Votre question

Encore une redirection google

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
11 Septembre 2010 12:50:35

Bonjour,
Ma question a déjà été posée mais elle semble nécessiter l'interprétation hijack, que je ne sais pas faire.
Je vous explique :
A chaque fois que je clique sur un lien google, il m'envoie sur un site de pub non désiré. Ca le fait sur mes 3 navigateurs (opera, ie et ff). Je n'ai pas constaté de lenteurs particulières sur ma machine, par contre, plus de spam et de popup de d'habitude.
j'ai essayé tous les outils gratuits (dont Malwarebytes' Anti-Malware) sans aucun résultat. Impossible de faire une restauration système (qui avait été désactivée par le méchant malware et que j'ai réactivé) ni de démarrer en mode sans échec (encore de la faute du malware : mon clavier ne répond plus avant que windows ne soit chargé).
C'est infernal !
Qui peut m'aider ?
Merci par avance
Je vous joins mon rapport hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:55, on 11/09/2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
C:\Program Files\BOINC\boincmgr.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\PixVue.Com\PixVue\bin\Daemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BOINC\boinc.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Applications\Applications à sauvegarder\thunderbird\thunderbird-1.0-win32-fr-FR\thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
C:\Documents and Settings\Edwin\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: run=
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\EDWIN\Application Data\Mozilla\Profiles\default\2eqgvhmu.slt\prefs.js)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\APPLIC~1\UTILIT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &PixVue - {B28B4479-D9C2-41D1-B74D-74A1827037CD} - C:\Program Files\PixVue.Com\PixVue\bin\PixVue.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: PC Alert 4.lnk = ?
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.0_03\bin\npjpi140_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.0_03\bin\npjpi140_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fnacphoto.com/ECTelechargement/Origma/ImageU...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie....
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f001.mail.caramail.lycos.fr/app/uploader/FileUpl...
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.fnacphoto.com/ectelechargement/xupload/XUplo...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PixVue - PixVue.Com - C:\Program Files\PixVue.Com\PixVue\bin\Daemon.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Edwin/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 9621 bytes

Autres pages sur : redirection google

a c 333 8 Sécurité
11 Septembre 2010 13:29:22

Bonjour,

Windows n'est pas à jour, il faudra y remédier.

[#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    11 Septembre 2010 18:53:35

    Merci pour ta réponse et ton aide.
    Effectivement, je n'ai pas le pack 2. Je n'ai jamais osé l'installer parce qu'on m'a dit qu'il rendait inopérant certains logiciels de composition que j'utilise, qui n'étaient pas compatibles.
    J'ai lancé combofix. J'avais désactivé ma connexion Internet et du coup, il n'a pas installé la console de récupération. Je peux refaire combo si tu me dis que c'est mieux.
    Voici le rapport :
    Une chose d'abord : à un moment, combofix m'a demandé de noter ceci en me disant que ça pourrait être utile : service : ftdisk
    file : c:\windows\system32\drivers\ftdisk.sys


    ComboFix 10-09-09.04 - Edwin 11/09/2010 18:13:06.1.1 - x86
    Microsoft Windows XP Professionnel 5.1.2600.1.1252.33.1036.18.1535.1197 [GMT 2:00]
    Lancé depuis: c:\documents and settings\Edwin\Bureau\ComboFixe.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Edwin\Recent\Thumbs.db
    c:\program files\Internet Explorer\fxavx.ini
    c:\windows\daemon.dll
    c:\windows\Downloaded Program Files\rave
    c:\windows\Downloaded Program Files\rave\avirexe.vdm
    c:\windows\Downloaded Program Files\rave\avirscr.vdm
    c:\windows\Downloaded Program Files\rave\base.vdm
    c:\windows\Downloaded Program Files\rave\daily.vdm
    c:\windows\Downloaded Program Files\rave\daily.vdt
    c:\windows\Downloaded Program Files\rave\filters.vdm
    c:\windows\Downloaded Program Files\rave\kernel.vdk
    c:\windows\Downloaded Program Files\rave\keyring.vdk
    c:\windows\Downloaded Program Files\rave\mapi_vdm.vdm
    c:\windows\Downloaded Program Files\rave\modules.vdk
    c:\windows\Downloaded Program Files\rave\rav8def.vdm
    c:\windows\Downloaded Program Files\rave\rufs.vdm
    c:\windows\Downloaded Program Files\rave\rufsplg.vdm
    c:\windows\Downloaded Program Files\rave\unarch.vdm
    c:\windows\Downloaded Program Files\rave\unmail.vdm
    c:\windows\Downloaded Program Files\rave\unpack.vdm
    c:\windows\patch.exe
    c:\windows\system32\ie.ico
    c:\windows\system32\open.ico
    c:\windows\system32\scrrnfr.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_RDRIV
    -------\Legacy_SYSTEM
    -------\Legacy_USNJSVC
    -------\Service_usnjsvc


