Je souhaite supprimer ANTISPYWARE XP 2009
Fermé
nojaranis
Messages postés
25
Date d'inscription
samedi 22 septembre 2007
Statut
Membre
Dernière intervention
22 février 2013
-
30 oct. 2008 à 13:08
sherred Messages postés 8346 Date d'inscription samedi 26 janvier 2008 Statut Membre Dernière intervention 25 mars 2024 - 31 oct. 2008 à 07:07
sherred Messages postés 8346 Date d'inscription samedi 26 janvier 2008 Statut Membre Dernière intervention 25 mars 2024 - 31 oct. 2008 à 07:07
A voir également:
- Je souhaite supprimer ANTISPYWARE XP 2009
- Supprimer une page word - Guide
- Supprimer compte instagram - Guide
- Cle windows xp - Guide
- Telecharger windows xp - Télécharger - Systèmes d'exploitation
- Supprimer pub youtube - Accueil - Streaming
7 réponses
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
30 oct. 2008 à 13:11
30 oct. 2008 à 13:11
telecharge Malwarebyte's
http://site-naheulbeuk.com/
https://www.clubic.com/telecharger-fiche215092-malwarebytes-anti-malware.html
Faites les mises à jour v1.30
puis en mode sans échec
Lancez le ,en examen complet
Une fois le scan terminé, cliquez sur supprimer
http://site-naheulbeuk.com/
https://www.clubic.com/telecharger-fiche215092-malwarebytes-anti-malware.html
Faites les mises à jour v1.30
puis en mode sans échec
Lancez le ,en examen complet
Une fois le scan terminé, cliquez sur supprimer
Archeus01
Messages postés
1571
Date d'inscription
mercredi 3 octobre 2007
Statut
Membre
Dernière intervention
9 juin 2022
450
30 oct. 2008 à 13:14
30 oct. 2008 à 13:14
déjà 15 k postes environ à ce sujet... Google est ton ami. (ja'i fait exrpès de prendre un poste avec plein de solution différentes :p.)
http://www.commentcamarche.net/forum/affich 8794807 comment supprimer antispyware 2009
http://www.commentcamarche.net/forum/affich 8794807 comment supprimer antispyware 2009
nojaranis
Messages postés
25
Date d'inscription
samedi 22 septembre 2007
Statut
Membre
Dernière intervention
22 février 2013
30 oct. 2008 à 13:18
30 oct. 2008 à 13:18
ok merci de votre aide
nojaranis
Messages postés
25
Date d'inscription
samedi 22 septembre 2007
Statut
Membre
Dernière intervention
22 février 2013
30 oct. 2008 à 14:36
30 oct. 2008 à 14:36
voici le rapport de Malwarebyte's
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1340
Windows 5.1.2600 Service Pack 2
30/10/2008 14:24:16
mbam-log-2008-10-30 (14-24-16).txt
Type de recherche: Examen complet (C:\|D:\|E:\|H:\|)
Eléments examinés: 65231
Temps écoulé: 41 minute(s), 31 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 14
Fichier(s) infecté(s): 57
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xp_antispyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\XP_Antispyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\antispywarexp2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AntiSpywareShield (Rogue.AntiSpywareShield) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WinSpyControl (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FMTR (Rogue.Multiple) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\salestart (Rogue.Errclean) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antispywarexp 2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\WinSpyControl (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\WinPCDoctor (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\data (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Application Data\WinSpyControl (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Application Data\WinSpyControl\Logs (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Application Data\winpcdoctor (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Application Data\winpcdoctor\Logs (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\Fichiers communs\WinPCDoctor\strpmon.exe (Rogue.Errclean) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Bureau\setup_100546_3777_.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\ac (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\em (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\oid (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\user (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\Uninstall.exe (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\AVEngn.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\htmlayout.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\pthreadVC2.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\Uninstall.exe (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\XP_Antispyware.cfg (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\XP_AntiSpyware.exe (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\data\daily.cvd (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\msvcm80.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\msvcp80.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\msvcr80.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Application Data\WinSpyControl\avtasks.dat (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Application Data\WinSpyControl\PGE.dat (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Application Data\WinSpyControl\Logs\av.log (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Application Data\WinSpyControl\Logs\ga6Support.log (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Application Data\WinSpyControl\Logs\update.log (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Application Data\winpcdoctor\Logs\update.log (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Application Data\Microsoft\Internet Explorer\Quick Launch\XP_AntiSpyware.lnk (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wini10801.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Bureau\XP_AntiSpyware.lnk (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Cookies\nufygozah.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Local Settings\Temp\wrdwn2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Local Settings\Temp\wrdwn3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Local Settings\Temp\wrdwn4 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Local Settings\Temp\wrdwn5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Local Settings\Temp\wrdwn6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Local Settings\Temp\wrdwn7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Local Settings\Temp\wrdwn8 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Local Settings\Temp\wrdwn9 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Local Settings\Temp\TDSSeded.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Local Settings\Temp\TDSSedfc.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSScfum.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSfxmp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSnmxh.log (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSnrsr.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSofxh.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSofxh.log (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSoiqh.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSrhym.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSriqp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\TDSSmhxt.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
