Aide - fenêtres intempestives depuis hier
Dernière réponse : dans Sécurité
Bonjour et meilleurs vœux pour cette nouvelle année à toutes et à tous.
Depuis hier j'ai des fenêtres intempestives et mon PC qui rame comme un malade.
Ce matin mon antivirus vœux des torjons mais n'arrive pas à les éradiquer.
Pouvez-vous svp m'aider.
Bien cordialement.
Ci-joint log HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11:39, on 02/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
d:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Anti-pub\presqueok.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {af175403-d8e0-4b81-8008-d6d8237a0b79} - C:\WINDOWS\system32\yosohede.dll
O2 - BHO: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [kafejatoso] Rundll32.exe "C:\WINDOWS\system32\zosiyaba.dll",s
O4 - HKCU\..\Run: [ccleaner] "D:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [kafejatoso] Rundll32.exe "C:\WINDOWS\system32\zosiyaba.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Meta - res://C:\WINDOWS\Downloaded Program Files\CopernicMeta.dll/HTML/SearchExt
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O20 - AppInit_DLLs: C:\WINDOWS\system32\disesobe.dll c:\windows\system32\wavowibi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wavowibi.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wavowibi.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - d:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 6647 bytes
Depuis hier j'ai des fenêtres intempestives et mon PC qui rame comme un malade.
Ce matin mon antivirus vœux des torjons mais n'arrive pas à les éradiquer.
Pouvez-vous svp m'aider.
Bien cordialement.
Ci-joint log HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11:39, on 02/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
d:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Anti-pub\presqueok.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {af175403-d8e0-4b81-8008-d6d8237a0b79} - C:\WINDOWS\system32\yosohede.dll
O2 - BHO: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [kafejatoso] Rundll32.exe "C:\WINDOWS\system32\zosiyaba.dll",s
O4 - HKCU\..\Run: [ccleaner] "D:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [kafejatoso] Rundll32.exe "C:\WINDOWS\system32\zosiyaba.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Meta - res://C:\WINDOWS\Downloaded Program Files\CopernicMeta.dll/HTML/SearchExt
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O20 - AppInit_DLLs: C:\WINDOWS\system32\disesobe.dll c:\windows\system32\wavowibi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wavowibi.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wavowibi.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - d:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 6647 bytes
Autres pages sur : aide fenetres intempestives hier
Lassé par la pub ? Créez un compte
Bonjour,
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
ReBonjour Angeldark et merci pour votre aide.
Ci-après le rapport obtenu
ComboFix 09-01-01.02 - PC Famille 2009-01-02 18:57:15.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1023.669 [GMT 1:00]
Lancé depuis: c:\documents and settings\PC Famille\Bureau\ComboFix.exe
.
Les fichiers ci-dessous ont été désactivés pendant l'exécution:
c:\windows\system32\disesobe.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\PC Famille\Application Data\inst.exe
c:\documents and settings\PC Famille\Menu Démarrer\Programmes\Spyware-Secure
c:\documents and settings\PC Famille\Menu Démarrer\Programmes\Spyware-Secure\Website.lnk
c:\windows\system32\_000111_.tmp.dll
c:\windows\system32\disesobe.dll.vir
c:\windows\system32\idadafog.ini
c:\windows\system32\ohunotep.ini
c:\windows\system32\yosohede.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-02 au 2009-01-02 ))))))))))))))))))))))))))))))))))))
.