    ((((((((((((((((((((((((((((( Fichiers créés du 2010-08-11 au 2010-09-11 ))))))))))))))))))))))))))))))))))))
    .

    2010-09-06 13:32 . 2010-09-06 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
    2010-09-06 13:32 . 2010-09-06 13:32 -------- d-----w- c:\program files\IObit
    2010-09-06 11:51 . 2010-09-06 11:51 -------- d-----w- c:\documents and settings\Edwin\Application Data\SUPERAntiSpyware.com
    2010-09-06 11:51 . 2010-09-06 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-09-06 11:51 . 2010-09-06 13:31 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-09-06 09:57 . 2010-09-06 10:02 -------- d-----w- c:\documents and settings\Edwin\Application Data\QuickScan
    2010-09-06 08:38 . 2010-09-06 08:40 -------- d-----w- c:\program files\Spybot1 - Search & Destroy
    2010-09-06 08:34 . 2010-09-06 08:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-09-06 07:43 . 2010-09-06 07:43 -------- d-----w- c:\documents and settings\Edwin\Local Settings\Application Data\Sunbelt Software
    2010-09-06 07:41 . 2010-09-06 07:41 -------- d-----w- c:\program files\Lavasoft
    2010-09-02 22:01 . 2010-09-02 22:29 -------- d-----w- c:\windows\BDOSCAN8
    2010-09-02 21:49 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2010-09-02 21:48 . 2010-09-02 21:48 -------- d-----w- c:\program files\Panda Security
    2010-09-02 17:42 . 2010-09-06 08:47 -------- d-----w- c:\program files\Emsisoft Anti-Malware
    2010-09-02 12:02 . 2010-09-02 12:02 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-08-26 08:26 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-08-26 08:24 . 2010-08-26 08:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-11 16:32 . 2006-08-06 01:25 -------- d-----w- c:\program files\BOINC
    2010-09-11 15:53 . 2005-01-26 23:48 -------- d-----w- c:\program files\Symantec
    2010-09-09 15:16 . 2006-03-11 01:28 3888 ----a-w- c:\windows\system32\drivers\NTHANDLE.SYS
    2010-09-09 07:20 . 2005-01-26 23:48 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
    2010-09-07 15:11 . 2006-06-06 16:54 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-09-07 14:52 . 2006-03-01 00:41 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-09-07 14:52 . 2008-04-05 20:45 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-09-07 14:47 . 2005-10-18 21:27 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-09-07 14:47 . 2006-03-01 00:41 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-09-07 14:47 . 2006-03-01 00:41 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-09-07 14:46 . 2006-03-01 00:41 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-09-06 13:43 . 2005-01-26 22:34 -------- d-----w- c:\program files\Club-Internet
    2010-09-06 11:53 . 2010-09-06 11:53 63488 ----a-w- c:\documents and settings\Edwin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    2010-09-06 11:53 . 2010-09-06 11:53 52224 ----a-w- c:\documents and settings\Edwin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-09-06 11:53 . 2010-09-06 11:53 117760 ----a-w- c:\documents and settings\Edwin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-09-06 09:51 . 2005-05-15 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-09-06 08:29 . 2009-01-04 20:13 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
    2010-09-06 08:29 . 2009-01-04 20:12 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
    2010-09-02 21:34 . 2009-05-24 10:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-02 20:12 . 2008-05-04 19:51 -------- d-----w- c:\program files\Fnac
    2010-09-02 19:04 . 2005-10-19 23:10 -------- d-----w- c:\program files\SpywareBlaster
    2010-08-27 09:09 . 2005-10-18 21:27 -------- d-----w- c:\program files\Alwil Software
    2010-08-26 14:09 . 2008-12-17 13:07 -------- d-----w- c:\documents and settings\Edwin\Application Data\U3
    2010-07-26 22:25 . 2009-09-06 21:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-07-26 20:30 . 2010-09-06 09:56 705208 ----a-w- c:\documents and settings\Edwin\Application Data\Mozilla\Firefox\Profiles\iw4ttwns.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
    2010-07-26 20:30 . 2010-09-06 09:56 978664 ----a-w- c:\documents and settings\Edwin\Application Data\Mozilla\Firefox\Profiles\iw4ttwns.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    2010-07-22 22:43 . 2008-11-24 21:26 2568656 ----a-w- c:\documents and settings\Edwin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
    2010-07-22 21:21 . 2010-07-22 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
    2006-05-06 16:42 . 2006-07-12 12:02 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
    .

