Posez votre question Signaler

Antivir me detecte 3 virus [Résolu]

Annaprout 272Messages postés 13 août 2005Date d'inscription 21 mars 2011Dernière intervention - Dernière réponse le 7 mai 2008 à 19:04

Bonjour a tous.
voila ma soeur a ouvert une clé usb d'une ami, et celle ci etait infecté de virus
Il s'agissait de WORM BRONTOK (j'ai rechercher sur internet).
Le probleme c'est que maintenant, quand elle ouvre sa session, antivir personnal edition classic, fait tip tip et me dit qu'il a trouvé 3 virus.
Il s'agit pour les 3 de : TR/Crypt.XPACK.Gen
2 se situe dans system32 et l'autre dans le dossier Temp de sa session.
J' ai essayé de supprimer ces 2 virus directement et de les mettre a la corbeille, rien n'y fait.
J'ai fait un CCleaner, il ne se passe rien non plus.
Que puis je faire s'il vous plait ?
Merci par avance

Antivir me detecte 3 virus »

Suggestions

Antivir me detecte 3 virus
Antivir a détecté 12 virus » Forum
Antivir a detecté des virus » Forum
Detecté 3 virus » Forum
Antivir me détecte 5 virus...Help me!! » Forum
UsbFix - Antivir détécte un virus (Résolu) » Forum

Plus

Réponse

armandaudric 1381Messages postés 16 février 2008Date d'inscription 6 mai 2008 à 15:45

il a pas une mise en quarantaine antivir car si tu les mes la tu pourras les supprimeaint

Ajouter un commentaire

Réponse

cyrildu17 6267Messages postés 28 septembre 2007Date d'inscription 6 mai 2008 à 16:25

Salut ,

Branche toute tes clés USB à ton pc ,,

Télécharge l'outil Flash_Disinfector de sUBs:
http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

Enregistre Flash_Disinfector.exe sur ton bureau.
Double clique sur Flash_Disinfector.exe pour l'exécuter.
Quand le message : "Plug in yours flash drive & clic Ok to begin disinfection" apparaitra :
Connecte au pc, clé USB, DD externes, susceptibles d'avoir été infectés.
Puis clic sur Ok
Les icônes sur le bureau vont disparaitre jusqu'à l'apparition du message: [Done!!]
Appuies ensuite sur OK, pour faire réapparaitre le bureau.

****************************

/!\ Outils très puissant , ne pas reproduire la manip ci-dessous sur son pc sans y avoir été autorisé par une personne compétente /!\

2)Télécharge ComboFix ici → http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Et enregistre le sur le bureau >>> /!\ IMPORTANT /!\

Regardes ici, si tu souhaites te familiariser avec son utilisation: http://bibou0007.com/tutos-f45/tutorial-combofix-t121.htm

AVANT d'utiliser ComboFix :
→ Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
→ Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection !!!, (activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil). /!\

3)Sur ton bureau double clic sur Combofix.exe.
Appuies sur la touche 1, pour que le programme commence à s'exécuter et suis les instructions à l'écran.

/!\ PENDANT TOUTE la durée (ça peut être assez long si le pc est très infecté) du scan de ComboFix, n'ouvres aucun programme, ne touche pas à ta souris et ne surfe pas sur le net /!\

Soit patient (même si tu penses que le PC est arrêté) ; les temps « d'arrêt apparent » sont parfois de plusieurs minutes (il y a ± 40 étapes d’analyse).

En cours de nettoyage il est possible, que tu reçoives un avertissement te disant que le pc va redémarrer, laisse le faire.

Après le redemarrage du pc, un rapport s'ouvrira dans le Bloc notes en fin d'analyse, copie et colle tout son contenu dans ton prochain message.

(Le fichier rapport Combofix.txt , est ensuite automatiquement sauvegardé dans C:\Combofix.txt)

Tutorial ( aide ):

http://bibou0007.com/outils-specifiques-f78/tutorial-combofix-t121.htm

http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

++

Ajouter un commentaire

Réponse

-1

armandaudric 1381Messages postés 16 février 2008Date d'inscription 6 mai 2008 à 16:33

essai sa tape sa dans google SMIT FRAUD FIX SES UN LOGICIEL ANTIVIRUS

Ajouter un commentaire

cyrildu17- 6 mai 2008 à 16:37

Abstiens toi de répondre quand tu n'y connais rien stp.

++

armandaudric- 6 mai 2008 à 18:10

alors trouve une solution on est la pour donner des conseils non

cyrildu17- 6 mai 2008 à 18:11

Et ça c'est quoi ??

Réponse

Annaprout 272Messages postés 13 août 2005Date d'inscription 21 mars 2011Dernière intervention 7 mai 2008 à 09:01

Merci Cyrildu17, ca a l'air d'avoir marcher y a plus d'alerte.
Merci beaucoup ;)

Ajouter un commentaire - Site web

Réponse

cyrildu17 6267Messages postés 28 septembre 2007Date d'inscription 7 mai 2008 à 09:55

Salut ,,

Je voudrais le rapport stp ;)

Ce n'est pas fini , je veux désinfecter en profondeur =)
++

Ajouter un commentaire

Réponse

Annaprout 272Messages postés 13 août 2005Date d'inscription 21 mars 2011Dernière intervention 7 mai 2008 à 12:37

Merci Cyril.
Voici le rapport :

