Actualité informatique
Test comparatif matériel informatique
Jeux vidéo
Astuces informatique
Vidéo
Télécharger
Services en ligne
Forum informatique
01Business

|-  SECURITE


|||-  

infecté par vundo + pop ups + messages "image incorrecte"

 

pépère.
Ajouter une réponse
 

 
Page photos
 
     
Vider la liste des messages à citer
 
 Page :
1
Auteur
 Sujet :

infecté par vundo + pop ups + messages "image incorrecte"

Prévenir les modérateurs en cas d'abus 
canacell
canacell
  1. Posté le 27/12/2008 à 20:20:55  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour,
 j'ai plusieurs problemes sur mon PC.

 Selon Windowsdefender,je suis infectée par un trojan nommé vundo.gen mais j'ai beau le supprimer, il revient systématiquement.

 J'ai également des pop-ups intempestives, principalement pour des antivirus, qui s'ouvrent dans IE alors que je navigue sur firefox.

 Et enfin, depuis hier il y a des messages qui s'ouvrent pour tous les .exe disant "image incorrecte, le programme n'est pas conçu pour s'executer sous windows ou il contient une erreur..."

 Avec tout ça, ce n'est pas très étonnant, mais l'ordi rame énormément quand il ne plante pas tout simplement.

 Je suis sous vista, j'ai fait des scans et nettoyages, mais là j'atteins la limite (pas bien haute) de mes capacités informatiques. Si quelqu'un peut m'aider, ce serait bien, je peux poster un hijackthis si c'est utile.

 Merci beaucoup

  1. homepage
naheulbeuk7
Membre impliqué (de 20 000 à 29 999 messages postés)
  1. Posté le 27/12/2008 à 20:39:04  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
bonjour,

 Télécharge ComboFix (créé par sUBs) sur ton Bureau

 Démarre en mode sans échec : http://forum.telecharger.01net [...] ges-1.html


 
  • Double clique combofix.exe.
  • Le scan va démarrer, laisse toi guider.
  • ComboFix redémarrera ton PC
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse

 NOTE : Le rapport se trouve également ici : C:\Combofix.txt

 ;)


---------------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
(Publicité)
canacell
  1. Posté le 27/12/2008 à 21:54:42  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut,
 merci, c'est gentil de jeter un oeil à mon pb.

 voici le rapport de combofix:

 ComboFix 08-12-26.03 - jerem 2008-12-27 21:06:31.1 - NTFSx86 MINIMAL
 Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6001.1.1252.1.1036.18.3070​.2590 [GMT 1:00]
 Lancé depuis: c:\users\jerem\Desktop\ComboFi​x.exe
 AV: Pack sécurité Numericable 7.03 *On-access scanning disabled* (Outdated)
 FW: Pack sécurité Numericable 7.03 *disabled*
 .

 ((((((((((((((((((((((((((((((​((((((   Autres suppressions   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .

 c:\windows\system32\bubozozi.d​ll
 c:\windows\system32\dezuzara.d​ll
 c:\windows\system32\fopivagi.d​ll
 c:\windows\system32\mirupuho.d​ll
 c:\windows\system32\mupupega.d​ll
 c:\windows\system32\pomikiwa.d​ll
 c:\windows\system32\rafupoka.d​ll
 c:\windows\system32\wagebuba.d​ll

 .
 (((((((((((((((((((((((((((((   Fichiers créés du 2008-11-27 au 2008-12-27  ))))))))))))))))))))))))))))))​))))))
 .

 2008-12-27 18:17 . 2008-12-27 18:17 <REP> d-------- c:\users\jerem\AppData\Roaming​\F-Secure
 2008-12-27 17:58 . 2008-12-27 18:30 60,064 --a------ c:\windows\System32\drivers\fs​dfw.sys
 2008-12-27 17:58 . 2008-02-13 11:38 36,616 --a------ c:\windows\System32\drivers\fs​es.sys
 2008-12-27 17:57 . 2008-12-27 17:57 <REP> d-------- c:\users\All Users\F-Secure
 2008-12-27 17:57 . 2008-12-27 17:57 <REP> d-------- c:\progra~2\F-Secure
 2008-12-27 17:55 . 2008-12-27 20:52 <REP> d-------- c:\program files\PacksecuriteNumericable
 2008-12-27 17:37 . 2008-12-27 17:52 <REP> d-------- c:\users\All Users\fssg
 2008-12-27 17:37 . 2008-12-27 17:52 <REP> d-------- c:\progra~2\fssg
 2008-12-27 15:22 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCod​ecs.dll
 2008-12-27 15:22 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
 2008-12-27 15:22 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetad​ataHandler.dll
 2008-12-27 15:22 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCod​ecsExt.dll
 2008-12-27 15:22 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.d​ll
 2008-12-27 15:22 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDe​viceApi.dll
 2008-12-27 15:22 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.a​x
 2008-12-27 15:22 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.a​x
 2008-12-27 15:22 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
 2008-12-27 15:22 . 2008-04-23 05:41 57,856 --a------ c:\windows\System32\MSDvbNP.ax
 2008-12-27 15:21 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.d​ll
 2008-12-27 15:21 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
 2008-12-27 15:19 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dl​l
 2008-12-27 03:21 . 2008-12-27 03:21 <REP> d-------- c:\program files\CCleaner
 2008-12-27 03:12 . 2008-12-27 03:19 <REP> d-------- c:\users\All Users\yifivika
 2008-12-27 03:12 . 2008-12-27 03:12 <REP> d-------- c:\users\All Users\nifibuja
 2008-12-27 03:12 . 2008-12-27 03:19 <REP> d-------- c:\progra~2\yifivika
 2008-12-27 03:12 . 2008-12-27 03:12 <REP> d-------- c:\progra~2\nifibuja
 2008-12-27 03:11 . 2008-12-27 03:11 <REP> d-------- c:\users\All Users\zahahafa
 2008-12-27 03:11 . 2008-12-27 03:11 <REP> d-------- c:\users\All Users\rapuweri
 2008-12-27 03:11 . 2008-12-27 03:11 <REP> d-------- c:\progra~2\zahahafa
 2008-12-27 03:11 . 2008-12-27 03:11 <REP> d-------- c:\progra~2\rapuweri
 2008-12-26 23:59 . 2008-12-27 00:00 <REP> d-------- c:\users\All Users\Lavasoft
 2008-12-26 23:59 . 2008-12-26 23:59 <REP> d-------- c:\program files\Lavasoft
 2008-12-26 23:59 . 2008-12-27 00:00 <REP> d-------- c:\progra~2\Lavasoft
 2008-12-26 23:57 . 2008-12-26 23:57 <REP> d-------- c:\program files\Common Files\Wise Installation Wizard
 2008-12-26 23:43 . 2008-12-27 19:57 <REP> d-------- C:\hijackthis
 2008-12-26 23:28 . 2008-12-27 19:50 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
 2008-12-26 23:28 . 2008-12-27 14:36 <REP> d-------- c:\program files\Spybot - Search & Destroy
 2008-12-26 23:28 . 2008-12-27 19:50 <REP> d-------- c:\progra~2\Spybot - Search & Destroy
 2008-12-26 15:03 . 2008-12-26 15:26 <REP> d-------- c:\users\All Users\zobubabe
 2008-12-26 15:03 . 2008-12-26 15:03 <REP> d-------- c:\users\All Users\vobulofo
 2008-12-26 15:03 . 2008-12-26 15:26 <REP> d-------- c:\progra~2\zobubabe
 2008-12-26 15:03 . 2008-12-26 15:03 <REP> d-------- c:\progra~2\vobulofo
 2008-12-26 01:59 . 2008-12-26 01:59 <REP> d-------- c:\users\jerem\AppData\Roaming​\Dragon Altar Games
 2008-12-26 01:43 . 2008-12-26 01:43 <REP> d-------- c:\users\All Users\mugugusu
 2008-12-26 01:43 . 2008-12-26 15:03 <REP> d-------- c:\users\All Users\jolemovu
 2008-12-26 01:43 . 2008-12-26 01:43 <REP> d-------- c:\progra~2\mugugusu
 2008-12-26 01:43 . 2008-12-26 15:03 <REP> d-------- c:\progra~2\jolemovu
 2008-12-25 13:43 . 2008-12-25 23:12 <REP> d-------- c:\users\All Users\lobumije
 2008-12-25 13:43 . 2008-12-25 13:43 <REP> d-------- c:\users\All Users\kaleguli
 2008-12-25 13:43 . 2008-12-25 23:12 <REP> d-------- c:\progra~2\lobumije
 2008-12-25 13:43 . 2008-12-25 13:43 <REP> d-------- c:\progra~2\kaleguli
 2008-12-25 12:43 . 2008-12-25 12:43 <REP> d-------- c:\users\All Users\wiyatuto
 2008-12-25 12:43 . 2008-12-25 12:43 <REP> d-------- c:\users\All Users\sivotumo
 2008-12-25 12:43 . 2008-12-25 12:43 <REP> d-------- c:\users\All Users\ramuzovi
 2008-12-25 12:43 . 2008-12-25 12:43 <REP> d-------- c:\users\All Users\pefedamu
 2008-12-25 12:43 . 2008-12-26 14:59 <REP> d-------- c:\users\All Users\jubetufa
 2008-12-25 12:43 . 2008-12-25 12:43 <REP> d-------- c:\progra~2\wiyatuto
 2008-12-25 12:43 . 2008-12-25 12:43 <REP> d-------- c:\progra~2\sivotumo
 2008-12-25 12:43 . 2008-12-25 12:43 <REP> d-------- c:\progra~2\ramuzovi
 2008-12-25 12:43 . 2008-12-25 12:43 <REP> d-------- c:\progra~2\pefedamu
 2008-12-25 12:43 . 2008-12-26 14:59 <REP> d-------- c:\progra~2\jubetufa
 2008-12-24 15:54 . 2008-12-25 12:43 <REP> d-------- c:\users\All Users\zokelika
 2008-12-24 15:54 . 2008-12-25 12:43 <REP> d-------- c:\users\All Users\lulekosa
 2008-12-24 15:54 . 2008-12-24 15:54 <REP> d-------- c:\users\All Users\dosoyahe
 2008-12-24 15:54 . 2008-12-25 12:43 <REP> d-------- c:\progra~2\zokelika
 2008-12-24 15:54 . 2008-12-25 12:43 <REP> d-------- c:\progra~2\lulekosa
 2008-12-24 15:54 . 2008-12-24 15:54 <REP> d-------- c:\progra~2\dosoyahe
 2008-12-24 15:53 . 2008-12-24 15:53 <REP> d-------- c:\users\All Users\zipumoha
 2008-12-24 15:53 . 2008-12-24 15:53 <REP> d-------- c:\users\All Users\mosanugo
 2008-12-24 15:53 . 2008-12-24 15:53 <REP> d-------- c:\progra~2\zipumoha
 2008-12-24 15:53 . 2008-12-24 15:53 <REP> d-------- c:\progra~2\mosanugo
 2008-12-24 14:41 . 2008-12-24 14:41 <REP> d-------- c:\users\All Users\vagazodi
 2008-12-24 14:41 . 2008-12-24 14:41 <REP> d-------- c:\users\All Users\powenewe
 2008-12-24 14:41 . 2008-12-24 15:54 <REP> d-------- c:\users\All Users\nomifeyi
 2008-12-24 14:41 . 2008-12-24 14:41 <REP> d-------- c:\users\All Users\nadusajo
 2008-12-24 14:41 . 2008-12-24 15:54 <REP> d-------- c:\users\All Users\jobagiyu
 2008-12-24 14:41 . 2008-12-24 14:41 <REP> d-------- c:\users\All Users\hisekeke
 2008-12-24 14:41 . 2008-12-24 14:41 <REP> d-------- c:\progra~2\vagazodi
 2008-12-24 14:41 . 2008-12-24 14:41 <REP> d-------- c:\progra~2\powenewe
 2008-12-24 14:41 . 2008-12-24 15:54 <REP> d-------- c:\progra~2\nomifeyi
 2008-12-24 14:41 . 2008-12-24 14:41 <REP> d-------- c:\progra~2\nadusajo
 2008-12-24 14:41 . 2008-12-24 15:54 <REP> d-------- c:\progra~2\jobagiyu
 2008-12-24 14:41 . 2008-12-24 14:41 <REP> d-------- c:\progra~2\hisekeke
 2008-12-23 17:26 . 2008-12-23 17:26 <REP> d-------- c:\users\All Users\vamonumi
 2008-12-23 17:26 . 2008-12-24 14:41 <REP> d-------- c:\users\All Users\polekove
 2008-12-23 17:26 . 2008-12-23 17:26 <REP> d-------- c:\users\All Users\pobokifi
 2008-12-23 17:26 . 2008-12-23 17:26 <REP> d-------- c:\users\All Users\nizoguya
 2008-12-23 17:26 . 2008-12-25 12:43 <REP> d-------- c:\users\All Users\mufewulu
 2008-12-23 17:26 . 2008-12-23 17:26 <REP> d-------- c:\users\All Users\hejivole
 2008-12-23 17:26 . 2008-12-23 17:26 <REP> d-------- c:\progra~2\vamonumi
 2008-12-23 17:26 . 2008-12-24 14:41 <REP> d-------- c:\progra~2\polekove
 2008-12-23 17:26 . 2008-12-23 17:26 <REP> d-------- c:\progra~2\pobokifi
 2008-12-23 17:26 . 2008-12-23 17:26 <REP> d-------- c:\progra~2\nizoguya
 2008-12-23 17:26 . 2008-12-25 12:43 <REP> d-------- c:\progra~2\mufewulu
 2008-12-23 17:26 . 2008-12-23 17:26 <REP> d-------- c:\progra~2\hejivole
 2008-12-23 05:26 . 2008-12-23 05:26 <REP> d-------- c:\users\All Users\hatugepe
 2008-12-23 05:26 . 2008-12-23 05:26 <REP> d-------- c:\users\All Users\donikibi
 2008-12-23 05:26 . 2008-12-23 05:26 <REP> d-------- c:\progra~2\hatugepe
 2008-12-23 05:26 . 2008-12-23 05:26 <REP> d-------- c:\progra~2\donikibi
 2008-12-23 03:52 . 2008-12-23 03:52 <REP> d-------- c:\users\All Users\vuseyiju
 2008-12-23 03:52 . 2008-12-23 05:26 <REP> d-------- c:\users\All Users\rakevaka
 2008-12-23 03:52 . 2008-12-23 03:52 <REP> d-------- c:\progra~2\vuseyiju
 2008-12-23 03:52 . 2008-12-23 05:26 <REP> d-------- c:\progra~2\rakevaka
 2008-12-23 03:29 . 2008-12-23 03:29 <REP> d-------- c:\users\All Users\wivevevi
 2008-12-23 03:29 . 2008-12-23 03:52 <REP> d-------- c:\users\All Users\fadagupu
 2008-12-23 03:29 . 2008-12-23 03:29 <REP> d-------- c:\progra~2\wivevevi
 2008-12-23 03:29 . 2008-12-23 03:52 <REP> d-------- c:\progra~2\fadagupu
 2008-12-23 03:07 . 2008-12-23 03:07 <REP> d-------- c:\users\All Users\rujazeke
 2008-12-23 03:07 . 2008-12-23 03:07 <REP> d-------- c:\users\All Users\gakewake
 2008-12-23 03:07 . 2008-12-23 03:07 <REP> d-------- c:\progra~2\rujazeke
 2008-12-23 03:07 . 2008-12-23 03:07 <REP> d-------- c:\progra~2\gakewake
 2008-12-23 02:44 . 2008-12-23 02:44 <REP> d-------- c:\users\All Users\zarajubo
 2008-12-23 02:44 . 2008-12-23 02:44 <REP> d-------- c:\users\All Users\pekebera
 2008-12-23 02:44 . 2008-12-23 02:44 <REP> d-------- c:\progra~2\zarajubo
 2008-12-23 02:44 . 2008-12-23 02:44 <REP> d-------- c:\progra~2\pekebera
 2008-12-23 02:21 . 2008-12-23 02:21 <REP> d-------- c:\users\All Users\sudutege
 2008-12-23 02:21 . 2008-12-23 02:21 <REP> d-------- c:\users\All Users\juzozegi
 2008-12-23 02:21 . 2008-12-23 02:21 <REP> d-------- c:\progra~2\sudutege
 2008-12-23 02:21 . 2008-12-23 02:21 <REP> d-------- c:\progra~2\juzozegi
 2008-12-23 02:05 . 2008-12-23 02:05 <REP> d-------- c:\users\jerem\AppData\Roaming​\World-LooM
 2008-12-23 01:52 . 2008-12-23 01:52 <REP> d-------- c:\windows\Fix-it-up - Kates Adventure
 2008-12-22 14:03 . 2008-12-22 14:19 <REP> d-------- c:\users\All Users\yuwegiju
 2008-12-22 14:03 . 2008-12-22 14:03 <REP> d-------- c:\users\All Users\talefake
 2008-12-22 14:03 . 2008-12-22 14:19 <REP> d-------- c:\progra~2\yuwegiju
 2008-12-22 14:03 . 2008-12-22 14:03 <REP> d-------- c:\progra~2\talefake

