Infection Conficker
ludwig
-
jfkpresident Messages postés 13877 Statut Contributeur sécurité -
jfkpresident Messages postés 13877 Statut Contributeur sécurité -
Bonjour,
je pense être infecte avec Conficker A ou B, je n ai pas accès a Windows update ni aux sites des principaux antivirus. Je n étais plus connecte au net depuis avril 2009, et j ai réinstallé Windows il y a 3 mois, donc je voulais faire les MAJ dans la mesure ou je viens de réactiver ma connexion, mais a priori il n y a pas moyen...
J ai fait plusieurs tentatives de scan en ligne ou d antivirus gratuits, mais sans resultat.
J ai lance Combofix mais le probleme subsiste...
Voila le rapport, merci de m aider a resoudre ce probleme :
ComboFix 10-01-30.05 - Ludwig 31/01/2010 4:10.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2558.2027 [GMT -6:00]
Lancé depuis: c:\documents and settings\Ludwig\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\system32\twain_32.dll
c:\windows\system32\VB6KO.DLL
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-28 au 2010-01-31 ))))))))))))))))))))))))))))))))))))
.
2010-01-31 09:27 . 2010-01-31 09:27 -------- d-----w- c:\documents and settings\Ludwig\Application Data\.clamwin
2010-01-31 09:27 . 2010-01-31 09:27 -------- d-----w- c:\program files\ClamWin
2010-01-31 09:27 . 2010-01-31 09:27 -------- d-----w- c:\documents and settings\All Users\.clamwin
2010-01-31 09:16 . 2010-01-31 09:16 -------- d-----w- c:\windows\avxoscan
2010-01-31 09:14 . 2010-01-31 09:14 -------- d-----w- c:\windows\system32\Kaspersky Lab
2010-01-31 09:10 . 2010-01-31 09:10 -------- d-----w- c:\windows\BDOSCAN8
2010-01-31 07:38 . 2010-01-31 07:38 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-31 07:38 . 2010-01-31 07:38 -------- d-----w- c:\documents and settings\Ludwig\Application Data\skypePM
2010-01-31 07:30 . 2010-01-31 09:55 -------- d-----w- c:\documents and settings\Ludwig\Application Data\Skype
2010-01-31 07:29 . 2010-01-31 07:29 -------- d-----w- c:\program files\Fichiers communs\Skype
2010-01-31 07:29 . 2010-01-31 07:30 -------- d-----r- c:\program files\Skype
2010-01-31 07:29 . 2010-01-31 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-31 06:05 . 2010-01-31 06:05 -------- d-----w- c:\program files\Billionaire
2010-01-31 06:02 . 2008-04-13 17:33 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-01-31 06:01 . 2010-01-31 06:01 1924744 ----a-w- c:\documents and settings\Ludwig\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2010-01-31 05:56 . 2010-01-31 05:56 -------- d-----w- c:\program files\eMule
2010-01-30 23:53 . 2010-01-30 23:53 -------- d-----w- c:\documents and settings\Ludwig\Local Settings\Application Data\Identities
2010-01-30 23:44 . 2010-01-30 23:44 -------- d-----w- c:\documents and settings\Ludwig\Application Data\Uniblue
2010-01-30 23:44 . 2010-01-30 23:44 -------- d-----w- c:\program files\Uniblue
2010-01-30 23:34 . 2010-01-30 23:34 -------- d-----w- c:\documents and settings\Ludwig\Tracing
2010-01-30 22:52 . 2010-01-30 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-30 22:52 . 2010-01-30 22:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-30 22:44 . 2010-01-30 23:22 86576 ----a-w- c:\documents and settings\Ludwig\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2010-01-30 22:44 . 2010-01-30 23:22 392728 ----a-w- c:\documents and settings\Ludwig\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll
2010-01-30 22:44 . 2010-01-30 23:22 132672 ----a-w- c:\documents and settings\Ludwig\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
2010-01-30 22:44 . 2010-01-30 22:44 135680 ----a-w- c:\documents and settings\Ludwig\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
