Infection "dekylilabv.exe"
snakouze
Messages postés
33
Statut
Membre
-
ep44 Messages postés 7432 Statut Contributeur -
ep44 Messages postés 7432 Statut Contributeur -
Bonjour,
Voici mon souci! j'ai depuis cette après-midi une application qui veut se connecter à internet, mais je la bloque avec avgfree puisque je pense que cela est un virus ou autre.
Voici le nom de l'application quie tente cette connection:
dekylilabv.exe
Quand je le supprime dans mes processus actif, il se relance automatiquement.
Je ne me souvient pas l'avoir vu dans mes processus actif au paravant.
Comment faire pour enlever cette infection?
Merci d'avance.
Voici mon souci! j'ai depuis cette après-midi une application qui veut se connecter à internet, mais je la bloque avec avgfree puisque je pense que cela est un virus ou autre.
Voici le nom de l'application quie tente cette connection:
dekylilabv.exe
Quand je le supprime dans mes processus actif, il se relance automatiquement.
Je ne me souvient pas l'avoir vu dans mes processus actif au paravant.
Comment faire pour enlever cette infection?
Merci d'avance.
A voir également:
- Infection "dekylilabv.exe"
- Infection FileRepMetagen - Forum Virus
- Infection WonderShare ✓ - Forum Virus
- Infection winrmsrv ✓ - Forum Virus
- Infection fahcore_a8 ✓ - Forum Virus
- Infection par 007guard ✓ - Forum Virus
5 réponses
Bonjour,
pour commencer :
* Télécharge Random's System Information Tool (RSIT) de Random / Random et sauvegarde-le sur ton Bureau,
http://images.malwareremoval.com/random/RSIT.exe
* Double-clique sur RSIT.exe pour lancer le programme,
* Clique sur continuer sur l'écran Disclaimer,
* Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
* Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
pour commencer :
* Télécharge Random's System Information Tool (RSIT) de Random / Random et sauvegarde-le sur ton Bureau,
http://images.malwareremoval.com/random/RSIT.exe
* Double-clique sur RSIT.exe pour lancer le programme,
* Clique sur continuer sur l'écran Disclaimer,
* Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
* Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
Merci pout ton aide.
Voici le rapport du premier fichier bloc note:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Hugolin at 2009-09-06 22:05:29
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 76 GB (76%) free of 100 GB
Total RAM: 2047 MB (53% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:05:36, on 06/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Mumble\mumble.exe
C:\WINDOWS\TEMP\dekylilabv.exe
C:\Program Files\Xfire\Xfire.exe
C:\DOCUME~1\Hugolin\LOCALS~1\Temp\Rar$EX00.641\pbsetup.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\TEMP\dekylilabv.exe
C:\Documents and Settings\Hugolin\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\Hugolin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [SpybotDeletingA3704] command.com /c del "C:\WINDOWS\system32\drivers\kbiwkmubocroaa.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4033] cmd.exe /c del "C:\WINDOWS\system32\drivers\kbiwkmubocroaa.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6431] command.com /c del "C:\WINDOWS\system32\kbiwkmioufgqdw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9768] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmioufgqdw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3843] command.com /c del "C:\WINDOWS\system32\kbiwkmruiggkfs.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC581] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmruiggkfs.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3025] command.com /c del "C:\WINDOWS\system32\kbiwkmbymspjuc.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7540] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmbymspjuc.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5754] command.com /c del "C:\WINDOWS\system32\kbiwkmbymspjuc.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4660] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmbymspjuc.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5923] command.com /c del "C:\WINDOWS\system32\kbiwkmqpdcbeie.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2736] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmqpdcbeie.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA610] command.com /c del "C:\WINDOWS\system32\kbiwkmqpdcbeie.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5536] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmqpdcbeie.dat"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB3812] command.com /c del "C:\WINDOWS\system32\drivers\kbiwkmubocroaa.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4013] cmd.exe /c del "C:\WINDOWS\system32\drivers\kbiwkmubocroaa.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7892] command.com /c del "C:\WINDOWS\system32\kbiwkmioufgqdw.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4999] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmioufgqdw.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5172] command.com /c del "C:\WINDOWS\system32\kbiwkmruiggkfs.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7632] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmruiggkfs.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2466] command.com /c del "C:\WINDOWS\system32\kbiwkmbymspjuc.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2638] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmbymspjuc.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB534] command.com /c del "C:\WINDOWS\system32\kbiwkmbymspjuc.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5579] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmbymspjuc.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8901] command.com /c del "C:\WINDOWS\system32\kbiwkmqpdcbeie.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD331] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmqpdcbeie.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9808] command.com /c del "C:\WINDOWS\system32\kbiwkmqpdcbeie.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD134] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmqpdcbeie.dat"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
