[résolu]Hidden objects

Section d'analyse de rapports et de désinfection : malwares en tous genre et autres indésirables. Demandes de nettoyage uniquement. Prise en charge restreinte : équipe spécialisée.

Modérateur: Modérateurs

Règles du forum :arrow: Les désinfections sont prises en charge par un groupe spécifique, tout le monde ne peut pas intervenir pour désinfecter les machines (règles).
:arrow: Les procédures sont sur-mesure, ne faites pas la même chose chez vous (explications).
:arrow: Un topic par machine, chacun crée le sien. ;)

[résolu]Hidden objects

Messagepar Azureane » 13 Avr 2012 06:38

Bonjour,
Je crois que mon pc a un probleme.
Depuis hier tout est ralenti avec firefox. Je suis repassée sur Opera pour pouvoir poster et utiliser mon pc.
En faisant le scan antivirus avec avira, l'antivrus m'a annoncé avoir besoin d'un cd d'avira pour venir à bout d'objet caché...(64) en a ce point. Je suppose une infection...ou plusieurs
Le scan d'avira n'est pour le moment pas terminé (au moment ou j'écris). Je peux le faire suivre d'un scan de MBam. Mon OS est Seven mis à jour hier.
J'espère que vous pouvez m'aider.
Merci d'avance pour tout aide.
Salutations Azureane
Dernière édition par Azureane le 20 Avr 2012 13:07, édité 3 fois.
Avatar de l’utilisateur
Azureane
 
Messages: 42
Inscription: 14 Juil 2008 16:06
Localisation: Wien / Vienne / Vienna

Re: Hidden objects

Messagepar nardino » 13 Avr 2012 09:57

Bonjour,
Image ZHPDiag de Nicolas Coolman sur ton bureau.

Image Clique sur le fichier ZHPDiag2.exe pour installer l'outil et suis la routine.
Coche Installer une icône sur le bureau quand cela te sera proposé.

Image Lance ZHPDiag en cliquant sur l'icône ZHPDiag affichée sur le bureau
Image
Image Dans l'interface, fais les trois opérations comme dans l'image ci-dessous :
1 : Clique sur l'icône Tournevis
2 : Clique sur le bouton radio Tous
3 : Clique sur L'icône Loupe pour lancer le scan

Image

Laisse faire le scan jusqu'à ce que la barre de progression en bas soit à 100%. Ce message aura disparu.

Image

Image Tu refermes ZHPDiag en cliquant sur la croix rouge en haut à droite.
Un fichier ZHPDiag.txt sera enregistré sur le bureau.
Image
Image Tu l'héberges sur Cjoint en cochant 4 jours dans la ligne Et pour quelle durée ?
Tu me communiques le lien obtenu dans ta réponse.
Explications pour Cjoint

Poste les rapports Malwarebytes et Avira en même temps.
@+
Image
Avatar de l’utilisateur
nardino
Super Libellulien
Super Libellulien
 
Messages: 1100
Inscription: 03 Avr 2009 22:02

Re: Hidden objects

Messagepar Azureane » 14 Avr 2012 10:30

Bonjour et deja merci pour l aide.

Voila les scans, celui d avira.

Avira Free Antivirus
Report file date: Freitag, 13. April 2012 06:33

Scanning for 3616110 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : CYCAS

Version information:
BUILD.DAT : 12.0.0.898 41963 Bytes 31.01.2012 14:50:00
AVSCAN.EXE : 12.1.0.20 492496 Bytes 15.02.2012 17:48:22
AVSCAN.DLL : 12.1.0.18 54224 Bytes 15.02.2012 17:48:22
LUKE.DLL : 12.1.0.19 68304 Bytes 15.02.2012 17:48:22
AVSCPLR.DLL : 12.1.0.22 100048 Bytes 15.02.2012 17:48:22
AVREG.DLL : 12.1.0.36 229128 Bytes 05.04.2012 18:41:44
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 00:16:07
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 23:01:58
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 12:32:08
VBASE005.VDF : 7.11.26.45 2048 Bytes 28.03.2012 12:32:10
VBASE006.VDF : 7.11.26.46 2048 Bytes 28.03.2012 12:32:10
VBASE007.VDF : 7.11.26.47 2048 Bytes 28.03.2012 12:32:11
VBASE008.VDF : 7.11.26.48 2048 Bytes 28.03.2012 12:32:11
VBASE009.VDF : 7.11.26.49 2048 Bytes 28.03.2012 12:32:11
VBASE010.VDF : 7.11.26.50 2048 Bytes 28.03.2012 12:32:11
VBASE011.VDF : 7.11.26.51 2048 Bytes 28.03.2012 12:32:11
VBASE012.VDF : 7.11.26.52 2048 Bytes 28.03.2012 12:32:11
VBASE013.VDF : 7.11.26.53 2048 Bytes 28.03.2012 12:32:12
VBASE014.VDF : 7.11.26.107 221696 Bytes 30.03.2012 12:32:29
VBASE015.VDF : 7.11.26.179 224768 Bytes 02.04.2012 18:45:20
VBASE016.VDF : 7.11.26.241 142336 Bytes 04.04.2012 18:45:22
VBASE017.VDF : 7.11.27.41 247808 Bytes 08.04.2012 00:52:35
VBASE018.VDF : 7.11.27.107 161280 Bytes 12.04.2012 11:41:04
VBASE019.VDF : 7.11.27.108 2048 Bytes 12.04.2012 11:41:05
VBASE020.VDF : 7.11.27.109 2048 Bytes 12.04.2012 11:41:06
VBASE021.VDF : 7.11.27.110 2048 Bytes 12.04.2012 11:41:08
VBASE022.VDF : 7.11.27.111 2048 Bytes 12.04.2012 11:41:09
VBASE023.VDF : 7.11.27.112 2048 Bytes 12.04.2012 11:41:10
VBASE024.VDF : 7.11.27.113 2048 Bytes 12.04.2012 11:41:11
VBASE025.VDF : 7.11.27.114 2048 Bytes 12.04.2012 11:41:12
VBASE026.VDF : 7.11.27.115 2048 Bytes 12.04.2012 11:41:13
VBASE027.VDF : 7.11.27.116 2048 Bytes 12.04.2012 11:41:14
VBASE028.VDF : 7.11.27.117 2048 Bytes 12.04.2012 11:41:15
VBASE029.VDF : 7.11.27.118 2048 Bytes 12.04.2012 11:41:16
VBASE030.VDF : 7.11.27.119 2048 Bytes 12.04.2012 11:41:17
VBASE031.VDF : 7.11.27.126 50688 Bytes 12.04.2012 20:04:49
Engineversion : 8.2.10.42
AEVDF.DLL : 8.1.2.2 106868 Bytes 26.10.2011 11:43:04
AESCRIPT.DLL : 8.1.4.16 446842 Bytes 04.04.2012 18:46:19
AESCN.DLL : 8.1.8.2 131444 Bytes 26.01.2012 22:57:59
AESBX.DLL : 8.2.5.5 606579 Bytes 12.03.2012 20:09:06
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06
AEPACK.DLL : 8.2.16.9 807287 Bytes 02.04.2012 11:41:20
AEOFFICE.DLL : 8.1.2.27 201082 Bytes 04.04.2012 18:46:12
AEHEUR.DLL : 8.1.4.15 4628855 Bytes 12.04.2012 20:06:01
AEHELP.DLL : 8.1.19.1 254327 Bytes 04.04.2012 18:45:28
AEGEN.DLL : 8.1.5.23 409973 Bytes 08.03.2012 12:41:31
AEEXP.DLL : 8.1.0.29 82293 Bytes 12.04.2012 20:06:05
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01
AECORE.DLL : 8.1.25.6 201078 Bytes 16.03.2012 12:41:02
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 11.10.2011 13:00:11
AVPREF.DLL : 12.1.0.17 51920 Bytes 11.10.2011 13:00:09
AVREP.DLL : 12.1.0.17 179408 Bytes 11.10.2011 13:00:09
AVARKT.DLL : 12.1.0.23 209360 Bytes 15.02.2012 17:48:22
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 11.10.2011 13:00:08
SQLITE3.DLL : 3.7.0.0 398288 Bytes 11.10.2011 13:00:22
AVSMTP.DLL : 12.1.0.17 62928 Bytes 11.10.2011 13:00:10
NETNT.DLL : 12.1.0.17 17104 Bytes 11.10.2011 13:00:18
RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 11.10.2011 13:00:31
RCTEXT.DLL : 12.1.1.16 96208 Bytes 22.12.2011 00:16:07