Je poursuit avec combofix
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1340
Windows 5.1.2600 Service Pack 2
30/10/2008 14:24:16
mbam-log-2008-10-30 (14-24-16).txt
Type de recherche: Examen complet (C:\|D:\|E:\|H:\|)
Eléments examinés: 65231
Temps écoulé: 41 minute(s), 31 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 14
Fichier(s) infecté(s): 57
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xp_antispyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\XP_Antispyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\antispywarexp2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AntiSpywareShield (Rogue.AntiSpywareShield) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WinSpyControl (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FMTR (Rogue.Multiple) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\salestart (Rogue.Errclean) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antispywarexp 2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\WinSpyControl (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\WinPCDoctor (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\data (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Application Data\WinSpyControl (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Application Data\WinSpyControl\Logs (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Application Data\winpcdoctor (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Application Data\winpcdoctor\Logs (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\Fichiers communs\WinPCDoctor\strpmon.exe (Rogue.Errclean) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Bureau\setup_100546_3777_.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\ac (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\em (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\oid (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\user (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\Uninstall.exe (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\AVEngn.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\htmlayout.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\pthreadVC2.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\Uninstall.exe (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\XP_Antispyware.cfg (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\XP_AntiSpyware.exe (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\data\daily.cvd (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\msvcm80.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\msvcp80.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\msvcr80.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Application Data\WinSpyControl\avtasks.dat (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Application Data\WinSpyControl\PGE.dat (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Application Data\WinSpyControl\Logs\av.log (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Application Data\WinSpyControl\Logs\ga6Support.log (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Application Data\WinSpyControl\Logs\update.log (Rogue.WinSpyControl) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Application Data\winpcdoctor\Logs\update.log (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Application Data\Microsoft\Internet Explorer\Quick Launch\XP_AntiSpyware.lnk (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wini10801.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Bureau\XP_AntiSpyware.lnk (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Cookies\nufygozah.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Local Settings\Temp\wrdwn2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Local Settings\Temp\wrdwn3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Local Settings\Temp\wrdwn4 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Local Settings\Temp\wrdwn5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Local Settings\Temp\wrdwn6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Local Settings\Temp\wrdwn7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Local Settings\Temp\wrdwn8 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Local Settings\Temp\wrdwn9 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Local Settings\Temp\TDSSeded.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ishaq\Local Settings\Temp\TDSSedfc.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSScfum.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSfxmp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSnmxh.log (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSnrsr.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSofxh.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSofxh.log (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSoiqh.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSrhym.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSriqp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\TDSSmhxt.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
Je poursuit avec combofix
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
nojaranis
Messages postés
25
Date d'inscription
samedi 22 septembre 2007
Statut
Membre
Dernière intervention
22 février 2013
30 oct. 2008 à 15:03
30 oct. 2008 à 15:03
voici le rapport de combofix
ComboFix 08-10-30.05 - ishaq 2008-10-30 14:45:44.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.584 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\ishaq\Bureau\ComboFix.exe
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\ishaq\Cookies\azih.scr
C:\Documents and Settings\ishaq\Cookies\betyvyr.pif
C:\Documents and Settings\ishaq\Cookies\otibyg.com
C:\Documents and Settings\ishaq\Cookies\povih.bat
C:\Documents and Settings\ishaq\Cookies\ronureg.inf
C:\Documents and Settings\ishaq\Menu Démarrer\Programmes\AntiSpywareShield
C:\Documents and Settings\ishaq\Menu Démarrer\Programmes\AntiSpywareShield\Uninstall.lnk
C:\Documents and Settings\ishaq\Menu Démarrer\Programmes\XP_AntiSpyware
C:\Documents and Settings\ishaq\ResErrors.log
C:\Program Files\AntiSpywareShield
C:\Program Files\AntiSpywareShield\AntiSpywareShield.lic
C:\Program Files\AntiSpywareShield\AntiSpywareShield0.ad
C:\Program Files\AntiSpywareShield\AntiSpywareShield1.ad
C:\Program Files\AntiSpywareShield\Uninstall.exe
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV
-------\Service_TDSSserv
-------\Service_TDSSserv.sys
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-30 ))))))))))))))))))))))))))))))))))))
.
