChecker
17.11.2009 20:43:28 Running module: svchost.exe\wmiprvsd.dll ok scanned
17.11.2009 20:43:29 File: C:\Windows\system32\wbem\wmiprvsd.dll ok scanned
17.11.2009 20:43:29 Running module: svchost.exe\NCObjAPI.DLL ok scanned
17.11.2009 20:43:29 Running module: svchost.exe\wbemess.dll ok scanned
17.11.2009 20:43:29 File: C:\Windows\system32\wbem\wbemess.dll ok iChecker
17.11.2009 20:43:29 Running module: svchost.exe\ncprov.dll ok scanned
17.11.2009 20:43:29 File: C:\Windows\system32\wbem\ncprov.dll ok iChecker
17.11.2009 20:43:29 Running module: svchost.exe\wbemcons.dll ok scanned
17.11.2009 20:43:29 File: C:\Windows\system32\wbem\wbemcons.dll ok scanned
17.11.2009 20:43:29 Running module: svchost.exe\WTSAPI32.dll ok scanned
17.11.2009 20:43:29 Running module: svchost.exe\svchost.exe ok scanned
17.11.2009 20:43:29 Running module: svchost.exe\ntdll.dll ok scanned
17.11.2009 20:43:29 Running module: svchost.exe\kernel32.dll ok scanned
17.11.2009 20:43:29 Running module: svchost.exe\msvcrt.dll ok scanned
17.11.2009 20:43:29 Running module: svchost.exe\ADVAPI32.dll ok scanned
17.11.2009 20:43:29 Running module: svchost.exe\RPCRT4.dll ok scanned
17.11.2009 20:43:29 Running module: svchost.exe\NTMARTA.DLL ok scanned
17.11.2009 20:43:29 File: C:\Windows\System32\NTMARTA.DLL ok iChecker
17.11.2009 20:43:29 Running module: svchost.exe\USER32.dll ok scanned
17.11.2009 20:43:29 Running module: svchost.exe\GDI32.dll ok scanned
17.11.2009 20:43:29 Running module: svchost.exe\WLDAP32.dll ok scanned
17.11.2009 20:43:29 Running module: svchost.exe\WS2_32.dll ok scanned
17.11.2009 20:43:29 Running module: svchost.exe\NSI.dll ok scanned
17.11.2009 20:43:29 Running module: svchost.exe\PSAPI.DLL ok scanned
17.11.2009 20:43:29 Running module: svchost.exe\SAMLIB.dll ok scanned
17.11.2009 20:43:29 File: C:\Windows\System32\SAMLIB.dll ok iChecker
17.11.2009 20:43:29 Running module: svchost.exe\ole32.dll ok scanned
17.11.2009 20:43:29 Running module: svchost.exe\IMM32.DLL ok scanned
17.11.2009 20:43:29 Running module: svchost.exe\MSCTF.dll ok scanned
17.11.2009 20:43:29 Running module: svchost.exe\LPK.DLL ok scanned
17.11.2009 20:43:29 Running module: svchost.exe\USP10.dll ok scanned
17.11.2009 20:43:29 Running module: svchost.exe\USERENV.dll ok scanned
17.11.2009 20:43:29 Running module: svchost.exe\Secur32.dll ok scanned
17.11.2009 20:43:29 Running module: svchost.exe\SETUPAPI.dll ok scanned
17.11.2009 20:43:29 Running module: svchost.exe\OLEAUT32.dll ok scanned
17.11.2009 20:43:29 Running module: svchost.exe\wudfsvc.dll ok scanned
17.11.2009 20:43:29 File: c:\windows\system32\wudfsvc.dll ok iChecker
17.11.2009 20:43:29 Running module: svchost.exe\WUDFPlatform.dll ok scanned
17.11.2009 20:43:29 File: c:\windows\system32\WUDFPlatform.dll ok iChecker
17.11.2009 20:43:29 Running module: svchost.exe\VERSION.dll ok scanned
17.11.2009 20:43:29 Running module: svchost.exe\wevtapi.dll ok scanned
17.11.2009 20:43:29 File: c:\windows\system32\wevtapi.dll ok iChecker
17.11.2009 20:43:29 Running module: svchost.exe\WINTRUST.dll ok scanned
17.11.2009 20:43:29 File: C:\Windows\System32\WINTRUST.dll ok iChecker
17.11.2009 20:43:29 Running module: svchost.exe\CRYPT32.dll ok scanned
17.11.2009 20:43:29 Running module: svchost.exe\MSASN1.dll ok scanned
17.11.2009 20:43:29 Running module: svchost.exe\imagehlp.dll ok scanned
17.11.2009 20:43:29 Running module: svchost.exe\wlansvc.dll ok scanned
17.11.2009 20:43:29 File: c:\windows\system32\wlansvc.dll ok scanned
17.11.2009 20:43:29 Running module: svchost.exe\WTSAPI32.dll ok scanned
17.11.2009 20:43:29 File: c:\windows\system32\WTSAPI32.dll ok iChecker
17.11.2009 20:43:29 Running module: svchost.exe\NETAPI32.dll ok scanned
17.11.2009 20:43:29 File: c:\windows\system32\NETAPI32.dll ok iChecker
17.11.2009 20:43:29 Running module: svchost.exe\SHELL32.dll ok scanned
17.11.2009 20:43:32 File: C:\Windows\system32\SHELL32.dll ok scanned
17.11.2009 20:43:32 Running module: svchost.exe\SHLWAPI.dll ok scanned
17.11.2009 20:43:32 File: C:\Windows\system32\SHLWAPI.dll ok iChecker
17.11.2009 20:43:32 Running module: svchost.exe\WLANMSM.DLL ok scanned
17.11.2009 20:43:32 File: c:\windows\system32\WLANMSM.DLL ok scanned
17.11.2009 20:43:32 Running module: svchost.exe\WLANSEC.dll ok scanned
17.11.2009 20:43:32 File: c:\windows\system32\WLANSEC.dll ok iChecker
17.11.2009 20:43:32 Running module: svchost.exe\OneX.DLL ok scanned
17.11.2009 20:43:32 File: c:\windows\system32\OneX.DLL ok scanned
17.11.2009 20:43:32 Running module: svchost.exe\eappprxy.dll ok scanned
17.11.2009 20:43:32 File: c:\windows\system32\eappprxy.dll ok iChecker