 .
 ((((((((((((((((((((((((((((((​((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .
 2008-12-27 20:30 --------- d-----w c:\users\jerem\AppData\Roaming​\uTorrent
 2008-12-27 20:26 --------- d-----w c:\users\jerem\AppData\Roaming​\OpenOffice.org2
 2008-12-27 18:42 --------- d-----w c:\users\jerem\AppData\Roaming​\Skype
 2008-12-27 16:50 --------- d-----w c:\progra~2\Symantec
 2008-12-27 16:49 --------- d-----w c:\program files\Windows Mail
 2008-12-27 16:44 --------- d-----w c:\program files\Common Files\Symantec Shared
 2008-12-27 16:43 --------- d-----w c:\program files\Symantec
 2008-12-27 00:32 --------- d-----w c:\program files\PokerStars
 2008-12-26 23:08 --------- d-----w c:\program files\Holdem Indicator
 2008-12-21 12:30 --------- d-----w c:\users\jerem\AppData\Roaming​\Apple Computer
 2008-12-16 19:07 --------- d-----w c:\program files\Windows Live
 2008-12-15 08:39 --------- d-----w c:\program files\Canon
 2008-12-15 07:05 --------- d-----w c:\program files\Tournament Indicator
 2008-12-14 14:43 --------- d-----w c:\program files\PokerOffice
 2008-12-14 02:06 --------- d-----w c:\program files\Full Tilt Poker
 2008-12-13 16:09 --------- d-----w c:\users\jerem\AppData\Roaming​\FileZilla
 2008-12-11 23:04 --------- d-----w c:\program files\Java
 2008-11-26 15:27 639,224 ----a-w c:\windows\system32\drivers\sp​td.sys
 2008-11-22 16:52 --------- d--h--w c:\program files\InstallShield Installation Information
 2008-11-22 11:48 --------- d-----w c:\program files\iTunes
 2008-11-22 11:48 --------- d-----w c:\progra~2\{3276BE95_AF08_429​F_A64F_CA64CB79BCF6}
 2008-11-22 11:47 --------- d-----w c:\program files\iPod
 2008-11-22 11:47 --------- d-----w c:\program files\Common Files\Apple
 2008-11-22 11:46 --------- d-----w c:\program files\Bonjour
 2008-11-22 11:45 --------- d-----w c:\program files\QuickTime
 2008-11-22 11:37 --------- d-----w c:\program files\Safari
 2008-11-20 09:00 --------- d-----w c:\program files\FileZilla FTP Client
 2008-11-02 22:00 --------- d-----w c:\program files\WinMerge
 2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.d​ll
 2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.d​ll
 2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.d​ll
 2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.d​ll
 2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.d​ll
 2008-10-12 15:49 174 --sha-w c:\program files\desktop.ini
 2008-10-12 15:12 82,432 ----a-w c:\windows\System32\axaltocm.d​ll
 2008-10-12 15:12 101,888 ----a-w c:\windows\System32\ifxcardm.d​ll
 2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
 2007-12-30 18:39 0 ----a-w c:\users\jerem\AppData\Roaming​\wklnhst.dat
 2007-12-30 18:04 16,384 --sha-w c:\windows\ServiceProfiles\Loc​alService\AppData\Local\Micros​oft\Windows\History\History.IE​5\index.dat
 2007-12-30 18:04 32,768 --sha-w c:\windows\ServiceProfiles\Loc​alService\AppData\Local\Micros​oft\Windows\Temporary Internet Files\Content.IE5\index.dat
 2007-12-30 18:04 16,384 --sha-w c:\windows\ServiceProfiles\Loc​alService\AppData\Roaming\Micr​osoft\Windows\Cookies\index.da​t
 2007-12-29 18:31 22 --sha-w c:\windows\SMINST\HPCD.sys
 2008-09-17 19:07 52,224 --sha-w c:\windows\System32\nudewolu.d​ll
 .

 ((((((((((((((((((((((((((((((​(((   Points de chargement Reg   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .
 .
 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
 REGEDIT4

 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run]
 "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
 "ehTray.exe"="c:\windows\ehome​\ehTray.exe" [2008-01-19 125952]
 "uTorrent"="c:\users\jerem\Pro​gram Files\uTorrent\uTorrent.exe" [2008-10-08 270128]
 "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
 "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
 "Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-03-16 25268264]
 "yezaburobi"="c:\programdata\p​efedamu\pefedamu.dll" [2008-09-25 63740]
 "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "hpsysdrv"="c:\hp\support\hpsy​sdrv.exe" [2007-04-18 65536]
 "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
 "OsdMaestro"="c:\program files\Hewlett-Packard\On-Scree​n OSD Indicator\OSD.exe" [2007-02-15 118784]
 "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
 "SunJavaUpdateReg"="c:\windows​\system32\jureg.exe" [2008-06-10 54672]
 "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
 "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched​.exe" [2008-01-19 185896]
 "Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-12-04 61440]
 "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
 "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61​-B58F-2F227FCA9A08}\PIFSvc.exe​" [2008-01-29 583048]
 "NvSvc"="c:\windows\system32\n​vsvc.dll" [2008-01-10 92704]
 "NvCplDaemon"="c:\windows\syst​em32\NvCpl.dll" [2008-01-10 8530464]
 "NvMediaCenter"="c:\windows\sy​stem32\NvMcTray.dll" [2008-01-10 88608]
 "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
 "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
 "SunJavaUpdateSched"="c:\progr​am files\Java\jre6\bin\jusched.ex​e" [2008-12-12 136600]
 "F-Secure Manager"="c:\program files\PacksecuriteNumericable\​Common\FSM32.EXE" [2008-02-13 184800]
 "F-Secure TNB"="c:\program files\PacksecuriteNumericable\​FSGUI\TNBUtil.exe" [2008-02-13 741800]
 "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\RunOnce]
 "Launcher"="c:\windows\SMINST\​launcher.exe" [2007-04-03 44168]

 c:\users\jerem\AppData\Roaming​\Microsoft\Windows\Start Menu\Programs\Startup\
 OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
 Outil de notification Live Search.lnk - c:\users\jerem\AppData\Roaming​\Microsoft\Live Search\Notification-LiveSearch​.exe [2008-12-16 143360]

 c:\progra~2\MICROS~1\Windows\S​TARTM~1\Programs\Startup\
 Logo Calibration Loader.lnk - c:\program files\calibration\i1\Eye-One Match 3\CalibrationLoader\Calibratio​nLoader.exe [2005-02-02 536576]
 ProfileReminder.lnk - c:\program files\calibration\i1\Eye-One Match 3\ProfileReminder.exe [2005-02-02 782336]

 c:\users\jerem\AppData\Roaming​\MICROS~1\Windows\STARTM~1\Pro​grams\Startup\
 OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
 Outil de notification Live Search.lnk - c:\users\jerem\AppData\Roaming​\Microsoft\Live Search\Notification-LiveSearch​.exe [2008-12-16 143360]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows\currentversion​\policies\system]
 "EnableUIADesktopToggle"= 0 (0x0)