2008-10-30 13:46 . 2008-10-30 13:46 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-10-30 13:24 . 2008-10-30 13:26 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-30 13:24 . 2008-10-30 13:24 <REP> d-------- C:\Documents and Settings\ishaq\Application Data\Malwarebytes
2008-10-30 13:24 . 2008-10-30 13:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-30 13:24 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-30 13:24 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-30 12:47 . 2008-10-30 12:47 19,857 --a------ C:\WINDOWS\system32\osabasicut.dl
2008-10-30 12:47 . 2008-10-30 12:47 19,413 --a------ C:\Documents and Settings\ishaq\Application Data\iwasanib.dat
2008-10-30 12:47 . 2008-10-30 12:47 18,995 --a------ C:\Documents and Settings\ishaq\Application Data\egoxejoj.pif
2008-10-30 12:47 . 2008-10-30 12:47 18,368 --a------ C:\WINDOWS\ugypyjigiw.vbs
2008-10-30 12:47 . 2008-10-30 12:47 18,263 --a------ C:\Program Files\Fichiers communs\onutagic.bat
2008-10-30 12:47 . 2008-10-30 12:47 17,581 --a------ C:\WINDOWS\system32\hiqoxexaf._dl
2008-10-30 12:47 . 2008-10-30 12:47 17,365 --a------ C:\Documents and Settings\ishaq\Application Data\ojyxi.vbs
2008-10-30 12:47 . 2008-10-30 12:47 17,013 --a------ C:\Documents and Settings\All Users\Application Data\ykivo.dat
2008-10-30 12:47 . 2008-10-30 12:47 16,704 --a------ C:\Documents and Settings\ishaq\Application Data\ikidipijet.dat
2008-10-30 12:47 . 2008-10-30 12:47 16,615 --a------ C:\WINDOWS\system32\dijofoqix._dl
2008-10-30 12:47 . 2008-10-30 12:47 15,234 --a------ C:\Documents and Settings\All Users\Application Data\yxabag.sys
2008-10-30 12:47 . 2008-10-30 12:47 14,812 --a------ C:\WINDOWS\system32\iriruwil.sys
2008-10-30 12:47 . 2008-10-30 12:47 12,105 --a------ C:\Documents and Settings\All Users\Application Data\myxopanama.pif
2008-10-30 12:47 . 2008-10-30 12:47 11,805 --a------ C:\Documents and Settings\All Users\Application Data\nujudy.bin
2008-10-29 20:09 . 2008-10-29 20:09 17,590 --a------ C:\Documents and Settings\ishaq\Application Data\uhegukuzeh.exe
2008-10-29 20:09 . 2008-10-29 20:09 17,528 --a------ C:\WINDOWS\memo.lib
2008-10-29 20:09 . 2008-10-29 20:09 17,236 --a------ C:\WINDOWS\system32\verox.bat
2008-10-29 20:09 . 2008-10-29 20:09 16,945 --a------ C:\WINDOWS\system32\aliliqevaq.bat
2008-10-29 20:09 . 2008-10-29 20:09 16,600 --a------ C:\Documents and Settings\All Users\Application Data\qypo.vbs
2008-10-29 20:09 . 2008-10-29 20:09 15,821 --a------ C:\Documents and Settings\All Users\Application Data\ydynaho.vbs
2008-10-29 20:09 . 2008-10-29 20:09 15,114 --a------ C:\WINDOWS\efiwepa.exe
2008-10-29 20:09 . 2008-10-29 20:09 15,047 --a------ C:\WINDOWS\system32\zybolity.bat
2008-10-29 20:09 . 2008-10-29 20:09 14,505 --a------ C:\Program Files\Fichiers communs\uqegebox.dll
2008-10-29 20:09 . 2008-10-29 20:09 13,932 --a------ C:\WINDOWS\yqako.com
2008-10-29 20:09 . 2008-10-29 20:09 13,779 --a------ C:\WINDOWS\kecux.dat
2008-10-29 20:09 . 2008-10-29 20:09 13,131 --a------ C:\WINDOWS\ofiducav.com
2008-10-29 20:09 . 2008-10-29 20:09 12,592 --a------ C:\WINDOWS\ukuhanug.dat
2008-10-29 20:09 . 2008-10-29 20:09 10,480 --a------ C:\Program Files\Fichiers communs\fusytubazu.sys
2008-10-29 20:09 . 2008-10-29 20:09 10,209 --a------ C:\WINDOWS\dimef.exe
2008-10-22 09:33 . 2008-10-22 09:33 18,304 --a------ C:\Documents and Settings\All Users\Application Data\qotycedil.exe
2008-10-22 09:33 . 2008-10-22 09:33 18,291 --a------ C:\Documents and Settings\ishaq\Application Data\itymija.exe
2008-10-22 09:33 . 2008-10-22 09:33 17,519 --a------ C:\WINDOWS\mopisukynu.scr
2008-10-22 09:33 . 2008-10-22 09:33 17,519 --a------ C:\Documents and Settings\ishaq\Application Data\liwyten.pif
2008-10-22 09:33 . 2008-10-22 09:33 17,499 --a------ C:\WINDOWS\xikyxawepe._dl