2010-01-30 20:31 . 2010-01-30 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Video Strip Poker Supreme
2010-01-30 19:56 . 2010-01-30 19:56 -------- d-----w- c:\windows\system32\Adobe
2010-01-30 18:30 . 2010-01-30 18:30 0 ----a-w- c:\windows\nsreg.dat
2010-01-30 18:30 . 2010-01-30 18:30 -------- d-----w- c:\documents and settings\Ludwig\Local Settings\Application Data\Mozilla
2010-01-24 19:20 . 2010-01-31 08:05 -------- d-----w- c:\documents and settings\Ludwig\Application Data\Winamp
2010-01-24 19:20 . 2010-01-24 19:21 -------- d-----w- c:\program files\Winamp
2010-01-20 14:19 . 2010-01-20 14:19 4096 ----a-w- c:\windows\d3dx.dat
2010-01-20 14:19 . 2010-01-20 14:19 -------- d-----w- c:\program files\Democracy2 Demo
2010-01-20 13:02 . 1998-06-16 22:00 516173 ----a-w- c:\windows\system32\MSVCP60D.DLL
2010-01-20 13:02 . 2000-10-01 18:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-01-20 13:02 . 1998-07-12 22:00 21504 ----a-w- c:\windows\system32\TABCTFR.DLL
2010-01-20 13:02 . 1998-07-12 22:00 15360 ----a-w- c:\windows\system32\inetfr.DLL
2010-01-20 13:02 . 2010-01-20 13:02 -------- d-----w- c:\program files\Free Audio Pack
2010-01-20 13:02 . 2000-11-29 01:07 307200 ----a-w- c:\windows\system32\msvcr70.dll
2010-01-20 13:02 . 1998-07-12 22:00 59904 ----a-w- c:\windows\system32\Mscc2fr.dll
2010-01-20 13:02 . 1998-07-12 22:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-01-20 13:02 . 1998-07-12 18:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-01-19 20:53 . 2010-01-19 20:53 -------- d-----w- C:\rebel
2010-01-13 20:59 . 2010-01-13 20:59 -------- d-----w- c:\program files\Dreamcatcher
2010-01-11 22:06 . 2010-01-11 22:06 22 ---ha-w- C:\qpmd8378.bin
2010-01-11 22:06 . 2010-01-11 22:06 49152 ----a-w- c:\windows\system32\cfperfmon_mx.dll
2010-01-11 22:04 . 2010-01-11 22:08 -------- d-----w- C:\CFusionMX7
2010-01-11 22:04 . 2010-01-11 22:05 -------- d--h--w- c:\program files\Zero G Registry
2010-01-11 22:03 . 2010-01-11 22:03 -------- d-----w- c:\program files\CFusionMX7
2010-01-11 22:01 . 2010-01-11 22:01 -------- d--h--w- c:\documents and settings\Ludwig\InstallAnywhere
2010-01-11 21:42 . 2005-08-30 14:19 1052672 ----a-w- c:\documents and settings\Ludwig\Application Data\Macromedia\Dreamweaver 8\Configuration\Flash Player\FlashPlayerW.dll
2010-01-08 22:40 . 2010-01-08 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\PokerAcademyPro2
2010-01-08 22:40 . 2010-01-08 22:40 -------- d-----w- c:\documents and settings\Ludwig\Application Data\PokerAcademyPro2
2010-01-08 22:39 . 2010-01-08 22:39 -------- d-----w- c:\program files\PokerAcademyPro2
2010-01-08 19:02 . 2010-01-08 19:05 -------- d-----w- c:\program files\RegCleaner
2010-01-08 18:46 . 2010-01-08 18:46 -------- d-----w- c:\documents and settings\Ludwig\AbiSuite
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-31 10:05 . 2009-07-22 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-31 10:05 . 2009-07-22 19:59 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2010-01-31 00:10 . 2001-08-28 12:00 72836 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-31 00:10 . 2001-08-28 12:00 464156 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-30 20:48 . 2009-08-14 13:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-30 20:31 . 2009-08-14 13:22 -------- d-----w- c:\program files\Video Strip Poker Supreme
2010-01-11 23:36 . 2009-07-22 18:47 55064 ----a-w- c:\documents and settings\Ludwig\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-11 21:40 . 2009-09-14 19:48 -------- d-----w- c:\program files\Macromedia
2010-01-11 21:40 . 2009-09-14 19:48 -------- d-----w- c:\program files\Fichiers communs\Macromedia
2010-01-09 17:44 . 2009-07-22 18:49 -------- d-----w- c:\documents and settings\Ludwig\Application Data\dvdcss