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Logging.............................: default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: Freitag, 13. April 2012 06:33

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting search for hidden objects.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.

The scan of running processes will be started
Scan process 'opera.exe' - '97' Module(s) have been scanned
Scan process 'avscan.exe' - '81' Module(s) have been scanned
Scan process 'T-Mobile Internet Manager.exe' - '101' Module(s) have been scanned
Scan process 'jusched.exe' - '29' Module(s) have been scanned
Scan process 'avgnt.exe' - '78' Module(s) have been scanned
Scan process 'DataCardMonitor.exe' - '34' Module(s) have been scanned
Scan process 'acrotray.exe' - '30' Module(s) have been scanned
Scan process 'ONENOTEM.EXE' - '27' Module(s) have been scanned
Scan process 'ouc.exe' - '19' Module(s) have been scanned
Scan process 'Dropbox.exe' - '73' Module(s) have been scanned
Scan process 'vVX1000.exe' - '32' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '43' Module(s) have been scanned
Scan process 'PLFSetI.exe' - '52' Module(s) have been scanned
Scan process 'TabTip32.exe' - '22' Module(s) have been scanned
Scan process 'IAANTMon.exe' - '39' Module(s) have been scanned
Scan process 'mdm.exe' - '31' Module(s) have been scanned
Scan process 'sched.exe' - '44' Module(s) have been scanned
Scan process 'CLPSLS.exe' - '22' Module(s) have been scanned
Scan process 'avguard.exe' - '70' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '638' files ).


Starting the file scan:

Begin scan in 'C:\' <Cycas>
Begin scan in 'D:\' <Diospyros>


End of the scan: Freitag, 13. April 2012 12:24
Used time: 5:51:06 Hour(s)

The scan has been done completely.

148705 Scanned directories
2104095 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
2104095 Files not concerned
53191 Archives were scanned
0 Warnings
64 Notes
1252947 Objects were scanned with rootkit scan
64 Hidden objects were found

Le scan de MBam:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Version de la base de données: v2012.04.13.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Anne-Caro :: CYCAS [administrateur]

14.04.2012 00:16:01
mbam-log-2012-04-14 (00-16-01).txt

Type d'examen: Examen complet
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 945728
Temps écoulé: 5 heure(s), 50 minute(s), 16 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)

et bien sure le lien de ZHPdiag.
http://cjoint.com/data3/3DoluouqMU5.htm

Merci d avance pour le temps consacré a l analyse, salutations Azureane
Avatar de l’utilisateur
Azureane
 
Messages: 42
Inscription: 14 Juil 2008 16:06
Localisation: Wien / Vienne / Vienna

Re: Hidden objects

Messagepar nardino » 14 Avr 2012 12:45

Bonjour,
Mets ces deux logiciels à jour: Java 6 Update 20 (64-bit) et Java 6 Update 30
*Java Runtime Environment
Image Ouvre cette page
En bas dans Java SE Update 31, clique sur JRE > Download à droite.
Coche Accept License Agreement dans la nouvelle page.
Clique sur Windows x86 Offline - 16.19 MB -Imagejre-6u31-windows-i586.exe
Installe le fichier téléchargé.
Lis les clauses en cours d'installation. (Il n'est pas nécessaire d'installer les programmes tiers proposés).
Désinstalle toutes les autres versions existantes sur ton pc dans Ajout/Suppression des programmes ou Programmes et fonctionnalités selon le système.
Si tu ne modifies pas les paramètres, les nouvelles versions te seront proposées au téléchargement automatiquement.
Lance ZHPFix par l'icône sur le bureau, avec élévation des privilèges pour Vista et Windows 7.
    Image
Elle a été créée lors de l'installation de ZHPDiag.
Image Copie le contenu de l'encadré ci-dessous dans le presse-papier.

Code: Tout sélectionner
 
[HKCU\Software\Spointer]
C:\Program Files (x86)\Fluendo   
C:\Users\Anne-Caro\AppData\Roaming\moovida-1   
C:\Users\Anne-Caro\AppData\Local\moovida Air 
Firewallraz
Emptytemp
EmptyFlash


Image Clique sur le bouton Presse-papier encadré en rouge sur l'image.
Les lignes contenues dans le presse-papier vont s'afficher.
Image Clique sur le bouton GO en bas à gauche.
Une fois le résultat affiché, clique sur la croix rouge pour refermer l'outil par la croix rouge en haut à doite.

