Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[resolu] mikolobe.dll, bakafe.dll ??? Help svp :-) ??


djjs

Messages recommandés

OK je l ai recharger et oui ca marchait mieu direct (par contre la ligne de code pour le desinstaller ne marchait pas, ptet parceque j ai windows version americaine..?)

voila le combofix

 

ComboFix 09-03-30.02 - Jean-Sebastien 2009-03-30 21:59:33.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.33.1033.18.1014.572 [GMT -7:00]

Lancé depuis: c:\documents and settings\Jean-Sebastien\Desktop\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\Jean-Sebastien\Desktop\CFScript.txt

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)

FW: ZoneAlarm Firewall *enabled*

* Un nouveau point de restauration a été créé

 

FILE ::

c:\windows\Internet Logs\xDBE.tmp

c:\windows\Internet Logs\xDBF.tmp

c:\windows\system32\dwabho.dll

c:\windows\system32\hajovapa.exe

c:\windows\system32\wodezoga.exe

c:\windows\system32\zagubura.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\Internet Logs\xDBE.tmp

c:\windows\Internet Logs\xDBF.tmp

c:\windows\system32\dwabho.dll

c:\windows\system32\hajovapa.exe

c:\windows\system32\wodezoga.exe

c:\windows\system32\zagubura.exe

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-31 ))))))))))))))))))))))))))))))))))))

.

 

2009-03-30 00:46 . 2009-03-30 00:56 <DIR> d-------- C:\COlaF

2009-03-29 11:18 . 2009-03-29 11:19 <DIR> d-------- c:\documents and settings\Jean-Sebastien\Application Data\W Photo Studio Viewer

2009-03-28 23:23 . 2009-03-28 23:23 54,156 --ah----- c:\windows\QTFont.qfn

2009-03-28 23:23 . 2009-03-28 23:23 1,409 --a------ c:\windows\QTFont.for

2009-03-15 09:07 . 2009-03-15 09:07 <DIR> d-------- c:\program files\Common Files\Windows Live

2009-03-03 17:37 . 2009-03-03 17:37 <DIR> d-------- c:\program files\MSECache

2009-02-15 21:16 . 2009-02-15 21:16 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-02-01 12:53 . 2009-02-07 09:06 <DIR> d-------- c:\documents and settings\Jean-Sebastien\Application Data\skypePM

2009-02-01 12:53 . 2009-02-01 12:53 48 --ah----- c:\windows\system32\ezsidmv.dat

2009-02-01 12:45 . 2009-02-01 12:45 <DIR> d-------- c:\program files\Skype

2009-02-01 12:45 . 2009-02-01 12:45 <DIR> d-------- c:\program files\Common Files\Skype

2009-02-01 12:45 . 2009-02-07 09:12 <DIR> d-------- c:\documents and settings\Jean-Sebastien\Application Data\Skype

2009-02-01 12:44 . 2009-02-01 12:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-31 05:06 41,476,128 --sha-w c:\windows\system32\drivers\fidbox.dat

2009-03-30 17:53 488,180 --sha-w c:\windows\system32\drivers\fidbox.idx

2009-03-30 07:11 10,229,758 ----a-w c:\windows\Internet Logs\tvDebug.zip

2009-03-18 15:02 --------- d-----w c:\program files\Spybot

2009-03-18 14:56 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-03-16 17:07 --------- d-----w c:\documents and settings\Jean-Sebastien\Application Data\Vso

2009-03-12 01:34 102,344 ----a-w c:\documents and settings\Jean-Sebastien\Application Data\GDIPFONTCACHEV1.DAT

2009-03-06 06:05 --------- d-----w c:\program files\IsoBuster

2009-02-27 04:34 --------- d-----w c:\program files\Microsoft Silverlight

2009-02-20 19:03 --------- d-----w c:\program files\eMule

2009-02-16 04:16 410,984 ----a-w c:\windows\system32\deploytk.dll

2009-02-11 03:52 5,632 --sha-w c:\program files\Thumbs.db

2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys

2009-01-30 20:07 --------- d-----w c:\program files\Avira

2009-01-30 20:07 --------- d-----w c:\documents and settings\All Users\Application Data\Avira

2009-01-30 19:53 --------- d-----w c:\program files\Fruityloops7

2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll

2008-12-05 06:54 144,896 ----a-w c:\windows\system32\schannel.dll

2006-10-30 22:53 0 ----a-w c:\documents and settings\Jean-Sebastien\Application Data\wklnhst.dat

2008-10-22 19:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102220081023\index.dat

.

 

((((((((((((((((((((((((((((( SnapShot_2009-03-30_ 0.18.53.26 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-03-31 04:39:11 16,384 ----atw c:\windows\temp\Perflib_Perfdata_260.dat

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-27 98304]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-27 118784]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]

"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 919016]

"TPSMain"="TPSMain.exe" [2005-05-31 c:\windows\system32\TPSMain.exe]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-02-15 155648]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.MJPG"= m3jpeg32.dll

"vidc.dmb1"= m3jpeg32.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=

"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe

"c:\\Program Files\\Medal of Honor Pacific Assault\\mohpa.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Ubisoft\\Far Cry\\Bin32\\FarCry.exe"=

"c:\\Program Files\\VLC\\vlc.exe"=

"c:\\Team17\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=

"c:\\Program Files\\Cossacks\\dmcr.exe"=

"c:\\WINDOWS\\system32\\dplaysvr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\WINDOWS\\system32\\TPSBattM.exe"=

"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFSvcs.exe"=

"c:\\Program Files\\Microsoft LifeCam\\MSCamS32.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Spybot\\TeaTimer.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpsvc.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

R0 HWFProt;Hywave File Protector HWFProt;c:\windows\system32\drivers\HWFProt.sys [2006-10-27 44480]

R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2009-01-30 164097]

R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2009-01-30 258305]

R2 AVEService;Avira AntiVir Premium MailGuard helper service;c:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2009-01-30 41217]

S3 EAGLE2RC;Analog/DVB-T Hybrid Tv Infrared Receiver;c:\windows\system32\drivers\Eagle2RC.sys [2007-04-07 8576]

S3 Eagle2TV;TV tuner device;c:\windows\system32\drivers\Eagle2TV_B.sys [2007-04-07 384128]

S3 EWAVE;EWAVE;\??\c:\windows\system32\drivers\ew.sys --> c:\windows\system32\drivers\ew.sys [?]

S3 FILESPY;FILESPY;\??\c:\windows\system32\drivers\FILESPY.sys --> c:\windows\system32\drivers\FILESPY.sys [?]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-10-04 13352]

S3 NETMDSHA;MDSHA031;c:\windows\system32\drivers\MDSHA031.sys [2008-06-22 35331]

S3 NSTATION;NSTATION;\??\c:\windows\system32\drivers\nstation.sys --> c:\windows\system32\drivers\nstation.sys [?]

.

Contenu du dossier 'Tâches planifiées'

 

2009-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2719839664-1612303478-808430666-1005.job

- c:\documents and settings\Jean-Sebastien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-16 17:55]

 

2007-08-25 c:\windows\Tasks\Microsoft_Hardware_Launch_setup_exe.job

- D:\setup.exe []

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.yahoo.fr/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

LSP: avsda.dll

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-30 22:06:20

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG10.00.00.01WORKSTATION"="C50D2FED5EE752DF6F89D31287CD385A3111AEAA5D8BB631355AF4EEB643970B88C501F6D12

480C51CD058AF7E79E035172CFADB99B92DE874D70E2753B0ED8A78D04CCA49B319476C504B3F6B6B

41C7AE9A8FFA39A9904017DD7449C7CA16052620DA2B99B3DF36043A33CB48D3EB00536FCE7D7DBB6

05E4C8285D3B9449BF7B46829BF6E480C8C9D86CAC5E5E364EE7003D0BEF9538D8BD39DD7AA22D27C

86DAA4E814C496CBE582F08102645624C88971E079175B7E3786CD33134D2F2EF963940117EE4B3D8

115F678B83CE41866FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C

FEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B98089

DB7CE019D40AA5C6C79D870FCAECAFB49A74ACB694C3EED0EB2322B5F103CD4F16BC291143DE51882

6E555935F256EFE1E62EEFD7F255645CD891122C735653C203279D0A0E3D0E9E49B0FAC6ADFE0335B

A0C06DD1A0F78D0168897EB8E9CD6E6F00D1774DA9A8307DF891BF9A19ECA1B3A3E1B691A1059F863

CEB5516521C9C1AF27FEE9791CBC904B30E66C95800400BFD2273D476F5CF6FBCEC9E58068BA487B5

FBBD84455A0A76A2AEB10D3E48F646A0D7F70FD3C7BFE62A995046DEFD986D650988397CD3A4BDE32

1F2CAB80F0DB1FE2E2EC1EF6D2DA5731BEDB3DA1FD99854CC27AD57FB60E8F33D758EFF9CE8E827EF

0738C9322E665EE4DF0826222B391D7CCAA65D96B18A5D2D004F5ED76B9823EAD94AE7C5095581CAF

1BD786E11C482B2D4FAE3FCD251062A870196DD7AD4B3681B7F18EE5EB3FA9B606D9D8012CB9B1BFF

71F88F88381ED6433397B074ED22C389745998E036FBA1933A71864D23C0DC00BA980AA16EE32EAB6

368FB992CE9A04441CE31C8880A66E7466F31791E7915441436348D593A18737F917CE89B9AF789E6

EA5833CCEF936F0BF16C5FE1BC77FA66567574CEBE069C76BF04451D44E8E5EB70DDC76FAF25027DF

1543C575EBAD9B8EB1831BBBC8254E7D71BE9EA00CA08EF839E51D68858164F60105A35D6EADD63FD

E9A72886730042061063A6735F00E33417FAFBFD8F44EBA5BA4EBFBF4305FFD7B8F9B9C7FE67749FA

067FB047238F70AD2E3EEBC9B75BE19A6003BDD74C92540DF9F085858809F6714E604F7541983B7A9

B6E1FE73AD72BA71AE5D4A1FC214F0A14E29622397024E492DED324B4052399137ACB74D262D5E0D7

20B415A00F01DB3E7365357F355670AB159570D004BB6F862EAAE83AF0A798435518A5793700E379B

A4C4EC7B6919E152FB0A8C7979DD50C6B38EF0EC9E8152ABA7BFC2DC463746EE3E8335FA5636F6E6B

05CCB39764195A2834E9CF096510009C207547384CD2E5AD9D5E7C09D7D7FCA1B3160FACAE7ACFEBA

3E8E49EEE37D7578A21B6E758BBD0"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'lsass.exe'(1096)

c:\windows\system32\avsda.dll

.

Heure de fin: 2009-03-30 22:10:07

ComboFix-quarantined-files.txt 2009-03-31 05:10:01

ComboFix2.txt 2009-03-30 07:55:58

ComboFix3.txt 2009-03-30 07:20:46

ComboFix4.txt 2009-01-08 23:39:26

 

Avant-CF: 4,526,313,472 bytes free

Après-CF: 4,526,604,288 bytes free

 

175 --- E O F --- 2009-03-16 04:04:51

 

 

et le hijack

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:17:29 PM, on 3/30/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\crypserv.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Jean-Sebastien\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Documents and Settings\Jean-Sebastien\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jean-Sebastien\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jean-Sebastien\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\trend micro\hijackthis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://online-search.c.la/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: DWABrowserHlprObj Class - {2709D830-B643-4e72-9A1E-701CFFFCF30C} - C:\WINDOWS\system32\dwabho.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart

O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (Lotus Quickr Class) - http://e.absparis.com/qp2.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126fd.bay126.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://inside.sfsu.edu/mail04b/dwa7W.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe

O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe

O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe

O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 10408 bytes

 

 

 

Merci encore !

Lien vers le commentaire
Partager sur d’autres sites

• relance HijackThis "do a system scan only" , coche uniquement les lignes ci dessous et clic Fixchecked::

 

O2 - BHO: DWABrowserHlprObj Class - {2709D830-B643-4e72-9A1E-701CFFFCF30C} - C:\WINDOWS\system32\dwabho.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

 

==> clic Fixchecked

 

• tu peux réactiver le guard d'antivir et effectuer un scan complet de ton system et poster le rapport

tu ignores ComboFix à la détection et tu quarantine le reste.

 

• tu te rajoutes un antimalware MBAM pour effectuer un scan rapide, tu quarantine les detections (tu ne supprimes pas la quarantine avant que je te le dises.

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

 

* Double clique sur le fichier téléchargé pour lancer le processus d'installation.

* Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.

* Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".

* Sélectionne "Exécuter un examen rapide"

* Clique sur "Rechercher"

* L'analyse démarre, le scan est relativement long, c'est normal.

* A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

 

Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.

* Ferme tes navigateurs.

* Si des malwares ont été détectés, clique sur Afficher les résultats.

Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

* MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

 

tuto:: http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php

 

 

Par politesse , tu spécifies sur l'autre forum que tu es deja aidé!!!!!

http://www.commentcamarche.net/forum/affic...bakafe-help-svp

Lien vers le commentaire
Partager sur d’autres sites

Oui j avais pas remarquer qu on m avait repondu sur l autre forum, jvien drepondre !

antivir:

 

 

 

Avira AntiVir Premium

Report file date: Monday, March 30, 2009 22:42

 

Scanning for 1302306 virus strains and unwanted programs.

 

Licensed to: Poirier Jean-Sebastien

Serial number: 2201069558-PEPWE-0001

Platform: Windows XP

Windows version: (Service Pack 3) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: JS

 

Version information:

BUILD.DAT : 8.1.0.367 20012 Bytes 12/08/2008 11:31:00

AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 18:57:53

AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 17:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 22:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 17:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 20:29:38

ANTIVIR1.VDF : 7.1.1.113 2817536 Bytes 14/01/2009 16:15:34

ANTIVIR2.VDF : 7.1.1.207 1359360 Bytes 30/01/2009 23:35:16

ANTIVIR3.VDF : 7.1.1.208 2048 Bytes 30/01/2009 23:35:16

Engineversion : 8.2.0.60

AEVDF.DLL : 8.1.0.6 102772 Bytes 15/10/2008 19:49:38

AESCRIPT.DLL : 8.1.1.32 340347 Bytes 22/01/2009 23:44:02

AESCN.DLL : 8.1.1.5 123251 Bytes 08/11/2008 01:35:16

AERDL.DLL : 8.1.1.3 438645 Bytes 05/11/2008 16:43:26

AEPACK.DLL : 8.1.3.5 393588 Bytes 09/01/2009 19:36:14

AEOFFICE.DLL : 8.1.0.33 196987 Bytes 11/12/2008 23:54:10

AEHEUR.DLL : 8.1.0.86 1552759 Bytes 22/01/2009 23:44:02

AEHELP.DLL : 8.1.2.0 119159 Bytes 19/11/2008 01:06:00

AEGEN.DLL : 8.1.1.10 323957 Bytes 17/01/2009 01:24:20

AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 19:49:36

AECORE.DLL : 8.1.5.2 172405 Bytes 28/11/2008 17:28:20

AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 19:49:34

AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 18:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 19:28:01

AVREP.DLL : 7.0.0.1 155688 Bytes 01/07/2008 00:35:20

AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 21:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 18:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 22:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/01/2008 03:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 22:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 22:05:10

RCIMAGE.DLL : 8.0.0.51 2564353 Bytes 12/06/2008 23:29:30

RCTEXT.DLL : 8.0.51.0 86273 Bytes 27/06/2008 21:00:56

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition premium\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: Monday, March 30, 2009 22:42

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'chrome.exe' - '1' Module(s) have been scanned

Scan process 'chrome.exe' - '1' Module(s) have been scanned

Scan process 'chrome.exe' - '1' Module(s) have been scanned

Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'usnsvc.exe' - '1' Module(s) have been scanned

Scan process 'RAMASST.exe' - '1' Module(s) have been scanned

Scan process 'TPSBattM.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'zlclient.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'TvsTray.exe' - '1' Module(s) have been scanned

Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned

Scan process 'THotkey.exe' - '1' Module(s) have been scanned

Scan process 'ehtray.exe' - '1' Module(s) have been scanned

Scan process 'igfxpers.exe' - '1' Module(s) have been scanned

Scan process 'wscntfy.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned

Scan process 'avwebgrd.exe' - '1' Module(s) have been scanned

Scan process 'avmailc.exe' - '1' Module(s) have been scanned

Scan process 'TAPPSRV.exe' - '1' Module(s) have been scanned

Scan process 'swupdtmr.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned

Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned

Scan process 'jqs.exe' - '1' Module(s) have been scanned

Scan process 'DVDRAMSV.exe' - '1' Module(s) have been scanned

Scan process 'Crypserv.exe' - '1' Module(s) have been scanned

Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned

Scan process 'avesvc.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'vsmon.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned

Scan process 'EvtEng.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

49 processes with 49 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '69' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <SQ004126P01>

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\Jean-Sebastien\My Documents\Games\Sam_and_Max_Season_2_Episode_1_Ice_Station_Santa-RAZOR\rzrsm280.zip

[0] Archive type: ZIP

--> rzrsm2.r78

[1] Archive type: RAR

--> crack.zip

[WARNING] No further files can be extracted from this archive. The archive will be closed

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP611\A0175422.dll

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to '4a02cf60.qua'!

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP611\A0175424.dll

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to '4a02cf61.qua'!

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP611\A0175427.exe

[DETECTION] Is the TR/Killav.28714 Trojan

[NOTE] The file was moved to '4e94ba2a.qua'!

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP611\A0175438.dll

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to '4a02cf62.qua'!

C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP611\A0175439.dll

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to '4e94ba2b.qua'!

 

 

End of the scan: Tuesday, March 31, 2009 01:29

Used time: 2:47:20 Hour(s)

 

The scan has been done completely.

 

25948 Scanning directories

818704 Files were scanned

5 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

5 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

818697 Files not concerned

13804 Archives were scanned

3 Warnings

5 Notes

 

 

 

malware bytes:

Malwarebytes' Anti-Malware 1.35

Version de la base de données: 1922

Windows 5.1.2600 Service Pack 3

 

3/30/2009 11:12:22 PM

mbam-log-2009-03-30 (23-12-22).txt

 

Type de recherche: Examen rapide

Eléments examinés: 80416

Temps écoulé: 16 minute(s), 13 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 3

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 1

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

Lien vers le commentaire
Partager sur d’autres sites

tres bien , pas grand chose , tu peux vider la quarantine d'antivir ainsi que celle de MBAM

 

• Finir le nettoyage :

- Nettoye ton ordinateur avec ATFCeaner(à utiliser régulièrement!):

 

telecharge sur ton bureau:

 

- AtfCleaner --> http://www.atribune.org/ccount/click.php?id=1

 

ATF Cleaner

Double-clique ATF-Cleaner.exe afin de lancer le programme.

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected, patiente le temp du nettoyage, ok

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All

Clique le bouton Empty Selected

Patiente le temp du nettoyage

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

Le prochain démarrage du PC sera un peu plus long , le prefetch ayant été vidé.

 

• naviguer avec FireFox http://www.mozilla-europe.org/fr/firefox/ , JavaScript désactivé quand on sait pas ou on surf, ça peut éviter les IFrames pourries javaScript sur une page web pourries http://www.certa.ssi.gouv.fr/site/CERTA-20...-001/index.html

 

1237009714-jsff.jpg

http://imagesup.org/images/1237009714-jsff.jpg

 

• Configurer FireFox pour vider cache, cookies ...... à sa fermeture:

 

1237009855-clrff.jpg

http://imagesup.org/images/1237009855-clrff.jpg

 

• Lire sécuriser FireFox:: http://www.malekal.com/securiser_Firefox.php

 

- Désactive puis réactive la restauration du système :

- Mode d'emploi Windows XP: http://service1.symantec.com/SUPPORT/INTER...020830101856924

 

• desinstalle ComboFix en copiant|collant la ligne cidessous du cadre dans executer et valide:

 

ComboFix /u

 

puis supprime son dossier restant c:\combofix , c:\COlaF , C:\Program Files\trend micro\backups

 

et normalement c'est ok :P , tu pourras utiliser l'onglet "editer" sous ton 1er message et ajouter[resolu] dans le titre .

 

Bye \o_

Lien vers le commentaire
Partager sur d’autres sites

Genial, merci beaucoup pour tout ces conseils !

Oh juste avant, est ce que tu connaitrais un autre moyen de uninstall combofix par hasard ?? Car la ligne de code ne fonctionne pas je comprend pas (due a version americaine de windows ..?)..

Lien vers le commentaire
Partager sur d’autres sites

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...