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\drivers32]
 "vidc.DIV3"= DivXc32.dll
 "vidc.DIV4"= DivXc32f.dll
 "vidc.3iv2"= 3ivxVfWCodec.dll
 "VIDC.VP31"= vp31vfw.dll

 [HKEY_LOCAL_MACHINE\system\curr​entcontrolset\control\lsa]
 Notification Packages REG_MULTI_SZ    scecli c:\windows\system32\mirupuho.d​ll c:\programdata\jubetufa\jubetu​fa.dll
 Authentication Packages REG_MULTI_SZ    msv1_0 c:\windows\system32\awtqoMdC

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\security center]
 "UacDisableNotify"=dword:00000​001
 "InternetSettingsDisableNotify​"=dword:00000001
 "AutoUpdateDisableNotify"=dwor​d:00000001

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\security center\Monitoring]
 "DisableMonitoring"=dword:0000​0001

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\security center\Monitoring\SymantecAntiVirus]
 "DisableMonitoring"=dword:0000​0001

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\security center\Monitoring\SymantecFirewall]
 "DisableMonitoring"=dword:0000​0001

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\Domai​nProfile]
 "EnableFirewall"= 0 (0x0)

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\Firew​allRules]
 "{BB7DA29F-89E2-4D9B-8969-D455​EA5037BD}"= UDP:c:\users\jerem\Program Files\uTorrent\uTorrent.exe:µT​orrent (TCP-In)
 "{3A9B554F-125B-4A8C-9FE7-BBDE​A6E048D1}"= TCP:c:\users\jerem\Program Files\uTorrent\uTorrent.exe:µT​orrent (UDP-In)
 "{29F22946-382D-4FA4-90B4-3B9C​52A67863}"= UDP:c:\program files\Bonjour\mDNSResponder.ex​e:Bonjour
 "{D6016B9A-A2DE-49A2-AD6F-A7AE​08BC7C63}"= TCP:c:\program files\Bonjour\mDNSResponder.ex​e:Bonjour
 "{1FB3B409-AE6D-442C-AE1C-72A5​D4C745F7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
 "{DC59CAB5-B3B1-4A92-9CDE-3278​C5A26753}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
 "{C94806C8-45EC-4D99-8593-3AA1​97316D69}"= UDP:c:\windows\System32\VSSVC.​exe:vssvc
 "{1277B229-85F9-4BFB-8499-AB5F​CC7564C6}"= UDP:c:\windows\System32\VSSVC.​exe:vssvc
 "{B8892EB8-B6BF-4793-9AD7-122F​DC01A72E}"= TCP:c:\windows\System32\VSSVC.​exe:vssvc
 "{240CE793-8F47-46C4-BD8E-1839​A37BBC46}"= TCP:c:\windows\System32\VSSVC.​exe:vssvc
 "{C371F76E-9E75-4ED0-B9F4-18E6​828B7C57}"= UDP:c:\windows\System32\LogonU​I.exe:LogonUI
 "{36E4C67D-192F-4705-9139-565B​8DD17599}"= TCP:c:\windows\System32\LogonU​I.exe:LogonUI
 "{3AAA12EB-A911-4440-B849-14CA​CC5DE5B4}"= UDP:c:\program files\Common Files\LightScribe\LSSrvc.exe:L​SSrvc
 "{658BEB57-0664-4781-AB54-6CBA​8BA6E324}"= UDP:c:\program files\Common Files\LightScribe\LSSrvc.exe:L​SSrvc
 "{1D386DE8-67A0-4B2D-A6DC-3F2A​54EA992B}"= TCP:c:\program files\Common Files\LightScribe\LSSrvc.exe:L​SSrvc
 "{621E5D08-F2DB-4479-8344-9173​42824B9B}"= TCP:c:\program files\Common Files\LightScribe\LSSrvc.exe:L​SSrvc
 "{1874BBF2-07B4-4B99-B47D-9D72​72C4919E}"= UDP:c:\windows\servicing\Trust​edInstaller.exe:TrustedInstall​er
 "{92CA5D23-02B4-423D-B78D-E93B​74784869}"= UDP:c:\windows\servicing\Trust​edInstaller.exe:TrustedInstall​er
 "{D73952EF-7B99-4D71-9F44-FC0A​C69375B9}"= TCP:c:\windows\servicing\Trust​edInstaller.exe:TrustedInstall​er
 "{7DFFDAF7-74F5-4D76-8B3A-5995​685FEA7F}"= TCP:c:\windows\servicing\Trust​edInstaller.exe:TrustedInstall​er
 "{42292B53-60AF-41AA-B860-C47E​52DDED28}"= UDP:c:\windows\System32\Search​Indexer.exe:SearchIndexer
 "{8F93301A-EE93-4332-9EC5-895F​73391276}"= TCP:c:\windows\System32\Search​Indexer.exe:SearchIndexer
 "{692FC9B4-1853-410C-9D15-089E​EA5F83B5}"= UDP:c:\program files\Trend Micro\Internet Security\Tmntsrv.exe:Tmntsrv
 "{D6EFA3A8-2685-42A3-B164-6300​682E2C15}"= TCP:c:\program files\Trend Micro\Internet Security\Tmntsrv.exe:Tmntsrv
 "{B02DF4C0-4EEA-489E-BBD1-F584​37B5B904}"= UDP:c:\windows\System32\servic​es.exe:services
 "{343CA6D9-AE92-4B84-9F91-6283​4666D0EB}"= TCP:c:\windows\System32\servic​es.exe:services
 "{02FD9940-F1AD-4D24-9EA5-349A​01569D71}"= UDP:c:\program files\Common Files\Symantec Shared\ccSvcHst.exe:ccSvcHst
 "{3388ECF7-E150-40F2-910F-DBF5​E0D80AC3}"= TCP:c:\program files\Common Files\Symantec Shared\ccSvcHst.exe:ccSvcHst

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\Publi​cProfile]
 "EnableFirewall"= 0 (0x0)

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\Stand​ardProfile]
 "EnableFirewall"= 0 (0x0)

 R1 F-Secure HIPS;F-Secure HIPS;\??\c:\program files\PacksecuriteNumericable\​HIPS\fshs.sys [2008-12-27 41184]
 R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\dri​vers\fses.sys [2008-12-27 36616]
 R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\dri​vers\fsdfw.sys [2008-12-27 60064]
 R1 fsvista;F-Secure Vista Support Driver;\??\c:\program files\PacksecuriteNumericable\​Anti-Virus\minifilter\fsvista.​sys [2008-12-27 14760]
 R2 P1C1394;Phase One 1394 Camera Driver;c:\windows\system32\Dri​vers\p1c1394.sys [2008-06-14 23936]
 R3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\c:\program files\PacksecuriteNumericable\​Anti-Virus\minifilter\fsgk.sys [2008-12-27 63912]
 S3 eyeonedp;eye-one display;c:\windows\system32\DR​IVERS\eyeonedp.sys [2003-02-17 44344]
 S4 F-Secure Filter;F-Secure File System Filter;\??\c:\program files\PacksecuriteNumericable\​Anti-Virus\Win2K\FSfilter.sys [2008-12-27 41640]
 S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\c:\program files\PacksecuriteNumericable\​Anti-Virus\Win2K\FSrec.sys [2008-12-27 27048]

 [HKEY_CURRENT_USER\software\mic​rosoft\windows\currentversion\​explorer\mountpoints2\K]
 \shell\AutoRun\command - k:\wd_windows_tools\setup.exe

 [HKEY_CURRENT_USER\software\mic​rosoft\windows\currentversion\​explorer\mountpoints2\{0835eb5​0-144a-11dd-a395-0019214c1ed4}​]
 \shell\AutoRun\command - l:\wd_windows_tools\setup.exe

 [HKEY_CURRENT_USER\software\mic​rosoft\windows\currentversion\​explorer\mountpoints2\{e7dcca7​b-cd87-11dc-a4e4-0019214c1ed4}​]
 \shell\AutoRun\command - L:\LaunchU3.exe -a
 .
 - - - - ORPHELINS SUPPRIMES - - - -

 BHO-{01A2F604-FC55-47E2-B5D2-E​E1A7C458612} - c:\windows\system32\awtqoMdC.d​ll
 HKLM-Run-yezaburobi - c:\windows\system32\fopivagi.d​ll
 HKLM-Run-POEngine - (no file)



 ******************************​******************************​**************

 catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
 Rootkit scan 2008-12-27 21:15:36
 Windows 6.0.6001 Service Pack 1 NTFS

 Recherche de processus cachés ...

 Recherche d'éléments en démarrage automatique cachés ...

 Recherche de fichiers cachés ...

 Scan terminé avec succès
 Fichiers cachés: 0

 ******************************​******************************​**************
 .
 --------------------- DLLs chargées dans les processus actifs ---------------------

 - - - - - - - > 'Explorer.exe'(3492)
 c:\program files\PacksecuriteNumericable\​Spam Control\fsscoepl.dll
 .
 ------------------------ Autres processus actifs ------------------------
 .
 c:\windows\System32\audiodg.ex​e
 c:\program files\Lavasoft\Ad-Aware\aawser​vice.exe
 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceS​ervice.exe
 c:\program files\Bonjour\mDNSResponder.ex​e
 c:\program files\PacksecuriteNumericable\​Anti-Virus\fsgk32st.exe
 c:\program files\PacksecuriteNumericable\​Common\FSMA32.EXE
 c:\program files\PacksecuriteNumericable\​Anti-Virus\fsgk32.exe
 c:\program files\Common Files\LightScribe\LSSrvc.exe
 c:\program files\PacksecuriteNumericable\​Common\FSMB32.EXE
 c:\program files\PostgreSQL\8.3\bin\pg_ct​l.exe
 c:\program files\Symantec\LiveUpdate\AluS​chedulerSvc.exe
 c:\program files\PostgreSQL\8.3\bin\postg​res.exe
 c:\program files\PostgreSQL\8.3\bin\postg​res.exe
 c:\windows\System32\WUDFHost.e​xe
 c:\program files\PacksecuriteNumericable\​Common\FCH32.EXE
 c:\program files\PacksecuriteNumericable\​Anti-Virus\fsqh.exe
 c:\program files\PacksecuriteNumericable\​Common\FAMEH32.EXE
 c:\program files\PostgreSQL\8.3\bin\postg​res.exe
 c:\program files\PostgreSQL\8.3\bin\postg​res.exe
 c:\program files\PostgreSQL\8.3\bin\postg​res.exe
 c:\program files\PostgreSQL\8.3\bin\postg​res.exe
 c:\program files\PacksecuriteNumericable\​FSAUA\program\fsaua.exe
 c:\program files\PacksecuriteNumericable\​FWES\program\fsdfwd.exe
 c:\program files\PacksecuriteNumericable\​Anti-Virus\fssm32.exe
 c:\program files\PacksecuriteNumericable\​FSAUA\program\fsus.exe
 c:\windows\System32\conime.exe
 c:\program files\PacksecuriteNumericable\​Anti-Virus\fsav32.exe
 c:\windows\System32\rundll32.e​xe
 c:\windows\System32\wbem\unsec​app.exe
 c:\windows\System32\rundll32.e​xe
 c:\windows\System32\schtasks.e​xe
 c:\users\jerem\AppData\Roaming​\Microsoft\Live Search\Mise-a-jour-LiveSearch.​exe
 c:\windows\ehome\ehmsas.exe
 c:\program files\OpenOffice.org 2.3\program\soffice.exe
 c:\program files\OpenOffice.org 2.3\program\soffice.bin
 c:\hp\KBD\kbd.exe
 c:\program files\iPod\bin\iPodService.exe
 c:\program files\Skype\Plugin Manager\skypePM.exe
 c:\program files\PacksecuriteNumericable\​FSGUI\fsguidll.exe
 c:\program files\Windows Media Player\wmplayer.exe
 c:\program files\Windows Live\Contacts\wlcomm.exe
 c:\windows\System32\dllhost.ex​e
 .
 ******************************​******************************​**************
 .
 Heure de fin: 2008-12-27 21:48:40 - La machine a redémarré
 ComboFix-quarantined-files.txt  2008-12-27 20:47:38