2009-01-02 12:47 . 2009-01-02 12:50 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-01-02 12:40 . 2009-01-02 12:40 <REP> d-------- c:\documents and settings\All Users\Application Data\Avg7
2009-01-01 23:19 . 2009-01-02 18:52 <REP> d-------- C:\Anti-pub
2009-01-01 18:04 . 2009-01-01 18:05 <REP> d-------- c:\windows\Drivers
2009-01-01 18:04 . 2009-01-01 18:04 <REP> d-------- c:\program files\Come2PlayK2P
2009-01-01 18:04 . 2009-01-01 18:04 <REP> d-------- c:\program files\BitTorrent Fastest Tool
2009-01-01 18:04 . 2008-12-21 16:51 81,920 --a------ c:\windows\system32\appverimp.dll
2008-12-31 15:58 . 2008-12-31 15:58 <REP> d-------- c:\program files\LG Electronics
2008-12-31 15:58 . 2007-07-11 10:45 21,632 --a------ c:\windows\system32\drivers\lgusbmodem.sys
2008-12-31 15:58 . 2007-07-11 15:51 19,840 --a------ c:\windows\system32\drivers\lgusbdiag.sys
2008-12-31 15:58 . 2007-07-11 10:40 12,416 --a------ c:\windows\system32\drivers\lgusbbus.sys
2008-12-31 15:37 . 2008-12-31 15:41 <REP> d-------- c:\documents and settings\All Users\Application Data\LGMOBILEAX
2008-12-31 15:37 . 2006-05-04 08:33 53,248 --a------ c:\windows\system32\CommonDL.dll
2008-12-31 15:37 . 2008-12-31 15:38 2,412 --a------ c:\windows\system32\lgAxconfig.ini
2008-12-29 11:22 . 2008-12-29 11:22 <REP> d-------- c:\documents and settings\All Users\Application Data\aHisoft
2008-12-29 10:54 . 2008-12-29 10:54 <REP> d-------- c:\program files\MyFree Codec
2008-12-25 20:25 . 2009-01-02 15:36 <REP> d--h----- C:\LG3G
2008-12-25 20:11 . 2008-12-25 20:11 <REP> d-------- c:\documents and settings\PC Famille\Application Data\LG Electronics
2008-12-21 22:14 . 2008-12-21 22:13 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-16 21:45 . 2008-12-16 21:45 <REP> d-------- c:\documents and settings\PC Famille\Application Data\OpenOffice.org
2008-12-16 21:38 . 2008-12-16 21:38 <REP> d-------- c:\program files\OpenOffice.org 3
2008-12-16 21:38 . 2008-12-16 21:38 <REP> d-------- c:\program files\JRE
2008-12-15 11:50 . 2008-12-15 11:50 <REP> d-------- c:\program files\PDFCreator Toolbar
2008-12-15 11:50 . 2008-12-15 11:50 253,139 --a------ c:\windows\PDFCreator_Toolbar_Uninstaller_5640.exe
2008-12-15 11:49 . 1998-06-24 01:00 137,000 --a------ c:\windows\system32\MSMAPI32.OCX
2008-12-15 11:49 . 2001-10-28 17:42 116,224 --a------ c:\windows\system32\pdfcmnnt.dll
2008-12-15 11:49 . 1998-07-06 01:00 23,552 --a------ c:\windows\system32\MSMPIDE.DLL
2008-12-15 11:01 . 2008-12-15 11:25 <REP> d-------- c:\documents and settings\PC Famille\Application Data\DeepBurner
2008-12-15 10:14 . 2008-12-15 10:14 <REP> d-------- c:\documents and settings\PC Famille\Application Data\Canneverbe_Limited
2008-12-12 23:56 . 2008-12-26 13:50 57,964 --ah----- c:\windows\system32\mlfcache.dat
2008-12-07 19:22 . 2008-12-07 19:22 <REP> d-------- c:\program files\MEDIADICO
2008-12-06 12:00 . 2008-12-06 12:00 <REP> d-------- c:\program files\Avira
2008-12-03 15:12 . 2008-12-03 15:12 <REP> d-------- c:\program files\iPod
2008-12-03 15:12 . 2008-12-03 15:13 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-03 14:51 . 2008-12-03 15:07 <REP> d-------- c:\program files\QuickTime
2008-12-03 14:49 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 16:49 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-02 11:38 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2008-12-31 14:57 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-29 09:39 --------- d-----w c:\program files\Samsung
2008-12-28 17:57 --------- d-----w c:\documents and settings\PC Famille\Application Data\Apple Computer
2008-12-28 11:42 --------- d-----w c:\documents and settings\PC Famille\Application Data\BitTorrent
2008-12-25 19:08 --------- d-----w c:\program files\DivX
2008-12-21 21:13 --------- d-----w c:\program files\Java
2008-12-06 11:00 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2008-12-03 14:12 --------- d-----w c:\program files\Fichiers communs\Apple
2008-12-03 14:11 --------- d-----w c:\program files\Bonjour
2008-12-03 13:40 --------- d-----w c:\program files\Safari