2008-10-22 09:33 . 2008-10-22 09:33 16,394 --a------ C:\Documents and Settings\ishaq\Application Data\nibiq.reg
2008-10-22 09:33 . 2008-10-22 09:33 13,221 --a------ C:\Documents and Settings\ishaq\Application Data\zili.dll
2008-10-22 09:33 . 2008-10-22 09:33 13,189 --a------ C:\WINDOWS\aqok.scr
2008-10-22 09:33 . 2008-10-22 09:33 12,883 --a------ C:\Documents and Settings\All Users\Application Data\jany.dll
2008-10-22 09:33 . 2008-10-22 09:33 12,751 --a------ C:\WINDOWS\system32\ogewaga.exe
2008-10-22 09:33 . 2008-10-22 09:33 10,648 --a------ C:\WINDOWS\kyqi.sys
2008-10-22 09:33 . 2008-10-22 09:33 10,362 --a------ C:\WINDOWS\mijyvoj._dl
2008-10-22 09:33 . 2008-10-22 09:33 10,350 --a------ C:\Documents and Settings\ishaq\Application Data\qehyci.vbs
2008-10-22 09:31 . 2008-10-22 09:31 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-10-22 09:30 . 2008-10-22 09:30 <REP> d-------- C:\Program Files\Google
2008-10-21 22:17 . 2008-10-21 22:17 19,417 --a------ C:\WINDOWS\zafuzudyl.db
2008-10-21 22:17 . 2008-10-21 22:17 19,170 --a------ C:\WINDOWS\wohericige.dll
2008-10-21 22:17 . 2008-10-21 22:17 16,685 --a------ C:\WINDOWS\xebigaqipy.dll
2008-10-21 22:17 . 2008-10-21 22:17 15,023 --a------ C:\WINDOWS\fexy.scr
2008-10-21 22:17 . 2008-10-21 22:17 14,450 --a------ C:\Documents and Settings\ishaq\Application Data\uwuha.pif
2008-10-21 22:17 . 2008-10-21 22:17 12,199 --a------ C:\WINDOWS\egabijop.inf
2008-10-21 22:17 . 2008-10-21 22:17 12,182 --a------ C:\Documents and Settings\ishaq\Application Data\ujemuke.pif
2008-10-21 22:17 . 2008-10-21 22:17 12,179 --a------ C:\WINDOWS\system32\zutezo.dl
2008-10-21 22:17 . 2008-10-21 22:17 10,945 --a------ C:\Program Files\Fichiers communs\alewure.bin
2008-10-21 22:17 . 2008-10-21 22:17 10,917 --a------ C:\WINDOWS\erywajo.dll
2008-10-21 22:17 . 2008-10-21 22:17 10,650 --a------ C:\Program Files\Fichiers communs\kymunar.dat
2008-10-20 23:37 . 2008-10-30 12:37 164 --a------ C:\WINDOWS\system32\TDSSosvd.dat
2008-09-06 22:53 . 2008-09-13 21:23 <REP> d-------- C:\Documents and Settings\ishaq\Application Data\CyberLink
2008-09-06 22:06 . 2008-09-06 22:06 <REP> d-------- C:\Program Files\Remote
2008-09-06 22:04 . 2008-09-06 22:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-06 22:04 . 2006-08-10 02:31 198,144 --------- C:\WINDOWS\system32\_psisdecd.dll
2008-09-06 22:04 . 2006-08-10 02:31 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-09-06 22:02 . 2008-09-06 22:02 <REP> d-------- C:\Program Files\Cyberlink
2008-09-06 22:02 . 2006-08-10 02:31 1,047,552 --------- C:\WINDOWS\system32\MFC71u.dll
2008-09-06 21:52 . 2008-09-06 21:52 <REP> d-------- C:\Program Files\STD
2008-09-06 21:52 . 2008-09-06 22:06 <REP> d--h----- C:\Program Files\InstallShield Installation Information
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-30 13:49 3,813,051 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-10-30 11:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-30 11:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-30 11:29 --------- d-----w C:\Program Files\eMule
2008-10-22 08:31 --------- d-----w C:\Program Files\Real
2008-10-22 08:31 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-10-21 21:17 17,717 ----a-w C:\Program Files\Fichiers communs\fibidazev.dl
2008-10-20 22:43 8,529,952 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-20 22:43 116,360 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-12 17:46 --------- d-----w C:\Documents and Settings\ishaq\Application Data\dvdcss
1999-09-06 08:39 3,375 ----a-w C:\Program Files\README.TXT
.
------- Sigcheck -------
2007-06-26 15:12 697344 40a499fb8575de1c79c16686940788f1 C:\WINDOWS\system32\wininet.dll