2010-01-08 23:44 . 2009-08-14 18:39 52 ----a-w- c:\windows\rblky.sys
2010-01-08 22:41 . 2009-08-06 19:07 245760 ------w- c:\windows\Setup1.exe
2010-01-08 22:41 . 2009-08-06 19:07 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-01-08 18:23 . 2009-08-14 13:21 -------- d-----w- c:\program files\rebel
2009-12-31 01:20 . 2009-08-24 10:25 120 ----a-w- C:\drmHeader.bin
2009-12-26 08:08 . 2009-08-17 15:00 -------- d-----w- c:\program files\WinHex
2009-12-26 08:02 . 2009-08-17 14:27 -------- d-----w- c:\program files\Multi Password Recovery
2008-04-13 17:33 . 2008-04-13 17:33 171096 --sha-r- c:\windows\system32\jsfnzq.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"WireLessKeyboard"="c:\program files\Multimedia Keyboard Driver\PS2USBKbdDrv.exe" [2005-09-12 528384]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2009-11-04 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\Ludwig\Menu D‚marrer\Programmes\D‚marrage\
Notification de cadeaux MSN.lnk - c:\documents and settings\Ludwig\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2010-1-30 135680]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-13 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9551:TCP"= 9551:TCP:cxwwd
R2 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;c:\cfusionmx7\runtime\bin\jrunsvc.exe [11/01/2010 16:06 61440]
R2 ColdFusion MX 7 ODBC Agent;ColdFusion MX 7 ODBC Agent;c:\cfusionmx7\db\slserver54\bin\swagent.exe "ColdFusion MX 7 ODBC Agent" --> c:\cfusionmx7\db\slserver54\bin\swagent.exe ColdFusion MX 7 ODBC Agent [?]
R2 ColdFusion MX 7 ODBC Server;ColdFusion MX 7 ODBC Server;c:\cfusionmx7\db\slserver54\bin\swstrtr.exe "ColdFusion MX 7 ODBC Server" --> c:\cfusionmx7\db\slserver54\bin\swstrtr.exe ColdFusion MX 7 ODBC Server [?]
R2 ColdFusion MX 7 Search Server;ColdFusion MX 7 Search Server;c:\cfusionmx7\verity\k2\_nti40\bin\k2admin.exe [11/01/2010 16:05 2711312]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25/08/2009 13:00 721904]
S2 qivit;Installer Manager;c:\windows\system32\svchost.exe -k netsvcs [13/04/2008 11:34 14336]
S3 block_reader;MPR DRV;\??\c:\program files\Multi Password Recovery\block_reader.sys --> c:\program files\Multi Password Recovery\block_reader.sys [?]
S3 SiwvidStart;SiwvidStart;\??\c:\docume~1\Ludwig\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\siwvid.sys --> c:\docume~1\Ludwig\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\siwvid.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qivit
.
Contenu du dossier 'Tâches planifiées'
2010-01-31 c:\windows\Tasks\Install_NSS.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2010-01-30 19:56]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Ludwig\Application Data\Mozilla\Firefox\Profiles\951159sv.default\
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?mkt=fr-FR&form=MIMWA5&q=
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-31 04:12
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qivit]
"ServiceDll"="c:\windows\system32\jsfnzq.dll"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(768)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2010-01-31 04:13:20
ComboFix-quarantined-files.txt 2010-01-31 10:13
Avant-CF: 220 038 012 928 octets libres
Après-CF: 220 309 372 928 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - 20AB79D84A46BC511A0C661439BA839C
je pense être infecte avec Conficker A ou B, je n ai pas accès a Windows update ni aux sites des principaux antivirus. Je n étais plus connecte au net depuis avril 2009, et j ai réinstallé Windows il y a 3 mois, donc je voulais faire les MAJ dans la mesure ou je viens de réactiver ma connexion, mais a priori il n y a pas moyen...
J ai fait plusieurs tentatives de scan en ligne ou d antivirus gratuits, mais sans resultat.