 Avant-CF: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
 Après-CF: 32,585,859,072 octets libres

 377 --- E O F --- 2008-12-27 14:29:32

  1. homepage
naheulbeuk7
Membre impliqué (de 20 000 à 29 999 messages postés)
  1. Posté le 28/12/2008 à 11:14:49  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
bonjour,

 Passe un coup de MalwareBytes (scan complet) et nettoie tout ce qu'il trouve
 Aide : http://www.site-naheulbeuk.com/malwarebytes.php
 Post moi le rapport généré à la fin dans ta prochaine réponse :)

 ;)


---------------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
canacell
  1. Posté le 28/12/2008 à 18:59:25  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour,
 c'est fait, voici le rapport:

 Malwarebytes' Anti-Malware 1.31
 Version de la base de données: 1550
 Windows 6.0.6001 Service Pack 1

 28/12/2008 18:54:04
 mbam-log-2008-12-28 (18-54-04).txt

 Type de recherche: Examen complet (C:\|D:\|)
 Eléments examinés: 274820
 Temps écoulé: 3 hour(s), 12 minute(s), 29 second(s)

 Processus mémoire infecté(s): 0
 Module(s) mémoire infecté(s): 0
 Clé(s) du Registre infectée(s): 1
 Valeur(s) du Registre infectée(s): 1
 Elément(s) de données du Registre infecté(s): 0
 Dossier(s) infecté(s): 0
 Fichier(s) infecté(s): 46

 Processus mémoire infecté(s):
 (Aucun élément nuisible détecté)

 Module(s) mémoire infecté(s):
 (Aucun élément nuisible détecté)

 Clé(s) du Registre infectée(s):
 HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

 Valeur(s) du Registre infectée(s):
 HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run\yezaburobi (Trojan.Agent) -> Quarantined and deleted successfully.

 Elément(s) de données du Registre infecté(s):
 (Aucun élément nuisible détecté)

 Dossier(s) infecté(s):
 (Aucun élément nuisible détecté)

 Fichier(s) infecté(s):
 C:\ProgramData\dadekaje\dadeka​je.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\donikibi\doniki​bi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\fadagupu\fadagu​pu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\fegakaya\fegaka​ya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\fozisitu\fozisi​tu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\gakewake\gakewa​ke.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\mufewulu\mufewu​lu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\mugugusu\mugugu​su.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\nadusajo\nadusa​jo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\nazoluha\nazolu​ha.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\nifibuja\nifibu​ja.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\niwogepi\niwoge​pi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\nupumovo\nupumo​vo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\sudutege\sudute​ge.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\talefake\talefa​ke.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\vagazodi\vagazo​di.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\vigoyusu\vigoyu​su.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\vuseyiju\vuseyi​ju.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\wivevevi\wiveve​vi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\wiyatuto\wiyatu​to.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\wukanipo\wukani​po.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\yuwegiju\yuwegi​ju.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\zahahafa\zahaha​fa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\zarajubo\zaraju​bo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\zipumoha\zipumo​ha.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\zobubabe\zobuba​be.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\gijeluhe\gijelu​he.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\hatugepe\hatuge​pe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\hejivole\hejivo​le.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\huhevita\huhevi​ta.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\jazefeme\jazefe​me.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\jigatavo\jigata​vo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\jitejidi\jiteji​di.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\jolemovu\jolemo​vu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\juzozegi\juzoze​gi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\kaleguli\kalegu​li.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\kavudawu\kavuda​wu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\lobumije\lobumi​je.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\matiboka\matibo​ka.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\pekebera\pekebe​ra.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\rakevaka\rakeva​ka.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\ProgramData\rujazeke\rujaze​ke.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\Qoobox\Quarantine\C\Windows​\System32\mupupega.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\Users\jerem\Desktop\seadisk​\dossier\logiciels\video\Sony Vegas + DVD + keygen\DVD Architect 4.0.125\Sony DVD Architect v4.0 Keygen.exe (Trojan.Downloader) -> Not selected for removal.
 C:\Users\jerem\Desktop\seadisk​\dossier\logiciels\video\Sony Vegas + DVD + keygen\Vegas 7.0a\Sony Vegas v7.0a Keygen.exe (Trojan.Downloader) -> Not selected for removal.
 C:\ProgramData\pefedamu\pefeda​mu.dll (Trojan.Agent) -> Quarantined and deleted successfully.

(Publicité)
  1. homepage
naheulbeuk7
Membre impliqué (de 20 000 à 29 999 messages postés)
  1. Posté le 28/12/2008 à 19:10:14  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
re,

 Télécharge HijackThis

 Guide d'utilisation : http://www.site-naheulbeuk.com/hijackthis.php

 Clique alors sur "Do a system scan and save a logfile"
 Le scan se fait très rapidement, puis un bloc-note apparaît
 (le "logfile" )
 Dans ce bloc-note, va dans "Edition", puis "Selectionner Tout",
 le texte est alors séléctionné, retourne dans "Edition" toujours
 en laissant le texte séléctionné, et clique sur copier.
 Colle le contenu ici dans ta prochaine réponse !

 ;)


---------------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
canacell
  1. Posté le 28/12/2008 à 19:20:05  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
alors, qu'en penses-tu? :??:

 Logfile of Trend Micro HijackThis v2.0.2
 Scan saved at 19:18:33, on 28/12/2008
 Platform: Windows Vista SP1 (WinNT 6.00.1905)
 MSIE: Internet Explorer v7.00 (7.00.6001.18000)
 Boot mode: Normal

 Running processes:
 C:\Windows\system32\Dwm.exe
 C:\Windows\Explorer.EXE
 C:\Windows\system32\taskeng.ex​e
 C:\hp\support\hpsysdrv.exe
 C:\Program Files\Hewlett-Packard\On-Scree​n OSD Indicator\OSD.exe
 C:\Windows\RtHDVCpl.exe
 C:\Windows\System32\jureg.exe
 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
 C:\Program Files\Common Files\Real\Update_OB\realsched​.exe
 C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
 C:\Windows\system32\schtasks.e​xe
 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61​-B58F-2F227FCA9A08}\PIFSvc.exe
 C:\Program Files\iTunes\iTunesHelper.exe
 C:\Program Files\Java\jre6\bin\jusched.ex​e
 C:\Program Files\PacksecuriteNumericable\​Common\FSM32.EXE
 C:\Program Files\Windows Sidebar\sidebar.exe
 C:\Windows\ehome\ehtray.exe
 C:\Users\jerem\Program Files\uTorrent\uTorrent.exe
 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
 C:\Program Files\Windows Media Player\wmpnscfg.exe
 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
 C:\Users\jerem\AppData\Roaming​\Microsoft\Live Search\Notification-LiveSearch​.exe
 C:\Windows\system32\wbem\unsec​app.exe
 C:\Windows\System32\rundll32.e​xe
 C:\Windows\ehome\ehmsas.exe
 C:\Program Files\Windows Sidebar\sidebar.exe
 C:\Users\jerem\AppData\Roaming​\Microsoft\Live Search\Mise-a-jour-LiveSearch.​exe
 C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
 C:\Program Files\PacksecuriteNumericable\​FSGUI\fsguidll.exe
 C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
 C:\hp\kbd\kbd.exe
 C:\Program Files\Windows Mail\WinMail.exe
 C:\Program Files\Windows Media Player\wmplayer.exe
 C:\Program Files\Mozilla Firefox\firefox.exe
 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
 C:\Program Files\PokerStars\PokerStars.ex​e
 C:\Program Files\Windows Live\Contacts\wlcomm.exe
 C:\Windows\system32\SearchFilt​erHost.exe
 C:\hijackthis\HiJackThis.exe

 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/ [...] pf=desktop
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Search_U​RL = http://go.microsoft.com/fwlink/?LinkId=54896
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 R0 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/ [...] pf=desktop
 R1 - HKCU\Software\Microsoft\Window​s\CurrentVersion\Internet Settings,ProxyOverride = *.local
 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Toolbar,LinksFolderNa​me =
 O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7​D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\Ac​roIEHelper.dll
 O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F99​7BA588C} - C:\PROGRA~1\Skype\Phone\IEPlug​in\SKYPEI~1.DLL
 O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C091​46192CA} - C:\Program Files\Real\RealPlayer\rpbrowse​rrecordplugin.dll
 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7​942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988​571CECB} - (no file)
 O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
 O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-51647​60863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF105​77473F7} - c:\program files\google\googletoolbar2.dl​l
 O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C​1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-00902​7A5CD4F} - c:\program files\google\googletoolbar2.dl​l
 O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
 O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
 O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Scree​n OSD Indicator\OSD.exe"
 O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
 O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
 O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe​"
 O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched​.exe"  -osboot
 O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
 O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61​-B58F-2F227FCA9A08}\PIFSvc.exe​" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61​-B58F-2F227FCA9A08}\AlertEng.d​ll"
 O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,​nvsvcStart
 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,​NvStartup
 O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.d​ll,NvTaskbarInit
 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.ex​e"
 O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PacksecuriteNumericable\​Common\FSM32.EXE" /splash
 O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PacksecuriteNumericable\​FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
 O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
 O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
 O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
 O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
 O4 - HKCU\..\Run: [uTorrent] "C:\Users\jerem\Program Files\uTorrent\uTorrent.exe"
 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
 O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
 O4 - HKUS\S-1-5-21-655989929-184344​7485-2596261208-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'postgres')
 O4 - HKUS\S-1-5-21-655989929-184344​7485-2596261208-1003\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'postgres')
 O4 - HKUS\S-1-5-21-655989929-184344​7485-2596261208-1003\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun (User 'postgres')
 O4 - HKUS\S-1-5-21-655989929-184344​7485-2596261208-1003\..\Run: [CPM890f0001] Rundll32.exe "c:\PROGRA~2\donikibi\donikibi​.dll",a (User 'postgres')
 O4 - HKUS\S-1-5-21-655989929-184344​7485-2596261208-1003\..\Run: [yezaburobi] Rundll32.exe "C:\ProgramData\jubetufa\jubet​ufa.dll",s (User 'postgres')
 O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
 O4 - Startup: Outil de notification Live Search.lnk = C:\Users\jerem\AppData\Roaming​\Microsoft\Live Search\Notification-LiveSearch​.exe
 O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\calibration\i1\Eye-One Match 3\CalibrationLoader\Calibratio​nLoader.exe
 O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\calibration\i1\Eye-One Match 3\ProfileReminder.exe
 O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B0​3F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpd​ate.exe
 O9 - Extra button: Skype add-on - {77BF5300-1474-4EC7-9980-D32B1​90E9B07} - C:\PROGRA~1\Skype\Phone\IEPlug​in\SKYPEI~1.DLL
 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB​36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB​36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O13 - Gopher Prefix:
 O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488​ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edge [...] plugin.cab
 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C​7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKY​PE4~1.DLL
 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawser​vice.exe
 O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceS​ervice.exe
 O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.ex​e
 O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PacksecuriteNumericable\​Anti-Virus\fsgk32st.exe
 O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.​exe
 O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PacksecuriteNumericable\​FSAUA\program\fsaua.exe
 O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PacksecuriteNumericable\​FWES\Program\fsdfwd.exe
 O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PacksecuriteNumericable\​Common\FSMA32.EXE
 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.e​xe
 O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\105​0\Intel 32\IDriverT.exe
 O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
 O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
 O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\​LUCOMS~1.EXE
 O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
 O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61​-B58F-2F227FCA9A08}\PIFSvc.exe
 O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
 O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ct​l.exe
 O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUS​chedulerSvc.exe
 O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaD​B9.exe
 O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 --
 End of file - 11787 bytes

  1. homepage
naheulbeuk7
Membre impliqué (de 20 000 à 29 999 messages postés)
  1. Posté le 28/12/2008 à 19:45:36  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
re, :)

 fais ceci dans l'ordre et en entier :

 Note: Cette procédure a été créée spécifiquement pour cet utilisateur ! Si vous n'êtes pas cet utilisateur en question, ne suivez pas ces instructions au risque d'endommager votre PC !!!