Voici le rapport du premier fichier bloc note:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Hugolin at 2009-09-06 22:05:29
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 76 GB (76%) free of 100 GB
Total RAM: 2047 MB (53% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:05:36, on 06/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Mumble\mumble.exe
C:\WINDOWS\TEMP\dekylilabv.exe
C:\Program Files\Xfire\Xfire.exe
C:\DOCUME~1\Hugolin\LOCALS~1\Temp\Rar$EX00.641\pbsetup.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\TEMP\dekylilabv.exe
C:\Documents and Settings\Hugolin\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\Hugolin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [SpybotDeletingA3704] command.com /c del "C:\WINDOWS\system32\drivers\kbiwkmubocroaa.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4033] cmd.exe /c del "C:\WINDOWS\system32\drivers\kbiwkmubocroaa.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6431] command.com /c del "C:\WINDOWS\system32\kbiwkmioufgqdw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9768] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmioufgqdw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3843] command.com /c del "C:\WINDOWS\system32\kbiwkmruiggkfs.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC581] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmruiggkfs.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3025] command.com /c del "C:\WINDOWS\system32\kbiwkmbymspjuc.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7540] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmbymspjuc.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5754] command.com /c del "C:\WINDOWS\system32\kbiwkmbymspjuc.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4660] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmbymspjuc.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5923] command.com /c del "C:\WINDOWS\system32\kbiwkmqpdcbeie.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2736] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmqpdcbeie.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA610] command.com /c del "C:\WINDOWS\system32\kbiwkmqpdcbeie.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5536] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmqpdcbeie.dat"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB3812] command.com /c del "C:\WINDOWS\system32\drivers\kbiwkmubocroaa.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4013] cmd.exe /c del "C:\WINDOWS\system32\drivers\kbiwkmubocroaa.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7892] command.com /c del "C:\WINDOWS\system32\kbiwkmioufgqdw.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4999] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmioufgqdw.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5172] command.com /c del "C:\WINDOWS\system32\kbiwkmruiggkfs.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7632] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmruiggkfs.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2466] command.com /c del "C:\WINDOWS\system32\kbiwkmbymspjuc.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2638] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmbymspjuc.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB534] command.com /c del "C:\WINDOWS\system32\kbiwkmbymspjuc.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5579] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmbymspjuc.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8901] command.com /c del "C:\WINDOWS\system32\kbiwkmqpdcbeie.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD331] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmqpdcbeie.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9808] command.com /c del "C:\WINDOWS\system32\kbiwkmqpdcbeie.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD134] cmd.exe /c del "C:\WINDOWS\system32\kbiwkmqpdcbeie.dat"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
Ton Pc est très infectés
suit les instructions stp
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
suit les instructions stp
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Me revoila, donc voici le rapport fait avec combofix:
ComboFix 09-09-06.02 - Hugolin 06/09/2009 23:33.1.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.2047.1622 [GMT 2:00]
Running from: c:\documents and settings\Hugolin\Mes documents\Téléchargements\ComboFix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\windows\system32\drivers\kbiwkmubocroaa.sys
c:\windows\system32\kbiwkmbymspjuc.dat
c:\windows\system32\kbiwkmioufgqdw.dll
c:\windows\system32\kbiwkmqpdcbeie.dat
c:\windows\system32\kbiwkmruiggkfs.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_kbiwkmtenpkfoe
-------\Legacy_kbiwkmtenpkfoe
((((((((((((((((((((((((( Files Created from 2009-08-06 to 2009-09-06 )))))))))))))))))))))))))))))))
.