17.11.2009 20:43:32 Running module: svchost.exe\eappcfg.dll ok scanned
17.11.2009 20:43:32 File: c:\windows\system32\eappcfg.dll ok iChecker
17.11.2009 20:43:32 Running module: svchost.exe\gdiplus.dll ok scanned
17.11.2009 20:43:33 File: C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll ok scanned
17.11.2009 20:43:33 Running module: svchost.exe\DUser.dll ok scanned
17.11.2009 20:43:33 File: c:\windows\system32\DUser.dll ok scanned
17.11.2009 20:43:33 Running module: svchost.exe\UxTheme.dll ok scanned
17.11.2009 20:43:33 File: c:\windows\system32\UxTheme.dll ok iChecker
17.11.2009 20:43:33 Running module: svchost.exe\OLEACC.dll ok scanned
17.11.2009 20:43:33 File: c:\windows\system32\OLEACC.dll ok iChecker
17.11.2009 20:43:33 Running module: svchost.exe\AUTHZ.dll ok scanned
17.11.2009 20:43:33 Running module: svchost.exe\dhcpcsvc.DLL ok scanned
17.11.2009 20:43:33 Running module: svchost.exe\DNSAPI.dll ok scanned
17.11.2009 20:43:33 Running module: svchost.exe\WINNSI.DLL ok scanned
17.11.2009 20:43:33 Running module: svchost.exe\wlgpclnt.dll ok scanned
17.11.2009 20:43:33 File: c:\windows\system32\wlgpclnt.dll ok iChecker
17.11.2009 20:43:33 Running module: svchost.exe\l2gpstore.dll ok scanned
17.11.2009 20:43:33 File: c:\windows\system32\l2gpstore.dll ok scanned
17.11.2009 20:43:33 Running module: svchost.exe\wlanutil.dll ok scanned
17.11.2009 20:43:33 File: c:\windows\system32\wlanutil.dll ok scanned
17.11.2009 20:43:33 Running module: svchost.exe\SYSNTFY.dll ok scanned
17.11.2009 20:43:33 Running module: svchost.exe\WinSCard.dll ok scanned
17.11.2009 20:43:33 File: c:\windows\system32\WinSCard.dll ok iChecker
17.11.2009 20:43:33 Running module: svchost.exe\WINSTA.dll ok scanned
17.11.2009 20:43:33 File: c:\windows\system32\WINSTA.dll ok iChecker
17.11.2009 20:43:33 Running module: svchost.exe\IPHLPAPI.DLL ok scanned
17.11.2009 20:43:33 Running module: svchost.exe\dhcpcsvc6.DLL ok scanned
17.11.2009 20:43:33 Running module: svchost.exe\bcrypt.dll ok scanned
17.11.2009 20:43:33 File: c:\windows\system32\bcrypt.dll ok iChecker
17.11.2009 20:43:33 Running module: svchost.exe\comctl32.dll ok scanned
17.11.2009 20:43:33 File: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll ok iChecker
17.11.2009 20:43:33 Running module: svchost.exe\CLBCatQ.DLL ok scanned
17.11.2009 20:43:33 Running module: svchost.exe\msxml6.dll ok scanned
17.11.2009 20:43:34 File: C:\Windows\System32\msxml6.dll ok scanned
17.11.2009 20:43:34 Running module: svchost.exe\rsaenh.dll ok scanned
17.11.2009 20:43:34 File: C:\Windows\System32\rsaenh.dll ok iChecker
17.11.2009 20:43:34 Running module: svchost.exe\credssp.dll ok scanned
17.11.2009 20:43:34 Running module: svchost.exe\schannel.dll ok scanned
17.11.2009 20:43:34 Running module: svchost.exe\kerberos.dll ok scanned
17.11.2009 20:43:34 Running module: svchost.exe\cryptdll.dll ok scanned
17.11.2009 20:43:34 File: C:\Windows\System32\cryptdll.dll ok iChecker
17.11.2009 20:43:34 Running module: svchost.exe\urlmon.dll ok scanned
17.11.2009 20:43:34 File: C:\Windows\system32\urlmon.dll ok scanned
17.11.2009 20:43:34 Running module: svchost.exe\iertutil.dll ok scanned
17.11.2009 20:43:34 File: C:\Windows\system32\iertutil.dll ok scanned
17.11.2009 20:43:34 Running module: svchost.exe\netman.dll ok scanned
17.11.2009 20:43:34 File: c:\windows\system32\netman.dll ok iChecker
17.11.2009 20:43:34 Running module: svchost.exe\RASAPI32.dll ok scanned
17.11.2009 20:43:34 File: c:\windows\system32\RASAPI32.dll ok scanned
17.11.2009 20:43:34 Running module: svchost.exe\rasman.dll ok scanned
17.11.2009 20:43:34 File: c:\windows\system32\rasman.dll ok iChecker
17.11.2009 20:43:34 Running module: svchost.exe\TAPI32.dll ok scanned
17.11.2009 20:43:34 File: c:\windows\system32\TAPI32.dll ok iChecker
17.11.2009 20:43:34 Running module: svchost.exe\rtutils.dll ok scanned
17.11.2009 20:43:34 File: c:\windows\system32\rtutils.dll ok scanned
17.11.2009 20:43:34 Running module: svchost.exe\WINMM.dll ok scanned
17.11.2009 20:43:34 File: c:\windows\system32\WINMM.dll ok iChecker
17.11.2009 20:43:34 Running module: svchost.exe\netcfgx.dll ok scanned
17.11.2009 20:43:35 File: C:\Windows\system32\netcfgx.dll ok scanned
17.11.2009 20:43:35 Running module: svchost.exe\slc.dll ok scanned
17.11.2009 20:43:35 Running module: svchost.exe\Cabinet.dll ok scanned
17.11.2009 20:43:35 File: C:\Windows\System32\Cabinet.dll ok iChecker
17.11.2009 20:43:35 Running module: svchost.exe\netshell.dll ok scanned
17.11.2009 20:43:35 File: C:\Windows\System32\netshell.dll ok scanned
17.11.2009 20:43:35 Running module: svchost.exe\nlaapi.dll ok scanned
17.11.2009 20:43:35 File: C:\Windows\System32\nlaapi.dll ok iChecker
17.11.2009 20:43:35 Running module: svchost.exe\RASDLG.dll ok scanned
17.11.2009 20:43:36 File: C:\Windows\System32\RASDLG.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\MPRAPI.dll ok scanned
17.11.2009 20:43:36 File: C:\Windows\System32\MPRAPI.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\ACTIVEDS.dll ok scanned
17.11.2009 20:43:36 File: C:\Windows\System32\ACTIVEDS.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\adsldpc.dll ok scanned
17.11.2009 20:43:36 File: C:\Windows\System32\adsldpc.dll ok iChecker
17.11.2009 20:43:36 Running module: svchost.exe\credui.dll ok scanned
17.11.2009 20:43:36 File: C:\Windows\System32\credui.dll ok iChecker
17.11.2009 20:43:36 Running module: svchost.exe\ATL.DLL ok scanned
17.11.2009 20:43:36 File: C:\Windows\System32\ATL.DLL ok iChecker
17.11.2009 20:43:36 Running module: svchost.exe\svchost.exe ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\ntdll.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\kernel32.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\msvcrt.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\ADVAPI32.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\RPCRT4.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\NTMARTA.DLL ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\USER32.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\GDI32.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\WLDAP32.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\WS2_32.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\NSI.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\PSAPI.DLL ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\SAMLIB.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\ole32.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\IMM32.DLL ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\MSCTF.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\LPK.DLL ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\USP10.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\dnsrslvr.dll ok scanned
17.11.2009 20:43:36 File: c:\windows\system32\dnsrslvr.dll ok iChecker
17.11.2009 20:43:36 Running module: svchost.exe\DNSAPI.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\dhcpcsvc.DLL ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\Secur32.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\WINNSI.DLL ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\dhcpcsvc6.DLL ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\IPHLPAPI.DLL ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\mswsock.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\wship6.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\cryptsvc.dll ok scanned
17.11.2009 20:43:36 File: c:\windows\system32\cryptsvc.dll ok iChecker
17.11.2009 20:43:36 Running module: svchost.exe\OLEAUT32.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\VSSAPI.DLL ok scanned
17.11.2009 20:43:36 File: c:\windows\system32\VSSAPI.DLL ok iChecker
17.11.2009 20:43:36 Running module: svchost.exe\ATL.DLL ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\vsstrace.dll ok scanned
17.11.2009 20:43:36 File: c:\windows\system32\vsstrace.dll ok iChecker
17.11.2009 20:43:36 Running module: svchost.exe\AUTHZ.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\XmlLite.dll ok scanned
17.11.2009 20:43:36 File: c:\windows\system32\XmlLite.dll ok iChecker
17.11.2009 20:43:36 Running module: svchost.exe\NETAPI32.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\MPR.dll ok scanned
17.11.2009 20:43:36 File: c:\windows\system32\MPR.dll ok iChecker
17.11.2009 20:43:36 Running module: svchost.exe\SETUPAPI.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\CRYPT32.dll ok scanned
17.11.2009 20:43:36 File: c:\windows\system32\CRYPT32.dll ok iChecker
17.11.2009 20:43:36 Running module: svchost.exe\MSASN1.dll ok scanned
17.11.2009 20:43:36 File: c:\windows\system32\MSASN1.dll ok iChecker
17.11.2009 20:43:36 Running module: svchost.exe\USERENV.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\nlasvc.dll ok scanned
17.11.2009 20:43:36 File: c:\windows\system32\nlasvc.dll ok iChecker
17.11.2009 20:43:36 Running module: svchost.exe\wevtapi.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\ncsi.dll ok scanned
17.11.2009 20:43:36 File: c:\windows\system32\ncsi.dll ok iChecker
17.11.2009 20:43:36 Running module: svchost.exe\WINHTTP.dll ok scanned
17.11.2009 20:43:36 File: c:\windows\system32\WINHTTP.dll ok iChecker
17.11.2009 20:43:36 Running module: svchost.exe\SHLWAPI.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\WTSAPI32.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\bcrypt.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\CFGMGR32.dll ok scanned
17.11.2009 20:43:36 File: c:\windows\system32\CFGMGR32.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\comctl32.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\credssp.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\schannel.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\ssdpapi.dll ok scanned
17.11.2009 20:43:36 File: C:\Windows\system32\ssdpapi.dll ok iChecker
17.11.2009 20:43:36 Running module: svchost.exe\WINSTA.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\wshtcpip.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\ESENT.dll ok scanned
17.11.2009 20:43:36 File: C:\Windows\system32\ESENT.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\svchost.exe ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\ntdll.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\kernel32.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\msvcrt.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\ADVAPI32.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\RPCRT4.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\NTMARTA.DLL ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\USER32.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\GDI32.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\WLDAP32.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\WS2_32.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\NSI.dll ok scanned
17.11.2009 20:43:36 Running module: svchost.exe\PSAPI.DLL ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\SAMLIB.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\ole32.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\IMM32.DLL ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\MSCTF.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\LPK.DLL ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\USP10.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\nsisvc.dll ok scanned
17.11.2009 20:43:37 File: c:\windows\system32\nsisvc.dll ok iChecker
17.11.2009 20:43:37 Running module: svchost.exe\secur32.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\CRYPT32.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\MSASN1.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\USERENV.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\credssp.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\schannel.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\NETAPI32.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\wkssvc.dll ok scanned
17.11.2009 20:43:37 File: c:\windows\system32\wkssvc.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\IPHLPAPI.DLL ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\dhcpcsvc.DLL ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\DNSAPI.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\WINNSI.DLL ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\dhcpcsvc6.DLL ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\NTDSAPI.dll ok scanned
17.11.2009 20:43:37 File: c:\windows\system32\NTDSAPI.dll ok iChecker
17.11.2009 20:43:37 Running module: svchost.exe\WINBRAND.dll ok scanned
17.11.2009 20:43:37 File: c:\windows\system32\WINBRAND.dll ok iChecker
17.11.2009 20:43:37 Running module: svchost.exe\netprofm.dll ok scanned
17.11.2009 20:43:37 File: c:\windows\system32\netprofm.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\OLEAUT32.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\GPAPI.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\slc.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\nlaapi.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\rsaenh.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\CLBCatQ.DLL ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\npmproxy.dll ok scanned
17.11.2009 20:43:37 File: C:\Windows\System32\npmproxy.dll ok iChecker
17.11.2009 20:43:37 Running module: svchost.exe\svchost.exe ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\ntdll.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\kernel32.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\msvcrt.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\ADVAPI32.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\RPCRT4.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\bfe.dll ok scanned
17.11.2009 20:43:37 File: c:\windows\system32\bfe.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\AUTHZ.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\Secur32.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\USER32.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\GDI32.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\IMM32.DLL ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\MSCTF.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\LPK.DLL ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\USP10.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\mpssvc.dll ok scanned
17.11.2009 20:43:37 File: c:\windows\system32\mpssvc.dll ok iChecker
17.11.2009 20:43:37 Running module: svchost.exe\FirewallAPI.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\OLEAUT32.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\ole32.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\VERSION.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\nlaapi.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\IPHLPAPI.DLL ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\dhcpcsvc.DLL ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\DNSAPI.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\WS2_32.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\NSI.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\WINNSI.DLL ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\dhcpcsvc6.DLL ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\CRYPT32.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\MSASN1.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\USERENV.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\bcrypt.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\WTSAPI32.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\SHLWAPI.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\fwpuclnt.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\comctl32.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\credssp.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\schannel.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\NETAPI32.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\PSAPI.DLL ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\GPAPI.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\slc.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\wfapigp.dll ok scanned
17.11.2009 20:43:37 File: C:\Windows\system32\wfapigp.dll ok iChecker
17.11.2009 20:43:37 Running module: svchost.exe\ntmarta.dll ok scanned
17.11.2009 20:43:37 File: C:\Windows\system32\ntmarta.dll ok iChecker
17.11.2009 20:43:37 Running module: svchost.exe\WLDAP32.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\SAMLIB.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\CLBCatQ.DLL ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\rsaenh.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\npmproxy.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\mswsock.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\wshrm.dll ok scanned
17.11.2009 20:43:37 File: C:\Windows\System32\wshrm.dll ok iChecker
17.11.2009 20:43:37 Running module: svchost.exe\wship6.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\svchost.exe ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\ntdll.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\kernel32.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\msvcrt.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\ADVAPI32.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\RPCRT4.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\ipsecsvc.dll ok scanned
17.11.2009 20:43:37 File: c:\windows\system32\ipsecsvc.dll ok iChecker
17.11.2009 20:43:37 Running module: svchost.exe\AUTHZ.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\ole32.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\GDI32.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\USER32.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\IPHLPAPI.DLL ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\dhcpcsvc.DLL ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\DNSAPI.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\WS2_32.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\NSI.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\Secur32.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\WINNSI.DLL ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\dhcpcsvc6.DLL ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\CRYPT32.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\MSASN1.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\USERENV.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\fwpuclnt.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\OLEAUT32.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\FirewallAPI.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\VERSION.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\FwRemoteSvr.DLL ok scanned
17.11.2009 20:43:37 File: c:\windows\system32\FwRemoteSvr.DLL ok iChecker
17.11.2009 20:43:37 Running module: svchost.exe\WLDAP32.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\PSAPI.DLL ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\IMM32.DLL ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\MSCTF.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\LPK.DLL ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\USP10.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\CLBCatQ.DLL ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\credssp.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\schannel.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\NETAPI32.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\mswsock.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\wshtcpip.dll ok scanned
17.11.2009 20:43:37 Running module: svchost.exe\wship6.dll ok scanned
17.11.2009 20:43:37 Running module: explorer.exe\Explorer.EXE ok scanned
17.11.2009 20:43:38 File: C:\Windows\Explorer.EXE ok scanned
17.11.2009 20:43:38 Running module: explorer.exe\ntdll.dll ok scanned
17.11.2009 20:43:38 Running module: explorer.exe\kernel32.dll ok scanned
17.11.2009 20:43:38 Running module: explorer.exe\ADVAPI32.dll ok scanned
17.11.2009 20:43:38 Running module: explorer.exe\RPCRT4.dll ok scanned
17.11.2009 20:43:38 Running module: explorer.exe\GDI32.dll ok scanned
17.11.2009 20:43:38 Running module: explorer.exe\USER32.dll ok scanned
17.11.2009 20:43:38 Running module: explorer.exe\msvcrt.dll ok scanned
17.11.2009 20:43:38 Running module: explorer.exe\SHLWAPI.dll ok scanned
17.11.2009 20:43:38 Running module: explorer.exe\SHELL32.dll ok scanned
17.11.2009 20:43:38 Running module: explorer.exe\ole32.dll ok scanned
17.11.2009 20:43:38 Running module: explorer.exe\OLEAUT32.dll ok scanned
17.11.2009 20:43:38 Running module: explorer.exe\SHDOCVW.dll ok scanned
17.11.2009 20:43:38 File: C:\Windows\system32\SHDOCVW.dll ok iChecker
17.11.2009 20:43:38 Running module: explorer.exe\UxTheme.dll ok scanned
17.11.2009 20:43:38 File: C:\Windows\system32\UxTheme.dll ok iChecker
17.11.2009 20:43:38 Running module: explorer.exe\POWRPROF.dll ok scanned
17.11.2009 20:43:38 Running module: explorer.exe\dwmapi.dll ok scanned
17.11.2009 20:43:38 File: C:\Windows\system32\dwmapi.dll ok scanned
17.11.2009 20:43:38 Running module: explorer.exe\gdiplus.dll ok scanned
17.11.2009 20:43:38 Running module: explorer.exe\slc.dll ok scanned
17.11.2009 20:43:38 Running module: explorer.exe\PROPSYS.dll ok scanned
17.11.2009 20:43:38 File: C:\Windows\system32\PROPSYS.dll ok iChecker
17.11.2009 20:43:38 Running module: explorer.exe\BROWSEUI.dll ok scanned
17.11.2009 20:43:38 File: C:\Windows\system32\BROWSEUI.dll ok scanned
17.11.2009 20:43:38 Running module: explorer.exe\IMM32.dll ok scanned
17.11.2009 20:43:38 File: C:\Windows\system32\IMM32.dll ok iChecker
17.11.2009 20:43:38 Running module: explorer.exe\MSCTF.dll ok scanned
17.11.2009 20:43:38 Running module: explorer.exe\DUser.dll ok scanned
17.11.2009 20:43:38 File: C:\Windows\system32\DUser.dll ok iChecker
17.11.2009 20:43:38 Running module: explorer.exe\LPK.DLL ok scanned
17.11.2009 20:43:38 Running module: explorer.exe\USP10.dll ok scanned
17.11.2009 20:43:38 Running module: explorer.exe\comctl32.dll ok scanned
17.11.2009 20:43:38 Running module: explorer.exe\WindowsCodecs.dll ok scanned
17.11.2009 20:43:38 File: C:\Windows\system32\WindowsCodecs.dll ok iChecker
17.11.2009 20:43:38 Running module: explorer.exe\apphelp.dll ok scanned
17.11.2009 20:43:38 File: C:\Windows\system32\apphelp.dll ok scanned
17.11.2009 20:43:38 Running module: explorer.exe\CLBCatQ.DLL ok scanned
17.11.2009 20:43:38 Running module: explorer.exe\AcSignIcon.dll ok scanned
17.11.2009 20:43:39 File: C:\Windows\system32\AcSignIcon.dll ok iChecker
17.11.2009 20:43:39 Running module: explorer.exe\MFC80U.DLL ok scanned
17.11.2009 20:43:39 File: C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL ok iChecker
17.11.2009 20:43:39 Running module: explorer.exe\MSVCR80.dll ok scanned
17.11.2009 20:43:39 File: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\MSVCR80.dll ok iChecker
17.11.2009 20:43:39 Running module: explorer.exe\MFC80FRA.DLL ok scanned
17.11.2009 20:43:39 File: C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\MFC80FRA.DLL ok iChecker
17.11.2009 20:43:39 Running module: explorer.exe\EhStorShell.dll ok scanned
17.11.2009 20:43:39 File: C:\Windows\system32\EhStorShell.dll ok scanned
17.11.2009 20:43:39 Running module: explorer.exe\IconCodecService.dll ok scanned
17.11.2009 20:43:39 File: C:\Windows\system32\IconCodecService.dll ok scanne

poisson9 · Novembre 18, 2009, 1:39

C’est bon fais ca :

1)télécharges cet Utlitaire ==>FileHippo

==>updatechecker

installes et aprés analyse il te dira lesquels de tes logiciels ( Adobe Acrobat Reader,etc …) qui ne ont pas à jour et le chemin pour le faire

installes mise à part les versions “Beta”

Télécharges ToolsCleaner! de A.Rothstein pour enlever les programmes utilisés pendant la procédure.

==>ToolsCleaner

==> Enregistres ToolsCleaner2.exe sur le Bureau.
Sous Vista,Clic-droit > Exécuter en tant qu’ Administrateur
==> Double-cliquer dessus, puis cliques sur Recherche --> Le programme va chercher les utilitaires installés
------> Il se peut que la fenêtre devienne blanche pendant le scan, c’est normal !
==> Copier-coller le contenu du rapport qui apparait dans la fenêtre blanche.

@+ poisson2000

kodorduhl · Novembre 18, 2009, 2:40

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

–> Recherche:

C:\Combofix.txt: trouvé !
C:\FindyKill.txt: trouvé !
C:\GenProc: trouvé !
C:\Qoobox: trouvé !
C:\FindyKill: trouvé !
C:\GenProc\Genproc.exe: trouvé !
C:\GenProc\Outil\hijackthis.log: trouvé !
C:\GenProc\Outil\mbr.exe: trouvé !
C:\GenProc\Page\GenProc[*].html: trouvé !
C:\Program Files\Ad-remover: trouvé !
C:\Program Files\Ad-Remover\BACKUP\Ad-R.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programme\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Programme\Ad-remover: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programme\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\Michelet\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: trouvé !
C:\Users\Michelet\Desktop\HijackThis.lnk: trouvé !
C:\Users\Michelet\Desktop\Ad-R.exe: trouvé !
C:\Users\Michelet\Desktop\Combofix.txt: trouvé !
C:\Users\Michelet\Desktop\hijackthis.log: trouvé !
C:\Users\Michelet\Desktop\FindyKill.txt: trouvé !
C:\Users\Michelet\Desktop\Genproc - Raccourci.lnk: trouvé !
C:\Users\Michelet\Downloads\HJTInstall.exe: trouvé !
C:\Users\Michelet\Downloads\Ad-R.exe: trouvé !
C:\Users\Michelet\Downloads\Genproc.exe: trouvé !
C:\Windows\mbr.exe: trouvé !

–> Suppression:

C:\Program Files\Ad-Remover\BACKUP\Ad-R.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Users\Michelet\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: supprimé !
C:\Users\Michelet\Desktop\HijackThis.lnk: supprimé !
C:\Users\Michelet\Desktop\Ad-R.exe: supprimé !
C:\Users\Michelet\Downloads\HJTInstall.exe: supprimé !
C:\Users\Michelet\Downloads\Ad-R.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\FindyKill.txt: supprimé !
C:\GenProc\Genproc.exe: supprimé !
C:\GenProc\Outil\hijackthis.log: supprimé !
C:\GenProc\Outil\mbr.exe: supprimé !
C:\GenProc\Page\GenProc[*].html: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox\Quarantine\catchme.log: supprimé !
C:\Users\Michelet\Desktop\Combofix.txt: supprimé !
C:\Users\Michelet\Desktop\hijackthis.log: supprimé !
C:\Users\Michelet\Desktop\FindyKill.txt: supprimé !
C:\Users\Michelet\Desktop\Genproc - Raccourci.lnk: supprimé !
C:\Users\Michelet\Downloads\Genproc.exe: supprimé !
C:\Windows\mbr.exe: supprimé !
C:\GenProc: supprimé !
C:\Qoobox: supprimé !
C:\FindyKill: supprimé !
C:\Program Files\Ad-remover: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programme\HijackThis: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !

voilà c’est tout bon!

merci pour ton aide en tout cas, et j’espère pas à bientôt

poisson9 · Novembre 18, 2009, 2:47

C’est bon clique sur suppression.

C’est terminer.
Bon surf !

@+
Théo

miki759 · Mars 21, 2010, 3:07

Bonjour, j’ai eu un Trojan.Fake.Alert.5 qui fesait que mon Antivirus: Bit Defender Suite 2010 me détectait plein de programmes ou fichiers comme défectueux et me les soi-disant bloquait, ce qu"il je crois ne fesait pas vraiment.

J’ai fait un scan Mbam, qui m’a détecté des problèmes type Hijack ou autre xD, je ne saurai vous dire. Bref, j’ai supprimé, mais je ne pense pas que cela soit suffisant. De plus, lorsque j’allume mon ordi: j’ai deux erreurs de dll , à savoir DpfpAPI.dll qui correspondrait visiblement à Digital Persona, et NAG.dll qui correspondrait à TODO (infos du net).

D’aurte part, j’essaye actuellement de réinstaller mon Anti virus, mais à l’installation, j’ai ceci :[Photo supprimée]

Voilà, en esperant avoir de vos nouvelles bientôt. Je vais déjà commencer les étapes préscrites à la personne précédente à savoir Hijackthis ect ect.

Je tourne sur Win 7 x64bits

Sincerement, Miki

EDIT: Je veux lancer une vidéo et il me met qu’il manque encore un dll : libvlc.dll
Je crois que tout ce que Bit Defender détectait et supprimait devait être des clé des registres! Je suis bien dans la panade.
Edité le 21/03/2010 à 15:13

cricri58 · Mars 21, 2010, 4:44

Salut miki759

miki759:

Bonjour, j’ai eu un Trojan.Fake.Alert.5 qui fesait que mon Antivirus: Bit Defender Suite 2010 me détectait plein de programmes ou fichiers comme défectueux et me les soi-disant bloquait, ce qu"il je crois ne fesait pas vraiment.

J’ai fait un scan Mbam, qui m’a détecté des problèmes type Hijack ou autre xD, je ne saurai vous dire. Bref, j’ai supprimé, mais je ne pense pas que cela soit suffisant. De plus, lorsque j’allume mon ordi: j’ai deux erreurs de dll , à savoir DpfpAPI.dll qui correspondrait visiblement à Digital Persona, et NAG.dll qui correspondrait à TODO (infos du net).

D’aurte part, j’essaye actuellement de réinstaller mon Anti virus, mais à l’installation, j’ai ceci :[Photo supprimée]

Voilà, en esperant avoir de vos nouvelles bientôt. Je vais déjà commencer les étapes préscrites à la personne précédente à savoir Hijackthis ect ect.

Je tourne sur Win 7 x64bits

Sincerement, Miki

EDIT: Je veux lancer une vidéo et il me met qu’il manque encore un dll : libvlc.dll
Je crois que tout ce que Bit Defender détectait et supprimait devait être des clé des registres! Je suis bien dans la panade.

pour toi lis ceci=> Clubic

miki759 · Mars 21, 2010, 5:20

très bien Cricri, je me lance dans cette lecture!
merci de ton intervention dans tous les cas!

EDIT (après lecture): KOIIIIIII ??? ah merrrrcrediiii … Et moi qui ai désinstallé Bit Defender… Je ne peux même pas le réinstaller si vous regardez l’erreur que j’ai soulignée plus haut… Comment vais-je faire? Des idées?
Edité le 21/03/2010 à 17:23