virus
Forum Sécurité - Virus : virus
Bonjours
J'ais attrapé un virus et j'ais fai le scan de hijackthis et voicie se qu'il me donne:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:43:46, on 29/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Applications\wcs.exe
C:\Program Files\Applications\wcm.exe
C:\Program Files\Applications\iebtm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Applications\iebtmm.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\anti virus Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr? [...] &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr? [...] &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CFEE97A3-4911-444D-8BE8-E243A23D3DE2} - C:\Program Files\Applications\iebt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - C:\Program Files\Applications\iebr.dll
O4 - HKLM\..\Run: [Smart Start UP] C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe /Automation
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MSX\MSx.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\MSX\MSx.exe
O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Program Files\Applications\wcs.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Applications\iebtm.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolthru.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolthru.com/redirect.php (file missing)
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/5 [...] plugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8099 bytes
Merci d'avance 
Ton rapport n'est pas complet
Répondre à Angeldark
Voici le nouveaux scan:
ComboFix 08-09-30.03 - veronique 2008-10-01 12:26:48.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.431 [GMT 2:00]
Lancé depuis: C:\Users\veronique\Desktop\comboFix\ComboFix.exe
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-01 au 2008-10-01 ))))))))))))))))))))))))))))))))))))
.
2008-09-30 17:21 . 2008-10-01 12:25 <REP> d-------- C:\32788R22FWJFW
2008-09-30 09:18 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-30 09:18 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-30 09:18 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-30 09:18 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-30 09:18 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-30 09:18 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-29 18:23 . 2008-09-29 18:23 <REP> d-------- C:\PerfLogs
2008-09-29 17:42 . 2008-09-29 17:42 <REP> d-------- C:\Program Files\anti virus Trend Micro
2008-09-29 17:37 . 2008-09-29 17:37 <REP> d-------- C:\Program Files\Trend Micro
2008-09-29 16:46 . 2008-09-29 16:46 <REP> d-------- C:\Program Files\MSX
2008-09-29 16:46 . 2008-09-27 19:27 166,912 --a------ C:\Windows\System32\MSx.cpl
2008-09-29 16:45 . 2008-10-01 09:45 <REP> d-------- C:\Program Files\Applications
2008-09-24 18:24 . 2008-01-19 09:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
2008-09-24 18:24 . 2008-01-19 09:33 2,091,520 --a------ C:\Windows\System32\dfsr.exe
2008-09-24 18:24 . 2008-01-19 09:36 1,541,120 --a------ C:\Windows\System32\onex.dll
2008-09-24 18:24 . 2008-01-19 09:36 1,107,968 --a------ C:\Windows\System32\pidgenx.dll
2008-09-24 18:24 . 2008-01-19 09:29 705,536 --a------ C:\Windows\System32\imagesp1.dll
2008-09-24 18:24 . 2008-01-19 06:10 681,984 --a------ C:\Windows\System32\drivers\spsys.sys
2008-09-24 18:24 . 2008-01-19 09:42 51,768 --a------ C:\Windows\System32\PSHED.DLL
2008-09-24 18:22 . 2008-01-19 05:12 3,662,296 --a------ C:\Windows\System32\locale.nls
2008-09-24 18:21 . 2008-01-19 09:38 4,595,712 --a------ C:\Windows\System32\AuthFWSnapin.dll
2008-09-24 18:20 . 2008-01-19 09:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
2008-09-24 18:19 . 2008-01-19 09:33 2,515,968 --a------ C:\Windows\System32\accessibilitycpl.dll
2008-09-24 18:18 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-09-24 18:17 . 2008-01-19 09:32 1,370,624 --a------ C:\Windows\System32\Aurora.scr
2008-09-24 18:16 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-09-24 18:15 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-09-24 18:14 . 2008-01-05 13:31 145,455 --a------ C:\Windows\System32\perfmon.msc
2008-09-24 18:14 . 2008-01-05 13:22 144,909 --a------ C:\Windows\System32\fsmgmt.msc