2009-09-06 20:05 . 2009-09-06 20:05 -------- d-----w- c:\program files\trend micro
2009-09-06 20:05 . 2009-09-06 20:05 -------- d-----w- C:\rsit
2009-09-03 20:35 . 2009-09-03 21:17 -------- d-----w- c:\program files\EasyPHP1-8
2009-09-02 20:20 . 2009-09-06 18:15 -------- d-----w- c:\documents and settings\Hugolin\Application Data\mIRC
2009-09-02 20:20 . 2009-09-06 18:10 -------- d-----w- c:\program files\mIRC
2009-08-31 19:38 . 2009-08-31 19:38 -------- d-----w- c:\program files\7-Zip
2009-08-31 19:13 . 2009-08-31 19:13 -------- d-----w- c:\documents and settings\Hugolin\Application Data\Apple Computer
2009-08-31 19:11 . 2009-08-31 19:11 -------- d-----w- c:\program files\QuickTime
2009-08-31 19:11 . 2009-08-31 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-31 19:11 . 2009-08-31 19:11 -------- d-----w- c:\documents and settings\Hugolin\Local Settings\Application Data\Apple
2009-08-31 19:11 . 2009-08-31 19:11 -------- d-----w- c:\program files\Apple Software Update
2009-08-31 19:11 . 2009-08-31 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-31 19:11 . 2009-08-31 19:11 -------- d-----w- c:\documents and settings\Hugolin\Local Settings\Application Data\Apple Computer
2009-08-30 00:11 . 2009-08-30 00:11 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-30 00:11 . 2009-08-30 00:11 -------- d-----w- c:\program files\MSBuild
2009-08-30 00:11 . 2009-08-30 00:11 -------- d-----w- c:\program files\Reference Assemblies
2009-08-30 00:11 . 2009-08-30 00:11 -------- d-----w- C:\00e1d4881e1600ca92
2009-08-30 00:11 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-30 00:11 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-30 00:11 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-30 00:11 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-30 00:11 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-30 00:11 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-30 00:11 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-30 00:09 . 2009-08-30 00:09 -------- d-----w- c:\program files\MSXML 6.0
2009-08-29 21:58 . 2009-09-06 19:03 -------- d-----w- c:\documents and settings\Hugolin\Application Data\dvdcss
2009-08-29 21:58 . 2009-09-06 20:59 -------- d-----w- c:\documents and settings\Hugolin\Application Data\vlc
2009-08-29 21:45 . 2009-08-29 21:45 -------- d-----w- c:\program files\VideoLAN
2009-08-29 11:30 . 2009-08-29 12:04 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-08-27 22:13 . 2009-08-27 22:13 -------- d-----w- c:\windows\Sun
2009-08-27 21:45 . 2009-08-27 21:45 -------- d-----w- c:\documents and settings\Hugolin\Application Data\teamspeak2
2009-08-27 21:44 . 2009-08-27 21:45 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-08-27 21:43 . 2009-08-27 21:43 -------- d-----w- c:\documents and settings\Hugolin\Application Data\Search Settings
2009-08-27 21:43 . 2009-08-27 21:43 -------- d-----w- c:\documents and settings\Hugolin\Application Data\pdfforge
2009-08-27 21:17 . 2009-09-06 21:36 -------- d-----w- c:\program files\pdfforge Toolbar
2009-08-27 21:16 . 2009-08-27 21:16 130 ----a-w- c:\documents and settings\Hugolin\Local Settings\Application Data\fusioncache.dat
2009-08-27 21:16 . 2009-08-27 21:16 -------- d-----w- c:\documents and settings\Hugolin\Local Settings\Application Data\ApplicationHistory
2009-08-27 21:16 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2009-08-27 21:16 . 1998-07-13 00:08 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2009-08-27 21:16 . 1998-07-13 00:08 59904 ----a-w- c:\windows\system32\MSCC2FR.DLL
2009-08-27 21:16 . 1998-07-13 00:08 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2009-08-27 21:16 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2009-08-27 21:16 . 2009-08-27 21:16 -------- d-----w- c:\program files\PDFCreator
2009-08-27 20:48 . 2009-08-27 20:48 -------- d-----w- c:\documents and settings\Hugolin\Application Data\Screaming Bee
2009-08-27 20:48 . 2009-08-27 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Screaming Bee
2009-08-27 20:48 . 2009-08-27 20:48 -------- d-----w- c:\program files\Screaming Bee
2009-08-26 22:30 . 2009-08-26 22:30 -------- d-----w- c:\windows\ServicePackFiles
2009-08-26 17:27 . 2008-06-14 17:59 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-08-26 17:27 . 2008-06-14 17:59 272768 ------w- c:\windows\system32\drivers\bthport.sys
2009-08-26 17:27 . 2009-02-09 11:50 2017792 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-26 17:27 . 2009-02-09 11:50 2059776 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-08-26 17:27 . 2009-02-09 11:50 2182528 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-26 17:27 . 2009-02-09 11:50 2138112 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-26 17:25 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-08-25 19:25 . 2009-08-25 19:25 -------- d-----w- c:\program files\Fichiers communs\L&H
2009-08-25 19:25 . 2009-08-25 19:25 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-08-25 19:04 . 2009-08-25 19:04 -------- d-----w- c:\program files\Microsoft Works
2009-08-25 19:04 . 2009-08-25 19:04 -------- d-----w- c:\program files\Microsoft.NET
2009-08-25 19:02 . 2009-08-25 19:04 -------- d-----w- c:\windows\SHELLNEW
2009-08-25 19:02 . 2009-08-25 19:02 -------- d-----w- c:\documents and settings\Hugolin\Local Settings\Application Data\Microsoft Help
2009-08-25 19:02 . 2009-08-26 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-25 19:02 . 2009-08-25 19:02 -------- d--h--r- C:\MSOCache
2009-08-25 18:58 . 2009-08-25 18:58 -------- d-s---w- c:\documents and settings\Hugolin\UserData
2009-08-25 18:49 . 2009-08-25 18:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\Xfire
2009-08-25 18:45 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-08-25 18:45 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-08-24 22:40 . 2009-08-24 22:40 -------- d-----w- c:\program files\Sunbelt Software
2009-08-24 22:39 . 2009-08-24 22:39 -------- d-----w- c:\documents and settings\Hugolin\Application Data\Malwarebytes
2009-08-24 22:39 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-24 22:39 . 2009-08-24 22:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-24 22:39 . 2009-08-24 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-24 22:39 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-24 22:38 . 2009-08-24 22:38 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-24 22:35 . 2004-08-03 21:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-06 19:50 . 2009-08-24 20:25 189104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-06 19:22 . 2009-08-24 20:25 139584 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-06 19:22 . 2009-08-24 19:56 -------- d-----w- c:\documents and settings\Hugolin\Application Data\Xfire
2009-09-06 17:54 . 2009-08-24 19:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-06 17:48 . 2009-08-24 20:10 -------- d-----w- c:\program files\Activision
2009-09-06 13:29 . 2009-08-24 20:03 -------- d-----w- c:\documents and settings\Hugolin\Application Data\Mumble
2009-09-02 18:18 . 2009-08-24 19:56 -------- d-----w- c:\program files\Xfire
2009-09-02 15:51 . 2009-08-24 20:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-01 18:45 . 2004-08-05 12:00 84766 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-01 18:45 . 2004-08-05 12:00 510742 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-30 13:38 . 2009-08-24 20:38 68072 ----a-w- c:\documents and settings\Hugolin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-27 22:35 . 2009-08-27 22:32 -------- d-----w- c:\documents and settings\Hugolin\Application Data\Winamp
2009-08-27 22:34 . 2009-08-27 22:32 -------- d-----w- c:\program files\Winamp
2009-08-27 18:20 . 2009-08-24 20:45 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-25 19:20 . 2009-08-24 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-08-25 18:47 . 2009-08-24 19:55 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-25 18:47 . 2009-08-24 19:55 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-25 18:47 . 2009-08-24 19:55 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-24 21:37 . 2009-08-24 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-24 20:57 . 2009-08-24 20:57 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-08-24 20:47 . 2009-08-24 20:25 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-08-24 20:45 . 2009-08-24 20:44 -------- d-----w- c:\program files\Windows Live
2009-08-24 20:45 . 2009-08-24 20:45 -------- d-----w- c:\program files\Microsoft
2009-08-24 20:45 . 2009-08-24 20:45 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-24 20:38 . 2009-08-24 20:38 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-08-24 20:25 . 2009-08-24 20:25 22328 ----a-w- c:\documents and settings\Hugolin\Application Data\PnkBstrK.sys
2009-08-24 20:03 . 2009-08-24 20:02 -------- d-----w- c:\program files\Mumble
2009-08-24 19:57 . 2009-08-24 19:57 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2009-08-24 19:56 . 2009-08-24 19:56 336 ----a-w- c:\windows\system32\d3d8caps.dat
2009-08-24 19:55 . 2009-08-24 19:55 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-08-24 19:55 . 2009-08-24 19:55 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-24 19:54 . 2009-08-24 19:54 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-08-24 19:54 . 2009-08-24 19:54 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-08-24 19:54 . 2009-08-24 19:54 -------- d-----w- c:\program files\AVG
2009-08-24 19:54 . 2009-08-24 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-24 19:54 . 2009-08-24 19:54 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-24 19:54 . 2009-08-24 19:54 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-08-24 19:51 . 2009-08-24 19:51 0 ----a-w- c:\windows\nsreg.dat
2009-08-24 19:47 . 2009-08-24 19:47 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-08-24 19:46 . 2009-08-24 19:46 -------- d-----w- c:\program files\ASUS WiFi-AP Solo
2009-08-24 19:46 . 2009-08-24 19:39 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-08-24 19:43 . 2009-08-24 19:43 -------- d-----w- c:\program files\Marvell
2009-08-24 19:39 . 2009-08-24 19:39 -------- d-----w- c:\program files\Analog Devices
2009-08-24 19:32 . 2009-08-24 19:32 -------- d-----w- c:\program files\Intel
2009-08-24 19:24 . 2009-08-24 19:24 -------- d-----w- c:\program files\microsoft frontpage
2009-08-24 19:24 . 2009-08-24 19:24 -------- d-----w- c:\program files\Java
2009-08-24 19:24 . 2009-08-24 19:24 -------- d-----w- c:\program files\Fichiers communs\Java
2009-08-24 19:21 . 2009-08-24 19:21 -------- d-----w- c:\program files\Services en ligne
2009-08-24 19:19 . 2009-08-24 19:19 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-13 19:54 . 2009-08-13 19:54 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-08-05 09:06 . 2004-08-05 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2004-08-05 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2004-08-05 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 18:56 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 00:18 . 2004-08-05 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-26 16:18 . 2004-09-29 18:49 663552 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:18 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 08:44 . 2004-10-28 01:23 731136 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2004-08-05 12:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2004-08-05 12:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2004-08-05 12:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2004-08-05 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:44 . 2004-08-05 12:00 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-22 11:34 . 2004-08-05 12:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-15 11:33 . 2004-08-05 12:00 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:23 . 2004-08-05 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:30 . 2004-08-05 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 07:56 1062144 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-07-31 00:00 698880 ----a-w- c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll" [2009-07-31 698880]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingD4013"="del" [X]
"SpybotDeletingD4999"="del" [X]
"SpybotDeletingD7632"="del" [X]
"SpybotDeletingD2638"="del" [X]
"SpybotDeletingD5579"="del" [X]
"SpybotDeletingD331"="del" [X]
"SpybotDeletingD134"="del" [X]
"SpybotDeletingB3812"="command.com" - c:\windows\system32\command.com [2004-08-05 52103]
"SpybotDeletingB7892"="command.com" - c:\windows\system32\command.com [2004-08-05 52103]
"SpybotDeletingB5172"="command.com" - c:\windows\system32\command.com [2004-08-05 52103]
"SpybotDeletingB2466"="command.com" - c:\windows\system32\command.com [2004-08-05 52103]
"SpybotDeletingB534"="command.com" - c:\windows\system32\command.com [2004-08-05 52103]
"SpybotDeletingB8901"="command.com" - c:\windows\system32\command.com [2004-08-05 52103]
"SpybotDeletingB9808"="command.com" - c:\windows\system32\command.com [2004-08-05 52103]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0\bin\jusched.exe" [2009-08-24 36972]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-25 2007832]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-05 160768]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-25 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2009-8-24 987136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-25 18:47 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [24/08/2009 21:55 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [24/08/2009 21:55 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [24/08/2009 21:55 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [24/08/2009 21:55 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [24/08/2009 21:55 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [24/08/2009 21:55 1370488]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [24/08/2009 21:54 29208]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [24/08/2009 21:46 176128]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [27/03/2009 14:23 23064]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [24/08/2009 21:54 29208]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [24/08/2009 21:46 13532]
.
.
------- Supplementary Scan -------
.
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Hugolin\Application Data\Mozilla\Firefox\Profiles\ae8ngvxr.default\
FF - prefs.js: keyword.URL - hxxp://fr.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_fr&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-06 23:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-09-06 23:37
ComboFix-quarantined-files.txt 2009-09-06 21:37
Pre-Run: 79 078 588 416 octets libres
Post-Run: 79 072 133 120 octets libres
283 --- E O F --- 2009-09-01 22:46
ComboFix 09-09-06.02 - Hugolin 06/09/2009 23:33.1.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.2047.1622 [GMT 2:00]
Running from: c:\documents and settings\Hugolin\Mes documents\Téléchargements\ComboFix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\windows\system32\drivers\kbiwkmubocroaa.sys
c:\windows\system32\kbiwkmbymspjuc.dat
c:\windows\system32\kbiwkmioufgqdw.dll
c:\windows\system32\kbiwkmqpdcbeie.dat
c:\windows\system32\kbiwkmruiggkfs.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_kbiwkmtenpkfoe
-------\Legacy_kbiwkmtenpkfoe
((((((((((((((((((((((((( Files Created from 2009-08-06 to 2009-09-06 )))))))))))))))))))))))))))))))
.
2009-09-06 20:05 . 2009-09-06 20:05 -------- d-----w- c:\program files\trend micro
2009-09-06 20:05 . 2009-09-06 20:05 -------- d-----w- C:\rsit
2009-09-03 20:35 . 2009-09-03 21:17 -------- d-----w- c:\program files\EasyPHP1-8
2009-09-02 20:20 . 2009-09-06 18:15 -------- d-----w- c:\documents and settings\Hugolin\Application Data\mIRC
2009-09-02 20:20 . 2009-09-06 18:10 -------- d-----w- c:\program files\mIRC
2009-08-31 19:38 . 2009-08-31 19:38 -------- d-----w- c:\program files\7-Zip
2009-08-31 19:13 . 2009-08-31 19:13 -------- d-----w- c:\documents and settings\Hugolin\Application Data\Apple Computer
2009-08-31 19:11 . 2009-08-31 19:11 -------- d-----w- c:\program files\QuickTime
2009-08-31 19:11 . 2009-08-31 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-31 19:11 . 2009-08-31 19:11 -------- d-----w- c:\documents and settings\Hugolin\Local Settings\Application Data\Apple
2009-08-31 19:11 . 2009-08-31 19:11 -------- d-----w- c:\program files\Apple Software Update
2009-08-31 19:11 . 2009-08-31 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-31 19:11 . 2009-08-31 19:11 -------- d-----w- c:\documents and settings\Hugolin\Local Settings\Application Data\Apple Computer
2009-08-30 00:11 . 2009-08-30 00:11 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-30 00:11 . 2009-08-30 00:11 -------- d-----w- c:\program files\MSBuild
2009-08-30 00:11 . 2009-08-30 00:11 -------- d-----w- c:\program files\Reference Assemblies
2009-08-30 00:11 . 2009-08-30 00:11 -------- d-----w- C:\00e1d4881e1600ca92
2009-08-30 00:11 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-30 00:11 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-30 00:11 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-30 00:11 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-30 00:11 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-30 00:11 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-30 00:11 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-30 00:09 . 2009-08-30 00:09 -------- d-----w- c:\program files\MSXML 6.0
2009-08-29 21:58 . 2009-09-06 19:03 -------- d-----w- c:\documents and settings\Hugolin\Application Data\dvdcss
2009-08-29 21:58 . 2009-09-06 20:59 -------- d-----w- c:\documents and settings\Hugolin\Application Data\vlc
2009-08-29 21:45 . 2009-08-29 21:45 -------- d-----w- c:\program files\VideoLAN
2009-08-29 11:30 . 2009-08-29 12:04 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-08-27 22:13 . 2009-08-27 22:13 -------- d-----w- c:\windows\Sun
2009-08-27 21:45 . 2009-08-27 21:45 -------- d-----w- c:\documents and settings\Hugolin\Application Data\teamspeak2
2009-08-27 21:44 . 2009-08-27 21:45 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-08-27 21:43 . 2009-08-27 21:43 -------- d-----w- c:\documents and settings\Hugolin\Application Data\Search Settings
2009-08-27 21:43 . 2009-08-27 21:43 -------- d-----w- c:\documents and settings\Hugolin\Application Data\pdfforge
2009-08-27 21:17 . 2009-09-06 21:36 -------- d-----w- c:\program files\pdfforge Toolbar
2009-08-27 21:16 . 2009-08-27 21:16 130 ----a-w- c:\documents and settings\Hugolin\Local Settings\Application Data\fusioncache.dat
2009-08-27 21:16 . 2009-08-27 21:16 -------- d-----w- c:\documents and settings\Hugolin\Local Settings\Application Data\ApplicationHistory
2009-08-27 21:16 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2009-08-27 21:16 . 1998-07-13 00:08 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2009-08-27 21:16 . 1998-07-13 00:08 59904 ----a-w- c:\windows\system32\MSCC2FR.DLL
2009-08-27 21:16 . 1998-07-13 00:08 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2009-08-27 21:16 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2009-08-27 21:16 . 2009-08-27 21:16 -------- d-----w- c:\program files\PDFCreator
2009-08-27 20:48 . 2009-08-27 20:48 -------- d-----w- c:\documents and settings\Hugolin\Application Data\Screaming Bee
2009-08-27 20:48 . 2009-08-27 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Screaming Bee
2009-08-27 20:48 . 2009-08-27 20:48 -------- d-----w- c:\program files\Screaming Bee
2009-08-26 22:30 . 2009-08-26 22:30 -------- d-----w- c:\windows\ServicePackFiles
2009-08-26 17:27 . 2008-06-14 17:59 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-08-26 17:27 . 2008-06-14 17:59 272768 ------w- c:\windows\system32\drivers\bthport.sys
2009-08-26 17:27 . 2009-02-09 11:50 2017792 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-26 17:27 . 2009-02-09 11:50 2059776 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-08-26 17:27 . 2009-02-09 11:50 2182528 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-26 17:27 . 2009-02-09 11:50 2138112 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-26 17:25 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-08-25 19:25 . 2009-08-25 19:25 -------- d-----w- c:\program files\Fichiers communs\L&H
2009-08-25 19:25 . 2009-08-25 19:25 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-08-25 19:04 . 2009-08-25 19:04 -------- d-----w- c:\program files\Microsoft Works
2009-08-25 19:04 . 2009-08-25 19:04 -------- d-----w- c:\program files\Microsoft.NET
2009-08-25 19:02 . 2009-08-25 19:04 -------- d-----w- c:\windows\SHELLNEW
2009-08-25 19:02 . 2009-08-25 19:02 -------- d-----w- c:\documents and settings\Hugolin\Local Settings\Application Data\Microsoft Help
2009-08-25 19:02 . 2009-08-26 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-25 19:02 . 2009-08-25 19:02 -------- d--h--r- C:\MSOCache
2009-08-25 18:58 . 2009-08-25 18:58 -------- d-s---w- c:\documents and settings\Hugolin\UserData
2009-08-25 18:49 . 2009-08-25 18:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\Xfire
2009-08-25 18:45 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-08-25 18:45 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-08-24 22:40 . 2009-08-24 22:40 -------- d-----w- c:\program files\Sunbelt Software
2009-08-24 22:39 . 2009-08-24 22:39 -------- d-----w- c:\documents and settings\Hugolin\Application Data\Malwarebytes
2009-08-24 22:39 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-24 22:39 . 2009-08-24 22:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-24 22:39 . 2009-08-24 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-24 22:39 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-24 22:38 . 2009-08-24 22:38 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-24 22:35 . 2004-08-03 21:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-06 19:50 . 2009-08-24 20:25 189104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-06 19:22 . 2009-08-24 20:25 139584 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-06 19:22 . 2009-08-24 19:56 -------- d-----w- c:\documents and settings\Hugolin\Application Data\Xfire
2009-09-06 17:54 . 2009-08-24 19:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-06 17:48 . 2009-08-24 20:10 -------- d-----w- c:\program files\Activision
2009-09-06 13:29 . 2009-08-24 20:03 -------- d-----w- c:\documents and settings\Hugolin\Application Data\Mumble
2009-09-02 18:18 . 2009-08-24 19:56 -------- d-----w- c:\program files\Xfire
2009-09-02 15:51 . 2009-08-24 20:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-01 18:45 . 2004-08-05 12:00 84766 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-01 18:45 . 2004-08-05 12:00 510742 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-30 13:38 . 2009-08-24 20:38 68072 ----a-w- c:\documents and settings\Hugolin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-27 22:35 . 2009-08-27 22:32 -------- d-----w- c:\documents and settings\Hugolin\Application Data\Winamp
2009-08-27 22:34 . 2009-08-27 22:32 -------- d-----w- c:\program files\Winamp
2009-08-27 18:20 . 2009-08-24 20:45 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-25 19:20 . 2009-08-24 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-08-25 18:47 . 2009-08-24 19:55 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-25 18:47 . 2009-08-24 19:55 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-25 18:47 . 2009-08-24 19:55 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-24 21:37 . 2009-08-24 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-24 20:57 . 2009-08-24 20:57 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-08-24 20:47 . 2009-08-24 20:25 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-08-24 20:45 . 2009-08-24 20:44 -------- d-----w- c:\program files\Windows Live
2009-08-24 20:45 . 2009-08-24 20:45 -------- d-----w- c:\program files\Microsoft
2009-08-24 20:45 . 2009-08-24 20:45 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-24 20:38 . 2009-08-24 20:38 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-08-24 20:25 . 2009-08-24 20:25 22328 ----a-w- c:\documents and settings\Hugolin\Application Data\PnkBstrK.sys
2009-08-24 20:03 . 2009-08-24 20:02 -------- d-----w- c:\program files\Mumble
2009-08-24 19:57 . 2009-08-24 19:57 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2009-08-24 19:56 . 2009-08-24 19:56 336 ----a-w- c:\windows\system32\d3d8caps.dat
2009-08-24 19:55 . 2009-08-24 19:55 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-08-24 19:55 . 2009-08-24 19:55 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-24 19:54 . 2009-08-24 19:54 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-08-24 19:54 . 2009-08-24 19:54 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-08-24 19:54 . 2009-08-24 19:54 -------- d-----w- c:\program files\AVG
2009-08-24 19:54 . 2009-08-24 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-24 19:54 . 2009-08-24 19:54 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-24 19:54 . 2009-08-24 19:54 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-08-24 19:51 . 2009-08-24 19:51 0 ----a-w- c:\windows\nsreg.dat
2009-08-24 19:47 . 2009-08-24 19:47 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-08-24 19:46 . 2009-08-24 19:46 -------- d-----w- c:\program files\ASUS WiFi-AP Solo
2009-08-24 19:46 . 2009-08-24 19:39 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-08-24 19:43 . 2009-08-24 19:43 -------- d-----w- c:\program files\Marvell
2009-08-24 19:39 . 2009-08-24 19:39 -------- d-----w- c:\program files\Analog Devices
2009-08-24 19:32 . 2009-08-24 19:32 -------- d-----w- c:\program files\Intel
2009-08-24 19:24 . 2009-08-24 19:24 -------- d-----w- c:\program files\microsoft frontpage
2009-08-24 19:24 . 2009-08-24 19:24 -------- d-----w- c:\program files\Java
2009-08-24 19:24 . 2009-08-24 19:24 -------- d-----w- c:\program files\Fichiers communs\Java
2009-08-24 19:21 . 2009-08-24 19:21 -------- d-----w- c:\program files\Services en ligne
2009-08-24 19:19 . 2009-08-24 19:19 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-13 19:54 . 2009-08-13 19:54 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-08-05 09:06 . 2004-08-05 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2004-08-05 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2004-08-05 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 18:56 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 00:18 . 2004-08-05 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-26 16:18 . 2004-09-29 18:49 663552 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:18 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 08:44 . 2004-10-28 01:23 731136 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2004-08-05 12:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2004-08-05 12:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2004-08-05 12:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2004-08-05 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:44 . 2004-08-05 12:00 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-22 11:34 . 2004-08-05 12:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-15 11:33 . 2004-08-05 12:00 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:23 . 2004-08-05 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:30 . 2004-08-05 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 07:56 1062144 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-07-31 00:00 698880 ----a-w- c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll" [2009-07-31 698880]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingD4013"="del" [X]
"SpybotDeletingD4999"="del" [X]
"SpybotDeletingD7632"="del" [X]
"SpybotDeletingD2638"="del" [X]
"SpybotDeletingD5579"="del" [X]
"SpybotDeletingD331"="del" [X]
"SpybotDeletingD134"="del" [X]
"SpybotDeletingB3812"="command.com" - c:\windows\system32\command.com [2004-08-05 52103]
"SpybotDeletingB7892"="command.com" - c:\windows\system32\command.com [2004-08-05 52103]
"SpybotDeletingB5172"="command.com" - c:\windows\system32\command.com [2004-08-05 52103]
"SpybotDeletingB2466"="command.com" - c:\windows\system32\command.com [2004-08-05 52103]
"SpybotDeletingB534"="command.com" - c:\windows\system32\command.com [2004-08-05 52103]
"SpybotDeletingB8901"="command.com" - c:\windows\system32\command.com [2004-08-05 52103]
"SpybotDeletingB9808"="command.com" - c:\windows\system32\command.com [2004-08-05 52103]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0\bin\jusched.exe" [2009-08-24 36972]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-25 2007832]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-05 160768]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-25 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2009-8-24 987136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-25 18:47 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [24/08/2009 21:55 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [24/08/2009 21:55 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [24/08/2009 21:55 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [24/08/2009 21:55 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [24/08/2009 21:55 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [24/08/2009 21:55 1370488]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [24/08/2009 21:54 29208]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [24/08/2009 21:46 176128]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [27/03/2009 14:23 23064]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [24/08/2009 21:54 29208]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [24/08/2009 21:46 13532]
.
.
------- Supplementary Scan -------
.
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Hugolin\Application Data\Mozilla\Firefox\Profiles\ae8ngvxr.default\
FF - prefs.js: keyword.URL - hxxp://fr.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_fr&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-06 23:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-09-06 23:37
ComboFix-quarantined-files.txt 2009-09-06 21:37
Pre-Run: 79 078 588 416 octets libres
Post-Run: 79 072 133 120 octets libres
283 --- E O F --- 2009-09-01 22:46
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonjour
selectionne ceci
KillAl::
Folder::
c:\documents and settings\Hugolin\Application Data\Search Settings
Copie le texte sélectionné
Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
Veille à ce que Retour à la ligne ne soit pas coché dans Format.
Colle le texte copié dans ce bloc-notes
Sauvegarde ce fichier sous le nom de CFScript.tx
Fais un glisser/déposer de ce fichier CFScript sur le fichier
ComboFix.exe[ comme ceci
http://apu.mabul.org/up/apu/2008/08/12/img-191202xzrpd.gif
Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.
ensuite
Télécharge :arrow: CCleaner
Installe le (attention à l'installation pense à decocher l'installation de Yahoo toolbar discrètement proposé en plus de CCleaner). Lance le en double cliquant sur CCleaner.exe
* Aide toi de ce tuto pour l'utiliser
Et pour finir
Télécharge :arrow: malwarebytes
Une aide pour l'installation :arrow: ici
* Installe le
* Lance malwarebytes
* Coche "Exécuter un examen complet"
* Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
* Clique sur Supprimer la sélection
* Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
* Fait copier coller et poste le rapport
@+
selectionne ceci
KillAl::
Folder::
c:\documents and settings\Hugolin\Application Data\Search Settings
Copie le texte sélectionné
Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
Veille à ce que Retour à la ligne ne soit pas coché dans Format.
Colle le texte copié dans ce bloc-notes
Sauvegarde ce fichier sous le nom de CFScript.tx
Fais un glisser/déposer de ce fichier CFScript sur le fichier
ComboFix.exe[ comme ceci
http://apu.mabul.org/up/apu/2008/08/12/img-191202xzrpd.gif
Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.
ensuite
Télécharge :arrow: CCleaner
Installe le (attention à l'installation pense à decocher l'installation de Yahoo toolbar discrètement proposé en plus de CCleaner). Lance le en double cliquant sur CCleaner.exe
* Aide toi de ce tuto pour l'utiliser
Et pour finir
Télécharge :arrow: malwarebytes
Une aide pour l'installation :arrow: ici
* Installe le
* Lance malwarebytes
* Coche "Exécuter un examen complet"
* Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
* Clique sur Supprimer la sélection
* Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
* Fait copier coller et poste le rapport
@+