ComboFix 08-05-01.3 - Marie 2008-05-06 21:43:20.11 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2200 [GMT 2:00]
Endroit: C:\Users\Marie\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\drivers\down
C:\Windows\system32\kxvo.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-06 to 2008-05-06 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-06 19:43 3,145,728 --sha-w C:\Users\Propriétaire\NTUSER.DAT
2008-05-06 19:43 3,145,728 --sha-w C:\Users\Propriétaire\NTUSER.DAT
2008-05-06 19:43 1,048,576 --sha-w C:\Users\Invité\NTUSER.DAT
2008-05-06 19:43 1,048,576 --sha-w C:\Users\Invité\NTUSER.DAT
2008-05-06 19:28 --------- d-----w C:\Users\Marie\AppData\Roaming\OpenOffice.org2
2008-05-06 16:13 --------- d-----w C:\Program Files\Trend Micro
2008-05-06 12:04 0 ----a-w C:\osy3.sys
2008-05-06 09:28 --------- d-----w C:\Program Files\Panda Security
2008-05-04 13:23 --------- d-----w C:\Users\Propriétaire\AppData\Roaming\OpenOffice.org2
2008-04-25 14:08 --------- d-----w C:\Users\Marie\AppData\Roaming\Image Zone Express
2008-04-22 14:07 --------- d-----w C:\Users\Marie\AppData\Roaming\Zylom
2008-04-20 09:51 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-04-18 08:37 --------- d-----w C:\Program Files\iTunes
2008-04-18 08:36 --------- d-----w C:\Program Files\QuickTime
2008-04-18 08:36 --------- d-----w C:\Program Files\iPod
2008-04-18 08:36 --------- d-----w C:\PROGRA~2\Apple Computer
2008-04-18 08:34 --------- d-----w C:\Program Files\Apple Software Update
2008-04-16 15:48 --------- d-----w C:\Program Files\Fish Aquarium 3D Screensaver
2008-04-10 07:01 --------- d-----w C:\Program Files\Windows Mail
2008-04-08 17:19 --------- d-----w C:\Program Files\fishaquarium
2008-04-07 08:14 --------- d-----w C:\PROGRA~2\HPSSUPPLY
2008-04-07 08:13 --------- d-----w C:\Users\Propriétaire\AppData\Roaming\Printer Info Cache
2008-04-07 08:13 --------- d-----w C:\Users\Propriétaire\AppData\Roaming\Image Zone Express
2008-04-07 07:12 --------- d-s---w C:\Users\Propriétaire\AppData\Roaming\Microsoft
2008-04-07 07:12 --------- d-----w C:\Program Files\HP
2008-04-07 01:49 8,140,915 ----a-w C:\Windows\breve.scr
2008-04-07 01:49 237,568 ----a-w C:\Windows\glut32.dll
2008-03-29 18:35 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-03-29 18:35 --------- d-----w C:\Users\Propriétaire\AppData\Roaming\WinBatch
2008-03-29 18:35 --------- d-----w C:\Program Files\Realtek
2008-03-29 08:49 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-24 13:27 12,400 ----a-w C:\Windows\system32\drivers\SECDRV.SYS
2008-03-24 13:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-24 12:48 --------- d-----w C:\Program Files\Maxis
2008-03-24 12:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-24 12:12 --------- d-----w C:\Users\Marie\AppData\Roaming\Ahead
2008-03-16 09:25 643,920 ----a-w C:\PortableRoboForm.exe
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:14 2,028,544 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-13 09:04 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 09:02 3,505,720 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 09:02 3,471,928 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 09:01 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 09:01 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 09:01 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 09:01 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 09:01 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 09:01 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-13 09:01 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 09:01 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 09:01 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 09:01 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-02 22:18 174 --sha-w C:\Program Files\desktop.ini
2007-12-29 15:25 612 ----a-w C:\Users\Marie\AppData\Roaming\wklnhst.dat
2007-12-25 14:50 47,360 ----a-w C:\Users\Marie\AppData\Roaming\pcouffin.sys
2007-11-07 14:03 126 ----a-w C:\Users\Propriétaire\AppData\Roaming\wklnhst.dat
2008-02-04 13:13 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008020420080205\index.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 12:28 1232896]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 20:03 152872]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-01 16:56 1006264]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 13:59 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-14 20:31 178968]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 12:26 4874240 C:\Windows\RtHDVCpl.exe]
"CCUTRAYICON"="FactoryMode" []
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 13:13 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-09-25 02:11 54672]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 22:52 49152]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 13:25 249896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i263_32.drv
"vidc.yv12"= yv12vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= divxa32.acm
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-918319700-1789878857-3928151191-1001]
"EnableNotificationsRef"=dword:00000025

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-918319700-1789878857-3928151191-1002]
"EnableNotificationsRef"=dword:0000001d

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-918319700-1789878857-3928151191-501]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C811BB3A-C6BF-48F1-A9B2-9E3A25CD7478}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{EF6CA61F-9863-45F4-8549-FD48443B7E7E}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{AD63F5DE-D4D5-42A6-8136-9102C7EF05E3}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{0AB6ED54-0E52-40D4-9621-20AB7D749574}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{66FF50A4-40D9-4C3E-A4CD-BC4C3A933208}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{DBCB39EF-C1D7-4419-9ECE-DE15D7C52483}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{2B83BC5B-2FC0-449C-91AE-F09F87BA0CCF}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{069B212C-2947-402F-BD6A-6350E37F07BA}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{9D29FF59-F50C-4BA1-94E7-82EE4774A370}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{2F331BA3-FEE9-45EE-9FAD-333B66B1B548}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B7C2AFAF-395A-4625-94FA-518E61011C64}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 10:32]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-10 02:35]
S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 09:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0d427ef-fa42-11dc-8759-001d60539785}]
\shell\AutoRun\command - K:\apj.com
\shell\explore\Command - K:\apj.com
\shell\open\Command - K:\apj.com

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-06 19:44:00 C:\Windows\Tasks\User_Feed_Synchronization-{7C3D90E6-AD2A-4875-97E6-4A717C6CB81D}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-05-05 19:44:11 C:\Windows\Tasks\User_Feed_Synchronization-{A285B298-96D4-42DD-A080-185995B07532}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 21:45:59
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 1

**************************************************************************
.
Temps d'accomplissement: 2008-05-06 21:46:51
ComboFix-quarantined-files.txt 2008-05-06 19:46:47

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

191 --- E O F --- 2008-04-09 19:55:47

Ajouter un commentaire - Site web

Réponse

cyrildu17 6267Messages postés 28 septembre 2007Date d'inscription 7 mai 2008 à 13:11

Re !

→ Télécharge TrendMicro™ HijackThis™

Place le dans ' C:\programmes\ ' Une fois cela fait , merci de renommer l'icône ( clique droit > renommer )' Hijackthis.exe 'située dans le dossier dans C:\ , en ' HJT.exe ' <<<<<<<<< Important !!! <<<<<<<

Le chemin d'accés du programme doit être ressemblant à celui-ci : C:\Programme\Trend Micro\Hijackthis\HJT.exe

→ Ne pas renommer l'icône du raccourci sur le bureau bien entendu ...