2008-09-24 18:14 . 2008-01-05 13:34 15,181 --a------ C:\Windows\System32\gatherWirelessInfo.vbs
2008-09-24 18:14 . 2008-01-05 13:21 12,198 --a------ C:\Windows\System32\gatherWiredInfo.vbs
2008-09-24 18:14 . 2008-01-05 13:39 150 --a------ C:\Windows\System32\RacUREx.xml
2008-09-24 18:14 . 2008-01-05 13:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-09-24 18:13 . 2008-01-19 09:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-09-24 18:11 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-09-24 18:11 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-09-24 18:11 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-09-24 18:10 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-09-24 18:10 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-09-24 18:10 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-09-24 18:10 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-09-24 18:10 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-09-24 18:10 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-09-15 18:50 . 2008-09-15 18:50 <REP> d-------- C:\Users\veronique\AppData\Roaming\Apple Computer
2008-09-14 12:02 . 2008-09-29 16:31 54,156 --ah----- C:\Windows\QTFont.qfn
2008-09-14 12:02 . 2008-09-14 12:02 1,409 --a------ C:\Windows\QTFont.for
2008-09-10 17:43 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 17:43 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-10 17:22 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-30 17:37 --------- d-----w C:\Users\veronique\AppData\Roaming\Skype
2008-09-30 15:03 13,213 ----a-w C:\Users\veronique\AppData\Roaming\nvModes.dat
2008-09-29 17:19 --------- d-----w C:\Program Files\MSN Messenger
2008-09-29 16:37 174 --sha-w C:\Program Files\desktop.ini
2008-09-29 16:25 --------- d-----w C:\Program Files\Windows Sidebar
2008-09-29 16:25 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-09-29 16:25 --------- d-----w C:\Program Files\Windows Mail
2008-09-29 16:25 --------- d-----w C:\Program Files\Windows Journal
2008-09-29 16:25 --------- d-----w C:\Program Files\Windows Defender
2008-09-29 16:25 --------- d-----w C:\Program Files\Windows Collaboration
2008-09-29 16:25 --------- d-----w C:\Program Files\Windows Calendar
2008-09-29 15:11 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-09-29 15:11 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-09-29 09:04 --------- d-----w C:\Program Files\World of Warcraft
2008-09-24 15:44 --------- d-----w C:\Users\veronique\AppData\Roaming\skypePM
2008-09-11 06:22 --------- d-----w C:\Program Files\Microsoft Works
2008-08-20 18:55 --------- d-----w C:\Users\veronique\AppData\Roaming\vlc
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-04-21 13:21 13,072 ----a-w C:\Users\Invité\AppData\Roaming\nvModes.dat
2007-10-21 07:17 614 ----a-w C:\Users\veronique\AppData\Roaming\wklnhst.dat
.
((((((((((((((((((((((((((((( snapshot@2008-09-30_17.27.44.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-30 15:13:46 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-01 10:18:55 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-09-30 15:13:46 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-10-01 10:18:55 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-09-30 15:15:00 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-10-01 10:20:44 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
- 2008-09-30 15:15:00 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-10-01 10:20:38 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-10-01 10:20:38 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-09-30 15:14:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-01 10:19:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-30 15:14:23 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-01 10:19:23 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-30 15:14:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-01 10:19:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-30 15:11:04 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-10-01 10:26:40 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2008-01-19 07:33:05 139,264 ----a-w C:\Windows\System32\cscript.exe
+ 2008-05-08 21:58:40 135,168 ----a-w C:\Windows\System32\cscript.exe