2007-06-26 15:12 697344 40a499fb8575de1c79c16686940788f1 C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-13 14:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
2007-06-13 14:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe
2007-07-30 18:19 68440 84d9a61860272d6177d46c86b8431557 C:\WINDOWS\system32\wuauclt.exe
2007-07-30 18:19 68440 84d9a61860272d6177d46c86b8431557 C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2006-02-01 98304]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~2\wcescomm.exe" [2006-06-21 1211176]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-09-28 722160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-08 7561216]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-27 217088]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 155648]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 919016]
"DNS7reminder"="C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.exe" [2004-11-15 729088]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-10-22 185872]
C:\Documents and Settings\ishaq\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
SimHID.lnk - C:\Program Files\Remote\SimHID\SimHID.exe [2008-09-06 417792]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 13:51 73728 C:\WINDOWS\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\FICHIE~1\SONYSH~1\VideoLib\sonydv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Cyberlink\\PowerCinema\\PowerCinema.exe"=
"C:\\Program Files\\Cyberlink\\PowerCinema\\PCMService.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 226304]
S3 StreamSurge;StreamSurge Driver (miniport);C:\WINDOWS\system32\DRIVERS\ss.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb54af43-cdae-11dc-9b0d-0013a949b401}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toy.exe
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-Workflow - D:\install\Workflow.exe
SafeBoot-TDSSmhxt.sys
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\ishaq\Application Data\Mozilla\Firefox\Profiles\pjzi1wi5.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 14:49:33
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
-> ?:\WINDOWS\System32\CSCDLL.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Cyberlink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Cyberlink\PowerCinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Heure de fin: 2008-10-30 14:52:54 - La machine a redémarré [ishaq]
ComboFix-quarantined-files.txt 2008-10-30 13:52:49
Avant-CF: 60,468,920,320 octets libres
Après-CF: 60,422,111,232 octets libres
233 --- E O F --- 2007-09-10 20:19:15
ComboFix 08-10-30.05 - ishaq 2008-10-30 14:45:44.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.584 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\ishaq\Bureau\ComboFix.exe
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\ishaq\Cookies\azih.scr
C:\Documents and Settings\ishaq\Cookies\betyvyr.pif
C:\Documents and Settings\ishaq\Cookies\otibyg.com
C:\Documents and Settings\ishaq\Cookies\povih.bat
C:\Documents and Settings\ishaq\Cookies\ronureg.inf
C:\Documents and Settings\ishaq\Menu Démarrer\Programmes\AntiSpywareShield
C:\Documents and Settings\ishaq\Menu Démarrer\Programmes\AntiSpywareShield\Uninstall.lnk
C:\Documents and Settings\ishaq\Menu Démarrer\Programmes\XP_AntiSpyware
C:\Documents and Settings\ishaq\ResErrors.log
C:\Program Files\AntiSpywareShield
C:\Program Files\AntiSpywareShield\AntiSpywareShield.lic
C:\Program Files\AntiSpywareShield\AntiSpywareShield0.ad
C:\Program Files\AntiSpywareShield\AntiSpywareShield1.ad
C:\Program Files\AntiSpywareShield\Uninstall.exe
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV
-------\Service_TDSSserv
-------\Service_TDSSserv.sys
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-30 ))))))))))))))))))))))))))))))))))))
.
2008-10-30 13:46 . 2008-10-30 13:46 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-10-30 13:24 . 2008-10-30 13:26 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-30 13:24 . 2008-10-30 13:24 <REP> d-------- C:\Documents and Settings\ishaq\Application Data\Malwarebytes
2008-10-30 13:24 . 2008-10-30 13:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-30 13:24 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-30 13:24 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-30 12:47 . 2008-10-30 12:47 19,857 --a------ C:\WINDOWS\system32\osabasicut.dl
2008-10-30 12:47 . 2008-10-30 12:47 19,413 --a------ C:\Documents and Settings\ishaq\Application Data\iwasanib.dat
2008-10-30 12:47 . 2008-10-30 12:47 18,995 --a------ C:\Documents and Settings\ishaq\Application Data\egoxejoj.pif
2008-10-30 12:47 . 2008-10-30 12:47 18,368 --a------ C:\WINDOWS\ugypyjigiw.vbs
2008-10-30 12:47 . 2008-10-30 12:47 18,263 --a------ C:\Program Files\Fichiers communs\onutagic.bat
2008-10-30 12:47 . 2008-10-30 12:47 17,581 --a------ C:\WINDOWS\system32\hiqoxexaf._dl
2008-10-30 12:47 . 2008-10-30 12:47 17,365 --a------ C:\Documents and Settings\ishaq\Application Data\ojyxi.vbs
2008-10-30 12:47 . 2008-10-30 12:47 17,013 --a------ C:\Documents and Settings\All Users\Application Data\ykivo.dat
2008-10-30 12:47 . 2008-10-30 12:47 16,704 --a------ C:\Documents and Settings\ishaq\Application Data\ikidipijet.dat
2008-10-30 12:47 . 2008-10-30 12:47 16,615 --a------ C:\WINDOWS\system32\dijofoqix._dl
2008-10-30 12:47 . 2008-10-30 12:47 15,234 --a------ C:\Documents and Settings\All Users\Application Data\yxabag.sys
2008-10-30 12:47 . 2008-10-30 12:47 14,812 --a------ C:\WINDOWS\system32\iriruwil.sys
2008-10-30 12:47 . 2008-10-30 12:47 12,105 --a------ C:\Documents and Settings\All Users\Application Data\myxopanama.pif
2008-10-30 12:47 . 2008-10-30 12:47 11,805 --a------ C:\Documents and Settings\All Users\Application Data\nujudy.bin
2008-10-29 20:09 . 2008-10-29 20:09 17,590 --a------ C:\Documents and Settings\ishaq\Application Data\uhegukuzeh.exe
2008-10-29 20:09 . 2008-10-29 20:09 17,528 --a------ C:\WINDOWS\memo.lib
2008-10-29 20:09 . 2008-10-29 20:09 17,236 --a------ C:\WINDOWS\system32\verox.bat
2008-10-29 20:09 . 2008-10-29 20:09 16,945 --a------ C:\WINDOWS\system32\aliliqevaq.bat
2008-10-29 20:09 . 2008-10-29 20:09 16,600 --a------ C:\Documents and Settings\All Users\Application Data\qypo.vbs
2008-10-29 20:09 . 2008-10-29 20:09 15,821 --a------ C:\Documents and Settings\All Users\Application Data\ydynaho.vbs
2008-10-29 20:09 . 2008-10-29 20:09 15,114 --a------ C:\WINDOWS\efiwepa.exe
2008-10-29 20:09 . 2008-10-29 20:09 15,047 --a------ C:\WINDOWS\system32\zybolity.bat
2008-10-29 20:09 . 2008-10-29 20:09 14,505 --a------ C:\Program Files\Fichiers communs\uqegebox.dll
2008-10-29 20:09 . 2008-10-29 20:09 13,932 --a------ C:\WINDOWS\yqako.com
2008-10-29 20:09 . 2008-10-29 20:09 13,779 --a------ C:\WINDOWS\kecux.dat
2008-10-29 20:09 . 2008-10-29 20:09 13,131 --a------ C:\WINDOWS\ofiducav.com
2008-10-29 20:09 . 2008-10-29 20:09 12,592 --a------ C:\WINDOWS\ukuhanug.dat
2008-10-29 20:09 . 2008-10-29 20:09 10,480 --a------ C:\Program Files\Fichiers communs\fusytubazu.sys
2008-10-29 20:09 . 2008-10-29 20:09 10,209 --a------ C:\WINDOWS\dimef.exe
2008-10-22 09:33 . 2008-10-22 09:33 18,304 --a------ C:\Documents and Settings\All Users\Application Data\qotycedil.exe
2008-10-22 09:33 . 2008-10-22 09:33 18,291 --a------ C:\Documents and Settings\ishaq\Application Data\itymija.exe
2008-10-22 09:33 . 2008-10-22 09:33 17,519 --a------ C:\WINDOWS\mopisukynu.scr
2008-10-22 09:33 . 2008-10-22 09:33 17,519 --a------ C:\Documents and Settings\ishaq\Application Data\liwyten.pif
2008-10-22 09:33 . 2008-10-22 09:33 17,499 --a------ C:\WINDOWS\xikyxawepe._dl
2008-10-22 09:33 . 2008-10-22 09:33 16,394 --a------ C:\Documents and Settings\ishaq\Application Data\nibiq.reg
2008-10-22 09:33 . 2008-10-22 09:33 13,221 --a------ C:\Documents and Settings\ishaq\Application Data\zili.dll
2008-10-22 09:33 . 2008-10-22 09:33 13,189 --a------ C:\WINDOWS\aqok.scr
2008-10-22 09:33 . 2008-10-22 09:33 12,883 --a------ C:\Documents and Settings\All Users\Application Data\jany.dll
2008-10-22 09:33 . 2008-10-22 09:33 12,751 --a------ C:\WINDOWS\system32\ogewaga.exe
2008-10-22 09:33 . 2008-10-22 09:33 10,648 --a------ C:\WINDOWS\kyqi.sys
2008-10-22 09:33 . 2008-10-22 09:33 10,362 --a------ C:\WINDOWS\mijyvoj._dl
2008-10-22 09:33 . 2008-10-22 09:33 10,350 --a------ C:\Documents and Settings\ishaq\Application Data\qehyci.vbs
2008-10-22 09:31 . 2008-10-22 09:31 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-10-22 09:30 . 2008-10-22 09:30 <REP> d-------- C:\Program Files\Google
2008-10-21 22:17 . 2008-10-21 22:17 19,417 --a------ C:\WINDOWS\zafuzudyl.db
2008-10-21 22:17 . 2008-10-21 22:17 19,170 --a------ C:\WINDOWS\wohericige.dll
2008-10-21 22:17 . 2008-10-21 22:17 16,685 --a------ C:\WINDOWS\xebigaqipy.dll
2008-10-21 22:17 . 2008-10-21 22:17 15,023 --a------ C:\WINDOWS\fexy.scr
2008-10-21 22:17 . 2008-10-21 22:17 14,450 --a------ C:\Documents and Settings\ishaq\Application Data\uwuha.pif
2008-10-21 22:17 . 2008-10-21 22:17 12,199 --a------ C:\WINDOWS\egabijop.inf
2008-10-21 22:17 . 2008-10-21 22:17 12,182 --a------ C:\Documents and Settings\ishaq\Application Data\ujemuke.pif
2008-10-21 22:17 . 2008-10-21 22:17 12,179 --a------ C:\WINDOWS\system32\zutezo.dl
2008-10-21 22:17 . 2008-10-21 22:17 10,945 --a------ C:\Program Files\Fichiers communs\alewure.bin
2008-10-21 22:17 . 2008-10-21 22:17 10,917 --a------ C:\WINDOWS\erywajo.dll
2008-10-21 22:17 . 2008-10-21 22:17 10,650 --a------ C:\Program Files\Fichiers communs\kymunar.dat
2008-10-20 23:37 . 2008-10-30 12:37 164 --a------ C:\WINDOWS\system32\TDSSosvd.dat
2008-09-06 22:53 . 2008-09-13 21:23 <REP> d-------- C:\Documents and Settings\ishaq\Application Data\CyberLink
2008-09-06 22:06 . 2008-09-06 22:06 <REP> d-------- C:\Program Files\Remote
2008-09-06 22:04 . 2008-09-06 22:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-06 22:04 . 2006-08-10 02:31 198,144 --------- C:\WINDOWS\system32\_psisdecd.dll
2008-09-06 22:04 . 2006-08-10 02:31 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-09-06 22:02 . 2008-09-06 22:02 <REP> d-------- C:\Program Files\Cyberlink
2008-09-06 22:02 . 2006-08-10 02:31 1,047,552 --------- C:\WINDOWS\system32\MFC71u.dll
2008-09-06 21:52 . 2008-09-06 21:52 <REP> d-------- C:\Program Files\STD
2008-09-06 21:52 . 2008-09-06 22:06 <REP> d--h----- C:\Program Files\InstallShield Installation Information
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-30 13:49 3,813,051 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-10-30 11:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-30 11:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-30 11:29 --------- d-----w C:\Program Files\eMule
2008-10-22 08:31 --------- d-----w C:\Program Files\Real
2008-10-22 08:31 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-10-21 21:17 17,717 ----a-w C:\Program Files\Fichiers communs\fibidazev.dl
2008-10-20 22:43 8,529,952 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-20 22:43 116,360 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-12 17:46 --------- d-----w C:\Documents and Settings\ishaq\Application Data\dvdcss