/!\ Ferme toute les fenêtres encore ouvertes , et déconnecte toi du web /!\

→ Puis lance-le et choisi l'option '' do a system scan and save a logfile '' et poste moi le rapport ( qui apparait sur le bloc-note )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Tuto si tu n'y arrive pas : http://pageperso.aol.fr/balltrap34/demohijack.htm

++

Ajouter un commentaire

Réponse

Annaprout 272Messages postés 13 août 2005Date d'inscription 21 mars 2011Dernière intervention 7 mai 2008 à 14:36

Voici le rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:35:06, on 07/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\jureg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\schtasks.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: <HTML><HEAD><TITLE>Yahoo!</TITLE>
O1 - Hosts: </HEAD><BODY BGCOLOR=white vlink=blue>
O1 - Hosts: 
O1 - Hosts: <center>
O1 - Hosts: <table width=675 cellpadding=0 cellspacing=2 border=0>
O1 - Hosts: <tr>
O1 - Hosts: <td width=1% valign=top><a href="http://www.yahoo.com"><img src=http://us.i1.yimg.com/us.yimg.com/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo"></a></td>
O1 - Hosts: <td align=right><font face=arial size=-1><a href="/404/*http://www.yahoo.com">Yahoo!</a> - <a href="http://help.yahoo.com">Help</a></font><hr size=1 noshade></td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: <br>
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=3>
O1 - Hosts: <tr>
O1 - Hosts: <td bgcolor=003399 colspan=2>
O1 - Hosts: <font face=Arial size=+1 color=white><b>Sorry, the page you requested was not found.</b></font>
O1 - Hosts: </td>
O1 - Hosts: </tr></table>
O1 - Hosts: <br>
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=1>
O1 - Hosts: <tr>
O1 - Hosts: <td valign=top width=229 bgcolor=ffffff>
O1 - Hosts: <table width="100%" cellpadding=1 cellspacing=0 border=0 bgcolor=dcdcdc><tr>
O1 - Hosts: <td valign=top align=center><table width="100%" cellpadding=3 cellspacing=0 border=0 bgcolor=ffffff>
O1 - Hosts: <tr bgcolor=dcdcdc><td><font face=arial><b>Search Yahoo!</b></font></td></tr>
O1 - Hosts: <tr bgcolor=white><td valign=top align=center>
O1 - Hosts: <form action="http://search.yahoo.com/search">
O1 - Hosts: <input size="14" name="p" value="">
O1 - Hosts: <input type="SUBMIT" value="Search">
O1 - Hosts: <font face=arial size=-2>• <a href="http://search.yahoo.com/search/options?p=">advanced search</a> • <a href="http://buzz.yahoo.com">most popular</a></font>
O1 - Hosts: </form></td></tr></table>
O1 - Hosts: <table width=100% border=0 cellspacing=0 cellpadding=3 bgcolor=ffffff>
O1 - Hosts: <tr bgcolor=ccccff><td>
O1 - Hosts: <FONT face=arial size=+1>Yahoo! Web Hosting</font>
O1 - Hosts: </td></tr>
O1 - Hosts: <tr><td>
O1 - Hosts: <a href=http://webhosting.yahoo.com/ps/wh/prod/><img align=left src=http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/j_advan48.gif width=48 height=48 border=0 alt="Yahoo! Web Hosting"></a>
O1 - Hosts: <font face=arial size=-1>Yahoo! Web Hosting has <a href="http://webhosting.yahoo.com/ps/wh/prod/">three affordable plans</a> to meet your needs - starting at just $11.95.
O1 - Hosts: </td></tr>
O1 - Hosts: <tr><td align=right>
O1 - Hosts: <b><font face=arial size=-1><a href=http://webhosting.yahoo.com/ps/wh/prod/>Learn more...</a></font></b>
O1 - Hosts: </td></tr>
O1 - Hosts: </table>
O1 - Hosts: </td></tr></table>
O1 - Hosts: </td>
O1 - Hosts: <td width=1> </td>
O1 - Hosts: <td valign=top align=center width=445>
O1 - Hosts: <script language="JavaScript" type="text/javascript"
O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sr" >
O1 - Hosts: </script>
O1 - Hosts: <noscript>
O1 - Hosts: <iframe
O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sh&bg=ffffff"
O1 - Hosts: width=470 height=580 marginwidth=0 marginheight=0 hspace=0
O1 - Hosts: vspace=0 frameborder=0 scrolling=no>
O1 - Hosts: </iframe>
O1 - Hosts: </noscript>
O1 - Hosts: </td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: <br>
O1 - Hosts: <table cellpadding=0 cellspacing=0 border=0 width=675><tr><td bgcolor=a0b8c8>
O1 - Hosts: <table cellpadding=1 cellspacing=1 border=0 width="100%">
O1 - Hosts: <tr valign=top bgcolor=ffffff><td align=center>
O1 - Hosts: <font face=arial size=-2><A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://address.yahoo.com/">Address Book</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://alerts.yahoo.com/">Alerts</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://auctions.yahoo.com/">Auctions</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://billpay.yahoo.com/">Bill Pay</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://bookmarks.yahoo.com/">Bookmarks</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://briefcase.yahoo.com/">Briefcase</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://broadcast.yahoo.com/">Broadcast</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://calendar.yahoo.com/">Calendar</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://chat.yahoo.com/">Chat</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://classifieds.yahoo.com/">Classifieds</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://clubs.yahoo.com/">Clubs</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://companion.yahoo.com/">Companion</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://experts.yahoo.com/">Experts</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://games.yahoo.com/">Games</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://greetings.yahoo.com/">Greetings</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://geocities.yahoo.com/">Home Pages</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://invites.yahoo.com/">Invites</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://mail.yahoo.com/">Mail</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://maps.yahoo.com/">Maps</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://members.yahoo.com/">Member Directory</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://messenger.yahoo.com/">Messenger</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://my.yahoo.com/">My Yahoo!</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://news.yahoo.com/">News</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://paydirect.yahoo.com/">PayDirect</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://people.yahoo.com/">People Search</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://personals.yahoo.com/">Personals</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://photos.yahoo.com/">Photos</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://shopping.yahoo.com/">Shopping</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://sports.yahoo.com/">Sports</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://finance.yahoo.com/">Stock Quotes</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://tv.yahoo.com/">TV</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://travel.yahoo.com/">Travel</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://weather.yahoo.com/">Weather</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://www.yahooligans.com/">Yahooligans</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://yp.yahoo.com/">Yellow Pages</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://docs.yahoo.com/docs/family/more.html">more...</A>
O1 - Hosts: </font></td></tr></table></td></tr></table>
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Ajouter un commentaire - Site web

Réponse

cyrildu17 6267Messages postés 28 septembre 2007Date d'inscription 7 mai 2008 à 14:50

Re ,,

Télécharge HostsXpert

> Dézippe le sur le Bureau

> Clique sur "Restore MS Hosts File"

Reposte un rapport Hijackthis après.
++

Ajouter un commentaire

Réponse

Annaprout 272Messages postés 13 août 2005Date d'inscription 21 mars 2011Dernière intervention 7 mai 2008 à 15:45

Merci encore et encore

Voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:44:20, on 07/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\jureg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\schtasks.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Ajouter un commentaire - Site web

Réponse

cyrildu17 6267Messages postés 28 septembre 2007Date d'inscription 7 mai 2008 à 15:49

Re ,,

************************************

→ Relance hijackthis , en menu principal choisis ' Do a system scan only' Et fixe ces/cette ligne(s) : ( coche la case à leurs gauches )

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)

Ferme toutes les fenêtres (hormis Hijackthis), y compris ton navigateur web.

→ clique sur ' fixchecked '

************************************

Met à jour JAVA --> http://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80

************************************

→ Télécharge CleanUp452 ( Primary download site ... )

→ Lance-le et choisi l'option ' cleanup! '

→ Poste le rapport.

Tutorial: http://pageperso.aol.fr/balltrap34/democleanup.htm ( merci à balltrap34 )

************************************

→ Télécharge clean : http://www.malekal.com/download/clean.zip

→ Dézippe-le ( clique droit , extraire tout)

→ Lance clean.cmd ( ou clean ) en faisant un clique droit dessus ' Executer en tant d'administrateur '

→ Au menu principal , Choisi l'option 1 et poste moi le rapport.

(- Où est le rapport clean ? : « Ordinateur » / double clic sur disque « C / » double-clic sur « rapport_clean.txt » et « copier/coller le contenu » sur le forum. )

Note : Tu auras peut-être un message qui t'invitera a uploader un fichier , fait-le dès que tu pourras.

Tutorial : http://bibou0007.com/outils-specifiques-f78/tuto-clean-t1007.htm

************************************

Bonne chance
++

Ajouter un commentaire

Réponse

Annaprout 7 mai 2008 à 18:01

Merci encore ,

j'ai fait les étapes 1 2 et 3

Voici le rapport de Clean up :