 1/ relance hijackthis et coche les cases devant ces lignes (si présentes) :

 



O4 - HKUS\S-1-5-21-655989929-184344​7485-2596261208-1003\..\Run: [CPM890f0001] Rundll32.exe "c:\PROGRA~2\donikibi\donikibi​.dll",a (User 'postgres')
 O4 - HKUS\S-1-5-21-655989929-184344​7485-2596261208-1003\..\Run: [yezaburobi] Rundll32.exe "C:\ProgramData\jubetufa\jubet​ufa.dll",s (User 'postgres')




 Puis ferme toutes les autres fenêtres autres que hijackthis et clic sur "fix checked"

 2/ ferme hijackthis

 3/ Télécharge ComboFix (créé par sUBs) sur ton Bureau

 Copie ce qui est en citation ci-dessous (intérieur du cadre) par sélection puis Ctrl-C :

 



Folder::
 C:\ProgramData\pefedamu\
 C:\ProgramData\dadekaje\
 C:\ProgramData\donikibi\
 C:\ProgramData\fadagupu\
 C:\ProgramData\fegakaya\
 C:\ProgramData\fozisitu\
 C:\ProgramData\gakewake\
 C:\ProgramData\mufewulu\
 C:\ProgramData\mugugusu\
 C:\ProgramData\nadusajo\
 C:\ProgramData\nazoluha\
 C:\ProgramData\nifibuja\
 C:\ProgramData\niwogepi\
 C:\ProgramData\nupumovo\
 C:\ProgramData\sudutege\
 C:\ProgramData\talefake\
 C:\ProgramData\vagazodi\
 C:\ProgramData\vigoyusu\
 C:\ProgramData\vuseyiju\
 C:\ProgramData\wivevevi\
 C:\ProgramData\wiyatuto\
 C:\ProgramData\wukanipo\
 C:\ProgramData\yuwegiju\
 C:\ProgramData\zahahafa\
 C:\ProgramData\zarajubo\
 C:\ProgramData\zipumoha\
 C:\ProgramData\zobubabe\
 C:\ProgramData\gijeluhe\
 C:\ProgramData\hatugepe\
 C:\ProgramData\hejivole\
 C:\ProgramData\huhevita\
 C:\ProgramData\jazefeme\
 C:\ProgramData\jigatavo\
 C:\ProgramData\jitejidi\
 C:\ProgramData\jolemovu\
 C:\ProgramData\juzozegi\
 C:\ProgramData\kaleguli\
 C:\ProgramData\kavudawu\
 C:\ProgramData\lobumije\
 C:\ProgramData\matiboka\
 C:\ProgramData\pekebera\
 C:\ProgramData\rakevaka\
 C:\ProgramData\rujazeke\





 -Ouvre le Bloc-Notes puis colle le texte copié.
 (Démarrer\Tous les programmes\Accessoires\Bloc notes)
 -Enregistre ce fichier dans: Bureau
 -Nom du fichier : CFScript.txt
 -Type du fichier : tous les fichiers
 -clique sur Enregistrer
 -quitte le Bloc Notes


 

  • Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

 http://img530.imageshack.us/im​g530/204/cfscriptdd4.gif

* Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

 :hello:


---------------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
(Publicité)
canacell
  1. Posté le 29/12/2008 à 00:13:55  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:)
 Voilà:

 ComboFix 08-12-28.01 - jerem 2008-12-28 21:20:43.1 - NTFSx86
 Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6001.1.1252.1.1036.18.3070​.1527 [GMT 1:00]
 Lancé depuis: c:\users\jerem\Desktop\ComboFi​x.exe
 Commutateurs utilisés :: c:\users\jerem\Desktop\CFScrip​t.txt
 AV: Pack sécurité Numericable 7.03 *On-access scanning disabled* (Outdated)
 FW: Pack sécurité Numericable 7.03 *disabled*
 * Resident AV is active

 .

 ((((((((((((((((((((((((((((((​((((((   Autres suppressions   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .

 c:\programdata\dadekaje\
 c:\programdata\dadekaje\\ejake​dad.ini
 c:\programdata\donikibi\
 c:\programdata\fadagupu\
 c:\programdata\fadagupu\\upuga​daf.ini
 c:\programdata\fadagupu\\upuga​daf.tmp
 c:\programdata\fegakaya\
 c:\programdata\fozisitu\
 c:\programdata\fozisitu\\utisi​zof.ini
 c:\programdata\gakewake\
 c:\programdata\gakewake\\ekawe​kag.ini
 c:\programdata\gijeluhe\
 c:\programdata\gijeluhe\\ehule​jig.ini
 c:\programdata\hatugepe\
 c:\programdata\hejivole\
 c:\programdata\hejivole\\hejiv​ole.0ll
 c:\programdata\huhevita\
 c:\programdata\huhevita\\ative​huh.ini
 c:\programdata\jazefeme\
 c:\programdata\jigatavo\
 c:\programdata\jigatavo\\ovata​gij.ini
 c:\programdata\jitejidi\
 c:\programdata\jolemovu\
 c:\programdata\jolemovu\\uvome​loj.ini
 c:\programdata\juzozegi\
 c:\programdata\juzozegi\\igezo​zuj.ini
 c:\programdata\kaleguli\
 c:\programdata\kavudawu\
 c:\programdata\lobumije\
 c:\programdata\lobumije\\ejimu​bol.ini
 c:\programdata\matiboka\
 c:\programdata\matiboka\\akobi​tam.ini
 c:\programdata\mufewulu\
 c:\programdata\mufewulu\\uluwe​fum.ini
 c:\programdata\mugugusu\
 c:\programdata\mugugusu\\mugug​usu.0ll
 c:\programdata\nadusajo\
 c:\programdata\nazoluha\
 c:\programdata\nifibuja\
 c:\programdata\niwogepi\
 c:\programdata\niwogepi\\ipego​win.ini
 c:\programdata\nupumovo\
 c:\programdata\nupumovo\\ovomu​pun.ini
 c:\programdata\pefedamu\
 c:\programdata\pekebera\
 c:\programdata\pekebera\\arebe​kep.ini
 c:\programdata\rakevaka\
 c:\programdata\rakevaka\\akave​kar.ini
 c:\programdata\rujazeke\
 c:\programdata\sudutege\
 c:\programdata\talefake\
 c:\programdata\vagazodi\
 c:\programdata\vigoyusu\
 c:\programdata\vuseyiju\
 c:\programdata\wivevevi\
 c:\programdata\wivevevi\\wivev​evi.0ll
 c:\programdata\wiyatuto\
 c:\programdata\wukanipo\
 c:\programdata\yuwegiju\
 c:\programdata\yuwegiju\\ujige​wuy.ini
 c:\programdata\zahahafa\
 c:\programdata\zarajubo\
 c:\programdata\zipumoha\
 c:\programdata\zobubabe\
 c:\programdata\zobubabe\\ebabu​boz.ini

 .
 (((((((((((((((((((((((((((((   Fichiers créés du 2008-11-28 au 2008-12-28  ))))))))))))))))))))))))))))))​))))))
 .

 2008-12-28 15:34 . 2008-12-28 15:34 <REP> d-------- c:\users\jerem\AppData\Roaming​\Malwarebytes
 2008-12-28 15:34 . 2008-12-28 15:34 <REP> d-------- c:\users\All Users\Malwarebytes
 2008-12-28 15:34 . 2008-12-28 15:34 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
 2008-12-28 15:34 . 2008-12-28 15:34 <REP> d-------- c:\progra~2\Malwarebytes
 2008-12-28 15:34 . 2008-12-03 19:54 38,496 --a------ c:\windows\System32\drivers\mb​amswissarmy.sys
 2008-12-28 15:34 . 2008-12-03 19:54 15,504 --a------ c:\windows\System32\drivers\mb​am.sys
 2008-12-27 18:17 . 2008-12-27 18:17 <REP> d-------- c:\users\jerem\AppData\Roaming​\F-Secure
 2008-12-27 17:58 . 2008-12-27 18:30 60,064 --a------ c:\windows\System32\drivers\fs​dfw.sys
 2008-12-27 17:58 . 2008-02-13 11:38 36,616 --a------ c:\windows\System32\drivers\fs​es.sys
 2008-12-27 17:57 . 2008-12-27 17:57 <REP> d-------- c:\users\All Users\F-Secure
 2008-12-27 17:57 . 2008-12-27 17:57 <REP> d-------- c:\progra~2\F-Secure
 2008-12-27 17:55 . 2008-12-27 20:52 <REP> d-------- c:\program files\PacksecuriteNumericable
 2008-12-27 17:37 . 2008-12-27 17:52 <REP> d-------- c:\users\All Users\fssg
 2008-12-27 17:37 . 2008-12-27 17:52 <REP> d-------- c:\progra~2\fssg
 2008-12-27 15:22 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCod​ecs.dll
 2008-12-27 15:22 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
 2008-12-27 15:22 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetad​ataHandler.dll
 2008-12-27 15:22 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCod​ecsExt.dll
 2008-12-27 15:22 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.d​ll
 2008-12-27 15:22 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDe​viceApi.dll
 2008-12-27 15:22 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.a​x
 2008-12-27 15:22 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.a​x
 2008-12-27 15:22 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
 2008-12-27 15:22 . 2008-04-23 05:41 57,856 --a------ c:\windows\System32\MSDvbNP.ax
 2008-12-27 15:21 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.d​ll
 2008-12-27 15:21 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
 2008-12-27 15:19 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dl​l
 2008-12-27 03:21 . 2008-12-27 03:21 <REP> d-------- c:\program files\CCleaner
 2008-12-27 03:12 . 2008-12-27 03:19 <REP> d-------- c:\users\All Users\yifivika
 2008-12-27 03:12 . 2008-12-27 03:19 <REP> d-------- c:\progra~2\yifivika
 2008-12-27 03:11 . 2008-12-27 03:11 <REP> d-------- c:\users\All Users\rapuweri
 2008-12-27 03:11 . 2008-12-27 03:11 <REP> d-------- c:\progra~2\rapuweri
 2008-12-26 23:59 . 2008-12-27 00:00 <REP> d-------- c:\users\All Users\Lavasoft
 2008-12-26 23:59 . 2008-12-26 23:59 <REP> d-------- c:\program files\Lavasoft
 2008-12-26 23:59 . 2008-12-27 00:00 <REP> d-------- c:\progra~2\Lavasoft
 2008-12-26 23:57 . 2008-12-26 23:57 <REP> d-------- c:\program files\Common Files\Wise Installation Wizard
 2008-12-26 23:43 . 2008-12-28 21:13 <REP> d-------- C:\hijackthis
 2008-12-26 23:28 . 2008-12-27 19:50 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
 2008-12-26 23:28 . 2008-12-27 14:36 <REP> d-------- c:\program files\Spybot - Search & Destroy
 2008-12-26 23:28 . 2008-12-27 19:50 <REP> d-------- c:\progra~2\Spybot - Search & Destroy
 2008-12-26 15:03 . 2008-12-26 15:03 <REP> d-------- c:\users\All Users\vobulofo
 2008-12-26 15:03 . 2008-12-26 15:03 <REP> d-------- c:\progra~2\vobulofo
 2008-12-26 01:59 . 2008-12-26 01:59 <REP> d-------- c:\users\jerem\AppData\Roaming​\Dragon Altar Games
 2008-12-25 12:43 . 2008-12-25 12:43 <REP> d-------- c:\users\All Users\sivotumo
 2008-12-25 12:43 . 2008-12-25 12:43 <REP> d-------- c:\users\All Users\ramuzovi
 2008-12-25 12:43 . 2008-12-26 14:59 <REP> d-------- c:\users\All Users\jubetufa
 2008-12-25 12:43 . 2008-12-25 12:43 <REP> d-------- c:\progra~2\sivotumo
 2008-12-25 12:43 . 2008-12-25 12:43 <REP> d-------- c:\progra~2\ramuzovi
 2008-12-25 12:43 . 2008-12-26 14:59 <REP> d-------- c:\progra~2\jubetufa
 2008-12-24 15:54 . 2008-12-25 12:43 <REP> d-------- c:\users\All Users\zokelika
 2008-12-24 15:54 . 2008-12-25 12:43 <REP> d-------- c:\users\All Users\lulekosa
 2008-12-24 15:54 . 2008-12-24 15:54 <REP> d-------- c:\users\All Users\dosoyahe
 2008-12-24 15:54 . 2008-12-25 12:43 <REP> d-------- c:\progra~2\zokelika
 2008-12-24 15:54 . 2008-12-25 12:43 <REP> d-------- c:\progra~2\lulekosa
 2008-12-24 15:54 . 2008-12-24 15:54 <REP> d-------- c:\progra~2\dosoyahe
 2008-12-24 15:53 . 2008-12-24 15:53 <REP> d-------- c:\users\All Users\mosanugo
 2008-12-24 15:53 . 2008-12-24 15:53 <REP> d-------- c:\progra~2\mosanugo
 2008-12-24 14:41 . 2008-12-24 14:41 <REP> d-------- c:\users\All Users\powenewe
 2008-12-24 14:41 . 2008-12-24 15:54 <REP> d-------- c:\users\All Users\nomifeyi
 2008-12-24 14:41 . 2008-12-24 15:54 <REP> d-------- c:\users\All Users\jobagiyu
 2008-12-24 14:41 . 2008-12-24 14:41 <REP> d-------- c:\users\All Users\hisekeke
 2008-12-24 14:41 . 2008-12-24 14:41 <REP> d-------- c:\progra~2\powenewe
 2008-12-24 14:41 . 2008-12-24 15:54 <REP> d-------- c:\progra~2\nomifeyi
 2008-12-24 14:41 . 2008-12-24 15:54 <REP> d-------- c:\progra~2\jobagiyu
 2008-12-24 14:41 . 2008-12-24 14:41 <REP> d-------- c:\progra~2\hisekeke
 2008-12-23 17:26 . 2008-12-23 17:26 <REP> d-------- c:\users\All Users\vamonumi
 2008-12-23 17:26 . 2008-12-24 14:41 <REP> d-------- c:\users\All Users\polekove
 2008-12-23 17:26 . 2008-12-23 17:26 <REP> d-------- c:\users\All Users\pobokifi
 2008-12-23 17:26 . 2008-12-23 17:26 <REP> d-------- c:\users\All Users\nizoguya
 2008-12-23 17:26 . 2008-12-23 17:26 <REP> d-------- c:\progra~2\vamonumi
 2008-12-23 17:26 . 2008-12-24 14:41 <REP> d-------- c:\progra~2\polekove
 2008-12-23 17:26 . 2008-12-23 17:26 <REP> d-------- c:\progra~2\pobokifi
 2008-12-23 17:26 . 2008-12-23 17:26 <REP> d-------- c:\progra~2\nizoguya
 2008-12-23 02:05 . 2008-12-23 02:05 <REP> d-------- c:\users\jerem\AppData\Roaming​\World-LooM
 2008-12-23 01:52 . 2008-12-23 01:52 <REP> d-------- c:\windows\Fix-it-up - Kates Adventure
 2008-12-21 00:02 . 2008-12-21 00:02 <REP> d-------- c:\users\All Users\PlayPond
 2008-12-21 00:02 . 2008-12-21 00:02 <REP> d-------- c:\progra~2\PlayPond
 2008-12-19 02:26 . 2008-12-19 02:26 <REP> d-------- c:\users\All Users\AdventureChronicles1
 2008-12-19 02:26 . 2008-12-19 02:26 <REP> d-------- c:\progra~2\AdventureChronicle​s1
 2008-12-18 13:43 . 2008-12-18 13:43 <REP> d-------- c:\users\All Users\pakiguwu
 2008-12-18 13:43 . 2008-12-18 13:43 <REP> d-------- c:\progra~2\pakiguwu
 2008-12-16 20:27 . 2008-12-28 21:38 <REP> d-------- c:\users\jerem\Tracing
 2008-12-16 20:08 . 2008-12-16 20:08 <REP> d-------- c:\program files\Windows Live SkyDrive
 2008-12-16 20:08 . 2008-12-16 20:08 <REP> d-------- c:\program files\Microsoft
 2008-12-16 19:46 . 2008-12-16 19:46 <REP> d-------- c:\windows\Liong The Lost Amulets
 2008-12-16 19:40 . 2008-12-16 19:40 <REP> d-------- c:\users\jerem\AppData\Roaming​\Artogon
 2008-12-16 19:17 . 2008-12-16 19:17 <REP> d-------- c:\program files\Common Files\Windows Live
 2008-12-16 19:10 . 2008-12-16 19:10 <REP> d-------- c:\windows\Charma The Land of Enchantment
 2008-12-15 19:04 . 2008-12-15 19:04 <REP> d-------- c:\users\jerem\AppData\Roaming​\Mushroom Age
 2008-12-15 18:53 . 2008-12-15 18:53 <REP> d-------- c:\windows\Mushroom Age
 2008-12-15 14:11 . 2008-12-15 14:11 <REP> d-------- c:\users\jerem\AppData\Roaming​\EPSON
 2008-12-15 13:54 . 2008-12-15 13:54 <REP> d-------- c:\program files\epson
 2008-12-15 13:54 . 2006-12-12 00:00 139,264 --a------ c:\windows\System32\esint32.dl​l
 2008-12-15 13:54 . 2006-04-04 00:00 65,793 --a------ c:\windows\System32\esfw32.bin
 2008-12-15 13:54 . 2006-11-21 00:00 63,488 --a------ c:\windows\System32\eswia32.dl​l
 2008-12-15 13:54 . 2006-03-10 00:00 3,584 --a------ c:\windows\System32\eswiaml.dl​l
 2008-12-14 01:26 . 2008-12-14 01:26 <REP> d-------- c:\program files\GameTimePlus
 2008-12-13 23:47 . 2006-11-02 11:23 <REP> dr------- c:\users\postgres\Videos
 2008-12-13 23:47 . 2006-11-02 11:23 <REP> d-------- c:\users\postgres\Saved Games
 2008-12-13 23:47 . 2006-11-02 11:23 <REP> dr------- c:\users\postgres\Pictures
 2008-12-13 23:47 . 2006-11-02 11:23 <REP> dr------- c:\users\postgres\Music
 2008-12-13 23:47 . 2006-11-02 11:23 <REP> dr------- c:\users\postgres\Links
 2008-12-13 23:47 . 2006-11-02 11:23 <REP> dr------- c:\users\postgres\Downloads
 2008-12-13 23:47 . 2008-12-13 23:47 <REP> dr------- c:\users\postgres\Documents
 2008-12-13 23:47 . 2006-11-02 12:18 <REP> d--h----- c:\users\postgres\AppData
 2008-12-13 23:47 . 2008-12-13 23:47 <REP> d-------- c:\users\postgres
 2008-12-13 23:45 . 2008-12-13 23:45 <REP> d-------- c:\program files\PostgreSQL
 2008-12-13 23:41 . 2008-12-14 01:34 <REP> d-------- c:\program files\PokerTracker 3
 2008-12-12 15:02 . 2008-12-12 15:02 <REP> d-------- c:\users\All Users\WindowsSearch
 2008-12-12 15:02 . 2008-12-12 15:02 <REP> d-------- c:\progra~2\WindowsSearch
 2008-12-12 02:03 . 2008-12-28 20:59 <REP> d-a------ c:\users\All Users\TEMP
 2008-12-12 02:03 . 2008-12-28 20:59 <REP> d-a------ c:\progra~2\TEMP
 2008-12-12 00:04 . 2008-12-12 00:04 <REP> d-------- c:\program files\HoldemMemory
 2008-12-12 00:04 . 2008-12-12 00:04 410,984 --a------ c:\windows\System32\deploytk.d​ll
 2008-12-11 15:54 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
 2008-12-10 23:03 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLega​cyGDFs.dll
 2008-12-10 23:03 . 2008-03-08 05:21 1,695,744 --a------ c:\windows\System32\gameux.dll
 2008-12-10 23:03 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.d​ll
 2008-12-10 20:02 . 2008-10-16 05:47 827,392 --a------ c:\windows\System32\wininet.dl​l
 2008-12-10 18:18 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll
 2008-12-10 18:18 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.d​ll
 2008-12-10 18:18 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.e​xe
 2008-12-10 16:54 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe
 2008-12-10 16:43 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll
 2008-12-07 16:16 . 2008-12-15 08:06 <REP> d-------- C:\games

 .
 ((((((((((((((((((((((((((((((​((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .
 2008-12-28 20:38 --------- d-----w c:\users\jerem\AppData\Roaming​\uTorrent
 2008-12-28 20:38 --------- d-----w c:\users\jerem\AppData\Roaming​\OpenOffice.org2
 2008-12-28 20:36 --------- d-----w c:\users\jerem\AppData\Roaming​\Skype
 2008-12-28 14:39 --------- d-----w c:\program files\PokerStars
 2008-12-27 16:50 --------- d-----w c:\progra~2\Symantec
 2008-12-27 16:49 --------- d-----w c:\program files\Windows Mail
 2008-12-27 16:44 --------- d-----w c:\program files\Common Files\Symantec Shared
 2008-12-27 16:43 --------- d-----w c:\program files\Symantec
 2008-12-26 23:08 --------- d-----w c:\program files\Holdem Indicator
 2008-12-21 12:30 --------- d-----w c:\users\jerem\AppData\Roaming​\Apple Computer
 2008-12-16 19:07 --------- d-----w c:\program files\Windows Live
 2008-12-15 08:39 --------- d-----w c:\program files\Canon
 2008-12-15 07:05 --------- d-----w c:\program files\Tournament Indicator
 2008-12-14 14:43 --------- d-----w c:\program files\PokerOffice
 2008-12-14 02:06 --------- d-----w c:\program files\Full Tilt Poker
 2008-12-13 16:09 --------- d-----w c:\users\jerem\AppData\Roaming​\FileZilla
 2008-12-11 23:04 --------- d-----w c:\program files\Java
 2008-11-26 15:27 639,224 ----a-w c:\windows\system32\drivers\sp​td.sys
 2008-11-22 16:52 --------- d--h--w c:\program files\InstallShield Installation Information
 2008-11-22 11:48 --------- d-----w c:\program files\iTunes
 2008-11-22 11:48 --------- d-----w c:\progra~2\{3276BE95_AF08_429​F_A64F_CA64CB79BCF6}
 2008-11-22 11:47 --------- d-----w c:\program files\iPod
 2008-11-22 11:47 --------- d-----w c:\program files\Common Files\Apple
 2008-11-22 11:46 --------- d-----w c:\program files\Bonjour
 2008-11-22 11:45 --------- d-----w c:\program files\QuickTime
 2008-11-22 11:37 --------- d-----w c:\program files\Safari
 2008-11-20 09:00 --------- d-----w c:\program files\FileZilla FTP Client
 2008-11-02 22:00 --------- d-----w c:\program files\WinMerge
 2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.d​ll
 2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.d​ll
 2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.d​ll
 2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.d​ll
 2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.d​ll
 2008-10-12 15:49 174 --sha-w c:\program files\desktop.ini
 2008-10-12 15:12 82,432 ----a-w c:\windows\System32\axaltocm.d​ll
 2008-10-12 15:12 101,888 ----a-w c:\windows\System32\ifxcardm.d​ll
 2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
 2007-12-30 18:39 0 ----a-w c:\users\jerem\AppData\Roaming​\wklnhst.dat
 2007-12-30 18:04 16,384 --sha-w c:\windows\ServiceProfiles\Loc​alService\AppData\Local\Micros​oft\Windows\History\History.IE​5\index.dat
 2007-12-30 18:04 32,768 --sha-w c:\windows\ServiceProfiles\Loc​alService\AppData\Local\Micros​oft\Windows\Temporary Internet Files\Content.IE5\index.dat
 2007-12-30 18:04 16,384 --sha-w c:\windows\ServiceProfiles\Loc​alService\AppData\Roaming\Micr​osoft\Windows\Cookies\index.da​t
 2007-12-29 18:31 22 --sha-w c:\windows\SMINST\HPCD.sys
 2008-09-17 19:07 52,224 --sha-w c:\windows\System32\nudewolu.d​ll
 .

 (((((((((((((((((((((((((((((   snapshot@2008-12-27_21.35.49.1​8   ))))))))))))))))))))))))))))))​)))))))))))
 .
 + 2008-12-28 20:30:57 2,048 --sha-w c:\windows\ServiceProfiles\Loc​alService\AppData\Local\lastal​ive0.dat
 + 2008-12-28 20:30:57 2,048 --sha-w c:\windows\ServiceProfiles\Loc​alService\AppData\Local\lastal​ive1.dat
 - 2008-12-27 20:15:09 262,144 --sha-w c:\windows\ServiceProfiles\Loc​alService\NTUSER.DAT
 + 2008-12-28 20:31:32 262,144 --sha-w c:\windows\ServiceProfiles\Loc​alService\NTUSER.DAT
 + 2008-12-28 20:31:32 262,144 ---ha-w c:\windows\ServiceProfiles\Loc​alService\ntuser.dat.LOG1
 - 2008-12-27 20:15:09 262,144 --sha-w c:\windows\ServiceProfiles\Net​workService\NTUSER.DAT
 + 2008-12-28 20:31:32 262,144 --sha-w c:\windows\ServiceProfiles\Net​workService\NTUSER.DAT
 + 2008-12-28 20:31:32 262,144 ---ha-w c:\windows\ServiceProfiles\Net​workService\ntuser.dat.LOG1
 - 2008-12-27 19:00:28 16,384 --sha-w c:\windows\System32\config\sys​temprofile\AppData\Local\Micro​soft\Windows\History\History.I​E5\index.dat
 + 2008-12-28 19:57:04 16,384 --sha-w c:\windows\System32\config\sys​temprofile\AppData\Local\Micro​soft\Windows\History\History.I​E5\index.dat
 - 2008-12-27 19:00:28 65,536 --sha-w c:\windows\System32\config\sys​temprofile\AppData\Local\Micro​soft\Windows\Temporary Internet Files\Content.IE5\index.dat
 + 2008-12-28 19:57:04 65,536 --sha-w c:\windows\System32\config\sys​temprofile\AppData\Local\Micro​soft\Windows\Temporary Internet Files\Content.IE5\index.dat
 - 2008-12-27 19:00:28 32,768 --sha-w c:\windows\System32\config\sys​temprofile\AppData\Roaming\Mic​rosoft\Windows\Cookies\index.d​at
 + 2008-12-28 19:57:04 32,768 --sha-w c:\windows\System32\config\sys​temprofile\AppData\Roaming\Mic​rosoft\Windows\Cookies\index.d​at
 - 2008-12-27 16:58:48 115,410 ----a-w c:\windows\System32\perfc009.d​at
 + 2008-12-28 02:11:22 115,410 ----a-w c:\windows\System32\perfc009.d​at
 - 2008-12-27 16:58:49 138,466 ----a-w c:\windows\System32\perfc00C.d​at
 + 2008-12-28 02:11:22 138,466 ----a-w c:\windows\System32\perfc00C.d​at
 - 2008-12-27 16:58:49 619,828 ----a-w c:\windows\System32\perfh009.d​at
 + 2008-12-28 02:11:22 619,828 ----a-w c:\windows\System32\perfh009.d​at
 - 2008-12-27 16:58:49 703,238 ----a-w c:\windows\System32\perfh00C.d​at
 + 2008-12-28 02:11:22 703,238 ----a-w c:\windows\System32\perfh00C.d​at
 - 2008-12-27 20:00:02 7,670 ----a-w c:\windows\System32\WDI\{86432​a0b-3c7d-4ddf-a89c-172faa90485​d}\S-1-5-21-655989929-18434474​85-2596261208-1000_UserData.bi​n
 + 2008-12-28 20:33:01 7,906 ----a-w c:\windows\System32\WDI\{86432​a0b-3c7d-4ddf-a89c-172faa90485​d}\S-1-5-21-655989929-18434474​85-2596261208-1000_UserData.bi​n
 - 2008-12-27 20:00:02 65,132 ----a-w c:\windows\System32\WDI\BootPe​rformanceDiagnostics_SystemDat​a.bin
 + 2008-12-28 20:32:58 65,894 ----a-w c:\windows\System32\WDI\BootPe​rformanceDiagnostics_SystemDat​a.bin
 - 2008-12-27 19:49:17 3,002 ----a-w c:\windows\System32\WDI\ERCQue​uedResolutions.dat
 + 2008-12-27 22:45:49 3,002 ----a-w c:\windows\System32\WDI\ERCQue​uedResolutions.dat
 - 2008-12-27 20:16:38 54,376 ----a-w c:\windows\System32\WDI\Shutdo​wnPerformanceDiagnostics_Syste​mData.bin
 + 2008-12-28 13:57:11 55,566 ----a-w c:\windows\System32\WDI\Shutdo​wnPerformanceDiagnostics_Syste​mData.bin
 .
 -- Instantané actualisé --
 .
 ((((((((((((((((((((((((((((((​(((   Points de chargement Reg   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .
 .
 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
 REGEDIT4

 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run]
 "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
 "ehTray.exe"="c:\windows\ehome​\ehTray.exe" [2008-01-19 125952]
 "uTorrent"="c:\users\jerem\Pro​gram Files\uTorrent\uTorrent.exe" [2008-10-08 270128]
 "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
 "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
 "Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-03-16 25268264]
 "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "hpsysdrv"="c:\hp\support\hpsy​sdrv.exe" [2007-04-18 65536]
 "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
 "OsdMaestro"="c:\program files\Hewlett-Packard\On-Scree​n OSD Indicator\OSD.exe" [2007-02-15 118784]
 "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
 "SunJavaUpdateReg"="c:\windows​\system32\jureg.exe" [2008-06-10 54672]
 "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
 "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched​.exe" [2008-01-19 185896]
 "Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-12-04 61440]
 "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
 "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61​-B58F-2F227FCA9A08}\PIFSvc.exe​" [2008-01-29 583048]
 "NvSvc"="c:\windows\system32\n​vsvc.dll" [2008-01-10 92704]
 "NvCplDaemon"="c:\windows\syst​em32\NvCpl.dll" [2008-01-10 8530464]
 "NvMediaCenter"="c:\windows\sy​stem32\NvMcTray.dll" [2008-01-10 88608]
 "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
 "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
 "SunJavaUpdateSched"="c:\progr​am files\Java\jre6\bin\jusched.ex​e" [2008-12-12 136600]
 "F-Secure Manager"="c:\program files\PacksecuriteNumericable\​Common\FSM32.EXE" [2008-02-13 184800]
 "F-Secure TNB"="c:\program files\PacksecuriteNumericable\​FSGUI\TNBUtil.exe" [2008-02-13 741800]
 "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\RunOnce]
 "Launcher"="c:\windows\SMINST\​launcher.exe" [2007-04-03 44168]

 c:\users\jerem\AppData\Roaming​\Microsoft\Windows\Start Menu\Programs\Startup\
 OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
 Outil de notification Live Search.lnk - c:\users\jerem\AppData\Roaming​\Microsoft\Live Search\Notification-LiveSearch​.exe [2008-12-16 143360]

 c:\progra~2\MICROS~1\Windows\S​TARTM~1\Programs\Startup\
 Logo Calibration Loader.lnk - c:\program files\calibration\i1\Eye-One Match 3\CalibrationLoader\Calibratio​nLoader.exe [2005-02-02 536576]
 ProfileReminder.lnk - c:\program files\calibration\i1\Eye-One Match 3\ProfileReminder.exe [2005-02-02 782336]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows\currentversion​\policies\system]
 "EnableUIADesktopToggle"= 0 (0x0)

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\drivers32]
 "vidc.DIV3"= DivXc32.dll
 "vidc.DIV4"= DivXc32f.dll
 "vidc.3iv2"= 3ivxVfWCodec.dll
 "VIDC.VP31"= vp31vfw.dll

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\security center]
 "UacDisableNotify"=dword:00000​001
 "InternetSettingsDisableNotify​"=dword:00000001
 "AutoUpdateDisableNotify"=dwor​d:00000001

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\security center\Monitoring]
 "DisableMonitoring"=dword:0000​0001

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\security center\Monitoring\SymantecAntiVirus]
 "DisableMonitoring"=dword:0000​0001

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\security center\Monitoring\SymantecFirewall]
 "DisableMonitoring"=dword:0000​0001

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\Domai​nProfile]
 "EnableFirewall"= 0 (0x0)

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\Firew​allRules]
 "{BB7DA29F-89E2-4D9B-8969-D455​EA5037BD}"= UDP:c:\users\jerem\Program Files\uTorrent\uTorrent.exe:µT​orrent (TCP-In)
 "{3A9B554F-125B-4A8C-9FE7-BBDE​A6E048D1}"= TCP:c:\users\jerem\Program Files\uTorrent\uTorrent.exe:µT​orrent (UDP-In)
 "{29F22946-382D-4FA4-90B4-3B9C​52A67863}"= UDP:c:\program files\Bonjour\mDNSResponder.ex​e:Bonjour
 "{D6016B9A-A2DE-49A2-AD6F-A7AE​08BC7C63}"= TCP:c:\program files\Bonjour\mDNSResponder.ex​e:Bonjour
 "{1FB3B409-AE6D-442C-AE1C-72A5​D4C745F7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
 "{DC59CAB5-B3B1-4A92-9CDE-3278​C5A26753}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
 "{C94806C8-45EC-4D99-8593-3AA1​97316D69}"= UDP:c:\windows\System32\VSSVC.​exe:vssvc
 "{1277B229-85F9-4BFB-8499-AB5F​CC7564C6}"= UDP:c:\windows\System32\VSSVC.​exe:vssvc
 "{B8892EB8-B6BF-4793-9AD7-122F​DC01A72E}"= TCP:c:\windows\System32\VSSVC.​exe:vssvc
 "{240CE793-8F47-46C4-BD8E-1839​A37BBC46}"= TCP:c:\windows\System32\VSSVC.​exe:vssvc
 "{C371F76E-9E75-4ED0-B9F4-18E6​828B7C57}"= UDP:c:\windows\System32\LogonU​I.exe:LogonUI
 "{36E4C67D-192F-4705-9139-565B​8DD17599}"= TCP:c:\windows\System32\LogonU​I.exe:LogonUI
 "{3AAA12EB-A911-4440-B849-14CA​CC5DE5B4}"= UDP:c:\program files\Common Files\LightScribe\LSSrvc.exe:L​SSrvc
 "{658BEB57-0664-4781-AB54-6CBA​8BA6E324}"= UDP:c:\program files\Common Files\LightScribe\LSSrvc.exe:L​SSrvc
 "{1D386DE8-67A0-4B2D-A6DC-3F2A​54EA992B}"= TCP:c:\program files\Common Files\LightScribe\LSSrvc.exe:L​SSrvc
 "{621E5D08-F2DB-4479-8344-9173​42824B9B}"= TCP:c:\program files\Common Files\LightScribe\LSSrvc.exe:L​SSrvc
 "{1874BBF2-07B4-4B99-B47D-9D72​72C4919E}"= UDP:c:\windows\servicing\Trust​edInstaller.exe:TrustedInstall​er
 "{92CA5D23-02B4-423D-B78D-E93B​74784869}"= UDP:c:\windows\servicing\Trust​edInstaller.exe:TrustedInstall​er
 "{D73952EF-7B99-4D71-9F44-FC0A​C69375B9}"= TCP:c:\windows\servicing\Trust​edInstaller.exe:TrustedInstall​er
 "{7DFFDAF7-74F5-4D76-8B3A-5995​685FEA7F}"= TCP:c:\windows\servicing\Trust​edInstaller.exe:TrustedInstall​er
 "{42292B53-60AF-41AA-B860-C47E​52DDED28}"= UDP:c:\windows\System32\Search​Indexer.exe:SearchIndexer
 "{8F93301A-EE93-4332-9EC5-895F​73391276}"= TCP:c:\windows\System32\Search​Indexer.exe:SearchIndexer
 "{692FC9B4-1853-410C-9D15-089E​EA5F83B5}"= UDP:c:\program files\Trend Micro\Internet Security\Tmntsrv.exe:Tmntsrv
 "{D6EFA3A8-2685-42A3-B164-6300​682E2C15}"= TCP:c:\program files\Trend Micro\Internet Security\Tmntsrv.exe:Tmntsrv
 "{B02DF4C0-4EEA-489E-BBD1-F584​37B5B904}"= UDP:c:\windows\System32\servic​es.exe:services
 "{343CA6D9-AE92-4B84-9F91-6283​4666D0EB}"= TCP:c:\windows\System32\servic​es.exe:services
 "{02FD9940-F1AD-4D24-9EA5-349A​01569D71}"= UDP:c:\program files\Common Files\Symantec Shared\ccSvcHst.exe:ccSvcHst
 "{3388ECF7-E150-40F2-910F-DBF5​E0D80AC3}"= TCP:c:\program files\Common Files\Symantec Shared\ccSvcHst.exe:ccSvcHst

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\Publi​cProfile]
 "EnableFirewall"= 0 (0x0)

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\Stand​ardProfile]
 "EnableFirewall"= 0 (0x0)

 R1 F-Secure HIPS;F-Secure HIPS;\??\c:\program files\PacksecuriteNumericable\​HIPS\fshs.sys [2008-12-27 41184]
 R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\dri​vers\fses.sys [2008-12-27 36616]
 R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\dri​vers\fsdfw.sys [2008-12-27 60064]
 R1 fsvista;F-Secure Vista Support Driver;\??\c:\program files\PacksecuriteNumericable\​Anti-Virus\minifilter\fsvista.​sys [2008-12-27 14760]
 R2 P1C1394;Phase One 1394 Camera Driver;c:\windows\system32\Dri​vers\p1c1394.sys [2008-06-14 23936]
 R2 pgsql-8.3;PostgreSQL Database Server 8.3;"c:\program files\PostgreSQL\8.3\bin\pg_ct​l.exe" runservice -w -N "pgsql-8.3" -D "c:\program files\PostgreSQL\8.3\data\" []
 R3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\c:\program files\PacksecuriteNumericable\​Anti-Virus\minifilter\fsgk.sys [2008-12-27 63912]
 S3 eyeonedp;eye-one display;c:\windows\system32\DR​IVERS\eyeonedp.sys [2003-02-17 44344]
 S4 F-Secure Filter;F-Secure File System Filter;\??\c:\program files\PacksecuriteNumericable\​Anti-Virus\Win2K\FSfilter.sys [2008-12-27 41640]
 S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\c:\program files\PacksecuriteNumericable\​Anti-Virus\Win2K\FSrec.sys [2008-12-27 27048]

 [HKEY_CURRENT_USER\software\mic​rosoft\windows\currentversion\​explorer\mountpoints2\K]
 \shell\AutoRun\command - k:\wd_windows_tools\setup.exe

 [HKEY_CURRENT_USER\software\mic​rosoft\windows\currentversion\​explorer\mountpoints2\{0835eb5​0-144a-11dd-a395-0019214c1ed4}​]
 \shell\AutoRun\command - k:\wd_windows_tools\setup.exe

 [HKEY_CURRENT_USER\software\mic​rosoft\windows\currentversion\​explorer\mountpoints2\{e7dcca7​b-cd87-11dc-a4e4-0019214c1ed4}​]
 \shell\AutoRun\command - L:\LaunchU3.exe -a
 .

 ******************************​******************************​**************

 catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
 Rootkit scan 2008-12-28 21:31:52
 Windows 6.0.6001 Service Pack 1 NTFS

 Recherche de processus cachés ...

 Recherche d'éléments en démarrage automatique cachés ...

 Recherche de fichiers cachés ...

 Scan terminé avec succès
 Fichiers cachés: 0

 ******************************​******************************​**************
 .
 --------------------- DLLs chargées dans les processus actifs ---------------------

 - - - - - - - > 'Explorer.exe'(4428)
 c:\program files\PacksecuriteNumericable\​Spam Control\fsscoepl.dll
 .
 ------------------------ Autres processus actifs ------------------------
 .
 c:\windows\System32\audiodg.ex​e
 c:\program files\Lavasoft\Ad-Aware\aawser​vice.exe
 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceS​ervice.exe
 c:\program files\Bonjour\mDNSResponder.ex​e
 c:\program files\PacksecuriteNumericable\​Anti-Virus\fsgk32st.exe
 c:\program files\PacksecuriteNumericable\​Common\FSMA32.EXE
 c:\program files\Common Files\LightScribe\LSSrvc.exe
 c:\program files\PacksecuriteNumericable\​Anti-Virus\fsgk32.exe
 c:\program files\PacksecuriteNumericable\​Common\FSMB32.EXE
 c:\program files\PostgreSQL\8.3\bin\pg_ct​l.exe
 c:\program files\Symantec\LiveUpdate\AluS​chedulerSvc.exe
 c:\program files\PostgreSQL\8.3\bin\postg​res.exe
 c:\program files\PostgreSQL\8.3\bin\postg​res.exe
 c:\windows\System32\WUDFHost.e​xe
 c:\program files\PacksecuriteNumericable\​Common\FCH32.EXE
 c:\program files\PostgreSQL\8.3\bin\postg​res.exe
 c:\program files\PostgreSQL\8.3\bin\postg​res.exe
 c:\program files\PostgreSQL\8.3\bin\postg​res.exe
 c:\program files\PostgreSQL\8.3\bin\postg​res.exe
 c:\program files\PacksecuriteNumericable\​Common\FAMEH32.EXE
 c:\program files\PacksecuriteNumericable\​Anti-Virus\fsqh.exe
 c:\program files\PacksecuriteNumericable\​FSAUA\program\fsaua.exe
 c:\program files\PacksecuriteNumericable\​Anti-Virus\fssm32.exe
 c:\program files\PacksecuriteNumericable\​FWES\program\fsdfwd.exe
 c:\program files\PacksecuriteNumericable\​FSAUA\program\fsus.exe
 c:\windows\System32\conime.exe
 c:\program files\PacksecuriteNumericable\​Anti-Virus\fsav32.exe
 c:\windows\System32\schtasks.e​xe
 c:\windows\System32\rundll32.e​xe
 c:\windows\System32\rundll32.e​xe
 c:\windows\System32\wbem\unsec​app.exe
 c:\windows\ehome\ehmsas.exe
 c:\hp\KBD\kbd.exe
 c:\program files\Windows Media Player\wmpnetwk.exe
 c:\program files\Windows Media Player\wmplayer.exe
 c:\program files\OpenOffice.org 2.3\program\soffice.exe
 c:\users\jerem\AppData\Roaming​\Microsoft\Live Search\Mise-a-jour-LiveSearch.​exe
 c:\program files\PacksecuriteNumericable\​FSGUI\fsguidll.exe
 c:\program files\OpenOffice.org 2.3\program\soffice.bin
 c:\program files\Skype\Plugin Manager\skypePM.exe
 c:\program files\iPod\bin\iPodService.exe
 c:\program files\Windows Live\Contacts\wlcomm.exe
 .
 ******************************​******************************​**************
 .
 Heure de fin: 2008-12-28 21:44:57 - La machine a redémarré
 ComboFix-quarantined-files.txt  2008-12-28 20:44:30
 ComboFix2.txt  2008-12-27 20:48:46

 Avant-CF: 25 129 304 064 octets libres
 Après-CF: 26,798,858,240 octets libres

 462 --- E O F --- 2008-12-27 14:29:32

  1. homepage
naheulbeuk7
Membre impliqué (de 20 000 à 29 999 messages postés)
  1. Posté le 29/12/2008 à 12:36:51  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
bonjour,

 Fais un scan BitDefender en ligne (avec Internet Explorer pas avec Firefox !)
 (clique à gauche sur scan online).
 et post moi le rapport de ce scan ici une fois terminé !

 Guide d'utilisation de Bitdefender en ligne (merci Bruce Lee) : http://cybersecurite.xooit.com [...] fender.htm

 ;)


---------------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
canacell
  1. Posté le 29/12/2008 à 16:32:47  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour,
 :whistle: j'essaie de faire le scan bitdefender, mais ça marche pas. Il a commencé par me dire "scan impossible" donc je l'ai relancé mais là il est sur chargement depuis vraiment longtemps, le scan n'est pas commencé, je n'ai pas l'impression que ce soit normal.
 Tu aurais une idée de ce que je peux faire?
 Merci en tous cas

(Publicité)
  1. homepage
naheulbeuk7
Membre impliqué (de 20 000 à 29 999 messages postés)
  1. Posté le 30/12/2008 à 19:53:01  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
salut, essaie ceci :

 
  • Fais un scan en ligne Kaspersky avec Internet Explorer (lance Internet Explorer en tant que -> "administrateur" si tu es sous vista)
  • Dans la nouvelle fenêtre, clique sur J'accepte.
  • Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
  • Patiente pendant l'installation des Mises à jour.
  • Choisis par la suite l'analyse du My computer
  • Sauvegarde puis colle le rapport généré en fin d'analyse.

 NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

 :p


---------------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
canacell
  1. Posté le 31/12/2008 à 20:17:24  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonsoir,
 voici donc le rapport du scan. Les fichiers infectés trouvés semblent etre dans la quarantaine de combofix. Je dois les supprimer? ou bien tout le dossier Qoobox peut-etre?
 Bonnes fêtes à toi.


 Wednesday, December 31, 2008
 Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
 Kaspersky Online Scanner 7 version: 7.0.25.0
 Program database last update: Wednesday, December 31, 2008 11:31:29
 Records in database: 1537826
 Scan settings
 Scan using the following database  extended
 Scan archives  yes
 Scan mail databases  yes
 Scan area  Folder
 C:\
 Scan statistics
 Files scanned  210493
 Threat name  2
 Infected objects  3
 Suspicious objects  0
 Duration of the scan  02:46:22

 File name  Threat name  Threats count
 C:\Qoobox\Quarantine\C\Program​Data\hejivole\hejivole.0ll.vir Infected: Trojan.Win32.Monder.afwb 1  
 C:\Qoobox\Quarantine\C\Program​Data\mugugusu\mugugusu.0ll.vir Infected: Trojan.Win32.Monder.afwb 1  
 C:\Qoobox\Quarantine\C\Program​Data\wivevevi\wivevevi.0ll.vir Infected: Trojan-Downloader.Win32.Agent.​awym 1  
 The selected area was scanned.

  1. homepage
naheulbeuk7
Membre impliqué (de 20 000 à 29 999 messages postés)
  1. Posté le 03/01/2009 à 13:16:23  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
bonjour, supprime carrément le dossier ;)

 tu n'as plus de souci ?
 meilleurs voeux pour 2009 :super:


---------------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
(Publicité)
canacell
  1. Posté le 04/01/2009 à 05:53:04  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour,
 c'est fait.
 Oui, a priori, je n'ai plus aucun des problemes du debut, donc un immense merci pour ta précieuse et indispensable aide. :D
 Très bonne année à toi.
 :hello:

 Page :
1

Aller à :
 

Sujets relatifs
Probleme Trojan Vundo 99044G et antivirus2009 [Résolu] outlook ne veux plus télécharger mes messages?!
disque dur infecté par un virus Ne pe plus enregistrer des image
Image incorrecte pc infecte par un virus que je n'arrive pas a supprimer
SVP DE L'AIDE!!! infecté par CHEVAL DE TROIE Infecté par un trojan Win32:Agent-ISI[trj]
Infecté par grosse quantité de trojan Help pliz  
Plus de sujets relatifs à : infecté par vundo + pop ups + messages "image incorrecte"

Les 5 sujets de discussion précédents Nombre de réponses Dernier message
[résolu] Fenetres de publicité qui s'ouvrent toutes seules 12
publicités intempestives (kmisol svp) 1
Trojan Vundo & adware Navipromo (resolu) 33
Cheval de Troie 19
Pubs intempestives 14