    ------- Sigcheck -------

    [-] 2004-08-19 . 8558905BA81F6EFAAF9667139BB117DD . 13824 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\wscntfy.exe

    [-] 2004-08-19 . 912591E2055E26566D1CB54092A7E8B0 . 129536 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\xmlprov.dll

    [-] 2004-08-19 . 3C0252DC0A8464ED3D9B917504652EE9 . 1689088 . . [5.03.2600.2180] . . c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\d3d9.dll
    [-] 2004-07-09 03:27 . C37043055EA9C663B6A8E8E50A8A0A9A . 1689600 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\LastGood\System32\d3d9.dll
    [-] 2004-07-09 03:27 . 0E51BD586D186F61A9E4453DB8AEC774 . 1703936 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\d3d9.dll

    c:\windows\System32\wscntfy.exe ... manque !!
    c:\windows\System32\xmlprov.dll ... manque !!
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue EXIF]
    @="{3E57A8B6-849B-476E-A3E9-CFCE49E3662A}"
    [HKEY_CLASSES_ROOT\CLSID\{3E57A8B6-849B-476E-A3E9-CFCE49E3662A}]
    2005-10-19 07:12 2465792 ----a-w- c:\program files\PixVue.Com\PixVue\bin\PixVue.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue EXIF & IPTC]
    @="{E3F36090-0540-418f-8136-074D5B255B59}"
    [HKEY_CLASSES_ROOT\CLSID\{E3F36090-0540-418f-8136-074D5B255B59}]
    2005-10-19 07:12 2465792 ----a-w- c:\program files\PixVue.Com\PixVue\bin\PixVue.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue EXIF & XMP]
    @="{E1C1BE26-35A8-4999-A3A6-235CB7BD558B}"
    [HKEY_CLASSES_ROOT\CLSID\{E1C1BE26-35A8-4999-A3A6-235CB7BD558B}]
    2005-10-19 07:12 2465792 ----a-w- c:\program files\PixVue.Com\PixVue\bin\PixVue.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue EXIF & XMP & IPTC]
    @="{2E9BD3CA-A57F-450b-B1BA-A6A58C0C1D51}"
    [HKEY_CLASSES_ROOT\CLSID\{2E9BD3CA-A57F-450b-B1BA-A6A58C0C1D51}]
    2005-10-19 07:12 2465792 ----a-w- c:\program files\PixVue.Com\PixVue\bin\PixVue.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue IPTC]
    @="{BCA5FB3A-9FC1-4465-ACE3-8C2072449164}"
    [HKEY_CLASSES_ROOT\CLSID\{BCA5FB3A-9FC1-4465-ACE3-8C2072449164}]
    2005-10-19 07:12 2465792 ----a-w- c:\program files\PixVue.Com\PixVue\bin\PixVue.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue XMP]
    @="{F0C13C81-FB8D-464e-873F-F8FF999E3EEC}"
    [HKEY_CLASSES_ROOT\CLSID\{F0C13C81-FB8D-464e-873F-F8FF999E3EEC}]
    2005-10-19 07:12 2465792 ----a-w- c:\program files\PixVue.Com\PixVue\bin\PixVue.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue XMP & IPTC]
    @="{0117FFFB-91FD-414E-AC34-A00531032006}"
    [HKEY_CLASSES_ROOT\CLSID\{0117FFFB-91FD-414E-AC34-A00531032006}]
    2005-10-19 07:12 2465792 ----a-w- c:\program files\PixVue.Com\PixVue\bin\PixVue.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-12-10 67128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
    "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
    "PinnacleDriverCheck"="c:\windows\System32\PSDrvCheck.exe" [2003-12-04 406016]
    "nwiz"="nwiz.exe" [2005-12-10 1519616]
    "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-12-10 86016]
    "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-12-10 7311360]
    "LVCOMSX"="c:\program files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
    "C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-09-07 13312]