2008-11-29 14:11 --------- d-----w c:\program files\PowerArchiver
2008-11-22 15:04 --------- d-----w c:\program files\P2P_Torrent
2008-11-16 17:56 --------- d-----w c:\documents and settings\PC Famille\Application Data\FileZilla
2008-11-12 11:16 --------- d-----w c:\program files\Google
2008-04-15 15:57 777 ----a-w c:\documents and settings\PC Famille\Application Data\waver_2.95.dat
2007-05-12 19:49 87,608 -c----w c:\documents and settings\PC Famille\Application Data\ezpinst.exe
2007-05-12 19:49 47,360 -c----w c:\documents and settings\PC Famille\Application Data\pcouffin.sys
2008-10-01 13:13 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-10-01 13:13 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-10-01 13:13 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-10-01 13:13 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-10-01 13:13 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]
2008-11-22 16:05 1784856 --a------ c:\program files\P2P_Torrent\tbP2P1.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BC4BE15D-6A34-4356-9E97-79E43DA32B1D}"= "c:\program files\P2P_Torrent\tbP2P1.dll" [2008-11-22 1784856]
[HKEY_CLASSES_ROOT\clsid\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="d:\program files\CCleaner\ccleaner.exe" [2008-12-01 1406192]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"!AVG Anti-Spyware"="d:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\disesobe.dll c:\windows\system32\wavowibi.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^PHOTOfunSTUDIO -viewer-.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\PHOTOfunSTUDIO -viewer-.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO -viewer-.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 e:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2008-11-13 10:53 2356088 c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
--a------ 2007-10-11 07:45 31232 c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-10-26 18:17 289088 c:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxSys]
--a------ 2008-12-21 16:52 180224 c:\windows\Drivers\IgfxSys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 d:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
--a------ 2006-09-19 08:07 827392 c:\windows\vsnpstd3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-21 22:13 136600 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-09-26 14:50 206184 e:\program files\TomTom HOME 2\HOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"d:\\Program Files\\adslTV\\adslTV.exe"=
"d:\\Program Files\\adslTV\\vlc.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"e:\\jeux\\Atari\\nwn2\\nwn2main.exe"=
"e:\\jeux\\Atari\\nwn2\\nwn2main_amdxp.exe"=
"e:\\jeux\\Atari\\nwn2\\nwupdate.exe"=
"e:\\jeux\\Atari\\nwn2\\nwn2server.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\adslTV\\adsltv.exe"=
"c:\\Program Files\\adslTV\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Pierre\\VeohClient.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\guard.exe"=
R3 OEMFVNETusb(505 2958)(R);OEM FVNETusb(505 2958)(R) Service for 802.11b Pen Size Wireless USB Adapter;c:\windows\system32\DRIVERS\vnet558x.sys [2003-04-17 98176]
S3 fbxusb;FreeBox USB Network Adapter;c:\windows\system32\DRIVERS\fbxusb.sys [2008-04-17 18848]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys []
S3 SetupNTGLM7X;SetupNTGLM7X;\??\F:\NTGLM7X.sys []
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\w300mgmt.sys [2007-12-30 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\w300obex.sys [2007-12-30 85696]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0784c50b-3555-11dc-b716-0040f4ab4b04}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe
.
Contenu du dossier 'Tâches planifiées'
2008-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-01-02 c:\windows\Tasks\User_Feed_Synchronization-{C72763B5-6B5B-4EFA-B5CB-E491F501B712}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{af175403-d8e0-4b81-8008-d6d8237a0b79} - c:\windows\system32\yosohede.dll
WebBrowser-{B8A5B62C-517F-42A5-85AE-29B5497FB15F} - (no file)