CleanUp! started on 05/07/08 17:57:40.
...
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\dkletKOZaaZUyrXfWq1DIwxp5xs= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\DNAZ2FcZMgigcAlnok5obCFV5pX0= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\DOEpcvy1eTSHuagMsAzEkZZpX1o= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\dq7DIxF929labEk9zY8jz4keYfc= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\E8mYXqWV+auPw6sXta9I7NVVASw= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\EOA2ah7SrQBeTS2N4PORdjm33ZY= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\eUZpzAUcGVzf1ZBlDaUCb0iwj9A= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\EVK8Hs9eH4aqlSux2FHm5br6VB2FA= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\eyiU1r4cKpQscpExpQXUlUufFuE= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\f9HX2FDQOo583vcKvV0PndBlSzI= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\FGXugkxx9DoOZUi5UQ0Q2FMGhp0w= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\FhTbnsSEhvBclD0XARY3z5CxF2Fs= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\FjfBHFVb4pAb+Q1uFE+1ojetLus= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\FU+Zm0l2FR0LsZT01NiYJJqw+HdU= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\fZkKwQQJwfKL9wsi+UseNCiJpJ0= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\fzsDPTM5wNL4d2x4dCdMPpiU19g= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\Gf6aCfhwYUmhTk9w7RmB7xd2nn4= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\gJ8KirPdNSIauJMFXiB40x2Fa0kI= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\Gp6Upn4MqR39uEsl0ldfYVOP01c= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\gs55eUNBeAb2dbz8fMhGXXOph+Q= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\gWDbhGrjtKS2FcOl2KXRVeP8uafE= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\gWuH3Y1v1ZdOM3OyvsCNIJy3ypM= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\h+bSoKnwHFZCguAjYvE9pDSXxq4= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\H19hl2FTKtjpChprVn6mtOTFZVSw= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\H5laDgu78C0yyURTwb+FPzKbUmk= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\hb8gPNcTSOvMqAeP0mI8RGa0Ip8= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\hQ+b2wY2FC6X4A2FCuoFlUmkRgG3o= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\http3A2F2Fshared.live.com2F4FK9aqzvrfnB3HHdvNkKVmtFpNReuir!4zhUNT5LmJnSWR0X2gCIjw2FTropical2F1.13472Fimg2FSmallBannerImage.jpg - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\http3A2F2Fshared.live.com2F4FK9aqzvrfnB3HHdvNkKVmtFpNReuir!4zhUNT5LmJnSWR0X2gCIjw2Fuk_bulldog2F1.13472Fimg2FSmallBannerImage.jpg - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\http3A2F2Fshared.live.com2F4FK9aqzvrfnB3HHdvNkKVmtFpNReuir!4zhUNT5LmJnSWR0X2gCIjw2Funiteair_heart2F1.13472Fimg2FSmallBannerImage.jpg - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\hv4CpInOujgYADce1KhT1zLCOSE= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\HvFqZNP2FHbrFqw+NdWk3nziZZYs= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\hyagENv1jrF6bP2sDZZQLyW6QhU= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\iCuRJmz0h7xuimwQJtL+zSopusQ= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\ICXfPXRyB2FEFULoeqPrSfrGaou8= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\idWmnmjH6rXV+1i4W01tLTElZK4= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\IhO4SvzKmAxBGIVh4oMNCqYpQbE= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\IhOsQlco7jFGn4nSJM3I1WH7OcY= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\IrwxqRRBZxzj7eemjcmLlNNOOy4= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\IXlsZ6QNwdaauC2FhpRwru5lLKAs= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\izLtZrgPmvTnI8wXL1qKo2FgwbIU= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\Jfyj85nmEexCOGbOyXH0hdrDclE= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\JhyV2tKfse5Lx9aasVAKZMELyHc= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\JO13i38W7D4Pja2FPeks2Fzn59CKA= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\jPZzU7ACqMVtF2FaEu6vSunehNOU= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\JVsIS2hOi2rt2FMq42F0i0TiMTwwk= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\k2FcURtDDYyIv+Htvz9033ciIVdk= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\k3POzxqcMtclHvdWLY9ozFnaGr8= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\k5KFM4hdHUa20v4BDLFCYsQGxu0= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\KiR3kA1WT3bp6k44PzzJe4rXa8w= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\kR1qjuksOkhBhTOD3+bQ1zZq6BA= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\kUa9J8wztB4Phvv+JihybCfGxPk= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\kv7b1hdJ2F1pPiETzHGLDXSehBqM= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\kZqPpHygPQnZW5fyVsvIuN8rl4E= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\l2myOnKZ7fuJp6a+Bhe+2FFFXdIA= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\l5HPirdk5GaInGUlqVv91A2F68gI= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\la+D6atFqixpBbNo6zXT5nxs7Uc= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\LA6H+HyguSIPPXV4c84XEMi6VWY= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\lE6rQh0vySn0YAuGwxs4E9QvIW0= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\LLSo+qnUFCM0Dl52a3cJquVDZCc= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\lqSokeqhgTULEbBPxOil5Rn0djc= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\LQWXQnH7ys59Gbr2oDNqjMmG7r8= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\LqXbwGuNOKuCKTbDrs8DLqvcfMs= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\lZs+mwWgQVfO2g2QIIrh9VY1uZQ= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\m+J8b2QnlIByOLk7apdGXey729U= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\M+jxCdzbzNfvmPkGN12FE8s22FQdo= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\M7qJexGE7AOtIGaAyAgSzTskuFY= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\MeKnEUlKgrJSTDaFrqBukmh4LJ0= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\mjX8L5bnE+dybmFYP8BgdZoWZak= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\mL93CeOf34xKLwIYznB5gZQam7I= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\MowMoYJk10qw092FNrrDUzNgdp9k= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\mpBxbphrQ6rnHaYh+zxDGcwXyZo= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\mULL+qleFZgOGcETZqfGZD5PuaA= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\MYjjgq8whkZg8Wb3wodZ49whYww= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\N6nH4+HhbKpeav4hjn7F5RZrFhA= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\NKbycRXB7YYlHEFrkm6Xw7sDo8k= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\nmIV2cEw868WjePK95uksKK0L2s= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\NNeGYuEuCu2F1ofPlXrE6j4jm7Uw= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\nnWYlNWHLNnBqOWiZwkYSPhNQlQ= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\NOc+E2RqyaWKxIYPH+9fbtKJMWU= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\NUDfGxG2FNpE4T+YOpjgSCXN82FL0= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\nWGTRbtsGycjxOq1mPVD2x0Rt3E= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\OgBm5Wgk2F2Fo5SftajCLBAOgOQh8= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\oMtcNwSRmTCq8wMyykNTcPgb2FL8= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\oMZMhxoA51NesSlAVc6dXncj1F4= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\OQdiaDfTYJScu2yIdKRabP+hAUg= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\ouKRx25AQMiZ2QyVOiljiGQ9Myo= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\p6p9E8e3R2FRnd+CcJXiM1Erj+HI= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\PieGtZMeL3mfqGOYwFgcMNX1PZI= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\PiuLd9taa2F7urtKhiUOldan0V9E= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\PMQYI4uIuEKevv0S5PrzMWX96QI= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\pQVjvk1ZiYjJy+1BXK6TRXscuu8= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\Prk8MV8s02F4qRZ7IbrLqbI88W9U= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\q1KWi2F5FNQR9ddvnZ+HeCQDHciU= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\Q2F1OGjXdcCtXryfrW7YFDY83+KY= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\qak8pT3L2yLyP5mOSiPhbsLcyf4= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