Image
Image Poste le contenu du rapport ZHPFixReport.txt, enregistré sur le bureau.

Image

Ce genre de pratique est plus que déconseillé :
D:\Documents\Programme scientifique\Geneious.Pro.v4.8.3\Geneious.Pro.v4.8.3.Incl.Keygen.and.Patch-iNViSiBLE
D:\Documents\Programme scientifique\Geneious.Pro.v4.8.3\Geneious.Pro.v4.8.3.Linux.Incl.Keygen.and.Patch-iNViSiBLE
D:\Documents\Programme scientifique\Geneious.Pro.v4.8.3\Geneious.Pro.v4.8.3.Linux.x64.Incl.Keygen.and.Patch-iNViSiBLE
D:\Documents\Programme scientifique\Geneious.Pro.v4.8.3\Geneious.Pro.v4.8.3.MacOSX.Incl.Keygen.and.Patch-iNViSiBLE
D:\Documents\Programme scientifique\Geneious.Pro.v4.8.3\Geneious.Pro.v4.8.3.x64.Incl.Keygen.and.Patch-iNViSiBLE

http://forum.zebulon.fr/prevention-le-c ... 93281.html
http://forum.malekal.com/danger-des-cracks-t893.html

@+
Image
Avatar de l’utilisateur
nardino
Super Libellulien
Super Libellulien
 
Messages: 1100
Inscription: 03 Avr 2009 22:02

Re: Hidden objects

Messagepar Azureane » 14 Avr 2012 21:33

Bonsoir,
voila le rapport de ZHPFix.
Rapport de ZHPFix 1.12.3372 par Nicolas Coolman, Update du 22/11/2011
Fichier d'export Registre :
Run by Anne-Caro at 14.04.2012 22:24:29
Windows 7 Enterprise Edition, 64-bit Service Pack 1 (Build 7601)
Web site : http://www.premiumorange.com/zeb-help-p ... hpfix.html

========== Registernycklar ==========
DELETED Key: HKCU\Software\Spointer

========== Registervärden ==========
No Value in Standard Profile Register Key FirewallRaz :
No Value in Domain Profile Register Key FirewallRaz :
DELETED FirewallRaz (None) : MCX-Prov-Out-TCP
DELETED FirewallRaz (None) : MCX-McrMgr-Out-TCP
DELETED FirewallRaz (None) : {AF717D50-BA40-429B-A4D4-DD11F15D90B7}
DELETED FirewallRaz (Private) : TCP Query User{AC286B2E-8E01-44FA-A93C-8AC6BD345971}C:\program files\tivoli\tsm\baclient\dsmagent.exe
DELETED FirewallRaz (Private) : UDP Query User{A3A1CEC0-E4F4-4F78-918E-BB22C5CA3B46}C:\program files\tivoli\tsm\baclient\dsmagent.exe
DELETED FirewallRaz (Private) : TCP Query User{D0391790-93EC-419E-A867-75178486BBF9}C:\program files (x86)\videolan\vlc\vlc.exe
DELETED FirewallRaz (Private) : UDP Query User{52047FBF-B639-4D8B-8848-3EE4C355DF58}C:\program files (x86)\videolan\vlc\vlc.exe
DELETED FirewallRaz (Private) : TCP Query User{D9EEEC3E-FC68-45EF-8599-31B748ECE076}C:\program files (x86)\mumble\murmur.exe
DELETED FirewallRaz (Private) : UDP Query User{99FA9E55-7871-4C80-BEE5-79A687FE3F0A}C:\program files (x86)\mumble\murmur.exe
DELETED FirewallRaz (Public) : TCP Query User{8456D40B-B52D-4B37-B723-3D5024F41BE8}C:\program files (x86)\videolan\vlc\vlc.exe
DELETED FirewallRaz (Public) : UDP Query User{AA37D39E-FB58-419D-8AD5-FB23E99F218A}C:\program files (x86)\videolan\vlc\vlc.exe
DELETED FirewallRaz (Public) : TCP Query User{85362B43-50F2-456B-9E1B-6F69D097AC9F}C:\program files (x86)\gamespy\comrade\comrade.exe
DELETED FirewallRaz (Public) : UDP Query User{36011D9F-CDF6-423B-B1E5-0E100F64285F}C:\program files (x86)\gamespy\comrade\comrade.exe
DELETED FirewallRaz (Private) : TCP Query User{67463E4A-27B7-4887-A715-2B3AC0BE66D8}C:\program files (x86)\geneious\geneious.exe
DELETED FirewallRaz (Private) : UDP Query User{FBE97E4E-E2B7-485A-899B-E9AEBB0D5DC0}C:\program files (x86)\geneious\geneious.exe
DELETED FirewallRaz (Private) : TCP Query User{93FBE09D-4CA3-49D4-B0D2-B9C1F0D2B590}C:\program files\geneious\geneious.exe
DELETED FirewallRaz (Private) : UDP Query User{14FBE66C-7FCF-4F63-B79E-96A510126278}C:\program files\geneious\geneious.exe
DELETED FirewallRaz (Public) : TCP Query User{AC8727B8-E79D-4A40-B638-BC2E80EC6B43}C:\program files\geneious\geneious.exe
DELETED FirewallRaz (Public) : UDP Query User{3287ADD6-5B98-444D-AFA9-FFB5C12E4A03}C:\program files\geneious\geneious.exe

========== Mappar ==========
DELETED Folder: c:\program files (x86)\fluendo
DELETED Folder: c:\users\anne-caro\appdata\roaming\moovida-1
DELETED Folder: c:\users\anne-caro\appdata\local\moovida air
DELETED Window Temporary: : 393
DELETED Flash Cookies: 1398

========== Filer ==========
DELETED Window Temporary: : 2605
DELETED Flash Cookies: 758


========== Zusammenfassend ==========
1 : Registernycklar
21 : Registervärden
5 : Mappar
2 : Filer


End of clean in 03mn 09s

========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 14.04.2012 22:24:29 [3269]

J ai supprime le dossier de Genious en question. Je ne l avais jamais utilise puisque je possedais une version enregistree... J'avais oublie que j'avais un keygen sur mon pc. Desolee pour ca.
Merci encore pour l aide. Salutations Azureane
Avatar de l’utilisateur
Azureane
 
Messages: 42
Inscription: 14 Juil 2008 16:06
Localisation: Wien / Vienne / Vienna