- 2008-01-19 05:55:53 72,192 ----a-w C:\Windows\System32\drivers\pacer.sys
+ 2008-04-05 01:21:42 72,192 ----a-w C:\Windows\System32\drivers\pacer.sys
- 2008-01-19 07:43:39 891,448 ----a-w C:\Windows\System32\drivers\tcpip.sys
+ 2008-04-26 08:26:49 891,448 ----a-w C:\Windows\System32\drivers\tcpip.sys
- 2008-01-19 07:34:35 512,000 ----a-w C:\Windows\System32\jscript.dll
+ 2008-05-08 21:59:28 512,000 ----a-w C:\Windows\System32\jscript.dll
- 2008-01-19 07:43:48 3,600,440 ----a-w C:\Windows\System32\ntkrnlpa.exe
+ 2008-04-26 08:25:53 3,600,952 ----a-w C:\Windows\System32\ntkrnlpa.exe
- 2008-01-19 07:43:47 3,548,728 ----a-w C:\Windows\System32\ntoskrnl.exe
+ 2008-04-26 08:25:54 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe
- 2006-11-02 09:46:12 15,360 ----a-w C:\Windows\System32\pacerprf.dll
+ 2008-04-05 03:34:31 15,360 ----a-w C:\Windows\System32\pacerprf.dll
- 2008-09-30 15:18:21 113,114 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-10-01 10:23:34 113,114 ----a-w C:\Windows\System32\perfc009.dat
- 2008-09-30 15:18:21 138,374 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-10-01 10:23:34 138,374 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-09-30 15:18:21 619,932 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-10-01 10:23:34 619,932 ----a-w C:\Windows\System32\perfh009.dat
- 2008-09-30 15:18:21 718,030 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-10-01 10:23:34 718,030 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-01-19 07:36:17 785,408 ----a-w C:\Windows\System32\rpcrt4.dll
+ 2008-04-12 03:32:11 784,896 ----a-w C:\Windows\System32\rpcrt4.dll
- 2008-01-19 07:36:19 180,224 ----a-w C:\Windows\System32\scrobj.dll
+ 2008-05-08 21:59:32 180,224 ----a-w C:\Windows\System32\scrobj.dll
- 2008-01-19 07:36:19 172,032 ----a-w C:\Windows\System32\scrrun.dll
+ 2008-05-08 21:59:32 172,032 ----a-w C:\Windows\System32\scrrun.dll
- 2008-09-30 07:31:17 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
+ 2008-10-01 06:21:38 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
- 2008-01-19 07:36:47 430,080 ----a-w C:\Windows\System32\vbscript.dll
+ 2008-05-08 21:59:33 430,080 ----a-w C:\Windows\System32\vbscript.dll
- 2008-09-30 15:15:48 15,160 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3587287723-2278268552-551057220-1000_UserData.bin
+ 2008-10-01 10:21:34 15,176 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3587287723-2278268552-551057220-1000_UserData.bin
- 2008-09-30 15:15:48 72,624 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-01 10:21:34 72,848 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-09-30 15:04:48 52,650 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-01 10:21:32 53,154 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-01-19 07:33:40 155,648 ----a-w C:\Windows\System32\wscript.exe
+ 2008-05-08 21:59:26 155,648 ----a-w C:\Windows\System32\wscript.exe
- 2008-01-19 07:37:11 90,112 ----a-w C:\Windows\System32\wshext.dll
+ 2008-05-08 21:59:35 90,112 ----a-w C:\Windows\System32\wshext.dll
+ 2008-06-26 03:29:02 45,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dataclen_31bf3856ad364e35_6.0.6001.18098_none_f64ce87593b7801f\dataclen.dll
+ 2008-06-26 03:15:06 45,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-dataclen_31bf3856ad364e35_6.0.6001.22211_none_f7260480ac9a8c27\dataclen.dll
+ 2008-05-10 03:35:15 564,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6001.18069_none_9e540f60f6e2ecf1\emdmgmt.dll
+ 2008-06-26 03:29:02 565,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6001.18098_none_9e329f52f6fc276d\emdmgmt.dll
+ 2008-05-10 03:17:36 564,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6001.22176_none_9ecfdb62100b5ca7\emdmgmt.dll
+ 2008-06-26 03:15:30 565,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6001.22211_none_9f0bbb5e0fdf3375\emdmgmt.dll
+ 2008-08-02 03:26:00 36,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.0.6001.18114_none_abc1cbc0e39143f0\cdd.dll
+ 2008-08-02 01:01:23 625,152 ----a-w C:\Windows\winsxs\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.0.6001.18114_none_abc1cbc0e39143f0\dxgkrnl.sys
+ 2008-08-02 03:20:51 36,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.0.6001.22235_none_ac36c8fdfcbe34f3\cdd.dll