    c:\documents and settings\Edwin\Menu D‚marrer\Programmes\D‚marrage\
    BOINC Manager.lnk - c:\program files\BOINC\boincmgr.exe [2006-8-3 1966080]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-10 67128]
    PC Alert 4.lnk - c:\program files\MSI\PC Alert 4\PCAlert4.exe [2005-1-27 536576]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PixVue]
    2005-09-22 23:07 45056 ----a-w- c:\program files\PixVue.Com\PixVue\bin\WinLogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "wave9"=Echo24Wrap.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NaturalColorLoad.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\NaturalColorLoad.lnk
    backup=c:\windows\pss\NaturalColorLoad.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk
    backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Edwin^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
    path=c:\documents and settings\Edwin\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
    backup=c:\windows\pss\Adobe Gamma.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-06-09 08:06 976832 ----a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    2008-09-26 09:02 2356088 ----a-r- c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
    2004-08-22 15:05 81920 ----a-w- c:\program files\D-Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]
    2007-04-05 14:29 684118 ----a-w- c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2005-01-27 22:25 98304 ----a-w- c:\program files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    2003-01-13 09:19 757760 ----a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
    2003-01-13 13:05 69632 ----a-w- c:\program files\Fichiers communs\Roxio Shared\System\EngUtil.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2010-08-25 18:03 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware1.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

    R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [03/08/2008 21:59 155136]
    R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [03/08/2008 21:59 5248]
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [02/09/2010 23:49 28552]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [05/04/2008 22:45 165584]
    R2 PixVue;PixVue;c:\program files\PixVue.Com\PixVue\bin\Daemon.exe [19/10/2005 09:13 151552]
    R3 echo24;Mia Service;c:\windows\system32\drivers\echo24.sys [09/09/2004 12:21 565248]
    R3 PCAlertDriver;PCAlertDriver;c:\program files\MSI\PC Alert 4\NTGLM7X.SYS [27/01/2005 01:04 23872]
    S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;c:\windows\system32\drivers\usb8023.sys [07/09/2002 02:00 11136]
    S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [28/06/2006 20:33 223128]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28/06/2006 20:30 642560]
    .
    Contenu du dossier 'Tâches planifiées'
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mWindow Title = Microsoft Internet Explorer
    uInternet Settings,ProxyOverride = 127.0.0.1
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} - hxxp://f001.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
    FF - ProfilePath - c:\documents and settings\Edwin\Application Data\Mozilla\Firefox\Profiles\iw4ttwns.default\
    FF - prefs.js: browser.search.selectedEngine - Wibeez
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
    FF - prefs.js: keyword.URL - hxxp://www.wibeez.com/france?search&q=
    FF - component: c:\documents and settings\Edwin\Application Data\Mozilla\Firefox\Profiles\iw4ttwns.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
    FF - plugin: c:\documents and settings\Edwin\Application Data\Mozilla\Firefox\Profiles\iw4ttwns.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJPI140_03.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll

    ---- PARAMETRES FIREFOX ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-Run-POINTER - point32.exe
    ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
    Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    MSConfigStartUp-TkBellExe - c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
    MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
    AddRemove-MSI Live Update 2 - c:\program files\MSI\Live Update 2\Uninst.isu