HKLM-Run-kafejatoso - c:\windows\system32\zosiyaba.dll
MSConfigStartUp-CPM0f19927c - c:\windows\system32\hajajepo.dll
MSConfigStartUp-kafejatoso - c:\windows\system32\zosiyaba.dll
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Search Using Copernic Meta - c:\windows\Downloaded Program Files\CopernicMeta.dll/HTML/SearchExt
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-02 19:02:21
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\windows\system32\muweb.dll 208744 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1220945662-362288127-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
"??"=hex:3d,07,a7,71,53,53,9f,7e,fd,1f,95,79,1d,b2,13,29,9f,38,a5,6c,53,9e,9c,\
95,04,fc,ae,8a,db,0b,5a,64,dc,dd,90,e9,a9,da,93,26,20,ef,af,d2,6a,d1,96,aa,\
fc,a2,be,e6,72,02,f9,f5,a5,38,62,95,b9,23,d8,83,ae,b1,bb,0a,7d,4f,20,9b,67,\
a4,a9,3e,6f,17,99,60,d1,bb,5f,79,6e,53,82,6d,2a,da,e2,61,23,47,b6,e4,b2,00,\
e0,8a,03,ad,cb,c9,b7,9d,f3,97,23,39,56,86,53,e1,3e,16,87,9b,c7,ba,1c,a1,63,\
a4,c1,45,9e,f4,89,34,41,a1,c9,b6,26,93,19,84,21,af,8b,80,1b,71,0e,e3,18,5e,\
ca,c8,4a,c0,7b,1e,eb,fe,0d,5c,f3,2a,e5,ba,35,0b,73,de,9c,1b,8d,94,c1,ba,b1,\
80,7e,f8,cd,4c,ce,43,d3,ef,c4,ea,27,07,bc,86,8a,4d,55,d7,c5,97,d6,06,c1,78,\
60,28,2e,52,d5,ee,d5,18,f3,26,70,21,15,a6,5a,21,2d,45,89,6b,20,1f,4a,90,f7,\
24,cd,97,f6,e9,12,94,52,b9,2a,79,81,1a,fc,ab,a6,98,b0,43,bd,d4,01,d7,d2,14,\
e9,a9,08,6c,cf,b1,54,61,01,fa,76,ce,38,84,06,87,e9,49,ae,f5,9c,a6,6d,ac,eb,\
a2,d5,58,76,97,13,60,89,f7,0e,fa,40,62,51,94,70,15,0f,60,3a,1f,16,2c,8a,f2,\
9f,b2,72,cc,37,d3,f0,77,e8,11,b2,34,30,f4,2e,db,3b,dc,95,b4,25,9b,99,5e,fd,\
5f,de,55,2e,df,28,f8,4a,a9,48,e0,46,a0,48,63,ee,0c,f9,fc,ba,5b,c4,fa,67,77,\
30,ef,3f,36,df,f5,39,0f,ed,ca,3d,fc,58,f7,09,54,b3,8e,a3,e9,ea,14,97,f4,11,\
ae,39,56,27,62,5b,23,c9,81,81,07,b8,cb,d2,70,ec,4b,b9,1e,be,82,e7,e5,6d,e4,\
ef,0b,13,ea,cf,13,e7,ec,42,72,9c,ce,39,5a,4a,87,6e,7c,3c,08,04,26,56,bc,5d,\
1a,35,ca,ed,c1,7f,f2,44,1f,73,f8,4a,6d,e5,f9,fa,0a,bc,44,4e,fb,37,9e,13,f9,\
b8,4c,5f,d3,d3,7f,5c,7f,c0,ba,e8,2f,ac,2f,54,98,da,d9,06,e1,63,67,45,6c,00,\
68,41,56,9a,6d,7f,88,89,66,a8,e9,14,a4,9f,f0,61,8c,c1,54,67,46,0d,e5,48,94,\
b2,f7,d6,8f,34,bc,8f,36,8e,b9,93,fe,0f,7a,ec,33,a2,17,40,5e,29,3e,80,4c,98,\
44,a0,7e,02,db,9b,0a,fe,46,31,0e,95,54,0c,45,73,af,3c,11,b1,77,47,9d,df,1c,\
ce,17,13,11,0d,b4,89,00,bb,f5,02,d2,c8,a6,b2,6f,98,9b,7d,06,7d,fb,3c,e9,76,\
d6,e1,fe,2c,93,d8,c3,74,1f,c3,33,8b,9a,cc,ea,b9,2e,9a,af,85,22,8e,b4,b1,d0,\
58,b0,9d,bb,ab,72,38,14,90,fc,3d,6a,61,d6,cd,44,07,4a,66,7e,d8,75,36,ca,a8,\
13,0a,fb,b9,d7,66,18,a6,72,d6,bc,e0,b9,92,de,8a,7e,65,6e,61,d6,35,43,8a,58,\
06,6a,7a,57,28,e7,7b,09,bf,13,fe,a8,0d,7a,ed,f8,f3,32,61,77,d2,65,f6,a6,b4,\
98,d0,68,1e,50,46,6a,19,95,55,0b,fc,91,29,e7,b7,5f,28,de,ae,e8,eb,98,d7,b7,\
96,2d,1f,4f,f9,fe,9e,c1,6c,3f,7a,92,58,f9,cb,1c,43,16,c0,4b,18,20,f8,4f,a6,\
d1,75,c0,ee,6f,cd,b3,78,61,c5,a5,34,16,16,90,8f,df,4f,9c,78,dc,e2,fc,c9,ba,\
7e,ed,87,c1,38,5a,5f,dd,d0,09,ff,25,7a,d7,29,b7,0e,92,79,b7,e3,02,ae,7a,33,\
7b,38,22,8e,fe,57,e5,1e,22,78,46,05,07,a3,94,db,1a,29,bc,27,75,f7,1b,c9,24,\
db,ce,e4,8e,8a,ad,ab,4b,60,57,f3,49,90,64,61,a3,1c,21,31,c3,38,b0,96,56,62,\
94,97,64,9d,b3,da,da,c2,b5,21,fc,40,83,58,ae,2a,02,ec,ff,db,0e,05,ab,67,c0,\
33,7d,38,d1,33,45,28,f1,33
"??"=hex:a0,c2,87,2b,18,b0,fc,51,5b,0f,ab,1f,99,9e,66,f4
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*NULL*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Java\jre6\bin\jqs.exe
d:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\PSIService.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-01-02 19:09:40 - La machine a redémarré [PC Famille]
ComboFix-quarantined-files.txt 2009-01-02 18:09:38
Avant-CF: 1,515,565,056 octets libres
Après-CF: 1,473,904,640 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /usepmtimer /NoExecute=OptOut
279 --- E O F --- 2008-12-18 21:23:58
Ci-après le rapport obtenu
ComboFix 09-01-01.02 - PC Famille 2009-01-02 18:57:15.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1023.669 [GMT 1:00]
Lancé depuis: c:\documents and settings\PC Famille\Bureau\ComboFix.exe
.
Les fichiers ci-dessous ont été désactivés pendant l'exécution:
c:\windows\system32\disesobe.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\PC Famille\Application Data\inst.exe
c:\documents and settings\PC Famille\Menu Démarrer\Programmes\Spyware-Secure
c:\documents and settings\PC Famille\Menu Démarrer\Programmes\Spyware-Secure\Website.lnk
c:\windows\system32\_000111_.tmp.dll
c:\windows\system32\disesobe.dll.vir
c:\windows\system32\idadafog.ini
c:\windows\system32\ohunotep.ini
c:\windows\system32\yosohede.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-02 au 2009-01-02 ))))))))))))))))))))))))))))))))))))
.
2009-01-02 12:47 . 2009-01-02 12:50 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-01-02 12:40 . 2009-01-02 12:40 <REP> d-------- c:\documents and settings\All Users\Application Data\Avg7
2009-01-01 23:19 . 2009-01-02 18:52 <REP> d-------- C:\Anti-pub
2009-01-01 18:04 . 2009-01-01 18:05 <REP> d-------- c:\windows\Drivers
2009-01-01 18:04 . 2009-01-01 18:04 <REP> d-------- c:\program files\Come2PlayK2P
2009-01-01 18:04 . 2009-01-01 18:04 <REP> d-------- c:\program files\BitTorrent Fastest Tool
2009-01-01 18:04 . 2008-12-21 16:51 81,920 --a------ c:\windows\system32\appverimp.dll
2008-12-31 15:58 . 2008-12-31 15:58 <REP> d-------- c:\program files\LG Electronics
2008-12-31 15:58 . 2007-07-11 10:45 21,632 --a------ c:\windows\system32\drivers\lgusbmodem.sys
2008-12-31 15:58 . 2007-07-11 15:51 19,840 --a------ c:\windows\system32\drivers\lgusbdiag.sys
2008-12-31 15:58 . 2007-07-11 10:40 12,416 --a------ c:\windows\system32\drivers\lgusbbus.sys
2008-12-31 15:37 . 2008-12-31 15:41 <REP> d-------- c:\documents and settings\All Users\Application Data\LGMOBILEAX
2008-12-31 15:37 . 2006-05-04 08:33 53,248 --a------ c:\windows\system32\CommonDL.dll
2008-12-31 15:37 . 2008-12-31 15:38 2,412 --a------ c:\windows\system32\lgAxconfig.ini
2008-12-29 11:22 . 2008-12-29 11:22 <REP> d-------- c:\documents and settings\All Users\Application Data\aHisoft
2008-12-29 10:54 . 2008-12-29 10:54 <REP> d-------- c:\program files\MyFree Codec
2008-12-25 20:25 . 2009-01-02 15:36 <REP> d--h----- C:\LG3G
2008-12-25 20:11 . 2008-12-25 20:11 <REP> d-------- c:\documents and settings\PC Famille\Application Data\LG Electronics
2008-12-21 22:14 . 2008-12-21 22:13 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-16 21:45 . 2008-12-16 21:45 <REP> d-------- c:\documents and settings\PC Famille\Application Data\OpenOffice.org
2008-12-16 21:38 . 2008-12-16 21:38 <REP> d-------- c:\program files\OpenOffice.org 3
2008-12-16 21:38 . 2008-12-16 21:38 <REP> d-------- c:\program files\JRE
2008-12-15 11:50 . 2008-12-15 11:50 <REP> d-------- c:\program files\PDFCreator Toolbar
2008-12-15 11:50 . 2008-12-15 11:50 253,139 --a------ c:\windows\PDFCreator_Toolbar_Uninstaller_5640.exe
2008-12-15 11:49 . 1998-06-24 01:00 137,000 --a------ c:\windows\system32\MSMAPI32.OCX
2008-12-15 11:49 . 2001-10-28 17:42 116,224 --a------ c:\windows\system32\pdfcmnnt.dll
2008-12-15 11:49 . 1998-07-06 01:00 23,552 --a------ c:\windows\system32\MSMPIDE.DLL
2008-12-15 11:01 . 2008-12-15 11:25 <REP> d-------- c:\documents and settings\PC Famille\Application Data\DeepBurner
2008-12-15 10:14 . 2008-12-15 10:14 <REP> d-------- c:\documents and settings\PC Famille\Application Data\Canneverbe_Limited
2008-12-12 23:56 . 2008-12-26 13:50 57,964 --ah----- c:\windows\system32\mlfcache.dat
2008-12-07 19:22 . 2008-12-07 19:22 <REP> d-------- c:\program files\MEDIADICO
2008-12-06 12:00 . 2008-12-06 12:00 <REP> d-------- c:\program files\Avira
2008-12-03 15:12 . 2008-12-03 15:12 <REP> d-------- c:\program files\iPod
2008-12-03 15:12 . 2008-12-03 15:13 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-03 14:51 . 2008-12-03 15:07 <REP> d-------- c:\program files\QuickTime
2008-12-03 14:49 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 16:49 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-02 11:38 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2008-12-31 14:57 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-29 09:39 --------- d-----w c:\program files\Samsung
2008-12-28 17:57 --------- d-----w c:\documents and settings\PC Famille\Application Data\Apple Computer
2008-12-28 11:42 --------- d-----w c:\documents and settings\PC Famille\Application Data\BitTorrent
2008-12-25 19:08 --------- d-----w c:\program files\DivX
2008-12-21 21:13 --------- d-----w c:\program files\Java
2008-12-06 11:00 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2008-12-03 14:12 --------- d-----w c:\program files\Fichiers communs\Apple
2008-12-03 14:11 --------- d-----w c:\program files\Bonjour
2008-12-03 13:40 --------- d-----w c:\program files\Safari
2008-11-29 14:11 --------- d-----w c:\program files\PowerArchiver
2008-11-22 15:04 --------- d-----w c:\program files\P2P_Torrent
2008-11-16 17:56 --------- d-----w c:\documents and settings\PC Famille\Application Data\FileZilla
2008-11-12 11:16 --------- d-----w c:\program files\Google
2008-04-15 15:57 777 ----a-w c:\documents and settings\PC Famille\Application Data\waver_2.95.dat
2007-05-12 19:49 87,608 -c----w c:\documents and settings\PC Famille\Application Data\ezpinst.exe
2007-05-12 19:49 47,360 -c----w c:\documents and settings\PC Famille\Application Data\pcouffin.sys
2008-10-01 13:13 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-10-01 13:13 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-10-01 13:13 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-10-01 13:13 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-10-01 13:13 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]
2008-11-22 16:05 1784856 --a------ c:\program files\P2P_Torrent\tbP2P1.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BC4BE15D-6A34-4356-9E97-79E43DA32B1D}"= "c:\program files\P2P_Torrent\tbP2P1.dll" [2008-11-22 1784856]
[HKEY_CLASSES_ROOT\clsid\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="d:\program files\CCleaner\ccleaner.exe" [2008-12-01 1406192]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"!AVG Anti-Spyware"="d:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\disesobe.dll c:\windows\system32\wavowibi.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^PHOTOfunSTUDIO -viewer-.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\PHOTOfunSTUDIO -viewer-.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO -viewer-.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 e:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2008-11-13 10:53 2356088 c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
--a------ 2007-10-11 07:45 31232 c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-10-26 18:17 289088 c:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxSys]
--a------ 2008-12-21 16:52 180224 c:\windows\Drivers\IgfxSys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 d:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
--a------ 2006-09-19 08:07 827392 c:\windows\vsnpstd3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-21 22:13 136600 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-09-26 14:50 206184 e:\program files\TomTom HOME 2\HOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"d:\\Program Files\\adslTV\\adslTV.exe"=
"d:\\Program Files\\adslTV\\vlc.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"e:\\jeux\\Atari\\nwn2\\nwn2main.exe"=
"e:\\jeux\\Atari\\nwn2\\nwn2main_amdxp.exe"=
"e:\\jeux\\Atari\\nwn2\\nwupdate.exe"=
"e:\\jeux\\Atari\\nwn2\\nwn2server.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\adslTV\\adsltv.exe"=
"c:\\Program Files\\adslTV\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Pierre\\VeohClient.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\guard.exe"=
R3 OEMFVNETusb(505 2958)(R);OEM FVNETusb(505 2958)(R) Service for 802.11b Pen Size Wireless USB Adapter;c:\windows\system32\DRIVERS\vnet558x.sys [2003-04-17 98176]
S3 fbxusb;FreeBox USB Network Adapter;c:\windows\system32\DRIVERS\fbxusb.sys [2008-04-17 18848]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys []
S3 SetupNTGLM7X;SetupNTGLM7X;\??\F:\NTGLM7X.sys []
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\w300mgmt.sys [2007-12-30 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\w300obex.sys [2007-12-30 85696]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0784c50b-3555-11dc-b716-0040f4ab4b04}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe
.
Contenu du dossier 'Tâches planifiées'
2008-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-01-02 c:\windows\Tasks\User_Feed_Synchronization-{C72763B5-6B5B-4EFA-B5CB-E491F501B712}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{af175403-d8e0-4b81-8008-d6d8237a0b79} - c:\windows\system32\yosohede.dll
WebBrowser-{B8A5B62C-517F-42A5-85AE-29B5497FB15F} - (no file)
HKLM-Run-kafejatoso - c:\windows\system32\zosiyaba.dll
MSConfigStartUp-CPM0f19927c - c:\windows\system32\hajajepo.dll
MSConfigStartUp-kafejatoso - c:\windows\system32\zosiyaba.dll
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Search Using Copernic Meta - c:\windows\Downloaded Program Files\CopernicMeta.dll/HTML/SearchExt
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-02 19:02:21
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\windows\system32\muweb.dll 208744 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1220945662-362288127-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
"??"=hex:3d,07,a7,71,53,53,9f,7e,fd,1f,95,79,1d,b2,13,29,9f,38,a5,6c,53,9e,9c,\
95,04,fc,ae,8a,db,0b,5a,64,dc,dd,90,e9,a9,da,93,26,20,ef,af,d2,6a,d1,96,aa,\
fc,a2,be,e6,72,02,f9,f5,a5,38,62,95,b9,23,d8,83,ae,b1,bb,0a,7d,4f,20,9b,67,\
a4,a9,3e,6f,17,99,60,d1,bb,5f,79,6e,53,82,6d,2a,da,e2,61,23,47,b6,e4,b2,00,\
e0,8a,03,ad,cb,c9,b7,9d,f3,97,23,39,56,86,53,e1,3e,16,87,9b,c7,ba,1c,a1,63,\
a4,c1,45,9e,f4,89,34,41,a1,c9,b6,26,93,19,84,21,af,8b,80,1b,71,0e,e3,18,5e,\
ca,c8,4a,c0,7b,1e,eb,fe,0d,5c,f3,2a,e5,ba,35,0b,73,de,9c,1b,8d,94,c1,ba,b1,\
80,7e,f8,cd,4c,ce,43,d3,ef,c4,ea,27,07,bc,86,8a,4d,55,d7,c5,97,d6,06,c1,78,\
60,28,2e,52,d5,ee,d5,18,f3,26,70,21,15,a6,5a,21,2d,45,89,6b,20,1f,4a,90,f7,\
24,cd,97,f6,e9,12,94,52,b9,2a,79,81,1a,fc,ab,a6,98,b0,43,bd,d4,01,d7,d2,14,\
e9,a9,08,6c,cf,b1,54,61,01,fa,76,ce,38,84,06,87,e9,49,ae,f5,9c,a6,6d,ac,eb,\
a2,d5,58,76,97,13,60,89,f7,0e,fa,40,62,51,94,70,15,0f,60,3a,1f,16,2c,8a,f2,\
9f,b2,72,cc,37,d3,f0,77,e8,11,b2,34,30,f4,2e,db,3b,dc,95,b4,25,9b,99,5e,fd,\
5f,de,55,2e,df,28,f8,4a,a9,48,e0,46,a0,48,63,ee,0c,f9,fc,ba,5b,c4,fa,67,77,\
30,ef,3f,36,df,f5,39,0f,ed,ca,3d,fc,58,f7,09,54,b3,8e,a3,e9,ea,14,97,f4,11,\
ae,39,56,27,62,5b,23,c9,81,81,07,b8,cb,d2,70,ec,4b,b9,1e,be,82,e7,e5,6d,e4,\
ef,0b,13,ea,cf,13,e7,ec,42,72,9c,ce,39,5a,4a,87,6e,7c,3c,08,04,26,56,bc,5d,\
1a,35,ca,ed,c1,7f,f2,44,1f,73,f8,4a,6d,e5,f9,fa,0a,bc,44,4e,fb,37,9e,13,f9,\
b8,4c,5f,d3,d3,7f,5c,7f,c0,ba,e8,2f,ac,2f,54,98,da,d9,06,e1,63,67,45,6c,00,\
68,41,56,9a,6d,7f,88,89,66,a8,e9,14,a4,9f,f0,61,8c,c1,54,67,46,0d,e5,48,94,\
b2,f7,d6,8f,34,bc,8f,36,8e,b9,93,fe,0f,7a,ec,33,a2,17,40,5e,29,3e,80,4c,98,\
44,a0,7e,02,db,9b,0a,fe,46,31,0e,95,54,0c,45,73,af,3c,11,b1,77,47,9d,df,1c,\
ce,17,13,11,0d,b4,89,00,bb,f5,02,d2,c8,a6,b2,6f,98,9b,7d,06,7d,fb,3c,e9,76,\
d6,e1,fe,2c,93,d8,c3,74,1f,c3,33,8b,9a,cc,ea,b9,2e,9a,af,85,22,8e,b4,b1,d0,\
58,b0,9d,bb,ab,72,38,14,90,fc,3d,6a,61,d6,cd,44,07,4a,66,7e,d8,75,36,ca,a8,\
13,0a,fb,b9,d7,66,18,a6,72,d6,bc,e0,b9,92,de,8a,7e,65,6e,61,d6,35,43,8a,58,\
06,6a,7a,57,28,e7,7b,09,bf,13,fe,a8,0d,7a,ed,f8,f3,32,61,77,d2,65,f6,a6,b4,\
98,d0,68,1e,50,46,6a,19,95,55,0b,fc,91,29,e7,b7,5f,28,de,ae,e8,eb,98,d7,b7,\
96,2d,1f,4f,f9,fe,9e,c1,6c,3f,7a,92,58,f9,cb,1c,43,16,c0,4b,18,20,f8,4f,a6,\
d1,75,c0,ee,6f,cd,b3,78,61,c5,a5,34,16,16,90,8f,df,4f,9c,78,dc,e2,fc,c9,ba,\
7e,ed,87,c1,38,5a,5f,dd,d0,09,ff,25,7a,d7,29,b7,0e,92,79,b7,e3,02,ae,7a,33,\
7b,38,22,8e,fe,57,e5,1e,22,78,46,05,07,a3,94,db,1a,29,bc,27,75,f7,1b,c9,24,\
db,ce,e4,8e,8a,ad,ab,4b,60,57,f3,49,90,64,61,a3,1c,21,31,c3,38,b0,96,56,62,\
94,97,64,9d,b3,da,da,c2,b5,21,fc,40,83,58,ae,2a,02,ec,ff,db,0e,05,ab,67,c0,\
33,7d,38,d1,33,45,28,f1,33
"??"=hex:a0,c2,87,2b,18,b0,fc,51,5b,0f,ab,1f,99,9e,66,f4
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*NULL*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Java\jre6\bin\jqs.exe
d:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\PSIService.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-01-02 19:09:40 - La machine a redémarré [PC Famille]
ComboFix-quarantined-files.txt 2009-01-02 18:09:38
Avant-CF: 1,515,565,056 octets libres
Après-CF: 1,473,904,640 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /usepmtimer /NoExecute=OptOut
279 --- E O F --- 2008-12-18 21:23:58
Re,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumBloqueur de fenêtres intempestives
- ForumStopper les fenêtres intempestives
- ForumFenêtres intempestives google chrome
- ForumFenêtres intempestives firefox 5
- ForumComment bloquer les fenêtres intempestives
- ForumComment supprimer les fenêtres intempestives
- solutionsComment empêcher les fenêtres intempestives
- ForumProgramme de blocage de fenêtres intempestives installé
- ForumFenêtres intempestives firefox
- ForumFenêtres intempestives pop up
- Voir plus