\qEoc535+1+wH+CZlMhJ7HTU4TNw= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\qhDMKlDq22IS64JKS+SdWLD2FPtg= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\Qie4iQw1F0KSHGDQRe2wNWjH1rw= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\qJMOXgI5ItUj7e1IeBLvQLYLsGQ= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\QJuMiHPYn+c3pi2KwCGiDQ6rTOU= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\QksptnunIW+RQQFv1l2SgBkcCpo= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\R4YKbWMmFpVfsBFDvElE2Hfdj3A= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\R6ltP0qdfolR8BTxJBY5VOvJ60Q= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\rKNKZszHz4OAj4B2Fz0DQpcz5S3I= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\rlO0T6khy7JSdICPQaTk+6Zv2yw= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\RqaftCZeUw19E6zu7URI2Fqt83fE= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\rT9E7PjqR5fQLfsc+paaYYXfvso= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\S+c8gyL8O5ZxTtEamXVEcWNlWPg= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\s3nly0yWbseQ2F8w5NDVg7o02FAQM= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\smDyF+zNLxm4RtDeO+3v8ufq1BY= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\SryhIGXpdxEHEwLg14D6JPyIwbI= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\T2F32FlEArfa8NYyf3HePCV9j1Cs8= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\t4n+mfNwALHF1m2m7OOxA5Ejyoc= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\T85zXWngNifx7Z2vwpCYj+qgk6c= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\Tbc03A2ewskrm2H2Fi+hc35IzxRY= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\thnJsZkl9sxKfY+o2FuU2FMznjx6k= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\tSE2xTb4ecpdEyzsy1ylZad2ZmU= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\UATYGPrcAcIdzUIPslUWCQ2FLvd0= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\UemGKbdjXxf29+BmMJsTqBWc5ew= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\uIozM5rk2Fz+Ho3B8dGyr10K2Fxt8= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\UJM2FrjawpDOxioXKFEUOyY2FvkPY= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\UmbRVoV+2dXxog4vVvxBFHMYquY= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\Un2bIo8Pt2FfbOdHlSd52FS66qmOY= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\uqcw8MMnDlw51ziNU+QnisPlGNc= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\usQgZc8MPagypWmmCBBKtnTMUvI= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\UWTZmYSH1x2FzLv+rol7EXRBgp6A= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\UzOFyB0zrH062Fjkz6XNMx0ZJFTo= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\vca2FFXVu39iXYrhq5iIhOa05LOI= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\VeLJzB5chutF3J4O3qgjPK4S3Ts= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\vHUUChQeOXk42FjPC9RbZbLmHqOw= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\VOnX18DpGUGvTcGLJBoszCyMXdA= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\VS0wzFrp2FUXezoAjQt5eQYf9HCI= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\Vx2rvePAzrYPqiLnggpLnOisZJw= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\vXvXhuhRwjkz9Qwz9AOfG2fyDpg= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\w48pe2FZYSOHK78IBC5SWNrBBsO8= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\wAvSgmAz3esOfM12adFPohGgLq0= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\WE0x1UeBDh+myJXTC4nrVqNEYOo= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\wEsPga6bJVE5FAYw0UcLoLjCpHY= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\WgwfYQps6MQtVxNxlJQQwa2RzEg= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\Wstc+hWZzGnfo+A2FKG9oOYX4ZhQ= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\WuI0N6IufIg2qsIJ9cmvAyrBC+E= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\Wy7YvYB5BjUxJmKjXH591hU+awk= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\Xg6TGAVeoYPtQaD2May6vGVVPxY= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\XMkRKdkscOfusarjo4MQOn3QZa0= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\xn7EHWq+lzP7Ys4QY1eWck0CEUw= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\xTvDG5KLoJg8v11+PNfdufok5y8= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\xWBOiBNUwyazouBLI2FkXmznyHwo= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\yGoBryTNGDIsO2Fdz6fzM8+v4vlM= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\YJ0lK0JMNuZGg6GI2Fccd4UyCjVU= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\YLuhGGYuxCCd2FHBvMKPcJaXKCxU= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\YRQZlLTVK4yh44kFepQYyrmbj4s= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\YryW5XVn4lIDdDk1fUefLv95Y54= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\YuKziuOwnKHrmXk+H34uo+3m72FI= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\YWqnLE4mrDMol0qEVTjmeiCi0fw= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\zbzciJmbEd0SJU7HvzLSmTSj7hk= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\ziYOt4C5zpSHycS18xOOPSGoRuY= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\zSDWYTHFZoR2bEPPRxweGE2MRsc= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\zsUfyI0+pORBy1UnAnVqani34Vg= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\ZSVTkk1CNl3IiaRuRvFlCrbYIX4= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\ZU1VBPdW+XjDhjw04+f3ba5ZoIc= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\Zyz4gBBw0AWlZ8ioxjqB2L6ip9Y= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\ - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\WPDNSE\ - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\~DFD1FF.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\PROPRI~1\AppData\Local\Temp\~DFD206.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\PROPRI~1\AppData\Local\Temp\~DFFED5.tmp currently in use. Will be deleted when Windows is restarted.
C:\Windows\temp\hpqddsvc.log - deleted
C:\Windows\temp\lpksetup-20080506-220502-0.log - deleted
C:\Windows\temp\lpksetup-20080506-220516-0.log - deleted
C:\Windows\temp\lpksetup-20080507-091144-0.log - deleted
C:\Windows\temp\lpksetup-20080507-091202-0.log - deleted
C:\Windows\temp\nmsmc_DQLWinService.log currently in use. Will be deleted when Windows is restarted.
C:\Users\Propriétaire\Local Settings\Temp\~DFD1FF.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\Propriétaire\Local Settings\Temp\~DFD206.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\Propriétaire\Local Settings\Temp\~DFFED5.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\Marie\Local Settings\Temp\hpqddusr.log - deleted
C:\Users\Marie\Local Settings\Temp\MARB376.tmp - deleted
C:\Users\Marie\Local Settings\Temp\MARB50C.tmp - deleted
C:\Users\Marie\Local Settings\Temp\MARC032.tmp - deleted
C:\Users\Marie\Local Settings\Temp\MARC17B.tmp - deleted
C:\Users\Marie\Local Settings\Temp\Marie.bmp - deleted
C:\Users\Marie\Local Settings\Temp\STSBB91.tmp - deleted
C:\Users\Marie\Local Settings\Temp\STSD9BC.tmp - deleted
C:\Users\Marie\Local Settings\Temp\~DF60D9.tmp - deleted
C:\Users\Marie\Local Settings\Temp\~DFE52E.tmp - deleted
C:\Users\Marie\Local Settings\Temp\~DFF385.tmp - deleted
C:\Users\Marie\Local Settings\Temp\MessengerCache\6CRutF+7plJVQhSgtkkNuuuvdRg= - deleted
C:\Users\Marie\Local Settings\Temp\MessengerCache\ThP4b6+4EJvQ4p8X6uDIX4OUyGM= - deleted
C:\Users\Marie\Local Settings\Temp\MessengerCache\ - deleted
C:\Users\Marie\Local Settings\Temp\WPDNSE\ - deleted
C:\Users\Invité\Local Settings\Temp\hpqddusr.log - deleted
C:\Users\Invité\Local Settings\Temp\Invité.bmp - deleted
C:\Users\Invité\Local Settings\Temp\MARAC16.tmp - deleted
C:\Users\Invité\Local Settings\Temp\MARAD4F.tmp - deleted
C:\Users\Invité\Local Settings\Temp\MARBED1.tmp - deleted
C:\Users\Invité\Local Settings\Temp\MARC058.tmp - deleted
C:\Users\Invité\Local Settings\Temp\STSB1D1.tmp - deleted
C:\Users\Invité\Local Settings\Temp\STSDB47.tmp - deleted
C:\Users\Invité\Local Settings\Temp\~DF1ECB.tmp - deleted
C:\Users\Invité\Local Settings\Temp\~DFC075.tmp - deleted
C:\Users\Invité\Local Settings\Temp\WPDNSE\ - deleted
C:\BOOTSECT.BAK - deleted
C:\Program Files\eMule\eMule Light.tmpl - deleted
C:\Program Files\eMule\eMule.tmpl - deleted
C:\Program Files\eMule\config\clients.met.bak - deleted
C:\Program Files\Hewlett-Packard\HP Advisor\LangRes\it_it\InternetStates.xml~ - deleted