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-11 18:29
    Windows 5.1.2600 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x894463D0]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xf766baac
    \Driver\ACPI -> ACPI.sys @ 0xf758a740
    \Driver\atapi -> 0x894463d0
    IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x8058e444
    ParseProcedure -> ntoskrnl.exe @ 0x8055a85b
    \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x8058e444
    ParseProcedure -> ntoskrnl.exe @ 0x8055a85b
    NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf783ad84
    PacketIndicateHandler -> NDIS.sys @ 0xf782c06a
    SendHandler -> NDIS.sys @ 0xf783da72
    Warning: possible MBR rootkit infection !
    user & kernel MBR OK

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(912)
    c:\windows\System32\ODBC32.dll
    c:\windows\System32\Echo24Wave.dll

    - - - - - - - > 'lsass.exe'(980)
    c:\windows\System32\dssenh.dll

    - - - - - - - > 'explorer.exe'(7728)
    c:\program files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll
    c:\windows\System32\nview.dll
    c:\windows\System32\Echo24Wave.dll
    c:\windows\System32\NVWRSFR.DLL
    c:\windows\System32\nvwddi.dll
    c:\program files\PixVue.Com\PixVue\bin\PixVueFRA.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    c:\windows\System32\nvsvc32.exe
    c:\windows\System32\wdfmgr.exe
    c:\program files\Microsoft Hardware\Mouse\point32.exe
    c:\program files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    c:\windows\System32\rundll32.exe
    c:\windows\Mixer.exe
    c:\program files\BOINC\boinc.exe
    c:\program files\Fichiers communs\Teleca Shared\Generic.exe
    c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    .
    **************************************************************************
    .
    Heure de fin: 2010-09-11 18:36:55 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-09-11 16:36

    Avant-CF: 451 940 352 octets libres
    Après-CF: 4 034 609 152 octets libres

    - - End Of File - - C5049EBF048A23E6AAD7BF5BF109602F
    Contenus similaires
    a c 333 8 Sécurité
    11 Septembre 2010 19:26:05

    Je souhaite que tu installes la console de récupération puis que tu lances un nouveau scan.
    12 Septembre 2010 02:32:53

    Bonsoir Destrio,
    Merci de ton aide.
    Je viens de refaire un scan avec la console de récupération installée.
    Trop tôt pour dire s'il y a eu une amélioration sur les redirections. En revanche, les logiciels anti malware que j'avais téléchargé, qui ne voulaient pas se lancer sauf à changer leur nom (y compris combofix que j'ai du renommer pour qu'il se lance), semblent maintenant démarrer avec leur nom initial. C'est plutôt bon signe.
    Je n'ai, par contre, toujours pas accès au mode sans échec au démarrage. je viens de faire un essai, mon clavier ne réagit pas avant l'ouverture de windows.

    Voici le log du scan de combofix :

    ComboFix 10-09-11.02 - Edwin 12/09/2010 1:58.2.1 - x86
    Microsoft Windows XP Professionnel 5.1.2600.1.1252.33.1036.18.1535.1198 [GMT 2:00]
    Lancé depuis: c:\documents and settings\Edwin\Bureau\ComboFixe.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2010-08-12 au 2010-09-12 ))))))))))))))))))))))))))))))))))))
    .