1999-09-06 08:39 3,375 ----a-w C:\Program Files\README.TXT
.
------- Sigcheck -------
2007-06-26 15:12 697344 40a499fb8575de1c79c16686940788f1 C:\WINDOWS\system32\wininet.dll
2007-06-26 15:12 697344 40a499fb8575de1c79c16686940788f1 C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-13 14:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
2007-06-13 14:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe
2007-07-30 18:19 68440 84d9a61860272d6177d46c86b8431557 C:\WINDOWS\system32\wuauclt.exe
2007-07-30 18:19 68440 84d9a61860272d6177d46c86b8431557 C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2006-02-01 98304]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~2\wcescomm.exe" [2006-06-21 1211176]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-09-28 722160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-08 7561216]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-27 217088]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 155648]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 919016]
"DNS7reminder"="C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.exe" [2004-11-15 729088]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-10-22 185872]
C:\Documents and Settings\ishaq\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
SimHID.lnk - C:\Program Files\Remote\SimHID\SimHID.exe [2008-09-06 417792]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 13:51 73728 C:\WINDOWS\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\FICHIE~1\SONYSH~1\VideoLib\sonydv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Cyberlink\\PowerCinema\\PowerCinema.exe"=
"C:\\Program Files\\Cyberlink\\PowerCinema\\PCMService.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 226304]
S3 StreamSurge;StreamSurge Driver (miniport);C:\WINDOWS\system32\DRIVERS\ss.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb54af43-cdae-11dc-9b0d-0013a949b401}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toy.exe
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-Workflow - D:\install\Workflow.exe
SafeBoot-TDSSmhxt.sys
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\ishaq\Application Data\Mozilla\Firefox\Profiles\pjzi1wi5.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 14:49:33
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
-> ?:\WINDOWS\System32\CSCDLL.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Cyberlink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Cyberlink\PowerCinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Heure de fin: 2008-10-30 14:52:54 - La machine a redémarré [ishaq]
ComboFix-quarantined-files.txt 2008-10-30 13:52:49
Avant-CF: 60,468,920,320 octets libres
Après-CF: 60,422,111,232 octets libres
233 --- E O F --- 2007-09-10 20:19:15
nojaranis
Messages postés
25
Date d'inscription
samedi 22 septembre 2007
Statut
Membre
Dernière intervention
22 février 2013
30 oct. 2008 à 15:05
30 oct. 2008 à 15:05
donc voila que dois-je faire ensuite?
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
31 oct. 2008 à 07:07
31 oct. 2008 à 07:07
télecharge https://www.clubic.com/telecharger-fiche17891-hijackthis.html
Lance HijackThis en double cliquant sur son icône puis cliquez sur le bouton ""do a system scan and save a logfile""
Le rapport est retranscrit aussitôt apres le scan dans une fenêtre de type Bloc-notes
fait un copier/coller et poste dans le forum
Lance HijackThis en double cliquant sur son icône puis cliquez sur le bouton ""do a system scan and save a logfile""
Le rapport est retranscrit aussitôt apres le scan dans une fenêtre de type Bloc-notes
fait un copier/coller et poste dans le forum