J ai lance Combofix mais le probleme subsiste...
Voila le rapport, merci de m aider a resoudre ce probleme :
ComboFix 10-01-30.05 - Ludwig 31/01/2010 4:10.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2558.2027 [GMT -6:00]
Lancé depuis: c:\documents and settings\Ludwig\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\system32\twain_32.dll
c:\windows\system32\VB6KO.DLL
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-28 au 2010-01-31 ))))))))))))))))))))))))))))))))))))
.
2010-01-31 09:27 . 2010-01-31 09:27 -------- d-----w- c:\documents and settings\Ludwig\Application Data\.clamwin
2010-01-31 09:27 . 2010-01-31 09:27 -------- d-----w- c:\program files\ClamWin
2010-01-31 09:27 . 2010-01-31 09:27 -------- d-----w- c:\documents and settings\All Users\.clamwin
2010-01-31 09:16 . 2010-01-31 09:16 -------- d-----w- c:\windows\avxoscan
2010-01-31 09:14 . 2010-01-31 09:14 -------- d-----w- c:\windows\system32\Kaspersky Lab
2010-01-31 09:10 . 2010-01-31 09:10 -------- d-----w- c:\windows\BDOSCAN8
2010-01-31 07:38 . 2010-01-31 07:38 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-31 07:38 . 2010-01-31 07:38 -------- d-----w- c:\documents and settings\Ludwig\Application Data\skypePM
2010-01-31 07:30 . 2010-01-31 09:55 -------- d-----w- c:\documents and settings\Ludwig\Application Data\Skype
2010-01-31 07:29 . 2010-01-31 07:29 -------- d-----w- c:\program files\Fichiers communs\Skype
2010-01-31 07:29 . 2010-01-31 07:30 -------- d-----r- c:\program files\Skype
2010-01-31 07:29 . 2010-01-31 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-31 06:05 . 2010-01-31 06:05 -------- d-----w- c:\program files\Billionaire
2010-01-31 06:02 . 2008-04-13 17:33 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-01-31 06:01 . 2010-01-31 06:01 1924744 ----a-w- c:\documents and settings\Ludwig\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2010-01-31 05:56 . 2010-01-31 05:56 -------- d-----w- c:\program files\eMule
2010-01-30 23:53 . 2010-01-30 23:53 -------- d-----w- c:\documents and settings\Ludwig\Local Settings\Application Data\Identities
2010-01-30 23:44 . 2010-01-30 23:44 -------- d-----w- c:\documents and settings\Ludwig\Application Data\Uniblue
2010-01-30 23:44 . 2010-01-30 23:44 -------- d-----w- c:\program files\Uniblue
2010-01-30 23:34 . 2010-01-30 23:34 -------- d-----w- c:\documents and settings\Ludwig\Tracing
2010-01-30 22:52 . 2010-01-30 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-30 22:52 . 2010-01-30 22:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-30 22:44 . 2010-01-30 23:22 86576 ----a-w- c:\documents and settings\Ludwig\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2010-01-30 22:44 . 2010-01-30 23:22 392728 ----a-w- c:\documents and settings\Ludwig\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll
2010-01-30 22:44 . 2010-01-30 23:22 132672 ----a-w- c:\documents and settings\Ludwig\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
2010-01-30 22:44 . 2010-01-30 22:44 135680 ----a-w- c:\documents and settings\Ludwig\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
2010-01-30 20:31 . 2010-01-30 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Video Strip Poker Supreme
2010-01-30 19:56 . 2010-01-30 19:56 -------- d-----w- c:\windows\system32\Adobe
2010-01-30 18:30 . 2010-01-30 18:30 0 ----a-w- c:\windows\nsreg.dat
2010-01-30 18:30 . 2010-01-30 18:30 -------- d-----w- c:\documents and settings\Ludwig\Local Settings\Application Data\Mozilla
2010-01-24 19:20 . 2010-01-31 08:05 -------- d-----w- c:\documents and settings\Ludwig\Application Data\Winamp
2010-01-24 19:20 . 2010-01-24 19:21 -------- d-----w- c:\program files\Winamp
2010-01-20 14:19 . 2010-01-20 14:19 4096 ----a-w- c:\windows\d3dx.dat
2010-01-20 14:19 . 2010-01-20 14:19 -------- d-----w- c:\program files\Democracy2 Demo