    2010-09-11 16:45 . 2010-08-25 14:25 614544 ----a-w- c:\documents and settings\Edwin\Application Data\Mozilla\Firefox\Profiles\iw4ttwns.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
    2010-09-11 16:45 . 2010-08-25 14:25 314816 ----a-w- c:\documents and settings\Edwin\Application Data\Mozilla\Firefox\Profiles\iw4ttwns.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    2010-09-06 13:32 . 2010-09-06 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
    2010-09-06 13:32 . 2010-09-06 13:32 -------- d-----w- c:\program files\IObit
    2010-09-06 11:53 . 2010-09-06 11:53 63488 ----a-w- c:\documents and settings\Edwin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    2010-09-06 11:53 . 2010-09-06 11:53 52224 ----a-w- c:\documents and settings\Edwin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-09-06 11:53 . 2010-09-06 11:53 117760 ----a-w- c:\documents and settings\Edwin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-09-06 11:51 . 2010-09-06 11:51 -------- d-----w- c:\documents and settings\Edwin\Application Data\SUPERAntiSpyware.com
    2010-09-06 11:51 . 2010-09-06 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-09-06 11:51 . 2010-09-06 13:31 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-09-06 09:57 . 2010-09-06 10:02 -------- d-----w- c:\documents and settings\Edwin\Application Data\QuickScan
    2010-09-06 08:38 . 2010-09-06 08:40 -------- d-----w- c:\program files\Spybot1 - Search & Destroy
    2010-09-06 08:34 . 2010-09-06 08:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-09-06 07:43 . 2010-09-06 07:43 -------- d-----w- c:\documents and settings\Edwin\Local Settings\Application Data\Sunbelt Software
    2010-09-06 07:41 . 2010-09-06 07:41 -------- d-----w- c:\program files\Lavasoft
    2010-09-02 22:01 . 2010-09-02 22:29 -------- d-----w- c:\windows\BDOSCAN8
    2010-09-02 21:49 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2010-09-02 21:48 . 2010-09-02 21:48 -------- d-----w- c:\program files\Panda Security
    2010-09-02 17:42 . 2010-09-06 08:47 -------- d-----w- c:\program files\Emsisoft Anti-Malware
    2010-09-02 12:02 . 2010-09-02 12:02 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-08-26 08:26 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-08-26 08:24 . 2010-08-26 08:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-11 23:40 . 2006-08-06 01:25 -------- d-----w- c:\program files\BOINC
    2010-09-11 15:53 . 2005-01-26 23:48 -------- d-----w- c:\program files\Symantec
    2010-09-09 15:16 . 2006-03-11 01:28 3888 ----a-w- c:\windows\system32\drivers\NTHANDLE.SYS
    2010-09-09 07:20 . 2005-01-26 23:48 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
    2010-09-07 15:11 . 2006-06-06 16:54 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-09-07 14:52 . 2006-03-01 00:41 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-09-07 14:52 . 2008-04-05 20:45 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-09-07 14:47 . 2005-10-18 21:27 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-09-07 14:47 . 2006-03-01 00:41 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-09-07 14:47 . 2006-03-01 00:41 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-09-07 14:46 . 2006-03-01 00:41 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-09-06 13:43 . 2005-01-26 22:34 -------- d-----w- c:\program files\Club-Internet
    2010-09-06 09:51 . 2005-05-15 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-09-06 08:29 . 2009-01-04 20:13 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
    2010-09-06 08:29 . 2009-01-04 20:12 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
    2010-09-02 21:34 . 2009-05-24 10:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-02 20:12 . 2008-05-04 19:51 -------- d-----w- c:\program files\Fnac
    2010-09-02 19:04 . 2005-10-19 23:10 -------- d-----w- c:\program files\SpywareBlaster
    2010-08-27 09:09 . 2005-10-18 21:27 -------- d-----w- c:\program files\Alwil Software
    2010-08-26 14:09 . 2008-12-17 13:07 -------- d-----w- c:\documents and settings\Edwin\Application Data\U3
    2010-07-26 22:25 . 2009-09-06 21:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-07-22 22:43 . 2008-11-24 21:26 2568656 ----a-w- c:\documents and settings\Edwin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
    2010-07-22 21:21 . 2010-07-22 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
    2006-05-06 16:42 . 2006-07-12 12:02 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
    .

    ------- Sigcheck -------

    [-] 2004-08-19 . 8558905BA81F6EFAAF9667139BB117DD . 13824 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\wscntfy.exe

    [-] 2004-08-19 . 912591E2055E26566D1CB54092A7E8B0 . 129536 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\xmlprov.dll

    [-] 2004-08-19 . 3C0252DC0A8464ED3D9B917504652EE9 . 1689088 . . [5.03.2600.2180] . . c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\d3d9.dll
    [-] 2004-07-09 03:27 . C37043055EA9C663B6A8E8E50A8A0A9A . 1689600 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\LastGood\System32\d3d9.dll
    [-] 2004-07-09 03:27 . 0E51BD586D186F61A9E4453DB8AEC774 . 1703936 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\d3d9.dll