C:\Program Files\Maxis\The Sims Creator\Scripts\GUIFragment\SimsHotKeys.adg.bak - deleted
C:\ProgramData\Microsoft\eHome\Favorites\channels.xml.bak - deleted
C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\BITEE67.tmp - deleted
C:\ProgramData\Microsoft\eHome\Recording\Recordings.xml.bak - deleted
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk - deleted
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf91B3.tmp currently in use. Will be deleted when Windows is restarted.
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf91B4.tmp currently in use. Will be deleted when Windows is restarted.
C:\ProgramData\Microsoft\Windows\DRM\DRMv1.bak - deleted
C:\Users\All Users\Microsoft\Search\Data\Temp\usgthrsvc\Ntf91B3.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\All Users\Microsoft\Search\Data\Temp\usgthrsvc\Ntf91B4.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\Default\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - deleted
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - deleted
C:\Users\Invité\AppData\Local\Microsoft\Feeds Cache\index.dat - deleted
C:\Users\Invité\AppData\Local\Microsoft\Journal\Cache\NB9231.tmp - deleted
C:\Users\Invité\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - deleted
C:\Users\Invité\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008042120080428\index.dat - deleted
C:\Users\Invité\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008050620080507\index.dat - deleted
C:\Users\Invité\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - deleted
C:\Users\Marie\AppData\Local\Microsoft\Feeds Cache\index.dat - deleted
C:\Users\Marie\AppData\Local\Microsoft\Messenger\annaprout42@hotmail.com\SharingMetadata\volume.xml~ - deleted
C:\Users\Marie\AppData\Local\Microsoft\Messenger\annaraggy42@hotmail.fr\SharingMetadata\volume.xml~ - deleted
C:\Users\Marie\AppData\Local\Microsoft\Messenger\annaraggy42@hotmail.fr\SharingMetadata\Working\database_72F6_73D9_F673_9C53\fsr.chk - deleted
C:\Users\Marie\AppData\Local\Microsoft\Messenger\arbidouf@hotmail.fr\SharingMetadata\volume.xml~ - deleted
C:\Users\Marie\AppData\Local\Microsoft\Messenger\arbidouf@hotmail.fr\SharingMetadata\Working\database_72F6_73D9_F673_9C53\fsr.chk - deleted
C:\Users\Marie\AppData\Local\Microsoft\Messenger\gambasitaloca@hotmail.fr\SharingMetadata\volume.xml~ - deleted
C:\Users\Marie\AppData\Local\Microsoft\Messenger\geli1963@hotmail.fr\SharingMetadata\volume.xml~ - deleted
C:\Users\Marie\AppData\Local\Microsoft\Messenger\geli1963@hotmail.fr\SharingMetadata\Working\database_72F6_73D9_F673_9C53\fsr.chk - deleted
C:\Users\Marie\AppData\Local\Microsoft\Messenger\mariemm67@hotmail.com\SharingMetadata\volume.xml~ - deleted
C:\Users\Marie\AppData\Local\Microsoft\Messenger\mariemm67@hotmail.com\SharingMetadata\Working\database_72F6_73D9_F673_9C53\fsr.chk - deleted
C:\Users\Marie\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - deleted
C:\Users\Marie\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008050620080507\index.dat - deleted
C:\Users\Marie\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008050720080508\index.dat - deleted
C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\Users\Marie\AppData\Local\Microsoft\Windows Mail\edb.chk - deleted
C:\Users\Marie\AppData\Local\Microsoft Games\Minesweeper\MinesweeperSettings.xml.bak - deleted
C:\Users\Marie\AppData\Local\Microsoft Games\Minesweeper\windowprefs.xml.bak - deleted
C:\Users\Marie\AppData\Local\Microsoft Games\Spider Solitaire\windowprefs.xml.bak - deleted
C:\Users\Marie\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat - deleted
C:\Users\Marie\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\index.dat - deleted
C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - deleted
C:\Users\Propriétaire\AppData\Local\Microsoft\Feeds Cache\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Users\Propriétaire\AppData\Local\Microsoft\Journal\Cache\NB3E7A.tmp - deleted
C:\Users\Propriétaire\AppData\Local\Microsoft\Messenger\annaprout42@hotmail.com\SharingMetadata\volume.xml~ - deleted
C:\Users\Propriétaire\AppData\Local\Microsoft\Messenger\annaprout42@hotmail.com\SharingMetadata\Working\database_72F6_73D9_F673_9C53\fsr.chk - deleted
C:\Users\Propriétaire\AppData\Local\Microsoft\Messenger\annaraggy42@hotmail.fr\SharingMetadata\volume.xml~ - deleted
C:\Users\Propriétaire\AppData\Local\Microsoft\Messenger\annaraggy42@hotmail.fr\SharingMetadata\Working\database_72F6_73D9_F673_9C53\fsr.chk - deleted
C:\Users\Propriétaire\AppData\Local\Microsoft\Messenger\arbidouf@hotmail.fr\SharingMetadata\volume.xml~ - deleted
C:\Users\Propriétaire\AppData\Local\Microsoft\Messenger\arbidouf@hotmail.fr\SharingMetadata\Working\database_72F6_73D9_F673_9C53\fsr.chk - deleted
C:\Users\Propriétaire\AppData\Local\Microsoft\Messenger\geli1963@hotmail.fr\SharingMetadata\volume.xml~ - deleted
C:\Users\Propriétaire\AppData\Local\Microsoft\Messenger\geli1963@hotmail.fr\SharingMetadata\Working\database_72F6_73D9_F673_9C53\fsr.chk - deleted
C:\Users\Propriétaire\AppData\Local\Microsoft\Messenger\mariemm67@hotmail.com\SharingMetadata\volume.xml~ - deleted
C:\Users\Propriétaire\AppData\Local\Microsoft\Messenger\mariemm67@hotmail.com\SharingMetadata\Working\database_72F6_73D9_F673_9C53\fsr.chk - deleted
C:\Users\Propriétaire\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Users\Propriétaire\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008050720080508\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Users\Propriétaire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Users\Propriétaire\AppData\Local\Microsoft Games\FreeCell\FreeCellSettings.xml.bak - deleted
C:\Users\Propriétaire\AppData\Local\Microsoft Games\FreeCell\windowprefs.xml.bak - deleted
C:\Users\Propriétaire\AppData\Local\Microsoft Games\Minesweeper\MinesweeperSettings.xml.bak - deleted
C:\Users\Propriétaire\AppData\Local\Microsoft Games\Minesweeper\windowprefs.xml.bak - deleted
C:\Users\Propriétaire\AppData\Local\Microsoft Games\Spider Solitaire\windowprefs.xml.bak - deleted
C:\Users\Propriétaire\AppData\Local\Temp\~DFD1FF.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\Propriétaire\AppData\Local\Temp\~DFD206.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\Propriétaire\AppData\Local\Temp\~DFFED5.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\Propriétaire\AppData\Local\Temp\~DFD1FF.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\Propriétaire\AppData\Local\Temp\~DFD206.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\Propriétaire\AppData\Local\Temp\~DFFED5.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\Propriétaire\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat - deleted
C:\Users\Propriétaire\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\index.dat - deleted
C:\Users\Propriétaire\AppData\Roaming\Microsoft\Windows\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Users\Public\Downloads\eMule\downloads.bak - deleted
C:\Users\Public\Downloads\eMule\Temp\002.part.met.bak - deleted
C:\Users\Public\Downloads\eMule\Temp\009.part.met.bak - deleted
C:\Users\Public\Downloads\eMule\Temp\011.part.met.bak - deleted
C:\Users\Public\Downloads\eMule\Temp\015.part.met.bak - deleted
C:\Users\Public\Downloads\eMule\Temp\027.part.met.bak - deleted
C:\Users\Public\Downloads\eMule\Temp\031.part.met.bak - deleted
C:\Users\Public\Downloads\eMule\Temp\042.part.met.bak - deleted
C:\Windows\Debug\UserMode\ChkAcc.bak - deleted
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - deleted
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - deleted
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.chk - deleted
C:\Windows\System32\REN1741.tmp - deleted
C:\Windows\System32\catroot2\edb.chk - deleted
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - deleted
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008020420080205\index.dat - deleted
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008050620080507\index.dat - deleted
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - deleted
C:\Windows\twain_32\hpqgnds2.tmp - deleted
D:\Backup_Autorun.Bak - deleted
'Run MRU' list - removed from the registry.
Telnet's MRU list - removed from the registry.
CleanUp! 4.0 recovered 102.7 MB of disk space from 10428 files.
CleanUp! finished on 05/07/08 17:58:32.

et je vais faire la derniere étape :)

Ajouter un commentaire

Réponse

Annaprout 7 mai 2008 à 18:08

Voici le rapport de clean :

07/05/2008 a 18:04:58,21

*** Recherche C:

*** Recherche C:\Windows\

*** Recherche C:\Windows\system32
C:\Windows\system32\wininit.exe FOUND
C:\Windows\system32\wininit.exe FOUND
"C:\Windows\Downloaded Program Files\CONFLICT.1" FOUND

*** Recherche C:\Program Files

si j'ai bien compris , il me resterait donc 3 fichiers infectés ?

merci encore pour ton aide :)

Ajouter un commentaire

Réponse

cyrildu17 6267Messages postés 28 septembre 2007Date d'inscription 7 mai 2008 à 18:09

Re !
1 plutôt ;)

wininit.exe est légitime sous Vista .

Supprime C:\Windows\Downloaded Program Files\CONFLICT.1

**************

_Maintenant , nous allons supprimer les logiciels de désinfection que je t'ai fait téléchargé.
En effet , s'en servir est dangereux pour le pc si l'on ne s'y connais pas.
De plus ils sont mis régulièrement à jours.

→ Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.

→ Double clique sur ToolsCleaner2.exe >
→ Clique sur .Recherche
→ puis sur Suppression quand la liste est trouvée.
→ Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : ton bureau RISQUE de disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

Tuto : http://www.commentcamarche.net/faq/sujet 8341 toolscleaner suppression des fix de force brute ( merci espion3004 )

++

Ajouter un commentaire

Réponse

Annaprout 7 mai 2008 à 18:16

je n'ai pas trouvé " C:\Windows\Downloaded Program Files\CONFLICT.1 " meme en affichant les dossiers cachés :S

Ajouter un commentaire

Réponse

cyrildu17 6267Messages postés 28 septembre 2007Date d'inscription 7 mai 2008 à 18:19

Re !

Ne passe pas encore Toolscleaner pour l'instant.

/!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\

1)Télécharge OTMoveIt2 ( de Old Timer )

2)Une fois téléchargé double-clique sur OTMoveIt2.exe pour le lancer.

Assure toi que la case Unregister Dll's and Ocx's soit bien cochée

3)puis copie les lignes en gras qui se trouvent en dessous :

C:\Windows\Downloaded Program Files\CONFLICT.1

et colle-les dans le cadre de gauche de OTMoveIt : "Paste List Of Files/Folders to Move."
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre Results.
clique sur Exit pour fermer.
4) Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

5) Il te sera peut-être demander de redémarrer le pc pour achever la suppression -> Accepte ( si il ne fait pas automatiquement , fait-le toi même )

/!\ Note : Au démarrage ton bureau RISQUE de ne plus apparaître , dans ce cas fait --> CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau.

++

Ajouter un commentaire

Réponse

Annaprout 7 mai 2008 à 18:23

Voici le rapport

C:\Windows\Downloaded Program Files\CONFLICT.1 moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05072008_182109

je redémarre , a tout de suite :)

Ajouter un commentaire

Réponse

cyrildu17 6267Messages postés 28 septembre 2007Date d'inscription 7 mai 2008 à 18:25

Ok !

Passe Toolscleaner maintenant ;)

++

Ajouter un commentaire

Réponse

Annaprout 7 mai 2008 à 18:26

hop c'est fait , mon bureau n'a pas disparu :)
donc le fichier a été supprimé ?

Ajouter un commentaire

Réponse

Annaprout 7 mai 2008 à 18:27

ok jme lance avec toolscleaner :)

Ajouter un commentaire

1 2

Répondre au sujet

Posez votre question

Dossier à la une

Passage au tout numérique : quel coût pour les particuliers ?

Passage au tout numérique : quel coût pour les particuliers ?

Combien cela coûte-t-il au total ? Quelles aides apportent l'état et les acteurs du marché pour alléger cette charge non choisie ? Tous les détails sur Commentçamarche.net.

Antivir me detecte 3 virus [Résolu]

Antivir me detecte 3 virus »

Passage au tout numérique : quel coût pour les particuliers ?