2010-01-20 13:02 . 1998-06-16 22:00 516173 ----a-w- c:\windows\system32\MSVCP60D.DLL
2010-01-20 13:02 . 2000-10-01 18:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-01-20 13:02 . 1998-07-12 22:00 21504 ----a-w- c:\windows\system32\TABCTFR.DLL
2010-01-20 13:02 . 1998-07-12 22:00 15360 ----a-w- c:\windows\system32\inetfr.DLL
2010-01-20 13:02 . 2010-01-20 13:02 -------- d-----w- c:\program files\Free Audio Pack
2010-01-20 13:02 . 2000-11-29 01:07 307200 ----a-w- c:\windows\system32\msvcr70.dll
2010-01-20 13:02 . 1998-07-12 22:00 59904 ----a-w- c:\windows\system32\Mscc2fr.dll
2010-01-20 13:02 . 1998-07-12 22:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-01-20 13:02 . 1998-07-12 18:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-01-19 20:53 . 2010-01-19 20:53 -------- d-----w- C:\rebel
2010-01-13 20:59 . 2010-01-13 20:59 -------- d-----w- c:\program files\Dreamcatcher
2010-01-11 22:06 . 2010-01-11 22:06 22 ---ha-w- C:\qpmd8378.bin
2010-01-11 22:06 . 2010-01-11 22:06 49152 ----a-w- c:\windows\system32\cfperfmon_mx.dll
2010-01-11 22:04 . 2010-01-11 22:08 -------- d-----w- C:\CFusionMX7
2010-01-11 22:04 . 2010-01-11 22:05 -------- d--h--w- c:\program files\Zero G Registry
2010-01-11 22:03 . 2010-01-11 22:03 -------- d-----w- c:\program files\CFusionMX7
2010-01-11 22:01 . 2010-01-11 22:01 -------- d--h--w- c:\documents and settings\Ludwig\InstallAnywhere
2010-01-11 21:42 . 2005-08-30 14:19 1052672 ----a-w- c:\documents and settings\Ludwig\Application Data\Macromedia\Dreamweaver 8\Configuration\Flash Player\FlashPlayerW.dll
2010-01-08 22:40 . 2010-01-08 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\PokerAcademyPro2
2010-01-08 22:40 . 2010-01-08 22:40 -------- d-----w- c:\documents and settings\Ludwig\Application Data\PokerAcademyPro2
2010-01-08 22:39 . 2010-01-08 22:39 -------- d-----w- c:\program files\PokerAcademyPro2
2010-01-08 19:02 . 2010-01-08 19:05 -------- d-----w- c:\program files\RegCleaner
2010-01-08 18:46 . 2010-01-08 18:46 -------- d-----w- c:\documents and settings\Ludwig\AbiSuite
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-31 10:05 . 2009-07-22 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-31 10:05 . 2009-07-22 19:59 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2010-01-31 00:10 . 2001-08-28 12:00 72836 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-31 00:10 . 2001-08-28 12:00 464156 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-30 20:48 . 2009-08-14 13:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-30 20:31 . 2009-08-14 13:22 -------- d-----w- c:\program files\Video Strip Poker Supreme
2010-01-11 23:36 . 2009-07-22 18:47 55064 ----a-w- c:\documents and settings\Ludwig\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-11 21:40 . 2009-09-14 19:48 -------- d-----w- c:\program files\Macromedia
2010-01-11 21:40 . 2009-09-14 19:48 -------- d-----w- c:\program files\Fichiers communs\Macromedia
2010-01-09 17:44 . 2009-07-22 18:49 -------- d-----w- c:\documents and settings\Ludwig\Application Data\dvdcss
2010-01-08 23:44 . 2009-08-14 18:39 52 ----a-w- c:\windows\rblky.sys
2010-01-08 22:41 . 2009-08-06 19:07 245760 ------w- c:\windows\Setup1.exe
2010-01-08 22:41 . 2009-08-06 19:07 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-01-08 18:23 . 2009-08-14 13:21 -------- d-----w- c:\program files\rebel
2009-12-31 01:20 . 2009-08-24 10:25 120 ----a-w- C:\drmHeader.bin
2009-12-26 08:08 . 2009-08-17 15:00 -------- d-----w- c:\program files\WinHex
2009-12-26 08:02 . 2009-08-17 14:27 -------- d-----w- c:\program files\Multi Password Recovery
2008-04-13 17:33 . 2008-04-13 17:33 171096 --sha-r- c:\windows\system32\jsfnzq.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"WireLessKeyboard"="c:\program files\Multimedia Keyboard Driver\PS2USBKbdDrv.exe" [2005-09-12 528384]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2009-11-04 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\Ludwig\Menu D‚marrer\Programmes\D‚marrage\