    c:\windows\System32\wscntfy.exe ... manque !!
    c:\windows\System32\xmlprov.dll ... manque !!
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue EXIF]
    @="{3E57A8B6-849B-476E-A3E9-CFCE49E3662A}"
    [HKEY_CLASSES_ROOT\CLSID\{3E57A8B6-849B-476E-A3E9-CFCE49E3662A}]
    2005-10-19 07:12 2465792 ----a-w- c:\program files\PixVue.Com\PixVue\bin\PixVue.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue EXIF & IPTC]
    @="{E3F36090-0540-418f-8136-074D5B255B59}"
    [HKEY_CLASSES_ROOT\CLSID\{E3F36090-0540-418f-8136-074D5B255B59}]
    2005-10-19 07:12 2465792 ----a-w- c:\program files\PixVue.Com\PixVue\bin\PixVue.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue EXIF & XMP]
    @="{E1C1BE26-35A8-4999-A3A6-235CB7BD558B}"
    [HKEY_CLASSES_ROOT\CLSID\{E1C1BE26-35A8-4999-A3A6-235CB7BD558B}]
    2005-10-19 07:12 2465792 ----a-w- c:\program files\PixVue.Com\PixVue\bin\PixVue.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue EXIF & XMP & IPTC]
    @="{2E9BD3CA-A57F-450b-B1BA-A6A58C0C1D51}"
    [HKEY_CLASSES_ROOT\CLSID\{2E9BD3CA-A57F-450b-B1BA-A6A58C0C1D51}]
    2005-10-19 07:12 2465792 ----a-w- c:\program files\PixVue.Com\PixVue\bin\PixVue.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue IPTC]
    @="{BCA5FB3A-9FC1-4465-ACE3-8C2072449164}"
    [HKEY_CLASSES_ROOT\CLSID\{BCA5FB3A-9FC1-4465-ACE3-8C2072449164}]
    2005-10-19 07:12 2465792 ----a-w- c:\program files\PixVue.Com\PixVue\bin\PixVue.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue XMP]
    @="{F0C13C81-FB8D-464e-873F-F8FF999E3EEC}"
    [HKEY_CLASSES_ROOT\CLSID\{F0C13C81-FB8D-464e-873F-F8FF999E3EEC}]
    2005-10-19 07:12 2465792 ----a-w- c:\program files\PixVue.Com\PixVue\bin\PixVue.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PixVue XMP & IPTC]
    @="{0117FFFB-91FD-414E-AC34-A00531032006}"
    [HKEY_CLASSES_ROOT\CLSID\{0117FFFB-91FD-414E-AC34-A00531032006}]
    2005-10-19 07:12 2465792 ----a-w- c:\program files\PixVue.Com\PixVue\bin\PixVue.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-12-10 67128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
    "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
    "PinnacleDriverCheck"="c:\windows\System32\PSDrvCheck.exe" [2003-12-04 406016]
    "nwiz"="nwiz.exe" [2005-12-10 1519616]
    "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-12-10 86016]
    "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-12-10 7311360]
    "LVCOMSX"="c:\program files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
    "C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-09-07 13312]

    c:\documents and settings\Edwin\Menu D‚marrer\Programmes\D‚marrage\
    BOINC Manager.lnk - c:\program files\BOINC\boincmgr.exe [2006-8-3 1966080]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-10 67128]
    PC Alert 4.lnk - c:\program files\MSI\PC Alert 4\PCAlert4.exe [2005-1-27 536576]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PixVue]
    2005-09-22 23:07 45056 ----a-w- c:\program files\PixVue.Com\PixVue\bin\WinLogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "wave9"=Echo24Wrap.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NaturalColorLoad.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\NaturalColorLoad.lnk
    backup=c:\windows\pss\NaturalColorLoad.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk
    backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Edwin^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
    path=c:\documents and settings\Edwin\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
    backup=c:\windows\pss\Adobe Gamma.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-06-09 08:06 976832 ----a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    2008-09-26 09:02 2356088 ----a-r- c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
    2004-08-22 15:05 81920 ----a-w- c:\program files\D-Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]
    2007-04-05 14:29 684118 ----a-w- c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2005-01-27 22:25 98304 ----a-w- c:\program files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    2003-01-13 09:19 757760 ----a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
    2003-01-13 13:05 69632 ----a-w- c:\program files\Fichiers communs\Roxio Shared\System\EngUtil.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2010-08-25 18:03 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware1.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