+ 2008-08-02 00:59:11 625,152 ----a-w C:\Windows\winsxs\x86_microsoft-windows-lddmcore_31bf3856ad364e35_6.0.6001.22235_none_ac36c8fdfcbe34f3\dxgkrnl.sys
+ 2008-05-20 02:07:31 148,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-native-80211_31bf3856ad364e35_6.0.6001.18075_none_4ec1fb0e8f26c88a\nwifi.sys
+ 2008-05-20 02:00:06 148,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-native-80211_31bf3856ad364e35_6.0.6001.22183_none_4f3ec759a84e5197\nwifi.sys
+ 2008-05-28 03:27:17 223,288 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22188_none_56d68c90cea4d169\netio.sys
+ 2008-05-28 03:17:25 328,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22188_none_cd5f8fa443e22213\BFE.DLL
+ 2008-05-28 03:28:43 101,432 ----a-w C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22188_none_cd5f8fa443e22213\FWPKCLNT.SYS
+ 2008-05-28 03:19:07 595,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22188_none_cd5f8fa443e22213\FWPUCLNT.DLL
+ 2008-05-28 03:19:32 438,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22188_none_cd5f8fa443e22213\IKEEXT.DLL
+ 2008-04-26 08:25:53 3,600,952 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18063_none_6bf282f6b4510613\ntkrnlpa.exe
+ 2008-04-26 08:25:54 3,549,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18063_none_6bf282f6b4510613\ntoskrnl.exe
+ 2008-04-26 08:11:34 3,601,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22167_none_6c8020e9cd6b0b39\ntkrnlpa.exe
+ 2008-04-26 08:11:33 3,549,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22167_none_6c8020e9cd6b0b39\ntoskrnl.exe
+ 2008-04-05 01:21:42 72,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18046_none_ae262a9c57bfa9b1\pacer.sys
+ 2008-04-05 03:34:31 15,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18046_none_ae262a9c57bfa9b1\pacerprf.dll
+ 2008-04-05 01:20:52 72,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.22151_none_ae9ff60970e9e6b9\pacer.sys
+ 2008-04-05 03:20:42 15,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.22151_none_ae9ff60970e9e6b9\pacerprf.dll
+ 2008-04-05 03:21:19 33,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.22151_none_ae9ff60970e9e6b9\traffic.dll
+ 2008-04-05 03:21:39 13,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.22151_none_ae9ff60970e9e6b9\wshqos.dll
+ 2008-04-12 03:32:11 784,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6001.18051_none_b3c58fc5453bf46b\rpcrt4.dll
+ 2008-04-12 03:16:32 784,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6001.22156_none_b4542e025e5512e8\rpcrt4.dll
+ 2008-05-08 21:59:35 90,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..ing-shell-extension_31bf3856ad364e35_6.0.6001.18068_none_0a48f9ec246cf834\wshext.dll
+ 2008-05-08 05:22:33 90,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-s..ing-shell-extension_31bf3856ad364e35_6.0.6001.22175_none_0ac4c5ed3d9567ea\wshext.dll
+ 2008-05-08 21:59:28 512,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.18068_none_82a70b5ef74dc96b\jscript.dll
+ 2008-05-08 05:18:59 512,000 ----a-w C:\Windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.22175_none_8322d76010763921\jscript.dll
+ 2008-05-08 21:59:33 430,080 ----a-w C:\Windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.0.6001.18068_none_482126172e1075a7\vbscript.dll
+ 2008-05-08 05:22:13 430,080 ----a-w C:\Windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.0.6001.22175_none_489cf2184738e55d\vbscript.dll
+ 2008-05-08 21:58:40 135,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.18068_none_482f75de008363d9\cscript.exe
+ 2008-05-08 21:59:32 180,224 ----a-w C:\Windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.18068_none_482f75de008363d9\scrobj.dll
+ 2008-05-08 21:59:32 172,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.18068_none_482f75de008363d9\scrrun.dll
+ 2008-05-08 21:59:26 155,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.18068_none_482f75de008363d9\wscript.exe
+ 2008-05-08 03:12:11 135,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.22175_none_48ab41df19abd38f\cscript.exe
+ 2008-05-08 05:17:02 32,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.22175_none_48ab41df19abd38f\dispex.dll
+ 2008-05-08 05:21:52 180,224 ----a-w C:\Windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.22175_none_48ab41df19abd38f\scrobj.dll
+ 2008-05-08 05:21:52 172,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.22175_none_48ab41df19abd38f\scrrun.dll
+ 2008-05-08 03:12:11 155,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.22175_none_48ab41df19abd38f\wscript.exe
+ 2008-05-08 05:22:33 36,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-scripting_31bf3856ad364e35_6.0.6001.22175_none_48ab41df19abd38f\wshcon.dll
+ 2008-05-08 19:21:56 211,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18068_none_886bae514b981fe3\mrxsmb10.sys
+ 2008-05-08 02:47:34 211,968 ----a-w C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.22175_none_88e77a5264c08f99\mrxsmb10.sys
+ 2008-04-26 08:26:49 891,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
+ 2008-04-26 08:08:16 891,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFEE97A3-4911-444D-8BE8-E243A23D3DE2}]
2008-10-01 12:20 8704 --a------ C:\Program Files\Applications\iebt.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 22058792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smart Start UP"="C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe" [2007-04-27 104528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-06-20 155648]
"ANTIVIRUS"="C:\Program Files\MSX\MSx.exe" [2008-09-27 412160]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-07 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 81920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-07 44128]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"smile"="C:\Program Files\Applications\wcs.exe" [2008-09-29 17408]
"start"="C:\Program Files\Applications\iebtm.exe" [2008-09-29 35328]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E6EAD248-3380-420E-8AC7-31548A61C8DA}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{615648ED-EC8F-43D5-828E-0A5BBF002C89}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{7711E26C-F1DE-41B4-9A30-03C924CA8756}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{E46437B2-C857-442C-91DD-1153891A8B92}"= Disabled:UDP:C:\Users\veronique\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NB06APR1\incredimail_install[1].exe:IncrediMail Installer
"{C3A628EA-49F2-48FC-BAE2-13576549745F}"= Disabled:TCP:C:\Users\veronique\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NB06APR1\incredimail_install[1].exe:IncrediMail Installer
"{750D6C56-46B8-4B11-9991-029876DD729F}"= Disabled:UDP:C:\Users\veronique\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CTYLDXR6\incredimail_install[1].exe:IncrediMail Installer
"{895207B6-C219-4310-8076-31C783A48CE5}"= Disabled:TCP:C:\Users\veronique\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CTYLDXR6\incredimail_install[1].exe:IncrediMail Installer
"TCP Query User{48B10ADB-6D01-4393-B64D-7582441505E6}C:\\users\\veronique\\demos\\emule\\emule.exe"= UDP:C:\users\veronique\demos\emule\emule.exe:emule.exe
"UDP Query User{A018738A-86F3-435F-9E6A-D6BD9FC98978}C:\\users\\veronique\\demos\\emule\\emule.exe"= TCP:C:\users\veronique\demos\emule\emule.exe:emule.exe
"{E97B1D51-AC5A-4D6C-8D0F-B8DCA0AFADF4}"= UDP:C:\Program Files\World of Warcraft\WoW-2.4.0-frFR-downloader.exe:Blizzard Downloader
"{A46FF35F-2DFF-4F6E-B199-D159CA66CAEE}"= TCP:C:\Program Files\World of Warcraft\WoW-2.4.0-frFR-downloader.exe:Blizzard Downloader
"{764E4144-8916-4654-BC1D-41CF6B18E29D}"= UDP:3724:Blizzard Downloader: 3724
"{9852708D-B6A6-40BD-A7FB-5734BEB4454B}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{B805D849-F1B2-4486-86A3-EBD9F8BD2EDB}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{D010223E-BAA1-4E5C-91A1-ABC8F61E08F3}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=laptop
O9 -: {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolthru.com/redirect.php
O9 -: {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolthru.com/redirect.php -
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-01 12:31:59
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-10-01 12:34:00
ComboFix-quarantined-files.txt 2008-10-01 10:33:55
ComboFix2.txt 2008-09-30 15:28:45
Avant-CF: 76ÿ905ÿ984ÿ000 octets libres
Après-CF: 76,914,200,576 octets libres
297 --- E O F --- 2008-10-01 06:16:58
Voila.
Je ne pense pas 
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
Répondre à Angeldark