Notification de cadeaux MSN.lnk - c:\documents and settings\Ludwig\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2010-1-30 135680]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-13 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9551:TCP"= 9551:TCP:cxwwd
R2 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;c:\cfusionmx7\runtime\bin\jrunsvc.exe [11/01/2010 16:06 61440]
R2 ColdFusion MX 7 ODBC Agent;ColdFusion MX 7 ODBC Agent;c:\cfusionmx7\db\slserver54\bin\swagent.exe "ColdFusion MX 7 ODBC Agent" --> c:\cfusionmx7\db\slserver54\bin\swagent.exe ColdFusion MX 7 ODBC Agent [?]
R2 ColdFusion MX 7 ODBC Server;ColdFusion MX 7 ODBC Server;c:\cfusionmx7\db\slserver54\bin\swstrtr.exe "ColdFusion MX 7 ODBC Server" --> c:\cfusionmx7\db\slserver54\bin\swstrtr.exe ColdFusion MX 7 ODBC Server [?]
R2 ColdFusion MX 7 Search Server;ColdFusion MX 7 Search Server;c:\cfusionmx7\verity\k2\_nti40\bin\k2admin.exe [11/01/2010 16:05 2711312]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25/08/2009 13:00 721904]
S2 qivit;Installer Manager;c:\windows\system32\svchost.exe -k netsvcs [13/04/2008 11:34 14336]
S3 block_reader;MPR DRV;\??\c:\program files\Multi Password Recovery\block_reader.sys --> c:\program files\Multi Password Recovery\block_reader.sys [?]
S3 SiwvidStart;SiwvidStart;\??\c:\docume~1\Ludwig\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\siwvid.sys --> c:\docume~1\Ludwig\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\siwvid.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qivit
.
Contenu du dossier 'Tâches planifiées'
2010-01-31 c:\windows\Tasks\Install_NSS.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2010-01-30 19:56]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Ludwig\Application Data\Mozilla\Firefox\Profiles\951159sv.default\
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?mkt=fr-FR&form=MIMWA5&q=
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-31 04:12
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qivit]
"ServiceDll"="c:\windows\system32\jsfnzq.dll"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(768)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2010-01-31 04:13:20
ComboFix-quarantined-files.txt 2010-01-31 10:13
Avant-CF: 220 038 012 928 octets libres
Après-CF: 220 309 372 928 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - 20AB79D84A46BC511A0C661439BA839C
A voir également:
- Infection Conficker
- Infection Bloom ? ✓ - Forum Virus
- Infection winrmsrv ✓ - Forum Virus
- Infection fahcore_a8 ✓ - Forum Virus
- Infection ad.doubleclick.net ✓ - Forum Virus
- Infection FileRepMetagen - Forum Virus
1 réponse
Hello ;
Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.
==>Double-clique sur RSIT.exe afin de lancer RSIT.
==>Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).
==>Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
==>Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront :
log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
==>Rend toi sur ce site: http://www.cijoint.fr/index.php
==>Clique sur "parcourir" et sélectionne ces fichiers ,un lien va etre créer .
==>Copie/colle ce lien dans ta prochaine réponse .
Aide en images si besoin
Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.
==>Double-clique sur RSIT.exe afin de lancer RSIT.
==>Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).
==>Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
==>Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront :
log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
==>Rend toi sur ce site: http://www.cijoint.fr/index.php
==>Clique sur "parcourir" et sélectionne ces fichiers ,un lien va etre créer .
==>Copie/colle ce lien dans ta prochaine réponse .
Aide en images si besoin