Re: Hidden objects

Messagepar nardino » 15 Avr 2012 09:06

Bonjour,
Comment vont les choses maintenant ?
Si Firefox pose encore problème, commence par vider le cache et au besoin supprime le profil pour en créer un nouveau après avoir sauvegardé tes marque-pages.
@+
Image
Avatar de l’utilisateur
nardino
Super Libellulien
Super Libellulien
 
Messages: 1100
Inscription: 03 Avr 2009 22:02

Re: Hidden objects

Messagepar Azureane » 15 Avr 2012 11:24

Bonjour, Les choses vont, il reste les 64 hidden objects au scan d avira. Comme tu le supposes Firefox reste tres lent. Je vais essayer de vider le cash, voir reinstaller firefox. Merci en tout cas. salutations Azureane
Avatar de l’utilisateur
Azureane
 
Messages: 42
Inscription: 14 Juil 2008 16:06
Localisation: Wien / Vienne / Vienna

Re: Hidden objects

Messagepar nardino » 15 Avr 2012 12:03

Bonjour
Réinstaller ne suffira pas , il faut créer un nouveau profil.
Pour accéder au gestionnaire de profil, Firefox doit être fermé.
Dans le menu Windows, Exécuter ou Rechercher, selon le système, tape firefox.exe -profilemanager ou plus simplement firefox.exe -p
Clique sur OK.
Dans le popup qui s'ouvre, tu sélectionnes le profil que tu veux gérer.
En cas de problème et de bugs, supprime le profil en cause.
Puis tu en crées un nouveau.
Le profil default, peut être renommé.
@+
Image
Avatar de l’utilisateur
nardino
Super Libellulien
Super Libellulien
 
Messages: 1100
Inscription: 03 Avr 2009 22:02

Re: Hidden objects

Messagepar Azureane » 15 Avr 2012 19:53

Rebonsoir, Je suis decue (pas de votre aide, elle est excellente comme toujours), mais la solution que vous m avez proposee ne marche pas. J ai cree un nouveau profil sur firefox, supprime l ancien, mais rien a faire, ca reste lent et firefox se bloque toujours par moment. Je suis un peu perdue, je n ai pas reinstaller firefox pour le moment faut il le faire ? Merci pour tout ce que tu as fait jusque la. Salutations Azureane
Avatar de l’utilisateur
Azureane
 
Messages: 42
Inscription: 14 Juil 2008 16:06
Localisation: Wien / Vienne / Vienna

Re: Hidden objects

Messagepar nardino » 15 Avr 2012 21:21

Bonsoir,
Image Combofix

Image IMPORTANT
Enregistre ComboFix.exe sur le Bureau
Désactive les applications antivirus et anti-malware résidentes, en général via un clic droit sur l'icône de la Zone de notification, sinon elles risquent d'interférer avec l'outil.
Image Fais un double clic sur l'icône Imageet suis les invites.
Sous XP accepte l'installation de la console de récupération.

Image Surtout ne lance aucune application pendant le scan et après le redémarrage parfois nécessaire et provoqué par l'outil.
Lorsque l'outil aura terminé, il affichera un rapport.
Attends l'affichage du rapport.(Il sera enregistré sous C:\Combofix.txt)
Image Copie le contenu dans ta prochaine réponse.

Image Avertissement aux lecteurs.
Combofix n'est pas un outil anodin ni sans risques pour le système d'exploitation.
Il est conseillé de l'utiliser sous le contrôle d'un assistant.
@+
Image
Avatar de l’utilisateur
nardino
Super Libellulien
Super Libellulien
 
Messages: 1100
Inscription: 03 Avr 2009 22:02

Re: Hidden objects

Messagepar Azureane » 17 Avr 2012 04:30

Bonjour, voila le rapport de combofix.

ComboFix 12-04-16.02 - Anne-Caro 17.04.2012 4:24.1.4 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.43.1033.18.3956.2112 [GMT 2:00]
ausgeführt von:: c:\users\Anne-Caro\AppData\Local\Opera\Opera\temporary_downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Anne-Caro\AppData\Roaming\app
c:\users\Anne-Caro\AppData\Roaming\app\Jerakine_lang.dat
c:\users\Anne-Caro\AppData\Roaming\app\Jerakine_lang_vesrion.dat
c:\users\Anne-Caro\AppData\Roaming\Microsoft\AddIns\EndNote Cwyw.dll
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-17 bis 2012-04-17 ))))))))))))))))))))))))))))))
.
.
2012-04-17 02:35 . 2012-04-17 02:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-14 20:11 . 2012-04-14 20:13 -------- d-----w- c:\program files (x86)\Oracle
2012-04-14 20:07 . 2012-04-14 20:07 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-14 20:05 . 2012-01-10 11:57 637848 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-04-14 19:45 . 2012-04-14 19:48 -------- d-----w- c:\program files\Oracle
2012-04-14 19:35 . 2012-01-10 11:28 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-13 21:13 . 2012-04-14 20:24 -------- d-----w- C:\ZHP
2012-04-13 20:48 . 2012-04-14 19:55 -------- d-----w- c:\program files (x86)\ZHPDiag
2012-04-12 15:18 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 15:18 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 15:18 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 05:46 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 05:46 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 05:46 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 05:46 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 05:46 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 05:46 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 05:46 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-07 12:30 . 2012-04-07 12:30 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-07 12:30 . 2012-04-07 12:30 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-04-03 19:28 . 2012-04-13 22:16 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-03 03:21 . 2012-04-13 22:16 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 22:16 . 2011-05-23 19:42 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 13:56 . 2010-05-19 11:00 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-11 21:13 . 2010-04-08 23:25 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13 . 2010-04-08 23:25 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13 . 2010-04-08 23:25 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13 . 2011-10-26 22:31 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 21:13 . 2010-04-08 23:26 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2012-03-11 21:13 . 2010-04-08 23:26 389840 ----a-w- c:\windows\system32\guard64.dll
2012-03-08 16:50 . 2012-03-08 16:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-02-17 06:38 . 2012-03-14 09:46 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-14 09:46 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 09:46 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 09:46 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 09:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 17:48 . 2011-10-20 21:54 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-10 06:36 . 2012-03-14 10:52 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 10:52 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-14 10:52 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-14 09:46 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 09:46 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 09:46 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Anne-Caro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Anne-Caro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Anne-Caro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe" [2009-06-23 110592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-06-07 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"DataCardMonitor"="c:\program files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe" [2010-06-08 253952]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
c:\users\Anne-Caro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Anne-Caro\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
OneNote 2007 - Capture d'écran et lancement.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-18 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-01-10 1431888]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-18 136176]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 UsbC;SafeNet MicroDog USB Device Driver;c:\windows\system32\DRIVERS\rcusbwdm.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744]
S2 HOSTNT;HOSTNT; [x]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-13 5790064]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 487280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 22:16]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-18 23:40]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-18 23:40]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Anne-Caro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Anne-Caro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Anne-Caro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Anne-Caro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-20 200704]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ch/ig?hl=fr
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
TCP: Interfaces\{C88DB216-CDE3-4398-85A0-53F3A074BEB5}: NameServer = 131.130.1.11,131.130.1.12
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab
FF - ProfilePath - c:\users\Anne-Caro\AppData\Roaming\Mozilla\Firefox\Profiles\gw37z8ab.Anne-Caro\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-37506716-2972798020-1792840700-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3C1D3E5B-4BE6-F89D-7285-0178F536AFCC}*]
"jakddjljgipcnoedageh"=hex:62,61,6a,66,00,00
"iakcahnianpccniamk"=hex:6b,61,62,6e,69,66,6b,62,66,6b,63,69,70,6b,62,6d,6f,63,
70,6a,66,6b,00,03
"jakddjljgipcnoedagig"=hex:62,61,6f,6d,00,00
"haeckekjnbhipbmg"=hex:6b,61,62,6e,69,66,6e,62,63,6b,66,68,68,6b,70,6f,68,62,
61,6a,61,6f,00,03
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-17 04:54:49 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-04-17 02:54
.
Vor Suchlauf: 33,184,313,344 bytes free
Nach Suchlauf: 33,282,461,696 bytes free
.
- - End Of File - - 9E8EA60CACB5C530B729D0C15C783F27

Merci encore pour toute l aide, salutations Azureane
Avatar de l’utilisateur
Azureane
 
Messages: 42
Inscription: 14 Juil 2008 16:06
Localisation: Wien / Vienne / Vienna

Re: Hidden objects

Messagepar nardino » 17 Avr 2012 08:03

Bonjour
Comment vont les choses maintenant ?
@+
Image
Avatar de l’utilisateur
nardino
Super Libellulien
Super Libellulien
 
Messages: 1100
Inscription: 03 Avr 2009 22:02

Re: Hidden objects

Messagepar Azureane » 18 Avr 2012 08:47

Bonjour c est un miracle plus de hidden objects :)


Avira Free Antivirus
Report file date: Dienstag, 17. April 2012 23:05

Scanning for 3639804 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : CYCAS

Version information:
BUILD.DAT : 12.0.0.898 41963 Bytes 31.01.2012 14:50:00
AVSCAN.EXE : 12.1.0.20 492496 Bytes 15.02.2012 17:48:22
AVSCAN.DLL : 12.1.0.18 54224 Bytes 15.02.2012 17:48:22
LUKE.DLL : 12.1.0.19 68304 Bytes 15.02.2012 17:48:22
AVSCPLR.DLL : 12.1.0.22 100048 Bytes 15.02.2012 17:48:22
AVREG.DLL : 12.1.0.36 229128 Bytes 05.04.2012 18:41:44
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 00:16:07
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 23:01:58
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 12:32:08
VBASE005.VDF : 7.11.26.45 2048 Bytes 28.03.2012 12:32:10
VBASE006.VDF : 7.11.26.46 2048 Bytes 28.03.2012 12:32:10
VBASE007.VDF : 7.11.26.47 2048 Bytes 28.03.2012 12:32:11
VBASE008.VDF : 7.11.26.48 2048 Bytes 28.03.2012 12:32:11
VBASE009.VDF : 7.11.26.49 2048 Bytes 28.03.2012 12:32:11
VBASE010.VDF : 7.11.26.50 2048 Bytes 28.03.2012 12:32:11
VBASE011.VDF : 7.11.26.51 2048 Bytes 28.03.2012 12:32:11
VBASE012.VDF : 7.11.26.52 2048 Bytes 28.03.2012 12:32:11
VBASE013.VDF : 7.11.26.53 2048 Bytes 28.03.2012 12:32:12
VBASE014.VDF : 7.11.26.107 221696 Bytes 30.03.2012 12:32:29
VBASE015.VDF : 7.11.26.179 224768 Bytes 02.04.2012 18:45:20
VBASE016.VDF : 7.11.26.241 142336 Bytes 04.04.2012 18:45:22
VBASE017.VDF : 7.11.27.41 247808 Bytes 08.04.2012 00:52:35
VBASE018.VDF : 7.11.27.107 161280 Bytes 12.04.2012 11:41:04
VBASE019.VDF : 7.11.27.159 148992 Bytes 13.04.2012 20:44:37
VBASE020.VDF : 7.11.27.201 207360 Bytes 17.04.2012 14:42:55
VBASE021.VDF : 7.11.27.202 2048 Bytes 17.04.2012 14:42:55
VBASE022.VDF : 7.11.27.203 2048 Bytes 17.04.2012 14:42:55
VBASE023.VDF : 7.11.27.204 2048 Bytes 17.04.2012 14:42:55
VBASE024.VDF : 7.11.27.205 2048 Bytes 17.04.2012 14:42:55
VBASE025.VDF : 7.11.27.206 2048 Bytes 17.04.2012 14:42:55
VBASE026.VDF : 7.11.27.207 2048 Bytes 17.04.2012 14:42:55
VBASE027.VDF : 7.11.27.208 2048 Bytes 17.04.2012 14:42:55
VBASE028.VDF : 7.11.27.209 2048 Bytes 17.04.2012 14:42:55
VBASE029.VDF : 7.11.27.210 2048 Bytes 17.04.2012 14:42:55
VBASE030.VDF : 7.11.27.211 2048 Bytes 17.04.2012 14:42:55
VBASE031.VDF : 7.11.27.224 32256 Bytes 17.04.2012 19:28:59
Engineversion : 8.2.10.48
AEVDF.DLL : 8.1.2.2 106868 Bytes 26.10.2011 11:43:04
AESCRIPT.DLL : 8.1.4.16 446842 Bytes 04.04.2012 18:46:19
AESCN.DLL : 8.1.8.2 131444 Bytes 26.01.2012 22:57:59
AESBX.DLL : 8.2.5.5 606579 Bytes 12.03.2012 20:09:06
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06
AEPACK.DLL : 8.2.16.9 807287 Bytes 02.04.2012 11:41:20
AEOFFICE.DLL : 8.1.2.27 201082 Bytes 04.04.2012 18:46:12
AEHEUR.DLL : 8.1.4.15 4628855 Bytes 12.04.2012 20:06:01
AEHELP.DLL : 8.1.19.1 254327 Bytes 04.04.2012 18:45:28
AEGEN.DLL : 8.1.5.26 418164 Bytes 16.04.2012 20:58:03
AEEXP.DLL : 8.1.0.29 82293 Bytes 12.04.2012 20:06:05
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01
AECORE.DLL : 8.1.25.6 201078 Bytes 16.03.2012 12:41:02
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 11.10.2011 13:00:11
AVPREF.DLL : 12.1.0.17 51920 Bytes 11.10.2011 13:00:09
AVREP.DLL : 12.1.0.17 179408 Bytes 11.10.2011 13:00:09
AVARKT.DLL : 12.1.0.23 209360 Bytes 15.02.2012 17:48:22
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 11.10.2011 13:00:08
SQLITE3.DLL : 3.7.0.0 398288 Bytes 11.10.2011 13:00:22
AVSMTP.DLL : 12.1.0.17 62928 Bytes 11.10.2011 13:00:10
NETNT.DLL : 12.1.0.17 17104 Bytes 11.10.2011 13:00:18
RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 11.10.2011 13:00:31
RCTEXT.DLL : 12.1.1.16 96208 Bytes 22.12.2011 00:16:07

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Logging.............................: default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: Dienstag, 17. April 2012 23:05

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting search for hidden objects.
An ARK library instance is already running.

The scan of running processes will be started
Scan process 'avscan.exe' - '79' Module(s) have been scanned
Scan process 'vlc.exe' - '157' Module(s) have been scanned
Scan process 'avscan.exe' - '86' Module(s) have been scanned
Scan process 'avgnt.exe' - '78' Module(s) have been scanned
Scan process 'DataCardMonitor.exe' - '33' Module(s) have been scanned
Scan process 'acrotray.exe' - '30' Module(s) have been scanned
Scan process 'ouc.exe' - '19' Module(s) have been scanned
Scan process 'ONENOTEM.EXE' - '27' Module(s) have been scanned
Scan process 'Dropbox.exe' - '73' Module(s) have been scanned
Scan process 'vVX1000.exe' - '31' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '43' Module(s) have been scanned
Scan process 'PLFSetI.exe' - '52' Module(s) have been scanned
Scan process 'TabTip32.exe' - '22' Module(s) have been scanned
Scan process 'IAANTMon.exe' - '39' Module(s) have been scanned
Scan process 'mdm.exe' - '31' Module(s) have been scanned
Scan process 'sched.exe' - '44' Module(s) have been scanned
Scan process 'CLPSLS.exe' - '22' Module(s) have been scanned
Scan process 'avguard.exe' - '70' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '631' files ).


Starting the file scan:

Begin scan in 'C:\' <Cycas>
C:\Users\Anne-Caro\AppData\Local\Opera\Opera\temporary_downloads\Opera_11.62_int_Setup.exe
[WARNING] The file could not be read!
Begin scan in 'D:\' <Diospyros>


End of the scan: Mittwoch, 18. April 2012 03:44
Used time: 4:39:01 Hour(s)

The scan has been done completely.

146694 Scanned directories
2318383 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
2318383 Files not concerned
53479 Archives were scanned
1 Warnings
0 Notes

meme firefox semble vouloir retourner a une vitesse normale. :) Merci :) salutations Azureane
Avatar de l’utilisateur
Azureane
 
Messages: 42
Inscription: 14 Juil 2008 16:06
Localisation: Wien / Vienne / Vienna

Re: Hidden objects

Messagepar nardino » 18 Avr 2012 09:00

Bonjour,
Image Nettoyage
Pour nettoyer les outils, ouvre ZHPFix et clique sur l'icône A rouge - nettoyeur d'outils et clique sur le bouton Nettoyer.
Supprime les rapports ZHPDiag.txt et ZHPFixReport.txt enregistrés sur le bureau.

Image Passe la question en résolu

Suppression de Combofix
Image Ouvre un bloc-notes, dans menu Windows > Tous les programmes > Accessoires.
Copie-colle ce qui suit dans l'encadré
ComboFix /Uninstall
del c:\ComboFix.txt

Image Enregistre sous RemCombo.bat sur le bureau
Double clique sur le fichier obtenu.
Réponds par O pour confirmer la suppression des fichiers.
Puis supprime RemCombo.bat

CONSEILS POUR SECURISER UN ORDINATEUR.

*Tenir à jour le système d'exploitation
En activant les mises à jour automatiques de Windows.
Il est possible de choisir le moment où elles seront installées.

*Tenir à jour la suite bureautique
Microsoft Office ou Open Office, par exemple.

*Tenir à jour le ou les navigateurs
Internet Explorer 9 - Mozilla Firefox - Opéra - Chrome - Safari , etc.
Faire un clic sur le navigateur pour ouvrir la page de téléchargement.
Pour Windows XP Internet Explorer version 8 est la dernière disponible. Choisir la langue du système et cliquer sur Télécharger

*Tenir à jour les programmes antivirus et antimalwares
En activant les mises à jour automatique ou en lançant régulièrement une recherche pour les logiciels comme Malwarebytes en version gratuite.

*Java Runtime Environment
Image Ouvre cette page
En bas dans Java SE Update 30, clique sur JRE Download à droite.
Coche Accept License Agreement dans la nouvelle page.
Clique sur Windows x86 Offline - 16.14 MB -[img]htt
Coche Accept License Agreement
Clique sur [color=#0000FF]Windows x86 Offline - 16.1 MB -Imagejre-6u30-windows-i586.exe

Installe le fichier téléchargé.
Lis les clauses en cours d'installation. (Il n'est pas nécessaire d'installer les programmes tiers proposés).
Il existe une version pour les programmes 64bits du système.

*Acrobat Reader X
Image Ouvre cette page
Choisis ton système d'exploitation, la langue souhaitée, la version Reader 10.1.2
Décoche Image Oui, installer McAfee Security Scan Plus (facultatif) (0.98MO)
Clique sur ImageTélécharger dès maintenant
L'installation se fera automatiquement en cliquant sur le fichier obtenu :
install_reader10_fr_mssd_aih.exe

*Adobe Flash Player
Image Ouvre cette page
Décoche Image Oui, installer McAfee Security Scan Plus (facultatif) (0.98MO)
Clique sur ImageTélécharger dès maintenant
L'installation se fera automatiquement en cliquant sur le fichier obtenu :
install_flashplayer11x64_mssa_aih.exe

*Un travail collectif à lire attentivement pour une bonne sensibilisation aux problèmes posés sur Internet.
Image Prévention et sécurité

*Les comportements à risque
Les dangers du P2P
Le P2P et ses conséquences
Le danger des cracks
Le danger des cracks

*Les programmes d'optimisation et nettoyeurs de registre
Article de Mikiemoes
Article de Stephane Ruscher
Article de Malekal
Généralités
Microsoft
Témoignage 1
Témoignage 2
Et bien d'autres en cherchant sur Internet.

*Les programmes d'installation et les "sponsors"
Il n'est pas nécessaire à de rares exceptions près d'installer les sponsors avec un logiciel gratuit, d'essai ou commercial.
Dans la grande majorité où l'installation est pré-cochée, il suffit de décocher et pour cela de bien lire toutes les pages qui se succédent lors de l'installation.
Lire le CLUF (Contrat de licence à l'utilisateur final) est hautement conseillé afin d'éviter certains désagréments.
Exemple de CLUF
Liste des programmes et de leurs sponsors

*Nettoyage des caches des navigateurs
Quand la navigation commence à rencontrer des difficultés, le premier réflexe est de nettoyer le cache du navigateur.
Voici une page qui recense toutes les solutions en fonction de chacun d'entre eux.
Comment vider le cache de votre navigateur

*Faire des auvegardes régulièrement
Penser à faire des sauvegardes régulières de vos données importantes ou sensibles sur un medium externe, disque dur, clés USB, serveur NAS ou en dernier ressort DVD
Cette opération est une des plus simples à faire par simple copier-coller.
Pour l'image du système, il faut avoir recours à différnets programmes gratuits ou commerciaux.
Acronis True Image, Norton Ghost, Paragon DriveBackup, Easeus TODoBackup, etc.
Un exemple en image


@+
Image
Avatar de l’utilisateur
nardino
Super Libellulien
Super Libellulien
 
Messages: 1100
Inscription: 03 Avr 2009 22:02

Re: [Resolu] Hidden objects

Messagepar Azureane » 18 Avr 2012 13:00

Un grand merci pour toutes les infos et pour toute l aide. Salutations Azureane
Avatar de l’utilisateur
Azureane
 
Messages: 42
Inscription: 14 Juil 2008 16:06
Localisation: Wien / Vienne / Vienna

Re: [Resolu ?] Hidden objects

Messagepar Azureane » 20 Avr 2012 13:07

Bonjour, Je pensais tout etre revenu en ordre... Le scan de ce matin montre 64 hidden objects... J essaie de reinstaller firefox ou de mettre quoi que ce soit a jour... il semble que je n en aie pas les droits... Creer un nouveau compte administrateur ... rien ne marche et ce malgre tout ce que nous avons deja fait. Je ne sais plus quoi faire honnetement. Salutations Azureane
Avatar de l’utilisateur
Azureane
 
Messages: 42
Inscription: 14 Juil 2008 16:06
Localisation: Wien / Vienne / Vienna

Re: [Resolu ?] Hidden objects

Messagepar nardino » 20 Avr 2012 13:56

Bonjour,
On recommence un petit tour.
Envoie un nouveau rapport ZHPDiag.txt par Cjoint.
à+
Image
Avatar de l’utilisateur
nardino
Super Libellulien
Super Libellulien
 
Messages: 1100
Inscription: 03 Avr 2009 22:02

Re: Hidden objects

Messagepar Azureane » 20 Avr 2012 17:30

Bonjour, voila le lien:
http://cjoint.com/data3/3DusDweRTu9.htm
Merci de m aider encore :)
Salutations Azureane
Avatar de l’utilisateur
Azureane
 
Messages: 42
Inscription: 14 Juil 2008 16:06
Localisation: Wien / Vienne / Vienna

Re: Hidden objects

Messagepar Azureane » 20 Avr 2012 17:45

Et re voila le nouveau scan d avira.... :(

Avira Free Antivirus
Report file date: Freitag, 20. April 2012 12:36

Scanning for 3663152 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : CYCAS

Version information:
BUILD.DAT : 12.0.0.898 41963 Bytes 31.01.2012 14:50:00
AVSCAN.EXE : 12.1.0.20 492496 Bytes 15.02.2012 17:48:22
AVSCAN.DLL : 12.1.0.18 54224 Bytes 15.02.2012 17:48:22
LUKE.DLL : 12.1.0.19 68304 Bytes 15.02.2012 17:48:22
AVSCPLR.DLL : 12.1.0.22 100048 Bytes 15.02.2012 17:48:22
AVREG.DLL : 12.1.0.36 229128 Bytes 05.04.2012 18:41:44
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 00:16:07
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 23:01:58
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 12:32:08
VBASE005.VDF : 7.11.26.45 2048 Bytes 28.03.2012 12:32:10
VBASE006.VDF : 7.11.26.46 2048 Bytes 28.03.2012 12:32:10
VBASE007.VDF : 7.11.26.47 2048 Bytes 28.03.2012 12:32:11
VBASE008.VDF : 7.11.26.48 2048 Bytes 28.03.2012 12:32:11
VBASE009.VDF : 7.11.26.49 2048 Bytes 28.03.2012 12:32:11
VBASE010.VDF : 7.11.26.50 2048 Bytes 28.03.2012 12:32:11
VBASE011.VDF : 7.11.26.51 2048 Bytes 28.03.2012 12:32:11
VBASE012.VDF : 7.11.26.52 2048 Bytes 28.03.2012 12:32:11
VBASE013.VDF : 7.11.26.53 2048 Bytes 28.03.2012 12:32:12
VBASE014.VDF : 7.11.26.107 221696 Bytes 30.03.2012 12:32:29
VBASE015.VDF : 7.11.26.179 224768 Bytes 02.04.2012 18:45:20
VBASE016.VDF : 7.11.26.241 142336 Bytes 04.04.2012 18:45:22
VBASE017.VDF : 7.11.27.41 247808 Bytes 08.04.2012 00:52:35
VBASE018.VDF : 7.11.27.107 161280 Bytes 12.04.2012 11:41:04
VBASE019.VDF : 7.11.27.159 148992 Bytes 13.04.2012 20:44:37
VBASE020.VDF : 7.11.27.201 207360 Bytes 17.04.2012 14:42:55
VBASE021.VDF : 7.11.28.3 237568 Bytes 19.04.2012 14:12:19
VBASE022.VDF : 7.11.28.4 2048 Bytes 19.04.2012 14:12:19
VBASE023.VDF : 7.11.28.5 2048 Bytes 19.04.2012 14:12:20
VBASE024.VDF : 7.11.28.6 2048 Bytes 19.04.2012 14:12:20
VBASE025.VDF : 7.11.28.7 2048 Bytes 19.04.2012 14:12:20
VBASE026.VDF : 7.11.28.8 2048 Bytes 19.04.2012 14:12:20
VBASE027.VDF : 7.11.28.9 2048 Bytes 19.04.2012 14:12:21
VBASE028.VDF : 7.11.28.10 2048 Bytes 19.04.2012 14:12:22
VBASE029.VDF : 7.11.28.11 2048 Bytes 19.04.2012 14:12:23
VBASE030.VDF : 7.11.28.12 2048 Bytes 19.04.2012 14:12:23
VBASE031.VDF : 7.11.28.42 119808 Bytes 20.04.2012 10:35:10
Engineversion : 8.2.10.52
AEVDF.DLL : 8.1.2.2 106868 Bytes 26.10.2011 11:43:04
AESCRIPT.DLL : 8.1.4.17 446842 Bytes 20.04.2012 10:35:25
AESCN.DLL : 8.1.8.2 131444 Bytes 26.01.2012 22:57:59
AESBX.DLL : 8.2.5.5 606579 Bytes 12.03.2012 20:09:06
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06
AEPACK.DLL : 8.2.16.9 807287 Bytes 02.04.2012 11:41:20
AEOFFICE.DLL : 8.1.2.27 201082 Bytes 04.04.2012 18:46:12
AEHEUR.DLL : 8.1.4.19 4673910 Bytes 20.04.2012 10:35:24
AEHELP.DLL : 8.1.19.1 254327 Bytes 04.04.2012 18:45:28
AEGEN.DLL : 8.1.5.27 422261 Bytes 20.04.2012 10:35:12
AEEXP.DLL : 8.1.0.29 82293 Bytes 12.04.2012 20:06:05
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01
AECORE.DLL : 8.1.25.6 201078 Bytes 16.03.2012 12:41:02
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 11.10.2011 13:00:11
AVPREF.DLL : 12.1.0.17 51920 Bytes 11.10.2011 13:00:09
AVREP.DLL : 12.1.0.17 179408 Bytes 11.10.2011 13:00:09
AVARKT.DLL : 12.1.0.23 209360 Bytes 15.02.2012 17:48:22
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 11.10.2011 13:00:08
SQLITE3.DLL : 3.7.0.0 398288 Bytes 11.10.2011 13:00:22
AVSMTP.DLL : 12.1.0.17 62928 Bytes 11.10.2011 13:00:10
NETNT.DLL : 12.1.0.17 17104 Bytes 11.10.2011 13:00:18
RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 11.10.2011 13:00:31
RCTEXT.DLL : 12.1.1.16 96208 Bytes 22.12.2011 00:16:07

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: Freitag, 20. April 2012 12:36

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting search for hidden objects.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.
Hidden thread
[NOTE] A system thread is not visible.

The scan of running processes will be started
Scan process 'opera.exe' - '104' Module(s) have been scanned
Scan process 'avscan.exe' - '85' Module(s) have been scanned
Scan process 'ouc.exe' - '19' Module(s) have been scanned
Scan process 'T-Mobile Internet Manager.exe' - '99' Module(s) have been scanned
Scan process 'avcenter.exe' - '82' Module(s) have been scanned
Scan process 'avgnt.exe' - '73' Module(s) have been scanned
Scan process 'DataCardMonitor.exe' - '33' Module(s) have been scanned
Scan process 'acrotray.exe' - '30' Module(s) have been scanned
Scan process 'vVX1000.exe' - '31' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '43' Module(s) have been scanned
Scan process 'PLFSetI.exe' - '41' Module(s) have been scanned
Scan process 'TabTip32.exe' - '22' Module(s) have been scanned
Scan process 'IAANTMon.exe' - '39' Module(s) have been scanned
Scan process 'mdm.exe' - '31' Module(s) have been scanned
Scan process 'armsvc.exe' - '27' Module(s) have been scanned
Scan process 'sched.exe' - '44' Module(s) have been scanned
Scan process 'CLPSLS.exe' - '22' Module(s) have been scanned
Scan process 'avguard.exe' - '70' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '630' files ).


Starting the file scan:

Begin scan in 'C:\' <Cycas>
C:\Users\Anne-Caro\AppData\Local\Opera\Opera\temporary_downloads\Opera_11.62_int_Setup.exe
[WARNING] The file could not be read!
C:\Users\Anne-Caro non admin\AppData\Local\Opera\Opera\temporary_downloads\Opera_11.62_int_Setup.exe
[WARNING] The file could not be read!
Begin scan in 'D:\' <Diospyros>


End of the scan: Freitag, 20. April 2012 18:42
Used time: 6:06:56 Hour(s)

The scan has been done completely.

146753 Scanned directories
2323265 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
2323265 Files not concerned
53612 Archives were scanned
2 Warnings
64 Notes
1196688 Objects were scanned with rootkit scan
64 Hidden objects were found

Merci pour l aide.
Salutations Azureane
Avatar de l’utilisateur
Azureane
 
Messages: 42
Inscription: 14 Juil 2008 16:06
Localisation: Wien / Vienne / Vienna

Re: Hidden objects

Messagepar nardino » 20 Avr 2012 22:04

Bonsoir,
J'aimerais que tu fasses analyser sur http://www.virustotal.com/
Ces trois fichiers :
C:\Users\Anne-Caro non admin\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe
C:\users\anne-caro\appdata\roaming\wuala\wuala.exe

Tu m'envoies les résultats.
Un tuto : http://rue-du-montceau.pagesperso-orang ... total.html
@+
Image
Avatar de l’utilisateur
nardino
Super Libellulien
Super Libellulien
 
Messages: 1100
Inscription: 03 Avr 2009 22:02

Suivante

Retourner vers Désinfections et demandes d'analyse

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 2 invités
cron