    R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [03/08/2008 21:59 155136]
    R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [03/08/2008 21:59 5248]
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [02/09/2010 23:49 28552]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [05/04/2008 22:45 165584]
    R2 PixVue;PixVue;c:\program files\PixVue.Com\PixVue\bin\Daemon.exe [19/10/2005 09:13 151552]
    R3 echo24;Mia Service;c:\windows\system32\drivers\echo24.sys [09/09/2004 12:21 565248]
    S3 PCAlertDriver;PCAlertDriver;c:\program files\MSI\PC Alert 4\NTGLM7X.SYS [27/01/2005 01:04 23872]
    S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;c:\windows\system32\drivers\usb8023.sys [07/09/2002 02:00 11136]
    S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [28/06/2006 20:33 223128]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28/06/2006 20:30 642560]

    --- Autres Services/Pilotes en mémoire ---

    *NewlyCreated* - NMSCFG
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mWindow Title = Microsoft Internet Explorer
    uInternet Settings,ProxyOverride = 127.0.0.1
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} - hxxp://f001.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
    FF - ProfilePath - c:\documents and settings\Edwin\Application Data\Mozilla\Firefox\Profiles\iw4ttwns.default\
    FF - prefs.js: browser.search.selectedEngine - Wibeez
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
    FF - prefs.js: keyword.URL - hxxp://www.wibeez.com/france?search&q=
    FF - component: c:\documents and settings\Edwin\Application Data\Mozilla\Firefox\Profiles\iw4ttwns.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
    FF - plugin: c:\documents and settings\Edwin\Application Data\Mozilla\Firefox\Profiles\iw4ttwns.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJPI140_03.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll

    ---- PARAMETRES FIREFOX ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-12 02:06
    Windows 5.1.2600 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x894BA2C8]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xf766baac
    \Driver\ACPI -> ACPI.sys @ 0xf758a740
    \Driver\atapi -> 0x894ba2c8
    IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x8058e444
    ParseProcedure -> ntoskrnl.exe @ 0x8055a85b
    \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x8058e444
    ParseProcedure -> ntoskrnl.exe @ 0x8055a85b
    NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf783ad84
    PacketIndicateHandler -> NDIS.sys @ 0xf782c06a
    SendHandler -> NDIS.sys @ 0xf783da72
    Warning: possible MBR rootkit infection !
    user & kernel MBR OK

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(924)
    c:\windows\System32\ODBC32.dll
    c:\windows\System32\Echo24Wave.dll

    - - - - - - - > 'lsass.exe'(984)
    c:\windows\System32\dssenh.dll
    .
    Heure de fin: 2010-09-12 02:09:35
    ComboFix-quarantined-files.txt 2010-09-12 00:09
    ComboFix2.txt 2010-09-11 16:36

    Avant-CF: 3 976 777 728 octets libres
    Après-CF: 3 965 616 128 octets libres

    winxpsp1_fr_pro_bf.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect

    - - End Of File - - A8457FCB37F80F6C90D9C3488FC6CED1
    13 Septembre 2010 18:34:12

    Merci Destrio,
    Le pb de redirection semble être réglé. Est-ce que mon rapport te montre d'autres menaces ou possibilités de réapparition de ce problème ? Mon démarrage en mode sans échec est toujours impossible, même avec ton logiciel.
    a c 333 8 Sécurité
    17 Septembre 2010 18:26:56

    Citation :
    Je n'ai jamais osé l'installer parce qu'on m'a dit qu'il rendait inopérant certains logiciels de composition que j'utilise, qui n'étaient pas compatibles.

    --> Oui mais ton Windows est rempli de failles de sécurité du coup.

    Ton clavier est en USB ou PS/2 ?
    21 Septembre 2010 21:40:02

    Je sais pour Windows. J'essaie de faire gaffe aux sites que je visite, mais ça n'empêche pas la contamination, la preuve.
    Mon clavier est en usb.
    a c 333 8 Sécurité
    22 Septembre 2010 19:48:14

    Pour le mode sans échec, ça fonctionnait avant ?
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS