FENETRE QUI S OUVRE TOUT SEUL
Forum Sécurité - Virus : FENETRE QUI S OUVRE TOUT SEUL
Bonjour a tous,
Alors voila depuis plus de 2semaine il y a des fenetre internet qui s'ouvre que fair pour quil partent definitivement ??
merci de votre aide
Bonjour,
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Répondre à Angeldark
Bonjour ovici le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:00:29, on 25/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\RAMASS~1\LOCALS~1\Temp\csrssc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\RAMASS~1\LOCALS~1\Temp\csrssc.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/p [...] wflash.cab
O20 - AppInit_DLLs: katsbk.dll uoaacv.dll
O21 - SSODL: WebProxy - {A744F16C-B2D5-4138-81A2-085CDFCDE83A} - sxmg4.dll (file missing)
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jsne87fidgf.dll
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (tuneup.defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
Re,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
Répondre à Angeldark
Ok mais je doit allez me coucher je fer
Ok mais je doit allez me coucher je fererai la manip demain
No prob.
Message édité par Angeldark le 01-12-2008 à 17:36:08
Répondre à Angeldark
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1437
Windows 5.1.2600 Service Pack 2
30/11/2008 13:48:21
mbam-log-2008-11-30 (13-48-21).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 66568
Temps écoulé: 18 minute(s), 55 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 6
Clé(s) du Registre infectée(s): 15
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 17
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\qoMdBRLb.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dloqrp.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\gctray.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iewnhz.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jxadhe.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ahlbdaxy.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33316d31-97f4-4c53-838e-1d217f685404} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{33316d31-97f4-4c53-838e-1d217f685404} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5387a6c9-8232-4c5f-b115-a853cce109ec} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5387a6c9-8232-4c5f-b115-a853cce109ec} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7e31ba41-0e7d-420f-b6f8-189c1c70ca8e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5387a6c9-8232-4c5f-b115-a853cce109ec} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{33316d31-97f4-4c53-838e-1d217f685404} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{da5a7ad2-b3c8-4236-87d6-1dbff2622c3d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{da5a7ad2-b3c8-4236-87d6-1dbff2622c3d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7c76adc3-e992-4e13-810a-a7086b8e92aa} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\qomdbrlb -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\qomdbrlb -> Delete on reboot.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\qoMdBRLb.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\bLRBdMoq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bLRBdMoq.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iewnhz.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\ramassamy\Local Settings\Temporary Internet Files\Content.IE5\0YCV9P32\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\ramassamy\Local Settings\Temporary Internet Files\Content.IE5\QY4ZL53Q\index[2] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\SDFix\backups_old\jsne87fidgf.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D9AFAAC9-49AD-451C-8546-86BD463B8AC4}\RP33\A0002152.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dloqrp.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\lbbdgcxh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\liyaqwwi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nubsrkwr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gctray.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jxadhe.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ahlbdaxy.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\drivers\31cc1835.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
Reposte un rapport Hijackthis.
Répondre à Angeldark
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:00:36, on 02/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Antipub\antipub.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.1.0.33\IPSBHO.DLL
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe (User 'Default user')
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/p [...] wflash.cab
O20 - AppInit_DLLs: katsbk.dll uoaacv.dll dloqrp.dll jxadhe.dll iewnhz.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (tuneup.defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 4055 bytes
Re,
! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
- Télécharge ComboFix (sUBs) sur ton Bureau.
- Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
- Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Répondre à Angeldark
ComboFix 08-12-01.03 - ramassamy 2008-12-02 22:25:42.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.104 [GMT 1:00]
Lancé depuis: c:\documents and settings\ramassamy\Bureau\combo.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\frbfohek.dll
c:\windows\system32\jvxrmkcn.dll
c:\windows\system32\katsbk.dll
c:\windows\system32\nrjwfx.dll
c:\windows\system32\pdchbncr.dll
c:\windows\system32\uoaacv.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-02 au 2008-12-02 ))))))))))))))))))))))))))))))))))))
.
2008-12-01 16:32 . 2008-12-01 16:33 <REP> d-------- c:\program files\Shareaza
2008-12-01 16:32 . 2008-12-01 16:32 <REP> d-------- c:\documents and settings\ramassamy\Application Data\Shareaza
2008-11-30 13:26 . 2008-11-30 13:26 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-30 13:26 . 2008-11-30 13:26 <REP> d-------- c:\documents and settings\ramassamy\Application Data\Malwarebytes
2008-11-30 13:26 . 2008-11-30 13:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-30 13:26 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-30 13:26 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-26 11:56 . 2008-11-27 12:31 <REP> d-------- c:\program files\Antipub
2008-11-26 10:49 . 2008-11-26 10:49 <REP> d-------- c:\program files\Lavasoft
2008-11-26 10:49 . 2008-11-26 10:52 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-25 17:03 . 2008-11-27 12:27 <REP> d-------- c:\documents and settings\ramassamy\Application Data\LimeWire
2008-11-25 17:02 . 2008-11-25 17:01 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-25 16:50 . 2008-11-27 12:31 <REP> d-------- c:\program files\LimeWire
2008-11-25 15:51 . 2008-11-25 15:51 <REP> d-------- c:\windows\ERUNT
2008-11-25 15:37 . 2008-11-29 22:31 <REP> d-------- C:\SDFix
2008-11-25 12:22 . 2008-11-25 12:22 <REP> d-------- c:\program files\Trend Micro
2008-11-25 12:12 . 2008-11-25 12:16 <REP> d-------- c:\program files\FlashGet
2008-11-25 12:12 . 2004-08-05 13:00 359,040 --a------ c:\windows\system32\drivers\tcpip.sys.flg
2008-11-24 17:23 . 2008-11-24 17:23 <REP> d-------- C:\Casino
2008-11-24 13:25 . 2008-05-29 09:28 28,416 --a------ c:\windows\system32\uxtuneup.dll
2008-11-24 13:24 . 2008-11-24 13:24 <REP> d-------- c:\documents and settings\ramassamy\Application Data\TuneUp Software
2008-11-24 13:24 . 2008-11-24 13:24 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe
2008-11-24 13:23 . 2008-11-24 13:26 <REP> d-------- c:\program files\TuneUp Utilities 2008
2008-11-24 13:23 . 2008-11-24 13:23 <REP> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2008-11-24 13:21 . 2008-11-26 10:48 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-24 13:19 . 2008-11-24 13:19 <REP> d-------- c:\program files\Panda Security
2008-11-23 17:28 . 2008-11-23 17:28 0 --a------ C:\-197868911
2008-11-23 17:27 . 2008-07-12 13:30 47 --a------ c:\documents and settings\ramassamy\readme.bat
2008-11-23 16:50 . 2008-11-23 16:50 <REP> d-------- c:\program files\Ubisoft
2008-11-23 16:06 . 2008-11-23 16:06 552 --a------ c:\windows\system32\d3d8caps.dat
2008-11-23 15:55 . 2008-11-23 15:55 <REP> d-------- c:\program files\Windows Media Connect 2
2008-11-23 15:52 . 2008-11-23 15:54 <REP> d-------- c:\windows\system32\drivers\UMDF
2008-11-23 15:49 . 2008-11-23 15:49 2,422 --a------ c:\windows\system32\wpa.bak
2008-11-22 12:26 . 2008-11-22 12:26 <REP> d-------- c:\program files\Slayers Online
2008-11-22 12:21 . 2008-11-22 12:21 <REP> d-------- c:\documents and settings\All Users\Application Data\Trymedia
2008-11-22 12:20 . 2008-11-22 12:20 <REP> d-------- c:\program files\Bus Driver
2008-11-21 23:14 . 2008-11-30 20:00 <REP> d-------- c:\program files\Norton Security Scan
2008-11-21 20:14 . 2008-11-04 09:35 499,712 --a------ c:\windows\system32\msvcp71.dll
2008-11-21 20:14 . 2008-11-04 09:35 348,160 --a------ c:\windows\system32\msvcr71.dll
2008-11-21 20:13 . 2008-11-21 20:16 <REP> d-------- c:\windows\system32\Adobe
2008-11-20 13:45 . 2008-10-03 18:12 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-11-20 13:45 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-20 13:45 . 2007-03-08 06:10 1,048,576 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-20 13:45 . 2008-08-26 09:11 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-11-20 13:45 . 2008-08-26 09:11 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-20 13:45 . 2008-08-26 09:11 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-11-20 13:45 . 2008-08-26 09:11 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-11-20 13:45 . 2008-08-26 09:11 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-20 13:45 . 2008-08-25 09:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-11-20 13:44 . 2008-11-20 13:45 <REP> d-------- c:\windows\system32\fr-fr
2008-11-20 13:32 . 2003-10-03 16:28 45,056 --a------ c:\windows\system32\vusetup.dll
2008-11-20 13:32 . 2005-06-06 17:51 11,264 --a------ c:\windows\system32\drivers\vulfntr.sys
2008-11-20 13:32 . 2005-01-05 18:02 6,912 --a------ c:\windows\system32\drivers\vulfnth.sys
2008-11-20 13:31 . 1998-11-13 13:16 308,224 --a------ c:\windows\IsUn040c.exe
2008-11-20 13:18 . 2008-11-20 13:18 <REP> d-------- c:\program files\VIA
2008-11-20 13:18 . 2007-09-20 10:43 331,184 --------- c:\windows\system32\difxapi.dll
2008-11-20 13:18 . 2008-09-25 17:58 21,656 --a------ c:\windows\system32\drivers\xfilt.sys
2008-11-20 13:18 . 2008-09-25 17:57 12,952 --a------ c:\windows\system32\drivers\videX32.sys
2008-11-20 10:34 . 2008-11-20 10:34 <REP> d-------- C:\Programmi
2008-11-20 10:33 . 2008-11-20 10:33 <REP> dr-h----- c:\documents and settings\ramassamy\Application Data\SecuROM
2008-11-20 10:10 . 2008-11-20 10:33 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-11-20 10:10 . 2008-12-02 21:34 664 --a------ c:\windows\system32\d3d9caps.dat
2008-11-20 10:05 . 2008-11-23 15:52 <REP> d-------- c:\windows\system32\LogFiles
2008-11-20 10:05 . 2008-11-23 16:57 2,250,024 --a------ c:\windows\system32\pbsvc.exe
2008-11-20 10:05 . 2008-11-23 16:57 107,832 --a------ c:\windows\system32\PnkBstrB.exe
2008-11-20 10:05 . 2008-11-20 10:05 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-11-20 10:05 . 2008-11-23 16:57 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-11-20 10:05 . 2008-11-23 16:57 22,328 --a------ c:\documents and settings\ramassamy\Application Data\PnkBstrK.sys
2008-11-19 22:30 . 2008-11-19 22:30 <REP> d-------- c:\documents and settings\ramassamy\Application Data\vlc
2008-11-19 22:29 . 2008-11-19 22:29 <REP> d-------- c:\program files\VideoLAN
2008-11-19 21:22 . 2008-07-18 22:07 270,880 --a------ c:\windows\system32\mucltui.dll
2008-11-19 21:22 . 2008-07-18 22:07 210,976 --a------ c:\windows\system32\muweb.dll
2008-11-19 21:22 . 2008-07-18 22:07 29,728 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-19 20:26 . 2008-11-19 20:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-11-19 20:24 . 2008-11-19 20:24 <REP> d-------- c:\program files\ONES Trial (F)
2008-11-19 20:24 . 2007-03-09 16:18 221,184 --a------ c:\windows\InZU31.exe
2008-11-19 20:24 . 2005-06-29 01:38 15,172 --a------ c:\windows\system32\drivers\PzWDM.sys
2008-11-19 17:34 . 2008-11-19 17:34 <REP> d-------- c:\program files\Messenger Plus! Live
2008-11-19 17:34 . 2008-11-19 17:34 <REP> d--hs---- c:\documents and settings\ramassamy\UserData
2008-11-19 17:29 . 2008-11-19 17:34 <REP> d-------- c:\documents and settings\ramassamy\Contacts
2008-11-19 17:21 . 2008-11-19 17:28 <REP> d--hsc--- c:\program files\Fichiers communs\WindowsLiveInstaller
2008-11-19 17:21 . 2008-11-19 17:21 <REP> d-------- c:\documents and settings\All Users\Application Data\Symantec
2008-11-19 17:20 . 2008-11-19 17:28 <REP> d-------- c:\program files\Windows Live
2008-11-19 17:20 . 2008-11-19 17:20 <REP> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-19 07:37 . 2008-11-19 07:37 <REP> d-------- c:\program files\Realtek AC97
2008-11-19 07:37 . 2008-11-20 13:18 <REP> d-------- c:\program files\Fichiers communs\InstallShield
2008-11-19 07:37 . 2006-11-17 05:40 18,804,736 --a------ c:\windows\system32\alsndmgr.cpl
2008-11-19 03:04 . 2008-11-19 17:35 <REP> d-------- c:\windows\system32\CatRoot_bak
2008-11-19 03:02 . 2008-08-14 14:44 2,182,400 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-19 03:02 . 2008-08-14 14:44 2,138,112 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-19 03:02 . 2008-08-14 14:44 2,059,776 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-19 03:02 . 2008-08-14 14:44 2,017,792 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-19 03:02 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-19 03:02 . 2008-06-14 18:59 272,768 --------- c:\windows\system32\drivers\bthport.sys
2008-11-19 03:02 . 2008-06-14 18:59 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-19 03:00 . 2008-11-20 21:57 <REP> d--h----- c:\windows\$hf_mig$
2008-11-19 03:00 . 2006-09-25 17:58 23,856 --a------ c:\windows\system32\spupdsvc.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 16:51 --------- d-----w c:\documents and settings\ramassamy\Application Data\uTorrent
2008-12-01 03:22 --------- d-----w c:\program files\eMule
2008-11-23 15:50 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-21 22:14 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2008-11-18 23:55 --------- d-----w c:\program files\uTorrent
2008-11-18 23:32 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2008-11-18 23:32 60,808 ----a-w c:\windows\system32\S32EVNT1.DLL
2008-11-18 23:32 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-18 23:32 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2008-11-18 23:32 --------- d-----w c:\program files\Symantec
2008-11-18 23:32 --------- d-----w c:\documents and settings\All Users\Application Data\Norton
2008-11-18 23:31 35,888 ----a-r c:\windows\system32\drivers\SymIM.sys
2008-11-18 23:31 --------- d-----w c:\program files\Windows Sidebar
2008-11-18 23:31 --------- d-----w c:\program files\NortonInstaller
2008-11-18 23:31 --------- d-----w c:\program files\Norton AntiVirus
2008-11-18 23:31 --------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2008-11-18 23:26 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-18 23:19 --------- d-----w c:\program files\Kaspersky Lab
2008-11-18 23:11 --------- d-----w c:\program files\ma-config.com
2008-11-18 23:11 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2008-11-18 23:02 --------- d-----w c:\program files\microsoft frontpage
2008-11-18 23:00 --------- d-----w c:\program files\Services en ligne
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:45 1,106,944 ----a-w c:\windows\system32\msxml3.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
c:\documents and settings\ramassamy\Menu D‚marrer\Programmes\D‚marrage\
Anti-Pub.lnk - c:\program files\Antipub\antipub.exe [2003-03-23 674304]
c:\documents and settings\ramassamy\Menu D‚marrer\Programmes\D‚marrage\
Anti-Pub.lnk - c:\program files\Antipub\antipub.exe [2003-03-23 674304]
c:\documents and settings\ramassamy\Menu D‚marrer\Programmes\D‚marrage\
Anti-Pub.lnk - c:\program files\Antipub\antipub.exe [2003-03-23 674304]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\ramassamy\\Bureau\\utorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
R0 PzWDM;PzWDM;c:\windows\system32\Drivers\PzWDM.sys [2008-11-19 15172]
R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NAV\1001000.021\SYMEFA.SYS []
R0 videX32;videX32;c:\windows\system32\DRIVERS\videX32.sys [2008-11-20 12952]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfilt.sys [2008-11-20 21656]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\Drivers\NAV\1001000.021\BHDrvx86.sys [2008-11-19 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\Drivers\NAV\1001000.021\ccHPx86.sys [2008-11-19 362544]
R1 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081127.002\IDSxpx86.sys [2008-11-29 274808]
R2 Norton AntiVirus;Norton AntiVirus;"c:\program files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe" /s "Norton AntiVirus" /m "c:\program files\Norton AntiVirus\Engine\16.1.0.33\diMaster.dll" /prefetch:1 []
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-19 99376]
S1 31cc1835;31cc1835;c:\windows\system32\drivers\31cc1835.sys []
S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-11-17 195752]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'
2008-12-02 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
2008-11-30 c:\windows\Tasks\Norton Security Scan for ramassamy.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\ramassamy\Application Data\Mozilla\Firefox\Profiles\tzo3r5lg.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.neufportail.fr/
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 22:29:12
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.1.0.33\diMaster.dll\" /prefetch:1"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\dumprep.exe
c:\program files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dumprep.exe
c:\windows\system32\dumprep.exe
c:\program files\Shareaza\Shareaza.exe
.
**************************************************************************
.
Heure de fin: 2008-12-02 22:33:43 - La machine a redémarré [ramassamy]
ComboFix-quarantined-files.txt 2008-12-02 21:33:33
Avant-CF: 42 068 512 768 octets libres
Après-CF: 42,563,092,480 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
246 --- E O F --- 2008-11-20 20:58:40
Reposte un rapport Hijackthis.
Répondre à Angeldark
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36:42, on 03/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Antipub\antipub.exe
C:\Program Files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.1.0.33\IPSBHO.DLL
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe (User 'Default user')
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/p [...] wflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (tuneup.defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 3742 bytes
Encore des soucis ?
Répondre à Angeldark
Non plus de soucis merci beaucup
Bon surf.
Répondre à Angeldark
Il y a 1396 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
